Steel Bolt Hacking

Alec Kryten writes "Here is a book that introduces and teaches a fascinating new sport for the hacking hobbyist which doesn't necessarily involve computers. Steel bolt hacking is the art of competition lock picking that is beginning to make its mark on computer people and other geeks around the world. At DefCon this year I picked up a book titled Steel Bolt Hacking, which teaches the basics of lock picking. I bought it because I watched the lock-picking contest during the DefCon Convention and thought that I might want to participate in next year's lock-picking events." Read on for Alec's review of the book. Steel Bolt Hacking author Douglas Chick pages 114 publisher TheNetworkAdministrator.com rating 8 out of 10 reviewer Alec Kryten ISBN 0974463019 summary How to pick locks, crack combinations for LP sports groups

The beginning of the book discusses the origins of lock-picking sporting groups, crews in the U.S and Europe, competition around the country, and how to become a part of a lock-picking group. One of the groups out of Colorado Springs, DC719, are a bunch of computer geeks that have taken up the art of lock picking and sponsor a lock-picking contest every year at DefCon. According to Mr. Chick, computer people are the fastest group to pick up the art of lock picking. (I must warn you though, there are also a lot of disclaimers about the author not being responsible for the misuses of the information contained in this book.)

The book is fully illustrated with pictures of different types of lock picking instruments, tools to make your own picks as well as padlocks, deadbolt, and combination locks. There are pictures of locks that have been cut open and even how to crack push-button combination locks. (You know, the kind you find on the door to a server room.) I have to say, for a little book, (114 pages) it is brimming with valuable information for a beginner. What I didn't realize was that software isn't the only thing that has security vulnerabilities; mechanical things like padlocks and deadbolts do as well. What was scary to learn is how easy cheap locks can be picked, and that 80 percent of all locks used are cheap locks. Expensive locks are just likely to take a little longer.

I liked that the book didn't exaggerate. It didn't tell me that I was going to be a master lock picker after only a few tries. It took a little time, practice and sore fingers, but after a couple weeks of practice, I could pick every lock in my house. And as a computer person, I liked all of the jargon that was used to explain locksmith techniques. There was also enough humor to keep the book interesting; it's difficult to read any type of textbook and still maintain a reasonable interest. The illustrations are good and there is a resource section to purchase the tools you need from the Internet.

What I didn't like about the book: The most annoying point, I felt, is the considerable redundancy in methods between different types of locks to be picked. Also, the book suggests that there might be a lock-picking group in every city in the U.S., when in fact I am having a difficult time finding one in my are. And I live near D.C. -- You'd think there would be one on every corner around here. I think that the sport is still in its infancy and Mr. Chick is hoping his book will draw more people to it. The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.

All in all, I found the book informative, entertaining and worth the purchase price of 19.99.

You can purchase Steel Bolt Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Lock Picking For fun and Profit???

[ackthpt]

Think that Kryptonite lock is safe? Think again.

Some other interesting discussion. Small wonder I scarcely let my racing bike out of my sight.

"may I borrow your pen? I need to pick up some transportation."

Re:Lock Picking For fun and Profit???

[brunning]

it's my site... those two quicktimes have been downloaded close to 80,000 times today so far, but the server (dreamhost.com) appears to be going strong.

A valuable skill

[erick99]

A few years ago I bought a few books on lock picking as well as a lock pick set from England. It turned out to be a great skill to pick up. I have opened countless door locks, cabinets, etc. and saved myself and others money and aggravation. The downside is that if it's widely known that you have this skill you may well be a "suspect" when an office or house is broken into. Anyway, the book sounds good.

Erick

Re:A valuable skill

[lhand]

You might also check out Ted the Tool's on-line book called the "MIT Guide to Lock Picking" found here among lots of other places.

Lock Hacking in Hackers

[MacBrave]

I first read about serious lock hacking in the book Hackers by Steven Levy. The early hackers at MIT were notorious for hacking locks on office doors, toolboxes, safes, etc. to get to tools and information.

Noticed the trend as well

[Khaotix]

Lockpicking and an interest in computers seem to go hand in hand. A number of the people in my college are seen practicing picking locks during boring lectures.

One guy picked the lock on a projector and cabled another person to the projector cart

Legal issues

[alienw]

In DC, basic possession of lockpicking instruments is illegal, unless you are a licensed locksmith. You don't have to prove intent. This is the same in many other states. Be careful and don't do anything stupid.

Re:Legal issues

[idontgno]

And, given the inevitable but accurate comparisons between lockpicking and system/network hacking, how long before basic possession of network-hacking tools (unsanctioned non-"trusted"/non-DRM computers, etc.) and skills is also inherently illegal, intent be damned?

Sigh. How far from cyberpunk dystopia are we now?

Re:Legal issues

[severoon]

Yes, this became true in CA a few years ago as well. This seems sort of ridiculous to me...how can they outlaw lockpicks? They're just tools--it's like outlawing crowbars because they're afraid someone will use them for evil.

Anyway, in most states that have outlawed them, you can still get your hands on them by simply registering and passing the test to become a "licensed locksmith". This doesn't necessarily mean you have to hold yourself out as a business, either. It just means you passed some test and registered with the state so you can carry around your lockpick set. I've been thinking about doing this off and on, because in college I lived with a guy from Caltech for a summer, so I of course had a window into lockpicking as a result and it caught my interest.

So what locks ARE good?!?

Like computer hacking, the primary value to most people is not learning how to hack, but learning how to make things more hack-proof.

So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?

That, IMHO, is the REALLY important thing to discuss!

Re:So what locks ARE good?!?

[halbert]

Actually, it does discuss several options to better secure your locks, such as putting your deadbolt locks(which are as easy to pick as a padlock) upside-down, to prevent gravity from helping the lock picker. Not impossible to pick, but a LOT harder. Like the difference between hacking a windoze box and an OpenBSD box.(sorry, couldn't resist) The more expensive the lock, usually the harder it is to pick, because they cost more to make. Good book, I recommend it.

Surely you must be joking Mr Feynman

[phyruxus]

There's a great bit in the book "Surely you must be joking Mr Feynman" where he (Feynman) talks about safe-cracking. His propensity for beating locks gets him called into a boss' office where a safe containing nuclear secrets (or something ridiculously important like that) sits, but no-one knows the combination. So he sits down at the thing, presses his ear to the door and starts listening, only to have the thing pop open on the first try.

Everyone in the room goes "Ooooo! how did you do that? Are you really that good?" And he had the presence of mind to say, "Yes." =)

Re:Surely you must be joking Mr Feynman

[Euphonious+Coward]

The safe in question was my aunt's father's. She said he didn't bother changing the combination because he knew it was all theater anyway, and the way spies would get secret documents was to get people who had them to hand them over. As it happened, he was right.

She also said that he said General Groves was a real bastard.

Re:Surely you must be joking Mr Feynman

[peacefinder]

The poster confused two different stories into one.

In one, Feynman had learned a technique to pick up the last number or two of the three-number combination from open file cabinets, and he also learned that one only had to be accurate to about +/- 3 on the dial. This allowed him to drastically reduce the number of guesses needed for a lock.

He was telling a colleague about this, and they ducked into an office so he could demonstrate. Feynman already knew the last number for this particular lock, so he was saying something like... "so I can try out the numbers really quickly. Let's assume the first number is this [sets dial] and I'll check the second number like this..." and the lock opens almost immediately. He thinks fast and continues without pause "... and that's how it's done!" And they walk out, leaving everyone in the office gaping in shock. It was a lucky guess ont he first two numbers, but he didn't let on.

In the other story, the Boss had a BIG safe installed, and after Manhattan was closing down they needed to get into it. People asked Feynman to try it, because of his reputation, and he said he would. (How could he refuse without destroying his rep?) He goes into the office, and it's open. Feynman eventually finds out (after many amusing diversions) that the base locksmith had opened it by trying the factory combination.

Article at Howstuffworks.com

[PHPee]

If you're interested in learning a bit about lock picking, but aren't sure you want to spend $20 on this book yet, take a look at this article at Howstuffworks.com.

It offers a great introduction to lock picking, and has some nice graphics that really helped me understand how locks work, and how they can be circumvented. If you really get into it, then I'm sure this book would offer a lot more information to help you along.

As with computers...

[MonolithicX]

the easiest way to break in is to crawl through a window.

Here's where you get the metal for lockpicks, free

[notthepainter]

Learned this at MIT a million years ago.

Wait until the streep sweeper comes by and follow it down the street. The bristles are spring steel that is perfect for lock picks. They fall off, just pick them up off the street.

I've never made a set of picks so I don't know if this is true or not, but there was a decent lock picking culture at MIT in the late 70s.

Nothing's unpickable - how big a mess do you want?

[Silicon_Knight]

For locks like a Medaco lock - in which the tumblers have to be rotated to a certain angle (usually 15 deg increments) as well as lifted to a certain height - AFAIK there are no tools out there that can pick that. However, even the strongest locks uses brass for the tumblers (Medacos are no exception - at least the one that I opened up to play with :) ).

Brass is primarily a copper alloy. It is extremely reactive in the presence of strong acids. A few years back, a friend of mine wanted to look at a smart card under a microscope - just curious, that's all. I was working in a research lab then, and I mixed hydrochloric acid with nitric acid to make aqua regia. We were able to dissolve the GOLD contacts off the smart card to expose the chip underneath. (Aqua regia is used for lot assay analysis of alloys to determine alloy composition - you start by dissolving the metal, then feed it through some form of spectroscopy machine to measure the quantity and the composition of the metal). If I had squirted that into the door lock and held it in place with some bubble gum ... I could probably have opened the door with just a screwdriver after the tumblers are dissolved.

- SK

Re:80% of locks cheap crap?

Abloy was bought out by Medeco, last I checked. Medeco makes a heck of a lock, but until recently the blanks were brittle and they tended to break in your hand if you twisted the key too hard in the lock.

Abloy locks employ a sidebar and rotating disks. It's very, very difficult to pick them for several reasons; sidebar locks are intrinsically difficult to pick (such as the old GM locks, which didn't have a pick set for them until the late 1980's or early 1990's, when some smartass figured out that you could use a special spring compression tool to allow the wafers to free-float. That makes them subject to move when vibrated or rapped, and the sidebar (which is then under spring pressure) can line them up.

Abloy has no such constraint. IIRC, the world record for picking an Abloy is 36 hours. That may have changed; I don't know.

For high security locks like Medeco, ASSA, Abloy, etc., the fastest way through them is a grinder. Used to be an ice pick attack to the latch, and although some locks are still improperly installed, that's largely gone the way of the dodo.

As a locksmith myself, I'd rather have Abloy on my doors more than anything else. But they're hard to find here in the US, so I use Medeco instead. Beats the hell out of a $15 Kwikset, lemme tell you.

Other lock-picking resources.

[Christopher+Thomas]

First, the obligatory link to a mirror of the MIT Lockpicking Guide.

Second - as another poster noted, lock pins aren't typically made from high-strength alloys. A battery-powered hand drill (and a screwdriver to turn the lock when the pins are gone) is the best and fastest lock pick that there is. Didn't even leave any visible damage when I used this approach on a filing cabinet we'd lost the key to. Just pick a bit as wide as the key entryway, and drill down the line of pins.

Be advised that the lock tends to jam after closing again, as the remains of the pins fall back into their channels when the lock returns to its original position. But if you're drilling a lock, you're typically looking for a one-time solution anyways.

Re:Nothing's unpickable - how big a mess do you wa

[mkettler]

For that matter, most structures surrounding locks aren't indestructible either. When you get down too it, someone can break into a lot of places by driving sledgehammer or truck through the door.

However, that makes lots of noise. It's hard to protect an office building from a bulldozer attack, but then again, it's pretty hard to sneak around with a bulldozer.

Really an attack involving strong acids isn't much more practical. Not many thieves want to walk around with a bottle of highly concentrated HCL hidden in their pocket. (think spillage while trying to run from the police)

Your best bet in any physical security is to try and make the thief do one or more of the following:
1) make a lot of noise (defeating stealth)
2) leave a lot of good evidence about the intrusion (defeating anonymity)
3) use specialized or expensive tools (defeating any financial gain)
4) use a tool too unwieldy or impractical to transport inconspicuously. (defeating stealth)

Of course, scale the measures to fit the value of what you're hiding.

Testing claims yourself...

[Render_Man]

I've participated in the Lockpick contest for the last 2 years. It's been a blast. Quite a challenge too. The book is'nt anything hugely groundbreaking (check out Security.org for a really amazing book), but it's a good thing to read if your curious or if your like me and are not very good at explaing how to do it to others.

I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?

It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.

I've got some descriptions of the contests and LP resources up at my site and some links to videos and the MIT guide if anyones curious.

Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force.

Holy Crap

[tunabomber]

Just tried it on the Krypto-Lok sitting next to my desk and once I figured out the trick, I got it open in about 15 seconds.
Basically, you have to shake the lock at the same time that you're turning the pen.
My guess is that shaking and wiggling the pen causes the interface between the pins & spacers to move around, and if you're turning the pen at the same time, the cylinder will rotate a notch as soon as the interface between the leading pin/spacer pair is in the right place. Then you just repeat the same procedure for all the other pin/spacer pairs.

Re:Here's where you get the metal for lockpicks, f

[Giant+Killer]

I've made several sets, and it really is this easy. Best way really is to follow the street sweeper. The spring steel bristles that come loose have perfect properties. I've tried making them out of other materials, and the spring steel is quite easy to shape and very resilient.

Then just find a decent pick you want to copy, and sit down at the grinder with your blank bristle. They've still got grinders in my old dorm and the lockpicking culture is indeed alive and well at MIT.

I work for a bike parts/accessories wholesaler...

[Corf]

...and I browse /. when the sales calls aren't heavily inbound. Naturally, I forwarded the link to the other six folks in the department, and everyone's buzzing about it. We will definitely bring it up with the Kryptonite rep the next time he's in the area.

Generally, folks buying locks know that it's just a deterrent... except for the people buying exactly the retails-at-$80 lock (with heavy-duty chain) shown in the movie, who tend to be messengers and/or people with $1k+ bicycles. Personally, my bikes stay locked up in my living room when I'm not on them, and I don't take my lock with me when I seriously ride because that would tempt me to separate myself from the bike. I've got a cheap old schwinn cruiser for that. (=

Make it easy, why don't you?

[Chris+Tucker]

So I'm at a jobsite and really REALLY needed to pee.

I recalled seeing a bathroom on the floor and when I got there, I was confronted with a pushbutton lock.

The pushbuttons were some kind of polymer, with the numbers PRINTED on them.

Three of the buttons had the numbers worn away.

Needless to say, I solved the lock in a few seconds.

Funny thing, it was an executive-type bathroom, not to be used by scruffy hacker geeks like me.

Or so I was told by the executive-type that found me in there using a urinal.

"Who gave you the combination?"

"Everyone who used the bathroom since the lock was installed, that's who." (FLUSH)