Become a fan of Slashdot on Facebook


Forgot your password?
Security Books Media Book Reviews Technology

Steel Bolt Hacking 448

Alec Kryten writes "Here is a book that introduces and teaches a fascinating new sport for the hacking hobbyist which doesn't necessarily involve computers. Steel bolt hacking is the art of competition lock picking that is beginning to make its mark on computer people and other geeks around the world. At DefCon this year I picked up a book titled Steel Bolt Hacking, which teaches the basics of lock picking. I bought it because I watched the lock-picking contest during the DefCon Convention and thought that I might want to participate in next year's lock-picking events." Read on for Alec's review of the book.
Steel Bolt Hacking
author Douglas Chick
pages 114
rating 8 out of 10
reviewer Alec Kryten
ISBN 0974463019
summary How to pick locks, crack combinations for LP sports groups

The beginning of the book discusses the origins of lock-picking sporting groups, crews in the U.S and Europe, competition around the country, and how to become a part of a lock-picking group. One of the groups out of Colorado Springs, DC719, are a bunch of computer geeks that have taken up the art of lock picking and sponsor a lock-picking contest every year at DefCon. According to Mr. Chick, computer people are the fastest group to pick up the art of lock picking. (I must warn you though, there are also a lot of disclaimers about the author not being responsible for the misuses of the information contained in this book.)

The book is fully illustrated with pictures of different types of lock picking instruments, tools to make your own picks as well as padlocks, deadbolt, and combination locks. There are pictures of locks that have been cut open and even how to crack push-button combination locks. (You know, the kind you find on the door to a server room.) I have to say, for a little book, (114 pages) it is brimming with valuable information for a beginner. What I didn't realize was that software isn't the only thing that has security vulnerabilities; mechanical things like padlocks and deadbolts do as well. What was scary to learn is how easy cheap locks can be picked, and that 80 percent of all locks used are cheap locks. Expensive locks are just likely to take a little longer.

I liked that the book didn't exaggerate. It didn't tell me that I was going to be a master lock picker after only a few tries. It took a little time, practice and sore fingers, but after a couple weeks of practice, I could pick every lock in my house. And as a computer person, I liked all of the jargon that was used to explain locksmith techniques. There was also enough humor to keep the book interesting; it's difficult to read any type of textbook and still maintain a reasonable interest. The illustrations are good and there is a resource section to purchase the tools you need from the Internet.

What I didn't like about the book: The most annoying point, I felt, is the considerable redundancy in methods between different types of locks to be picked. Also, the book suggests that there might be a lock-picking group in every city in the U.S., when in fact I am having a difficult time finding one in my are. And I live near D.C. -- You'd think there would be one on every corner around here. I think that the sport is still in its infancy and Mr. Chick is hoping his book will draw more people to it. The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.

All in all, I found the book informative, entertaining and worth the purchase price of 19.99.

You can purchase Steel Bolt Hacking from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

This discussion has been archived. No new comments can be posted.

Steel Bolt Hacking

Comments Filter:
  • by ackthpt ( 218170 ) * on Wednesday September 15, 2004 @03:16PM (#10258990) Homepage Journal
    Think that Kryptonite lock is safe? Think again [].

    Some other interesting discussion []. Small wonder I scarcely let my racing bike out of my sight.

    "may I borrow your pen? I need to pick up some transportation."

    • I feel bad for the poor guy who you linked to - sites with video that get linked to from here usually don't last long.
    • by Chris Pimlott ( 16212 ) on Wednesday September 15, 2004 @03:34PM (#10259203)
      Haha, very nice videos. Will have to try that on my lost-the-key-so-long-ago bike lock at home.

      In case the videos get /.'d, the technique appears to be that you jam the open end of those cheap plastic pens into the keyhole hard enough and turn it. I'm guessing the plastic is malleable enough to conform to the 'teeth' of the lock and basically becomes a near duplicate of the original key. Pretty neat.
      • Holy Crap (Score:5, Interesting)

        by tunabomber ( 259585 ) on Wednesday September 15, 2004 @04:01PM (#10259474) Homepage
        Just tried it on the Krypto-Lok sitting next to my desk and once I figured out the trick, I got it open in about 15 seconds.
        Basically, you have to shake the lock at the same time that you're turning the pen.
        My guess is that shaking and wiggling the pen causes the interface between the pins & spacers to move around, and if you're turning the pen at the same time, the cylinder will rotate a notch as soon as the interface between the leading pin/spacer pair is in the right place. Then you just repeat the same procedure for all the other pin/spacer pairs.
      • the pen just does a combination of allowing you to turn the lock cylinder and jiggle the lock pins so that you can align them at the splits (or whatever you call them). Just standard lock picking techniques. I'm suprised they can open the bike locks so quickly as good locks are supposed to have features that make them pick resistent such as false splits and better pin alignment. The reason you can pick locks is because the pins aren't in perfect alignment and you can torque the lock so one pin rubs in it
      • by Corf ( 145778 ) on Wednesday September 15, 2004 @04:33PM (#10259782) Journal
        ...and I browse /. when the sales calls aren't heavily inbound. Naturally, I forwarded the link to the other six folks in the department, and everyone's buzzing about it. We will definitely bring it up with the Kryptonite rep the next time he's in the area.

        Generally, folks buying locks know that it's just a deterrent... except for the people buying exactly the retails-at-$80 lock (with heavy-duty chain) shown in the movie, who tend to be messengers and/or people with $1k+ bicycles. Personally, my bikes stay locked up in my living room when I'm not on them, and I don't take my lock with me when I seriously ride because that would tempt me to separate myself from the bike. I've got a cheap old schwinn cruiser for that. (=
        • by WinterSolstice ( 223271 ) on Wednesday September 15, 2004 @06:36PM (#10260866)
          I had a bike locked with the top-end kryptonite stolen. The thief then kindly re-attached the kryptonite to the bike rack. When I tried to redeem the "lock guarantee" or whatever that ridiculous thing is called, they called me a liar. They said I didn't lock it properly or some such.

          I will never buy another lock, ever. I only trust my good bike ( A Trek Project One 5500/5600 (the OCLV 110 from a year or two ago) with campy record) to be within reach. My junker is a 1960s Schwin that cost about $60 and is in 4 colors of cheap spray paint. I just tie it in place with a double figure-eight knot :)

    • by brunning ( 136511 ) on Wednesday September 15, 2004 @04:00PM (#10259467) Homepage
      it's my site... those two quicktimes have been downloaded close to 80,000 times today so far, but the server ( appears to be going strong.
    • Kryptonite has responded to all this recent brouhaha (I'd hate to work there this week!) with a replacement program for locks 2 years old and newer and a rebate program for locks older than that. Details can be found at their slow and ugly [] site or via the businesswire mirror of the press release [].

      Relevant paragraphs for the lazy:

      Consumers who have purchased an Evolution lock, KryptoLok lock, New York Chain, New York Noose, Evolution Disc Lock, KryptoDisco or DFS Disc Lock i

  • A valuable skill (Score:5, Interesting)

    by erick99 ( 743982 ) <> on Wednesday September 15, 2004 @03:17PM (#10259006)
    A few years ago I bought a few books on lock picking as well as a lock pick set from England. It turned out to be a great skill to pick up. I have opened countless door locks, cabinets, etc. and saved myself and others money and aggravation. The downside is that if it's widely known that you have this skill you may well be a "suspect" when an office or house is broken into. Anyway, the book sounds good.


    • Re:A valuable skill (Score:2, Interesting)

      by Anonymous Coward
      as well as a lock pick set from England [...] The downside is that if it's widely known that you have this skill you may well be a "suspect"

      Just so you know, you don't have to be a 'suspect'. Owning of lockpicks is illegal. Pure and simple. I guess only terrorists use them or something.

      • in which country is it illegal? blanket statements like that are not very useful.

        are locksmiths also banned from lockpicks?
      • Re:A valuable skill (Score:2, Informative)

        by Carik ( 205890 )
        Depends where you live, actually. I'm a locksmith (which is to say, I took a correspondance course, and then did a whole lot of reasearch on my own), and according to Massachusetts (USA) law, owning a set of picks isn't illegal. Owning them with intent to commit a crime is what's illegal. Now... you can probably see the problem here. Go ahead, prove you're not intending to commit a crime...

        Basically, if the police want an excuse to harass you, they have one. If you stay out of their way, and don't mak
        • by Skye16 ( 685048 )
          Actually, you don't have to prove you're not intending to commit a crime. That's the beauty of innocent until proven guilty.

          They could still make your life a living hell just by trying to prove it, though, so your harassment statement stands. Eep!
        • You have to watch out. Some states have decided (by statute or precedent) that a non-locksmith possessing lock picks creates a presumption of criminal intent.

    • by RevDobbs ( 313888 ) *
      The downside is that if it's widely known that you have this skill you may well be a "suspect" when an office or house is broken into.

      Yeah, that's why I try not to buy books like this one over the internet... nor use my credit card / B&N "member" card when buying it in person.

    • Re:A valuable skill (Score:5, Informative)

      by lhand ( 30548 ) on Wednesday September 15, 2004 @03:31PM (#10259169)
      You might also check out Ted the Tool's on-line book called the "MIT Guide to Lock Picking" found here [] among lots of other places.
  • by MacBrave ( 247640 ) on Wednesday September 15, 2004 @03:18PM (#10259017) Journal
    I first read about serious lock hacking in the book Hackers [] by Steven Levy. The early hackers at MIT were notorious for hacking locks on office doors, toolboxes, safes, etc. to get to tools and information.
    • by phyruxus ( 72649 ) <jumpandlink&yahoo,com> on Wednesday September 15, 2004 @03:23PM (#10259092) Homepage Journal
      There's a great bit in the book "Surely you must be joking Mr Feynman" where he (Feynman) talks about safe-cracking. His propensity for beating locks gets him called into a boss' office where a safe containing nuclear secrets (or something ridiculously important like that) sits, but no-one knows the combination. So he sits down at the thing, presses his ear to the door and starts listening, only to have the thing pop open on the first try.

      Everyone in the room goes "Ooooo! how did you do that? Are you really that good?" And he had the presence of mind to say, "Yes." =)

      • Ah yes, it didn't take long to get the Feynman reference into this discussion. How I love /.!

      • I haven't read it in a while, but wasn't the combination the STOCK combination from the factory?!

        Feynman is my favorite wise-cracking, lock-hacking, bongo-playing, skirt-chasing Nobel physicist!
        • If I'm not mistaken, he talked about one of the safe's passwords being set to "e". He got the idea because he found a post-it with the 3.1415... written on it in the secretary's desk. That wasn't it, but he judged that the owner of the safe was exactly the kind of person to use that type of number - and tried the other obvious one. Which did the trick.
        • by peacefinder ( 469349 ) * <{alan.dewitt} {at} {}> on Wednesday September 15, 2004 @04:27PM (#10259727) Journal
          The poster confused two different stories into one.

          In one, Feynman had learned a technique to pick up the last number or two of the three-number combination from open file cabinets, and he also learned that one only had to be accurate to about +/- 3 on the dial. This allowed him to drastically reduce the number of guesses needed for a lock.

          He was telling a colleague about this, and they ducked into an office so he could demonstrate. Feynman already knew the last number for this particular lock, so he was saying something like... "so I can try out the numbers really quickly. Let's assume the first number is this [sets dial] and I'll check the second number like this..." and the lock opens almost immediately. He thinks fast and continues without pause "... and that's how it's done!" And they walk out, leaving everyone in the office gaping in shock. It was a lucky guess ont he first two numbers, but he didn't let on.

          In the other story, the Boss had a BIG safe installed, and after Manhattan was closing down they needed to get into it. People asked Feynman to try it, because of his reputation, and he said he would. (How could he refuse without destroying his rep?) He goes into the office, and it's open. Feynman eventually finds out (after many amusing diversions) that the base locksmith had opened it by trying the factory combination.
      • by Euphonious Coward ( 189818 ) on Wednesday September 15, 2004 @04:16PM (#10259632)
        The safe in question was my aunt's father's. She said he didn't bother changing the combination because he knew it was all theater anyway, and the way spies would get secret documents was to get people who had them to hand them over. As it happened, he was right.

        She also said that he said General Groves was a real bastard.
    • Hackers is a great book. I've read it a couple times, and I wish I knew whathappened to my copy. You'd think, since I run a used bookstore, that someone would have brought a copy in, but no...

      A humorous note, my wife's ex-husband ate his blatties.

  • by Khaotix ( 229171 ) on Wednesday September 15, 2004 @03:18PM (#10259019)
    Lockpicking and an interest in computers seem to go hand in hand. A number of the people in my college are seen practicing picking locks during boring lectures.

    One guy picked the lock on a projector and cabled another person to the projector cart
    • Lockpicking and an interest in computers seem to go hand in hand.

      lockpicking skill and an interest in computers, not so much.

    • I learned how to pick locks in college. It was a valuable skill in the dorms where people were consistently locked out by their roommates. Housing charged you $25 to let you back in. I charged $20.

      An interesting side effect, I'm sure one that goes with just about any skill most people don't have, is the number of times you see people in movies doing it absolutely wrong.

      • by Sylver Dragon ( 445237 ) on Wednesday September 15, 2004 @07:16PM (#10261190) Journal
        An interesting side effect, I'm sure one that goes with just about any skill most people don't have, is the number of times you see people in movies doing it absolutely wrong.

        Boy is this true. Having worked with card-access systems for 5 years, I always chuckle at the way movie characters get past these things, and not trip any alarms in the process.
        Just some notes for those people contemplating getting past a card reader.
        • Pulling apart the reader may trigger an alarm, not always but often enough.
        • Shorting the wires together will not open the lock. What it will do is A) send lots of alarms (read fails) to the guard at the security desk. B) Very possibly short out the door control and make the door locked permanitly.
        • From the Resident Evil movie, running a needle through a card reader will get you jack. Maybe its a good thing they just let her out.
        • You will never "lock in" a single digit of a PIN combination on one a electronic combination lock by running through numbers. What you will do is send through a bunch of alarms to the guard.
        • While cutting the wires to a door alarm will technically disable the alarm, the loss of the door loop will send through its own alarm. Those wires carry a specific resistance, if that changes an alarm is sent.
        Those are about the worst offenders off the top of my head, in reality getting past an electronic lock is a pain in the ass, this is why the government/military uses them.

        • You will never "lock in" a single digit of a PIN combination on one a electronic combination lock by running through numbers. What you will do is send through a bunch of alarms to the guard.

          Classic blunder from "War Games": Joshua trying to crack the nuclear missile launch codes and locking in digits of the code. "He's got four numbers. Another 5 minutes and he'll have all of them!" This is a security system, not MasterMind(tm).
  • by switcha ( 551514 ) on Wednesday September 15, 2004 @03:20PM (#10259036)
    The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.

    No, he just lost his password for checking his email.

  • by knowles420 ( 589383 ) on Wednesday September 15, 2004 @03:20PM (#10259037) Homepage Journal's thread [] on picking the kryptonite U-locks with a bic pen tube.

    quicktime movie [] of the same.

  • Legal issues (Score:5, Informative)

    by alienw ( 585907 ) <> on Wednesday September 15, 2004 @03:20PM (#10259054)
    In DC, basic possession of lockpicking instruments is illegal, unless you are a licensed locksmith. You don't have to prove intent. This is the same in many other states. Be careful and don't do anything stupid.
    • Re:Legal issues (Score:5, Insightful)

      by LurkerXXX ( 667952 ) on Wednesday September 15, 2004 @03:24PM (#10259103)
      Mod parent up. I got into it a long time ago, and found out when you take trips to certain states/districts, leave the picks at home!
    • Re:Legal issues (Score:5, Insightful)

      by idontgno ( 624372 ) on Wednesday September 15, 2004 @03:26PM (#10259118) Journal
      And, given the inevitable but accurate comparisons between lockpicking and system/network hacking, how long before basic possession of network-hacking tools (unsanctioned non-"trusted"/non-DRM computers, etc.) and skills is also inherently illegal, intent be damned?

      Sigh. How far from cyberpunk dystopia are we now?

      • Hmmm. I may have to rethink my mild opposition to guns in light of the amount of information out there teaching some waste of DNA to pick my household locks.
    • by jdray ( 645332 )
      So everyone should stop carrying Bic pens?
    • Re:Legal issues (Score:5, Interesting)

      by severoon ( 536737 ) on Wednesday September 15, 2004 @03:32PM (#10259181) Journal

      Yes, this became true in CA a few years ago as well. This seems sort of ridiculous to can they outlaw lockpicks? They're just tools--it's like outlawing crowbars because they're afraid someone will use them for evil.

      Anyway, in most states that have outlawed them, you can still get your hands on them by simply registering and passing the test to become a "licensed locksmith". This doesn't necessarily mean you have to hold yourself out as a business, either. It just means you passed some test and registered with the state so you can carry around your lockpick set. I've been thinking about doing this off and on, because in college I lived with a guy from Caltech for a summer, so I of course had a window into lockpicking as a result and it caught my interest.

    • Funny thing about that requirement. About 10-12 years ago, I knew a guy who went through the trouble to become a licensed locksmith. Then he could legally carry lockpicks. He would use those lockpicks to rip off vending and gambling machines.

    • Just remember: you can pick your friends, and you can pick your locks, but you can't pick your friends' locks.
  • by Thud457 ( 234763 ) on Wednesday September 15, 2004 @03:22PM (#10259079) Homepage Journal
    My first task at the first job I ever had that required a security clearance was to pick a lock.

    It was on a removable HD tray that jammed, but the story's better when I leave that part out.
    You believe me, right? I posted it on slashdot!

    • I had to get into the cases of a dozen or so surplus PCs, which we had no case lock keys for any more. They were old Siemens-Nixdorf ones, where the lock was quite hard to get at, and physically locked the lid in place. The PHB was going mental, trying to get Siemens to supply him with keys, etc.

      Now, those of you who have read a few of my posts may recall that I do a lot of work on cars. So, out to the car park, into the boot of my car, and out with the angle grinder. It *did* take a long time to cut t

  • by Anonymous Coward on Wednesday September 15, 2004 @03:23PM (#10259087)
    Like computer hacking, the primary value to most people is not learning how to hack, but learning how to make things more hack-proof.

    So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?

    That, IMHO, is the REALLY important thing to discuss!
    • So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?

      It seems that people in the hobby are reluctant to endorse brands. I saw Barry "The Key" Wels at HOPE this year. His presentation involved the pricey (and supposedly uber-secure) Medico locks and another brand of expensive lock that he agreed with the manufacturer to keep the brand name hidden during his talk.

      When his talk shifted
    • Erm...that's what you say to the mainstream media but you can tell the truth here on slashdot. You know full well that very few competitive lockpickers are doing it for anything other than entertainment and very few are actually going to feed back their knowledge to help lock manufacturers improve their products.
    • by halbert ( 714394 ) <> on Wednesday September 15, 2004 @04:39PM (#10259830)
      Actually, it does discuss several options to better secure your locks, such as putting your deadbolt locks(which are as easy to pick as a padlock) upside-down, to prevent gravity from helping the lock picker. Not impossible to pick, but a LOT harder. Like the difference between hacking a windoze box and an OpenBSD box.(sorry, couldn't resist) The more expensive the lock, usually the harder it is to pick, because they cost more to make. Good book, I recommend it.
    • A Mul-T-Lock [] is supposed to be virtually unpickable.
    • Really all locks are vulnerable - locks are sort of like DRM or encryption - there has to be a protocol to get through the security and protocols can be hacked. In general there are three issues with locks: the complexity of the mechanism (that reduces the effectiveness of hacks, i.e. a five number combo is better than a three number against simply trying every combo), the precision and quality of the engineering (i.e a lot of cheap combo cable locks are vulnerable to very simple hacks of "feeling out" the
    • Consumer Reports ran a battering ram into some locked doors. What gives first is the "strike plate", the usually flimsy piece of metal in the door frame that the bolt slides into.

      The first thing to do is to replace that with a reinforced strike plate anchored with long screws. The Mag 3 has a full bucket to enclose the bolt and transfer load to the rest of the strike plate, which has four screw holes. Use 3" long #10 wood screws (drill a pilot hole first) and you're solidly anchored to the studs.

      Then thin
  • What? do you go to Home Depot to practice?
  • by PHPee ( 559830 ) on Wednesday September 15, 2004 @03:24PM (#10259102) Homepage
    If you're interested in learning a bit about lock picking, but aren't sure you want to spend $20 on this book yet, take a look at this article [] at

    It offers a great introduction to lock picking, and has some nice graphics that really helped me understand how locks work, and how they can be circumvented. If you really get into it, then I'm sure this book would offer a lot more information to help you along.
  • by foxtrot ( 14140 ) on Wednesday September 15, 2004 @03:25PM (#10259108)
    I've found over the years, simply being self-taught, that there are very few locks I can't get into using stuff I carry on me or stuff that's easy to find (leatherman tool, paperclip, sewing needle, whatever.)

    There's a much larger number of locks that I can't get into without making it patently obvious somebody broke in. This is something I haven't been as successful in teaching myself.

    The former is engineering. The latter, that's art.

    • by dykofone ( 787059 ) on Wednesday September 15, 2004 @04:49PM (#10259927) Homepage
      leatherman tool, paperclip, sewing needle, whatever.

      And never forget the value of the handy old credit card. A friend and I got started in lockpicking with some sets we got off ebay back in middle school, and by the end of high school were quite profficient.

      But I've found now that just about any locked door that doesn't use a deadbolt can be opened much faster with a credit card. I keep three of varying thickness in my wallet depending on the situation. I use my ID badge at work to get into the conference rooms because it's quicker than pressing in the door code.

      Also, two butter knives work pretty well too if you have a reasonable gap between the door and frame, just alternate force on them to "walk" the latch out. Best part is, you haven't touched the door handle at all, so it's about as non-invasive as you can get

  • by MonolithicX ( 656642 ) on Wednesday September 15, 2004 @03:26PM (#10259116)
    the easiest way to break in is to crawl through a window.
  • by Monkeyman334 ( 205694 ) on Wednesday September 15, 2004 @03:27PM (#10259121)
    At work we have 4 of those 8' tall cabinets with the small keys and cheap locks. My building has 80 people working in it, so it was a pain when someone used the cabinet and ran off with the key. Who could it be? I told them I could knew how to pick locks. Really I meant that I saw a tutorial on about 6 months ago. I was talking out my ass but gave it a shot anyway. In about 2 minutes I had picked their crappy lock and we could tell who took the key by the stuff that was in the cabinet. Everyone in my office kept saying "I don't want to know what you did before you worked here." I tried to keep my "skills" quiet though. Didn't want people looking to me when stuff went missing.
    • My boss mentioned that he had a couple combination locks for gym lockers, etc., that were just laying around because he forgot the combinations if it wasn't used in awhile. I told him if it was a Master lock there was a simple method [] for getting them open and he could bring it in.

      Well, he did. The only thing is it wasn't a Master lock but some crap no-name lock made in Taiwan or someplace. The Master method didn't work on it but I decided to see if I could do it by touch (never tried before).

      Two minu

  • Wait... (Score:4, Funny)

    by StevenHenderson ( 806391 ) <> on Wednesday September 15, 2004 @03:27PM (#10259125)
    So now you're telling me that Douglas Chick is the master of unlocking? Well, Barry Burton told me that Jill Valentine was...
  • by jambarama ( 784670 )
    Locks just like security fixes and such only make it more difficult for someone to break in. We've covered the kensington lock vulnerability before here: 5&tid=172&tid=184&tid=1

    Ultimately everything is hackable, hard and software, by those who have too much time and a little knowhow.

    It just sure is nice to be one of those people.
  • Learned this at MIT a million years ago.

    Wait until the streep sweeper comes by and follow it down the street. The bristles are spring steel that is perfect for lock picks. They fall off, just pick them up off the street.

    I've never made a set of picks so I don't know if this is true or not, but there was a decent lock picking culture at MIT in the late 70s.

  • by notestein ( 445412 ) on Wednesday September 15, 2004 @03:29PM (#10259152) Homepage Journal
    Pick up a copy of "Surely You're Joking, Mr. Feynman!"

    It's a good quick ready and talks about his lock picking and safe cracking while working on the Manhattan projcet at Los Alamos.

    Or read about it here []
  • by Silicon_Knight ( 66140 ) on Wednesday September 15, 2004 @03:30PM (#10259162)
    For locks like a Medaco lock - in which the tumblers have to be rotated to a certain angle (usually 15 deg increments) as well as lifted to a certain height - AFAIK there are no tools out there that can pick that. However, even the strongest locks uses brass for the tumblers (Medacos are no exception - at least the one that I opened up to play with :) ).

    Brass is primarily a copper alloy. It is extremely reactive in the presence of strong acids. A few years back, a friend of mine wanted to look at a smart card under a microscope - just curious, that's all. I was working in a research lab then, and I mixed hydrochloric acid with nitric acid to make aqua regia. We were able to dissolve the GOLD contacts off the smart card to expose the chip underneath. (Aqua regia is used for lot assay analysis of alloys to determine alloy composition - you start by dissolving the metal, then feed it through some form of spectroscopy machine to measure the quantity and the composition of the metal). If I had squirted that into the door lock and held it in place with some bubble gum ... I could probably have opened the door with just a screwdriver after the tumblers are dissolved.

    - SK
    • A shot of Freon or R-12 will freeze the lock components to the point that they will shatter when struck with a pointed chisel and hammer. The only problem with that is that you've just left evidence. With a precise picking, the point of entry is hard to determine.
    • by mkettler ( 6309 ) on Wednesday September 15, 2004 @03:48PM (#10259358)
      For that matter, most structures surrounding locks aren't indestructible either. When you get down too it, someone can break into a lot of places by driving sledgehammer or truck through the door.

      However, that makes lots of noise. It's hard to protect an office building from a bulldozer attack, but then again, it's pretty hard to sneak around with a bulldozer.

      Really an attack involving strong acids isn't much more practical. Not many thieves want to walk around with a bottle of highly concentrated HCL hidden in their pocket. (think spillage while trying to run from the police)

      Your best bet in any physical security is to try and make the thief do one or more of the following:
      1) make a lot of noise (defeating stealth)
      2) leave a lot of good evidence about the intrusion (defeating anonymity)
      3) use specialized or expensive tools (defeating any financial gain)
      4) use a tool too unwieldy or impractical to transport inconspicuously. (defeating stealth)

      Of course, scale the measures to fit the value of what you're hiding.

  • by e9th ( 652576 ) <e9th@tupodex.EULERcom minus math_god> on Wednesday September 15, 2004 @03:35PM (#10259208)
    If your aim is just to gain surreptitious entry, there may be easier ways than picking the lock.

    When my father died, he left some important papers in a locked drawer in his file cabinet. The key was nowhere to be found. But the drawer above it had no lock. I just removed that one.

    Older Steelcase desks with a center drawer actuated locking mechanism could be opened (well, except for the center drawer itself) by just reaching behind that drawer and lifting up the lever that locked all the others.

  • by Tassach ( 137772 ) on Wednesday September 15, 2004 @03:35PM (#10259212)
    I'm suprised no one has linked to the (in)famous MIT Guide to Lockpicking [] yet.
    • I wish I had known about this site when I was locked out on my own balcony and forced to jump.

      Well, I suppose I would also wish for to be locked out with my laptop.

      Oh, and be in WiFi range.

      Or at least have this book handy.

      Well, since I'm wishing, I suppose I could wish to not get locked out, too.
    • by Giant Killer ( 33130 ) < minus punct> on Wednesday September 15, 2004 @03:57PM (#10259434) Homepage
      I'm suprised no one has linked to the (in)famous MIT Guide to Lockpicking yet.
      Dang it, I was going to post that. Now I would just be redundant.

      Lockpicking was standard teaching for freshman the East Campus dorm at MIT. This guide has served as the standard since around 1991 iirc. During the yearly EC "Oddball Olympics" lockpicking was one of the main events. I remember a masterlock being picked in 9 seconds. Really, masterlock padlocks can be that easy. And I've seen master hackers (roof and tunnel in this case) spend an hour and a half on a Schlage and never get it.

      This is a great guide and a good place to start, but lockpicking is all about feel. Like anything else, it just takes practice to get good.
  • by dcw3 ( 649211 ) on Wednesday September 15, 2004 @03:37PM (#10259232) Journal
  • The Club!!!! (Score:2, Insightful)

    by Anonymous Coward
    I always love watching people secure their Clubs to their steering wheels and feel so secure. What has happened is thieves bypass the Club and hacksaw the steering wheel itself. Steering wheel broken, slide Club through hole, no more club!!
    • I think the club is like bear and tennis shoes old joke.

      Bear starts chasing two men in the woods.
      One guy stops and puts on his tennis shoes.
      Other guy yells "what are you doing those shoes
      won't make you faster than the bear!"
      First guy replies "I don't have to be faster than the bear just faster than you."

  • here be the pdf (Score:2, Informative)

    by Anonymous Coward

    Funky-type pdf Guide.pdf

    ~!-xor it-guide/

  • by Christopher Thomas ( 11717 ) on Wednesday September 15, 2004 @03:47PM (#10259337)
    First, the obligatory link to a mirror of the MIT Lockpicking Guide [].

    Second - as another poster noted, lock pins aren't typically made from high-strength alloys. A battery-powered hand drill (and a screwdriver to turn the lock when the pins are gone) is the best and fastest lock pick that there is. Didn't even leave any visible damage when I used this approach on a filing cabinet we'd lost the key to. Just pick a bit as wide as the key entryway, and drill down the line of pins.

    Be advised that the lock tends to jam after closing again, as the remains of the pins fall back into their channels when the lock returns to its original position. But if you're drilling a lock, you're typically looking for a one-time solution anyways.
  • NOT available at B&N (Score:3, Informative)

    by still cynical ( 17020 ) on Wednesday September 15, 2004 @03:56PM (#10259418) Homepage
    Forget the link to B&N, try Amazon [] instead.
  • by Render_Man ( 181666 ) on Wednesday September 15, 2004 @03:57PM (#10259429) Homepage
    I've participated in the Lockpick contest for the last 2 years. It's been a blast. Quite a challenge too. The book is'nt anything hugely groundbreaking (check out [] for a really amazing book), but it's a good thing to read if your curious or if your like me and are not very good at explaing how to do it to others.

    I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?

    It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.

    I've got some descriptions of the contests and LP resources up at my site [] and some links to videos and the MIT guide if anyones curious.

    Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force.
  • Go magnetic (Score:3, Interesting)

    by greg_barton ( 5551 ) * <> on Wednesday September 15, 2004 @03:58PM (#10259435) Homepage Journal
    Just use a magnetic [] lock.
  • by TaxSlave ( 23295 ) <lockjaw AT lockjawslair DOT com> on Wednesday September 15, 2004 @04:18PM (#10259646) Homepage Journal

    I first learned to pick locks at my childhood church, from my dad. The locks were standard household style locks, on doors that opened outward, so all I needed was a pocketknife.

    During High School, I could often be found inside the locked classroom, waiting for the teacher to arrive. I knew which doors opened using which methods, and which windows were nearly impossible to lock properly.

    I've learned a few things about physical security over the years. Walls don't always go to the true ceiling. Locks don't always work as advertised. The unknowledgeable don't always understand the proper ways to secure things, and a disgruntled soon to be ex-employee will occasionally just hand you a key you shouldn't have.

    With my knowledge of computers, I make it clear that I look the other way when people are typing in their passwords on a PC I'm working on. I want it to be clear to them that I don't know their password. If I want to gain access to a PC, I don't need to know the password before I start anyway.

    People come to me when they need to gain access to something they've locked themselves out of on their computer. They have confidence that i can help them. Quite often, I can. A little research, a little knowledge, and the ability to solve problems tends to do the trick.

    I've never studied lockpicking. I've never needed to. Locks are usually either very easy to go through, or around. Around is usually the best way.

    These days, it's all white-hat. That makes it even more fun.

    • by g0bshiTe ( 596213 ) on Wednesday September 15, 2004 @05:28PM (#10260291)
      Nice job, I find myself in the same situation. Remeber the old bicycle locks, the kind with the ring style tumblers? That was my first lock. Since then I have worked part time for a locksmith for a few years. There isn't a car I can't get into with little more than a coat hanger. If that doesn't work a few bobbi pins will do. Though the Mercedes security locks trouble me. The only household locks I can't do are Baldwin and Medico. Pretty much everything else is fair game. In school Master combination locks made me popular. Some kid next to me would forget his locker combo and start to go get the janitor. I'd stop em and ask for one of their shoelaces and procede to open their locker with it. True security is like a dragon, it's a mythilogical beast.

      "There is no spoon"
  • Feynman (Score:3, Interesting)

    by Hans Lehmann ( 571625 ) on Wednesday September 15, 2004 @04:54PM (#10259964)
    While you're at it, pick up a copy of Richard Feynman's "Surely you're joking, Mr. Feynman."
    In addition to winning the Nobel Prize, Feynman spent much of WWII at Los Alamos working on the atomic bomb. He devotes part of this book to his work there, including his (usually succesful) attempts to crack the many safes & locked file cabinets found at the base. He was very much a computer hacker in the days before computers.
  • by Banner ( 17158 ) on Wednesday September 15, 2004 @04:57PM (#10259982) Journal
    Okay, in many states you can legally own lockpicks as a hobbyist.


    IF YOU ARE ARRESTED FOR -ANY- CRIME, POSSESSION OF LOCKPICKS WILL CAUSE YOU TO ALSO BE CHARGED WITH POSSESSION OF 'BURGLERY TOOLS'! This could even include a speeding ticket if the Officer decides to search you. So if you are going to carry lockpicks on your person, BE CAREFUL!
  • by Chris Tucker ( 302549 ) on Wednesday September 15, 2004 @05:12PM (#10260132) Homepage
    So I'm at a jobsite and really REALLY needed to pee.

    I recalled seeing a bathroom on the floor and when I got there, I was confronted with a pushbutton lock.

    The pushbuttons were some kind of polymer, with the numbers PRINTED on them.

    Three of the buttons had the numbers worn away.

    Needless to say, I solved the lock in a few seconds.

    Funny thing, it was an executive-type bathroom, not to be used by scruffy hacker geeks like me.

    Or so I was told by the executive-type that found me in there using a urinal.

    "Who gave you the combination?"

    "Everyone who used the bathroom since the lock was installed, that's who." (FLUSH)

  • by Mulletproof ( 513805 ) on Wednesday September 15, 2004 @06:12PM (#10260692) Homepage Journal
    Can we PLEASE stop fixing the word 'hacking' to the hobby of ones choice where it really REALLY holds no relevance?! Hey, tonight I'm microwave hacking, so what sort of TV dinner would you like? We can talk about the sky hacking I'll be doing with my friend's RC plane over the weekend. What? You'll be doing some lawn hacking with your mower? Too bad. After our sky hacking session we were going to do some car hacking and put a spoiler ON MY DAMN CAR.

    Using this word superfluously is starting to take on the characteristics of the word 'kool'; You sound like you have an IQ of 5, so give it a freakin' rest already.
  • by Animats ( 122034 ) on Wednesday September 15, 2004 @07:22PM (#10261229) Homepage
    You don't see lever locks much any more, but that's a better approach. The key raises a set of hinged levers. Each lever rotates a plate with a slot, and when the slots line up, a bail drops into them, unlocking the lock. In some designs, the turn of the key locks the levers before it drops the bail, so you can't manipulate the levers once the bail is touching the slots.

    Lever locks have the combination component one step removed from the input component, which makes them harder to force. If you try to force a lever lock, you may trash the levers, but that won't open the lock.

    Safe deposit boxes are traditionally lever locks, although not always very good ones. Jail locks are usually level locks of massive size.

    Lever locks are usually big rectangular boxes, unsuitable for embedding in a door. So they're not used much unless serious security is required, as in a jail.

Nothing is finished until the paperwork is done.