Steel Bolt Hacking

Alec Kryten writes "Here is a book that introduces and teaches a fascinating new sport for the hacking hobbyist which doesn't necessarily involve computers. Steel bolt hacking is the art of competition lock picking that is beginning to make its mark on computer people and other geeks around the world. At DefCon this year I picked up a book titled Steel Bolt Hacking, which teaches the basics of lock picking. I bought it because I watched the lock-picking contest during the DefCon Convention and thought that I might want to participate in next year's lock-picking events." Read on for Alec's review of the book.

Steel Bolt Hacking
author	Douglas Chick
pages	114
publisher	TheNetworkAdministrator.com
rating	8 out of 10
reviewer	Alec Kryten
ISBN	0974463019
summary	How to pick locks, crack combinations for LP sports groups

The beginning of the book discusses the origins of lock-picking sporting groups, crews in the U.S and Europe, competition around the country, and how to become a part of a lock-picking group. One of the groups out of Colorado Springs, DC719, are a bunch of computer geeks that have taken up the art of lock picking and sponsor a lock-picking contest every year at DefCon. According to Mr. Chick, computer people are the fastest group to pick up the art of lock picking. (I must warn you though, there are also a lot of disclaimers about the author not being responsible for the misuses of the information contained in this book.)

The book is fully illustrated with pictures of different types of lock picking instruments, tools to make your own picks as well as padlocks, deadbolt, and combination locks. There are pictures of locks that have been cut open and even how to crack push-button combination locks. (You know, the kind you find on the door to a server room.) I have to say, for a little book, (114 pages) it is brimming with valuable information for a beginner. What I didn't realize was that software isn't the only thing that has security vulnerabilities; mechanical things like padlocks and deadbolts do as well. What was scary to learn is how easy cheap locks can be picked, and that 80 percent of all locks used are cheap locks. Expensive locks are just likely to take a little longer.

I liked that the book didn't exaggerate. It didn't tell me that I was going to be a master lock picker after only a few tries. It took a little time, practice and sore fingers, but after a couple weeks of practice, I could pick every lock in my house. And as a computer person, I liked all of the jargon that was used to explain locksmith techniques. There was also enough humor to keep the book interesting; it's difficult to read any type of textbook and still maintain a reasonable interest. The illustrations are good and there is a resource section to purchase the tools you need from the Internet.

What I didn't like about the book: The most annoying point, I felt, is the considerable redundancy in methods between different types of locks to be picked. Also, the book suggests that there might be a lock-picking group in every city in the U.S., when in fact I am having a difficult time finding one in my are. And I live near D.C. -- You'd think there would be one on every corner around here. I think that the sport is still in its infancy and Mr. Chick is hoping his book will draw more people to it. The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.

All in all, I found the book informative, entertaining and worth the purchase price of 19.99.

---

You can purchase Steel Bolt Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

fun links about lock vulnerabily

[knowles420]

bikeforums.net's thread [bikeforums.net] on picking the kryptonite U-locks with a bic pen tube.

quicktime movie [thirdrate.com] of the same.

Legal issues

[alienw]

In DC, basic possession of lockpicking instruments is illegal, unless you are a licensed locksmith. You don't have to prove intent. This is the same in many other states. Be careful and don't do anything stupid.

Article at Howstuffworks.com

[PHPee]

If you're interested in learning a bit about lock picking, but aren't sure you want to spend $20 on this book yet, take a look at this article [howstuffworks.com] at Howstuffworks.com.

It offers a great introduction to lock picking, and has some nice graphics that really helped me understand how locks work, and how they can be circumvented. If you really get into it, then I'm sure this book would offer a lot more information to help you along.

Here's where you get the metal for lockpicks, free

[notthepainter]

Learned this at MIT a million years ago.

Wait until the streep sweeper comes by and follow it down the street. The bristles are spring steel that is perfect for lock picks. They fall off, just pick them up off the street.

I've never made a set of picks so I don't know if this is true or not, but there was a decent lock picking culture at MIT in the late 70s.

Re:A valuable skill

[lhand]

You might also check out Ted the Tool's on-line book called the "MIT Guide to Lock Picking" found here [lysator.liu.se] among lots of other places.

MIT Guide to Lockpicking

[Tassach]

I'm suprised no one has linked to the (in)famous MIT Guide to Lockpicking [capricorn.org] yet.

Re:Here's where you get the metal for lockpicks, f

[BlowChunx]

Speaking of MIT, why hasn't anyone mentioned the MIT lock picking guide [google.com]?

Re:So what locks ARE good?!?

[dr_dank]

So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?

It seems that people in the hobby are reluctant to endorse brands. I saw Barry "The Key" Wels at HOPE this year. His presentation involved the pricey (and supposedly uber-secure) Medico locks and another brand of expensive lock that he agreed with the manufacturer to keep the brand name hidden during his talk.

When his talk shifted to his CryptoPhone project, he politely sidestepped an audience member asking what kind of lock he had on the doors of CryptoPhone's offices.

here be the pdf

[Anonymous Coward]

.:

Funky-type pdf

http://www.lysator.liu.se/mit-guide/MITLock Guide.pdf

~!-xor

http://www.lysator.liu.se/m it-guide/MITLockGuide.ps

:.

Re:A valuable skill

[Carik]

Depends where you live, actually. I'm a locksmith (which is to say, I took a correspondance course, and then did a whole lot of reasearch on my own), and according to Massachusetts (USA) law, owning a set of picks isn't illegal. Owning them with intent to commit a crime is what's illegal. Now... you can probably see the problem here. Go ahead, prove you're not intending to commit a crime...

Basically, if the police want an excuse to harass you, they have one. If you stay out of their way, and don't make it obvious, usually no one will care. Further, if you can prove you need them for your job, you're even less likely to get hassled.

Re:80% of locks cheap crap?

[Anonymous Coward]

Abloy was bought out by Medeco, last I checked. Medeco makes a heck of a lock, but until recently the blanks were brittle and they tended to break in your hand if you twisted the key too hard in the lock.

Abloy locks employ a sidebar and rotating disks. It's very, very difficult to pick them for several reasons; sidebar locks are intrinsically difficult to pick (such as the old GM locks, which didn't have a pick set for them until the late 1980's or early 1990's, when some smartass figured out that you could use a special spring compression tool to allow the wafers to free-float. That makes them subject to move when vibrated or rapped, and the sidebar (which is then under spring pressure) can line them up.

Abloy has no such constraint. IIRC, the world record for picking an Abloy is 36 hours. That may have changed; I don't know.

For high security locks like Medeco, ASSA, Abloy, etc., the fastest way through them is a grinder. Used to be an ice pick attack to the latch, and although some locks are still improperly installed, that's largely gone the way of the dodo.

As a locksmith myself, I'd rather have Abloy on my doors more than anything else. But they're hard to find here in the US, so I use Medeco instead. Beats the hell out of a $15 Kwikset, lemme tell you.

Other lock-picking resources.

[Christopher Thomas]

First, the obligatory link to a mirror of the MIT Lockpicking Guide [dynu.com].

Second - as another poster noted, lock pins aren't typically made from high-strength alloys. A battery-powered hand drill (and a screwdriver to turn the lock when the pins are gone) is the best and fastest lock pick that there is. Didn't even leave any visible damage when I used this approach on a filing cabinet we'd lost the key to. Just pick a bit as wide as the key entryway, and drill down the line of pins.

Be advised that the lock tends to jam after closing again, as the remains of the pins fall back into their channels when the lock returns to its original position. But if you're drilling a lock, you're typically looking for a one-time solution anyways.

Re:Surely you must be joking Mr Feynman

[mekkab]

I haven't read it in a while, but wasn't the combination the STOCK combination from the factory?!

Feynman is my favorite wise-cracking, lock-hacking, bongo-playing, skirt-chasing Nobel physicist!

Re:Noticed the trend as well

[tsg]

I learned how to pick locks in college. It was a valuable skill in the dorms where people were consistently locked out by their roommates. Housing charged you $25 to let you back in. I charged $20.

An interesting side effect, I'm sure one that goes with just about any skill most people don't have, is the number of times you see people in movies doing it absolutely wrong.

NOT available at B&N

[still cynical]

Forget the link to B&N, try Amazon [amazon.com] instead.

Re:Surely you must be joking Mr Feynman

[Anonymous Coward]

Read it again, dipstick. He never learned to pick locks by touch or sound, and as a matter of fact he found that it wasn't a necessary skill. He cracked combination locks by various methods which reduced the number of combinations which needed to be tried, and then used trial and error. IIRC he didn't crack the general's safe, but heard from another individual that the safe combination was set to the factory default (0-25-0 or 25-50-25).

Everything Fun In Jersey Is Illegal

[RogL]

Everything Fun In Jersey Is Illegal

I'm a recovering South Jersey boy. When my wife moved to Jersey with me, within a few months she came up with a song:

Everything Fun In Jersey Is Illegal ...that includes lockpicks, and I've been told, carrying a prybar in your vehicle is a Bad Idea (potential police harassment for carrying "burglar tools"). Hey, I've been harassed for carrying a Victorinox (Swiss Army) pocketknife. Just a basic pocketknife w/ screwdrivers / scissors.

Now enjoying a state that's much less restrictive.

Re:A valuable skill

[wantedman]

I'm not a Lawyer.

1. It's illegal in the US, depending on your state's law. Some states don't allow you to own lockpicks, while others are more leniant.

2. Locksmiths are not banned from using lockpicks. You don't need special certifications to be a locksmith, but you do need a business license to order from many lockpick manufacturers.

Re:Legal issues

[Anonymous Coward]

Consider yourself lucky...I know in some places that carrying a crowbar can be considered illegal. It's called "a tool of breaking" or something like that, and you can be charged for it, same as carrying a lockpick

Re:So what locks ARE good?!?

[sgant]

Medico is the way to go...also, very very few criminals resort to actually picking locks when a sledge hammer and a crow-bar work quicker.

But medico is the way to go if you want an uber secure steel door with a steel frame set into concrete...but as with all things, the thing you would THINK is the weakest link in door security (like the lock) is actually the strongest. When you are thinking about installing a door, think the whole thing with frame along with the lock.

Also, go low-tech also and a good steel bar across the bottom of the door stops many people...also stops with the kick-in.

Re:A valuable skill

[Anonymous Coward]

I used to get the combinations for Masterlock combo locks in college all the time.

This site has the full details:
http://www.people.fas.harvard.edu/~hillson/master_ lock.html [harvard.edu]

Re:Off to the pop machine...

[russotto]

Nope. This model of lock must have either really crappy manufacturing or a design flaw or both. What they're doing is the equivalent to "raking" in a conventional lock -- that's when you put some tension on the cylinder and just run a pick along the pins without any attempt to feel the individual pins. It generally won't work in a lock with security features and tight tolerances (though sometimes you get lucky). In addition, tubular locks are usually designed so you have to turn it at least 1/4 turn to open it, which would involve picking the lock several times. The Kryptonite they show releases the shackle in an intermediate position -- bad design there. A real tubular lock pick should open those locks; a simple plastic cylinder of the right diameter should not.

Re:There's actually two sides to it...

[dykofone]

leatherman tool, paperclip, sewing needle, whatever.

And never forget the value of the handy old credit card. A friend and I got started in lockpicking with some sets we got off ebay back in middle school, and by the end of high school were quite profficient.

But I've found now that just about any locked door that doesn't use a deadbolt can be opened much faster with a credit card. I keep three of varying thickness in my wallet depending on the situation. I use my ID badge at work to get into the conference rooms because it's quicker than pressing in the door code.

Also, two butter knives work pretty well too if you have a reasonable gap between the door and frame, just alternate force on them to "walk" the latch out. Best part is, you haven't touched the door handle at all, so it's about as non-invasive as you can get

Legal Issue!! If you own lockpicks, please READ!

[Banner]

Okay, in many states you can legally own lockpicks as a hobbyist.

HOWEVER!!

IF YOU ARE ARRESTED FOR -ANY- CRIME, POSSESSION OF LOCKPICKS WILL CAUSE YOU TO ALSO BE CHARGED WITH POSSESSION OF 'BURGLERY TOOLS'! This could even include a speeding ticket if the Officer decides to search you. So if you are going to carry lockpicks on your person, BE CAREFUL!

Re:Lock Picking For fun and Profit???

[Woody77]

A) They didn't have good jaws

B) They had WAY overprice jaws.

Unless he was an idiot/improperly trained, and tried to "spread" the lock, which doesn't work with hardened steel. Now, the Hurst "heavy cutters" make very short work of hardened steel, just make sure you're not on the path that the two halves will go when they finally separate.

(I'm a volunteer firefighter with a decently good bit of education/practice/use of Hurt's jaws).

Re:So what locks ARE good?!?

[Sara Chan]

A Mul-T-Lock [mul-t-lock.com] is supposed to be virtually unpickable.

The basics are simple

[kc_cyrus]

Consider the simplest case, a lock with only one dial having, say, 6 numbers. How many combinations are there for such a lock? Clearly, 6. Now consider a lock with two dials, each dial having 6 numbers. For each choice of number on the first dial, we can have any of 6 different choices for the second number. Thus, this lock would have 6 * 6 = 36 lock combinations. Now consider a lock with 3 dials, each dial having 6 numbers. We just figured out that there are 36 ways to set the first two numbers; for each of these. So if you have understood this and see the pattern, you can immediately write down how many combinations there are for any such lock.

Now the "odds" question. If there are N possible combinations, and you try one of them, the probability that it is the right one is 1/N, and the probability that it is a wrong one is (N - 1)/N.

Now suppose the 1st try is a failure but the 2nd is a success; the odds of this are [(N - 1)/N] * [1/(N - 1)] = 1/N again. [The 1/(N - 1) factor comes from the fact that on the 2nd try there are N - 1 combinations to try, since you have tried one that does not work and, presumably, will not try it again.] The odds that you will succeed in one or two tries is the sum of the individual probabilities, because they are mutually exclusive events (that is, the first success cannot occur on BOTH the first and second tries). Generalizing to the case of a first success on the Kth try is straightforward.

Re:A valuable skill

[senor_burt]

You can buy some picks here [lockpicks.com], if you claim you're a locksmith.

They don't do a 'terrorist' background check.

Re:So what locks ARE good?!?

[nanojath]

Really all locks are vulnerable - locks are sort of like DRM or encryption - there has to be a protocol to get through the security and protocols can be hacked. In general there are three issues with locks: the complexity of the mechanism (that reduces the effectiveness of hacks, i.e. a five number combo is better than a three number against simply trying every combo), the precision and quality of the engineering (i.e a lot of cheap combo cable locks are vulnerable to very simple hacks of "feeling out" the combo hot spots caused by cheap, poor engineering - most lock packs including picking are aided by "play" in the mechanism itself, which is exploited), and the strength and quality of the securing (versus the locking) mechanism (to resist against brute force attack, far and away the most common way theives get past locks: they simply break them. It's hard to make a mechanism that a two inch piece of metal can open truly strong).

There's no simple answer. Ask a locksmith for help chosing the best bet for a particular job and be prepared to spend some money because top quality locks are expensive. And remember for the most part locks keep honest people honest and at best deter, slow or diver thieves (number one way thieves enter domiciles is doors and windows left open. Number two is straight force i.e. the swift kick or broken window).

Years ago I lived in a crummy apartment and there were a bunch of storage rooms past renters had put padlocks on and then abandoned. I was to clear these out for current renters. None of the locks were top of the line but they ranged from hardware store cheapies that cost a couple dollars to heavy duty name brands that might have been upwards of ten. In each case I opened the lock by inserting a short iron prybar about 3/4 inch diameter between the shackle and the body and just wrenching the shackle right out of the body of the lock. I was amazed by how easy it was with a little force and leverage, and not caring that I was wrecking the lock.

Re:So what locks ARE good?!?

[Beryllium Sphere(tm)]

Consumer Reports ran a battering ram into some locked doors. What gives first is the "strike plate", the usually flimsy piece of metal in the door frame that the bolt slides into.

The first thing to do is to replace that with a reinforced strike plate anchored with long screws. The Mag 3 has a full bucket to enclose the bolt and transfer load to the rest of the strike plate, which has four screw holes. Use 3" long #10 wood screws (drill a pilot hole first) and you're solidly anchored to the studs.

Then think about upgrading the lock. I have a hunch there are other brands as good as Medeco but less heavily promoted -- ask a locksmith. Medeco's engineering is brilliant, though.

Remember to consider key control. One attack mechanism is for your housecleaner's drug-addicted boyfriend to duplicate your house key.

Re:Noticed the trend as well

[Sylver Dragon]

An interesting side effect, I'm sure one that goes with just about any skill most people don't have, is the number of times you see people in movies doing it absolutely wrong.

Boy is this true. Having worked with card-access systems for 5 years, I always chuckle at the way movie characters get past these things, and not trip any alarms in the process.
Just some notes for those people contemplating getting past a card reader.

• Pulling apart the reader may trigger an alarm, not always but often enough.
  
• Shorting the wires together will not open the lock. What it will do is A) send lots of alarms (read fails) to the guard at the security desk. B) Very possibly short out the door control and make the door locked permanitly.
  
• From the Resident Evil movie, running a needle through a card reader will get you jack. Maybe its a good thing they just let her out.
  
• You will never "lock in" a single digit of a PIN combination on one a electronic combination lock by running through numbers. What you will do is send through a bunch of alarms to the guard.
  
• While cutting the wires to a door alarm will technically disable the alarm, the loss of the door loop will send through its own alarm. Those wires carry a specific resistance, if that changes an alarm is sent.
  

Those are about the worst offenders off the top of my head, in reality getting past an electronic lock is a pain in the ass, this is why the government/military uses them.

Re:A valuable skill

[Sneftel]

Whine about it for awhile longer. Then use the Wayback Machine [archive.org].

There are better key locks, but they are rare

[Animats]

You don't see lever locks much any more, but that's a better approach. The key raises a set of hinged levers. Each lever rotates a plate with a slot, and when the slots line up, a bail drops into them, unlocking the lock. In some designs, the turn of the key locks the levers before it drops the bail, so you can't manipulate the levers once the bail is touching the slots.

Lever locks have the combination component one step removed from the input component, which makes them harder to force. If you try to force a lever lock, you may trash the levers, but that won't open the lock.

Safe deposit boxes are traditionally lever locks, although not always very good ones. Jail locks are usually level locks of massive size.

Lever locks are usually big rectangular boxes, unsuitable for embedding in a door. So they're not used much unless serious security is required, as in a jail.

Re:As with computers...

[0111 1110]

I think you mean 14 1/2". Or sometimes 22 1/2". Not many carpenters on slashdot I guess. Also, you will need more than a pen knife to get through the 7/16" OSB sheathing that is so often used these days. On older houses you might even have 3/4" tongue and groove boards to get through instead of plywood or OSB.

Here's a winner site

[Pig Hogger]

Here's a winner website:

http://www.lockpicking101.com/ [lockpicking101.com].

Plenty of forums on lock-picking...

Kryptonite response: Rebate or replacement

[ajna]

Kryptonite has responded to all this recent brouhaha (I'd hate to work there this week!) with a replacement program for locks 2 years old and newer and a rebate program for locks older than that. Details can be found at their slow and ugly http://www.kryptonitelock.com/ [kryptonitelock.com] site or via the businesswire mirror of the press release [businesswire.com].

Relevant paragraphs for the lazy:

Consumers who have purchased an Evolution lock, KryptoLok lock, New York Chain, New York Noose, Evolution Disc Lock, KryptoDisco or DFS Disc Lock in the last two years are eligible for a product upgrade free of charge from Kryptonite. Customers will need to have either registered their key number, registered for the Kryptonite anti-theft protection offer or have proof of purchase to qualify.

Specifically, Kryptonite will provide for free cross bars featuring the company's new disc-style cylinder lock technology to consumers who have purchased Evolution and KryptoLok series products. In addition the company will replace for free recently purchased Evolution Disc Locks on New York Chain and New York Noose with its "Molly Lock", a heavy duty solid steel padlock. Kryptonite also will upgrade recently purchased disc locks.

Consumers who have had one of the Kryptonite locks mentioned with a tubular cylinder for longer than two years will be eligible for a sizeable rebate on the upgraded products. This program will be administered through Kryptonite dealers and distributors.