Steel Bolt Hacking 448
| Steel Bolt Hacking | |
| author | Douglas Chick |
| pages | 114 |
| publisher | TheNetworkAdministrator.com |
| rating | 8 out of 10 |
| reviewer | Alec Kryten |
| ISBN | 0974463019 |
| summary | How to pick locks, crack combinations for LP sports groups |
The beginning of the book discusses the origins of lock-picking sporting groups, crews in the U.S and Europe, competition around the country, and how to become a part of a lock-picking group. One of the groups out of Colorado Springs, DC719, are a bunch of computer geeks that have taken up the art of lock picking and sponsor a lock-picking contest every year at DefCon. According to Mr. Chick, computer people are the fastest group to pick up the art of lock picking. (I must warn you though, there are also a lot of disclaimers about the author not being responsible for the misuses of the information contained in this book.)
The book is fully illustrated with pictures of different types of lock picking instruments, tools to make your own picks as well as padlocks, deadbolt, and combination locks. There are pictures of locks that have been cut open and even how to crack push-button combination locks. (You know, the kind you find on the door to a server room.) I have to say, for a little book, (114 pages) it is brimming with valuable information for a beginner. What I didn't realize was that software isn't the only thing that has security vulnerabilities; mechanical things like padlocks and deadbolts do as well. What was scary to learn is how easy cheap locks can be picked, and that 80 percent of all locks used are cheap locks. Expensive locks are just likely to take a little longer.
I liked that the book didn't exaggerate. It didn't tell me that I was going to be a master lock picker after only a few tries. It took a little time, practice and sore fingers, but after a couple weeks of practice, I could pick every lock in my house. And as a computer person, I liked all of the jargon that was used to explain locksmith techniques. There was also enough humor to keep the book interesting; it's difficult to read any type of textbook and still maintain a reasonable interest. The illustrations are good and there is a resource section to purchase the tools you need from the Internet.
What I didn't like about the book: The most annoying point, I felt, is the considerable redundancy in methods between different types of locks to be picked. Also, the book suggests that there might be a lock-picking group in every city in the U.S., when in fact I am having a difficult time finding one in my are. And I live near D.C. -- You'd think there would be one on every corner around here. I think that the sport is still in its infancy and Mr. Chick is hoping his book will draw more people to it. The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.
All in all, I found the book informative, entertaining and worth the purchase price of 19.99.
You can purchase Steel Bolt Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Lock Picking For fun and Profit??? (Score:5, Interesting)
Some other interesting discussion [google.com]. Small wonder I scarcely let my racing bike out of my sight.
"may I borrow your pen? I need to pick up some transportation."
A valuable skill (Score:5, Interesting)
Erick
Lock Hacking in Hackers (Score:5, Interesting)
So what locks ARE good?!? (Score:5, Interesting)
So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?
That, IMHO, is the REALLY important thing to discuss!
Surely you must be joking Mr Feynman (Score:5, Interesting)
Everyone in the room goes "Ooooo! how did you do that? Are you really that good?" And he had the presence of mind to say, "Yes." =)
Re:A valuable skill (Score:2, Interesting)
Just so you know, you don't have to be a 'suspect'. Owning of lockpicks is illegal. Pure and simple. I guess only terrorists use them or something.
There's actually two sides to it... (Score:5, Interesting)
There's a much larger number of locks that I can't get into without making it patently obvious somebody broke in. This is something I haven't been as successful in teaching myself.
The former is engineering. The latter, that's art.
-JDF
Lock picking for fun and profit (Score:4, Interesting)
Nothing's unpickable - how big a mess do you want? (Score:5, Interesting)
Brass is primarily a copper alloy. It is extremely reactive in the presence of strong acids. A few years back, a friend of mine wanted to look at a smart card under a microscope - just curious, that's all. I was working in a research lab then, and I mixed hydrochloric acid with nitric acid to make aqua regia. We were able to dissolve the GOLD contacts off the smart card to expose the chip underneath. (Aqua regia is used for lot assay analysis of alloys to determine alloy composition - you start by dissolving the metal, then feed it through some form of spectroscopy machine to measure the quantity and the composition of the metal). If I had squirted that into the door lock and held it in place with some bubble gum
- SK
Re:Legal issues (Score:5, Interesting)
Yes, this became true in CA a few years ago as well. This seems sort of ridiculous to me...how can they outlaw lockpicks? They're just tools--it's like outlawing crowbars because they're afraid someone will use them for evil.
Anyway, in most states that have outlawed them, you can still get your hands on them by simply registering and passing the test to become a "licensed locksmith". This doesn't necessarily mean you have to hold yourself out as a business, either. It just means you passed some test and registered with the state so you can carry around your lockpick set. I've been thinking about doing this off and on, because in college I lived with a guy from Caltech for a summer, so I of course had a window into lockpicking as a result and it caught my interest.
Re:Lock Picking For fun and Profit??? (Score:5, Interesting)
In case the videos get
Re:Nothing's unpickable - how big a mess do you wa (Score:5, Interesting)
However, that makes lots of noise. It's hard to protect an office building from a bulldozer attack, but then again, it's pretty hard to sneak around with a bulldozer.
Really an attack involving strong acids isn't much more practical. Not many thieves want to walk around with a bottle of highly concentrated HCL hidden in their pocket. (think spillage while trying to run from the police)
Your best bet in any physical security is to try and make the thief do one or more of the following:
1) make a lot of noise (defeating stealth)
2) leave a lot of good evidence about the intrusion (defeating anonymity)
3) use specialized or expensive tools (defeating any financial gain)
4) use a tool too unwieldy or impractical to transport inconspicuously. (defeating stealth)
Of course, scale the measures to fit the value of what you're hiding.
Re:Surely you must be joking Mr Feynman (Score:2, Interesting)
Testing claims yourself... (Score:5, Interesting)
I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?
It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.
I've got some descriptions of the contests and LP resources up at my site [renderlab.net] and some links to videos and the MIT guide if anyones curious.
Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force.
Re:MIT Guide to Lockpicking (Score:4, Interesting)
Lockpicking was standard teaching for freshman the East Campus dorm at MIT. This guide has served as the standard since around 1991 iirc. During the yearly EC "Oddball Olympics" lockpicking was one of the main events. I remember a masterlock being picked in 9 seconds. Really, masterlock padlocks can be that easy. And I've seen master hackers (roof and tunnel in this case) spend an hour and a half on a Schlage and never get it.
This is a great guide and a good place to start, but lockpicking is all about feel. Like anything else, it just takes practice to get good.
Go magnetic (Score:3, Interesting)
Re:Lock Picking For fun and Profit??? (Score:5, Interesting)
That old lock... (Score:2, Interesting)
Then we visited Germany for a month. The house where my brother was staying had a locked closet with a key missing from before the war. No one had opened it in over fifty years. But it was an absurdly easy lock and my brother had the closet open five minutes after being apprised of the problem (four minutes to find a suitably stiff paperclip).
To this day I believe there's still a family in Germany firmly convinced that US students are taught lockpicking and safecracking and other feats of criminal legerdemain.
p.s. No valuables found in closet beyond old moth-eaten coats the wife's old love letters. Ah, how sweet
Holy Crap (Score:5, Interesting)
Basically, you have to shake the lock at the same time that you're turning the pen.
My guess is that shaking and wiggling the pen causes the interface between the pins & spacers to move around, and if you're turning the pen at the same time, the cylinder will rotate a notch as soon as the interface between the leading pin/spacer pair is in the right place. Then you just repeat the same procedure for all the other pin/spacer pairs.
Re:Here's where you get the metal for lockpicks, f (Score:5, Interesting)
Then just find a decent pick you want to copy, and sit down at the grinder with your blank bristle. They've still got grinders in my old dorm and the lockpicking culture is indeed alive and well at MIT.
Re:Legal issues (Score:2, Interesting)
Re:Noticed the trend as well (Score:1, Interesting)
Like the CSI guy trying to get tool marks off a pipe wrench. He makes up a round mandrel, spreads the goop on it, locks it in a vase, then carefully applies the suspected wrench to the mandrel and pushes it (straining with the effort) in the wrong direction.
Re:Surely you must be joking Mr Feynman (Score:3, Interesting)
Re:Surely you must be joking Mr Feynman (Score:5, Interesting)
She also said that he said General Groves was a real bastard.
I learned lockpicking as a child (Score:5, Interesting)
I first learned to pick locks at my childhood church, from my dad. The locks were standard household style locks, on doors that opened outward, so all I needed was a pocketknife.
During High School, I could often be found inside the locked classroom, waiting for the teacher to arrive. I knew which doors opened using which methods, and which windows were nearly impossible to lock properly.
I've learned a few things about physical security over the years. Walls don't always go to the true ceiling. Locks don't always work as advertised. The unknowledgeable don't always understand the proper ways to secure things, and a disgruntled soon to be ex-employee will occasionally just hand you a key you shouldn't have.
With my knowledge of computers, I make it clear that I look the other way when people are typing in their passwords on a PC I'm working on. I want it to be clear to them that I don't know their password. If I want to gain access to a PC, I don't need to know the password before I start anyway.
People come to me when they need to gain access to something they've locked themselves out of on their computer. They have confidence that i can help them. Quite often, I can. A little research, a little knowledge, and the ability to solve problems tends to do the trick.
I've never studied lockpicking. I've never needed to. Locks are usually either very easy to go through, or around. Around is usually the best way.
These days, it's all white-hat. That makes it even more fun.
Re:So what locks ARE good?!? (Score:2, Interesting)
So to answer your question, I'm no lock expert but the only name that always comes to mind as a good lock maker is Medeco. I'm sure there's more, but I'm sure there's MANY MANY bad ones
I want to learn how to pick locks so at least I can know which ones someone with the intelligence of a baboon (i.e. me) can beat. There must be a time when locks will have to be scrutinized more for robustness. Though locks aren't everything in security, but you're only as good as your weakest link.
Re:Surely you must be joking Mr Feynman (Score:5, Interesting)
In one, Feynman had learned a technique to pick up the last number or two of the three-number combination from open file cabinets, and he also learned that one only had to be accurate to about +/- 3 on the dial. This allowed him to drastically reduce the number of guesses needed for a lock.
He was telling a colleague about this, and they ducked into an office so he could demonstrate. Feynman already knew the last number for this particular lock, so he was saying something like... "so I can try out the numbers really quickly. Let's assume the first number is this [sets dial] and I'll check the second number like this..." and the lock opens almost immediately. He thinks fast and continues without pause "... and that's how it's done!" And they walk out, leaving everyone in the office gaping in shock. It was a lucky guess ont he first two numbers, but he didn't let on.
In the other story, the Boss had a BIG safe installed, and after Manhattan was closing down they needed to get into it. People asked Feynman to try it, because of his reputation, and he said he would. (How could he refuse without destroying his rep?) He goes into the office, and it's open. Feynman eventually finds out (after many amusing diversions) that the base locksmith had opened it by trying the factory combination.
I work for a bike parts/accessories wholesaler... (Score:5, Interesting)
Generally, folks buying locks know that it's just a deterrent... except for the people buying exactly the retails-at-$80 lock (with heavy-duty chain) shown in the movie, who tend to be messengers and/or people with $1k+ bicycles. Personally, my bikes stay locked up in my living room when I'm not on them, and I don't take my lock with me when I seriously ride because that would tempt me to separate myself from the bike. I've got a cheap old schwinn cruiser for that. (=
Re:So what locks ARE good?!? (Score:5, Interesting)
Re:Off to the pop machine... (Score:3, Interesting)
i don't know much about lock picking, but some posters there basically speculate that most circular locks are somewhat succeptable to this kind of picking and the krpytonite happened to be especially unlucky due to the diameter of the barrel and pressure needed to compress the springs of the teeth mechanisms inside.
the bic pen happened to hit the spot, being the proper diameter and the proper softness, collapsing where necessary, but strong enough to poke down, where necessary.
i'll say that after practicing for a little while, i can pop a krpytonite EV disc lock (top of the line) in about 5 seconds.
Feynman (Score:3, Interesting)
In addition to winning the Nobel Prize, Feynman spent much of WWII at Los Alamos working on the atomic bomb. He devotes part of this book to his work there, including his (usually succesful) attempts to crack the many safes & locked file cabinets found at the base. He was very much a computer hacker in the days before computers.
No Holy Crap here (Score:0, Interesting)
-On mine, the keyhole is on the end of the straight bar, not in the middle.
-On mine, the end of the U bar not interfacing with the lock has a distinct J curve. The one in the video doesn't show this.
Is that a real KryptoLok in the video, or some cheap import? Or has Kryptonite just gotten really shoddy?
Re:A valuable skill (Score:3, Interesting)
Re:I learned lockpicking as a child (Score:5, Interesting)
"There is no spoon"
Porsche cars not easy to steal (Score:3, Interesting)
In terms of hotwiring or other methods of driving away with a stolen car, Porsches are impossible to steal. They've got factory-installed burglar alarms that are engaged every time you lock the doors. The engine will not start until the alarm is properly disengaged. Someone MIGHT be able to spoof the electronic radio signal that disables the alarm. But then you've got a special key with a computer chip that the car checks before starting the engine. In the end, the best way to steal a porsche is with a flatbed truck. Then chop it and sell it for parts. A used 1997 twin turbo sells for $100k +, so most people keep those vehicles under close watch. I dunno. Thought I'd chime in after laughing at Nick Cage in Gone in 60 Seconds driving away in stolen porches. Ridiculous.
Re:A valuable skill (Score:2, Interesting)
I once picked a lock with a bobby pin. Really. Broke it in two and bent with my multitool to made a rake and a tension tool. This with knowing nothing about lock picking except for a brief description in Feynman's story "Safecracker Meet Safecracker" in "Surely You're Joking, Mr. Feynman"
Odd Texas law (Score:3, Interesting)
Specifically, you cannot carry wire cutters in your back pocket.
The law dates back to the conflicts between ranchers and farmers near the time of Texas independence. Back then, much of the land was not fenced in, so cattle herders would move their herd around, grazing. Needless to say, the farmers didn't care for that, so they put up barb wire around their lands.
Incidentally, this is a case of technology exciting a reaction: previously, farmers would've been forced to build a wooden or stone fence, and the areas were very large. A barb wire fence, however, was quick and easy to put up, so they were more likely to put one up.
Anyways, a lot of the cattle herders didn't care for these fences, so they'd cut through them with wire cutters, and go on through. Many, in fact, took to cutting barb wire fences wherever they saw them.
So, Texas outlawed casual possession of wire cutters: they can't be in your pocket. They'd better be in a tool box. This is similar to the hassle you'll get from cops if you wander around with a spraypaint bottle poking out of your jacket.
Anyways, that's the story.
Re:I work for a bike parts/accessories wholesaler. (Score:5, Interesting)
I will never buy another lock, ever. I only trust my good bike ( A Trek Project One 5500/5600 (the OCLV 110 from a year or two ago) with campy record) to be within reach. My junker is a 1960s Schwin that cost about $60 and is in 4 colors of cheap spray paint. I just tie it in place with a double figure-eight knot
-WS
social engineering a better tool (Score:3, Interesting)
And then day, a few of us somehow got the idea to "kidnap" the big-bob statue when we noticed on a late night dining trip it was just made of fibreglass (light enough to carry away) and locked to the sidewalk with a sliding metal rod key padlock.
Instead of picking the padlock (which we probably could have done very easily as we practiced all the time), my buddy decided to just copy down model number and the serial number and take it to a local locksmith and claim we lost the key to the lock and needed a new key. After some convincing, the locksmith went to the back office and pulled out a book, looked up the serial number, cut us a key with his key cutter by pin-code. We borrowed a convertable one night, unlocked the lock, picked bob up, and brought him back to campus. And nobody had to keep lookout why we were attempting to pick the lock... That didn't turn out so well (although caltech laywers were on our side, the big-boy corporation wasn't very amused by our humorous note and eventually we negociated a return in exchange for a no prosecution agreement, but I digress).
Sometime later in life, I ended up losing the only set of keys to my car during a business trip (I gave the other set to my friend who was out of town that weekend). Angry at myself, I took a cab home and fumed for a couple hours. Then thinking back to my college days, I hitched a ride to nearest car dealer (of the same make, but not the same one I bought the car from, don't want to single a vendor out for a security lapse) told the guy in the replacement parts department I lost my car key, but I knew the VIN code to the car (duh, you can see that through the windscreen), he looked up the VIN code in their national database (I bought my car new) found my name, I showed him my ID and he then cut me a key by pin code and I had a brand spanking new key to my car. If I was a bit more convincing, I'll bet I could have convinced him to do it for me even w/o an id, by just knowing the name of the original owner...
The lesson I learned from all this is that the most essential tool for most things is often just your mouth (and chutzpah) when it comes to locks...
Re:Lock Picking For fun and Profit??? (Score:3, Interesting)
Re:Noticed the trend as well (Score:3, Interesting)
Classic blunder from "War Games": Joshua trying to crack the nuclear missile launch codes and locking in digits of the code. "He's got four numbers. Another 5 minutes and he'll have all of them!" This is a security system, not MasterMind(tm).