The Schlage pushbutton lock has become a common sight in the residential lock armada, but with the spread of smartphones comes a new breed of lock, that speaks to the network and is controllable remotely.
The firs tof these I saw recently is the August Lock, recently written about in Wired Magazine. It is the first that uses the Bluetooth-LE spectrum, and has some interesting advantages. Worth a look, certainly.
Another new entrant is launching with a crowdfunded effort, suprisingly, and is an aftermarket fit-over style lock attachment. The Lockitron speaks wifi (a little scary) and gives worldwide access to the locking situation.
Of course, with of these just expans the attack surface of the lock, right? There will always be a pickable manual lock, and now there is a second way in that has just as many avelues for attack. That said, the benefits may outweigh the risks, especially for low security residential situations.
The lock picking forum lockpicking101.com has been online for 12 years as of this past April. With almost 65,000 members contributing to over 50,000 topics, lockpicking101.com is one of the most popular and active lock picking networks on the web today.
The site also happens to be the official forum of Locksport International, which is why there isn't a forum on this site. If you are looking for local locksport information, the Locksports Local thread at http://www.lockpicking101.com/viewforum.php?f=19 is a great place to start.
The Commando Lock Company is a new lock manufacturer based in the United States, committed to building the highest quality locks seen in the US market in recent memory. They are now gearing up for distributorship in the US, while they hone their manufacturing processes.
What's most important is their committment to the locksport community. We recently received a sample lock at the Columbus branch, and were impresed with their ICHANGE shackle and general pick resistance of the locks. There is a banner ad on Keypicking.com that will give users a 2-1 discount on any locks purchased and shipped form their Michigan factory.
Here's what Patrick Smith told me about the production run as it stands today:
"We're building the tools to produce padlocks in standard sizes from 38mm (1 1/2) through 51mm (2.00) with shackle sizes from 1/4 to 7/16. Our 50mm and 51mm will have interchangeable cores. All sizes will offer our IChange shackle system and our removable shackle guard. Our 51mm will be fun for the destructive warrior with enhanced armor in addition to the improved cylinder. (Think S&G 951C concept) We've been busy building for the military and our competitors but now we're ready to reach out to the retail/commercial world. At the end of the day, our 2013 improvements will be recognized as the locks that were built by the industry."
Locksport International supports lock companies taking an active interest in the locksport community. While we have fun at our meetups, we also recognize the serious nature of the security industry, and the remarkable amount of FUD that is spread around by lock companies.
I don't know about you guys, but I tend to get pretty excited when I hear about the possibility of some new Locksport swag; so I'm usually on the lookout for ways to make or purchase items to show my support. Last week the owner of a local antique store (and also a friend of mine) sent me into a near sprint towards the back of her store was when she told me how she had just acquired a new laser-etching machine.
Of course the first thing that came to mind was “what can I put a Locksport image on?”. So Bobbie, my friend, and I went searching the Internet for an acceptable image as a template (sorry Doug, the stripper straddling the lock pick just didn’t seem appropriate). The image to the left is our final product.
This image was made with the photo of Doug wearing the new Locksport shirt. For what we had to work with, I think it came out pretty well. Bobbie explained to me that she could etch this image (or any other images) onto just about any surface for a great price. If anyone is interested in a water bottle or other item like a cell phone case or pick case, please let us know!
- 11/03/10 Fred Westermeyer (President, L.I – Columbia, MO)
Things are winding down here in the Lockpicking Village at The Next HOPE. I just finished uploading some great pictures of the weekends events to the photo gallery. L.I successfully hosted two competitions, Lockpicking Wizard and 24 Hours of Locks. The 24 Hours of Locks competition ran from 5:00pm Friday to 5:00pm Saturday and a total of 17 people competed. Below is a list of the top 5 competitors:
Number of Locks Opened
Since the first 3 contestants are L.I members, prizes were given to the two runner up contestants, Chris and Jake. Their picture is above.
In Lockpick Wizard, there were two finalists, Doug Farre and Schuyler Towne. For the final round both contestants were blind-folded to the audience's delight. Schuyler won the contests after 8 excruciating minutes, opening five out of the ten available locks while Doug only opened two.
-7/17/10 - Doug
L.I will be in New York this weekend to help coordinate the Lockpicking Village. We plan on hosting a few competitions and workshops and will be working with TOOOL.US to make this the best Lockpicking Village New York has ever seen. We will have custom picksets and shirts for sale. All pickers welcome! See our post @ hope.net (http://thenexthope.org/2010/06/the-lockpicking-village/)
- 07/14/2010 - Doug
Deviant Ollam was nominated and selected for the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. Deviant is well-known as a founding member of the United States division of The Open Organisation Of Lockpickers (TOOOL) and as a security consultant and trainer with his company The CORE Group. I contacted Deviant after the news of the release of his new book, Practical Lock Picking: A Physical Penetration Tester's Training Guide.
Q: First off, why do you call yourself Deviant?
A: Well… that’s a bit of a story, but I’ll give my best shot at an answer. Before I do, I should point out one key fact about my involvement with The Open Organisation Of Lockpickers. While I did have the pleasure of meeting Barry Wels (the original founder of TOOOL back in the Netherlands) on one of his earliest appearances at a United States hacker convention, I was not among the small initial group upon which he bestowed permission to form a division of TOOOL here in the USA.
Originally, at the end of a 2600 HOPE conference, he gathered four individuals who were sitting near him for the better part of the afternoon. Babak Javadi, Schuyler Towne, Eric Schmiedl and Eric Michaud had just become, he announced out of the blue, his “new Board of Directors for TOOOL in the US.”
Babak went home and later formed a chapter in Iowa. Eric S and Schuyler have had a somewhat active meeting in Boston… and Eric Michaud (along with people like Mouse) started the Princeton University chapter of TOOOL (now simply referred to as the Mid-Atlantic chapter, with meetings localized around the Philadelphia / New Jersey region).
It was about six months later (standing in the hallway after my lockpicking presentation at the first ShmooCon) that Eric, Mouse, and others from Princeton approached me and asked me to join them at the New Jersey meeting. I assumed a leadership role very quickly in that local chapter and began organizing some of the events at a national level, like the Lockpick Villages, etc.
It was only when Schuyler Towne stepped down to focus more on academic endeavors the following year that I was invited to join the Board of TOOOL, and I have proudly served there ever since.
As for the story of my nickname… while growing up I was surrounded mostly by conservative adults who had no shortage of criticism for what they saw as immorality and delinquency (things that I recognized simply as my generation's tolerance and appreciation for alternative lifestyles, non-traditional belief systems, or music and art that wasn't mainstream)... but these same people (my parents were occasionally among them) were so stuffy at times that they wouldn't even use profanity or overly-harsh language to condemn my generation's morals, culture, etc.
I can recall quite clearly that on more than one occasion my mom would use the word "deviant" as if it were some sort of epithet… "deviant sex" or "deviant clothing" etc. I was always silently amused by this. When you consider the true definition of the word… to "deviate" is merely to differ, to turn out of an established or recognized course. When I was little, my parents made sure to teach me that there was nothing inherently bad about being different and that I should be tolerant of others.
However, it was interesting observing society's tendency to maintain the status-quo… particularly as people age. I didn’t want to slip into reactionary attitudes and conservative ways that I saw around me. As a nod to the fact that I’ve always felt best when bucking the norm (and since I believe societies and civilizations are at their healthiest when they are packed to the gills with a broad diversity of opinions, beliefs, and lifestyles) I opted to take the nick of "Deviant" some time ago.
(I should note that this wasn't a jab at my parents at all… both of whom I love very much and with whom I have a healthy and happy relationship, even if I don't call as often as I should.)
Q: It has always been exciting for the locksport community when one of our own grabs a book deal. How long have you been working on this book and what was your motivation?
A: The whole project has gone very, very quickly… although at times I feel as though I’ve aged years in the weeks that have recently passed. The primary writing of the manuscript was completed in about a month’s time, actually. I started writing the day after St. Patty’s day and had submitted the entire manuscript and all of the photographs, figures, and diagrams by mid-April. By the end of that month, all additional matter like the Appendix, the Author’s notes, and other minutiae were also completed.
The rest of the process has been the very grueling and seemingly never-ending affair of shepherding the text through the ordeal of composition, page layout, etc. The publisher (in this case Syngress, but it’s the same with all the major houses) farms out this part of the project to other institutions, mostly overseas. The inevitable result is that pages come back to you looking nothing like you expected… often with lots of grammatical and syntactical errors (due to cultural and idiomatic misunderstandings) that must be addressed.
I have to say my publishers here in the States have been really understanding and backed me up at every turn when I would insist that changes be made or that sections be moved around (often, moved back to the way that I had positioned them originally) to flow better, be clearer, etc.
So yeah, that’s been the main effort in this whole process… it’s rather like making a baby, I’d venture to guess. The initial act is a lot of fun and over pretty quickly when compared with the pregnancy as a whole. After some waiting, however, then comes the real rush and frenzy of actual birthing… and there are some major labor pains. They say it gets easier after your first one. I can imagine that being the case, and I hope to write additional titles if this one sells well.
As for what started it all? Well, I could say that simply it was Rachel from Syngress approaching me at Black Hat one summer and asking if I’d like to write for them. But my motivation was a little bit deeper and more meaningful than that. This may sound silly, but in my life I’ve always tried to focus my livelihood around three supreme, over-arching goals:
- To never officially be a “professional” anything
- To get through life, birth to death, while wearing a tie as rarely as possible
- To change the world for the better
… I’ve always faired pretty well with the first two rules in whatever jobs I’ve taken and whatever path I’ve made for myself. But that last one can be a real kicker. In some ways, perhaps I always envisioned it as being fulfilled by participation in some meaningful and egalitarian foundation, or a continuation in my career path of teaching perhaps.
Those are all goals I’m happy to pursue as time goes by… but actually putting pen to paper and creating something that will potentially live on after me, imparting knowledge that I find fascinating to a new generation of hackers and lock enthusiasts, etc… I think that’s not a bad first attempt at point number three on my grand personal plan.
If people get something out of this book and if I have managed to explain this information in a way that really resonates with some of the readers, I’ll be very very happy.
Q: What is great about this book is that it covers an aspect of security that is commonly overlooked in the industry. Who would you consider the ideal purchaser of this book and how do you anticipate them using it?
A: Well, as the text’s full title indicates… I wrote this mostly with professional penetration testers and security consultants in mind. My thinking was as follows…
There are some people for whom locks are nothing but a small hobby or side interest… and they will often be content to view a few videos on the internet or read very brief “spy manuals” that appear for sale in Soldier-of-Fortune magazines and such. Often these books are quite brief (less than 100 pages) and feature very bare-bones, line-art drawings that cover only the most basic facts. And that’s fine; these books are simple and cheap and there’s a market for that. The tinkerers and curious types who pick them up will maybe fiddle with a lock every so often, perhaps get it open one day, and be satisfied at the fun bit of knowledge they have earned themselves.
Alternately, there are some books out there which are outright tomes of knowledge, massive in size and very broad in scope. These texts are essentially reference works for police, locksmiths, forensic technicians, etc. They catalog scores of locks from all walks of life and often run to an excess of 1,000 pages. (Two such notable titles are Marc Tobias’ Locks, Safes, and Security and Graham Pulford’s High-Security Mechanical Locks.) These books can be a wonderful read if you’re truly fanatical about locks, and naturally they are invaluable tools to some people in the trades mentioned above… but few people outside those fields can hope to dedicate themselves to really thorough study of such works, cover-to-cover.
My book attempts to bridge the gap between those two extremes. In today’s world, there are lots of security consultants and penetration testers who would do well to have some understanding of and significant experience with lockpicking. These are people who can devote time and effort to learning in an organized way… but are not dedicating their lives exclusively to lockpicking. My book gives a basic overview of how picking and bypassing works and lays out a series of easy-to-follow lessons that can build basic skill quickly, without a lot of frustration and stumbling blocks along the way. Thus, it is my hope that pen testers who want to augment their skill set to include lockpicking ability can use my book in order to learn how to pick most locks that they will encounter most of the time.
Q: While you were writing the book, did you develop or discover any new techniques or vulnerabilities? Is any of this content included in the book?
A: Much of the book is devoted to teaching basics and fundamentals, so there aren’t too many “new” techniques in there, at least as far as my own knowledge is concerned… future works that are being planned will cover more intriguing and challenging matters like that, however. ;-)
I did, however, have the pleasure of exploring some of these “conventional” techniques in greater detail than ever before. I think I spent more time picking cruciform locks (cross locks) than I had in the past simply when writing the sixth chapter and working on the associated images.
So yeah… on this specific book I didn’t have the thrill of developing especially new techniques, but I did experience the pleasure of discovering and refining my techniques with old ones.
Q: Enough about the book; you regularly give teach presentations and organize events at various hacker cons throughout the world. Can you give us a little history of how you got to the well-respected position you are in today?
A: More than anything, I feel this was a product of my nature when speaking and the very good fortune I have had with respect to flexibility of scheduling. For whatever reasons, people genuinely seem to enjoy listening to my talks. The topic of lockpicking is a captivating one, and my lectures go over well enough with audiences that I get invites to new and interesting places all the time. I’m lucky enough to be able to accept most of these invites.
The more I speak, the more I become noticed in new, different circles. It still astounds me when I attend an event where I have never been before and I am recognized by people whom I’ve yet to meet. The world is just genuinely full of interesting and cool people who want to understand new things… and I’m very happy to teach anyone that is willing to listen and learn. It’s an absolute blast.
Heh, and the frequent flyer status that it has earned me on Star Alliance is goddamn awesome. Without it (and all of the added privileges I have with respect to checked baggage) I don’t know how I’d go about trying to fly everywhere with all of this heavy equipment. =D
Q: What are the plans for the future?
A: First and foremost, I hope to see the locksport community continue to grow and develop. TOOOL gets requests all the time (approximately a dozen or more every month) from people in far-flung areas who hope to start a new chapter in their neck of the woods. While often the best we can do is recommend that people check out their local DEFCON Group or 2600 Meeting, we keep track of all such interested parties and when a group of significant size appears, we put them all in touch with one another. Other locksport groups operate in much the same way… hosting regular gatherings, meeting new people, expanding, etc. In addition to the original branches of TOOOL that formed in the United States (mentioned above) we now have healthy, popular chapters that meet regularly in Ohio, North Carolina, California, and even other international spots such as Canada and Austria.
I want to keep bringing hands-on workshops and lockpicking games to any public events that think we’d be a good fit with their attendees. This past spring TOOOL had an awesome presence at the Maker Faire in San Francisco and it was a really big hit. We are invited to participate at future MAKE events, and the response from attendees who saw lockpicking (some of whom were experiencing it for the first time) is really terrific.
On the business side of things, Babak Javadi and I have our own company, The CORE Group, offering physical security consultation, assessment, trainings, and more. With ties to many people in the law enforcement and intrusion response industries we are always growing our tool set and knowledge base. There will be some very interesting developments there in the future, too, I am sure.
More than anything, I want to help lockpicking continue to be understood as an innocuous and harmless hobby. The more the public can be educated about locks, the greater chance we have of diminishing people’s fears about lockpickers.
- 06/29/2010 - Doug
Sexy new Locksport shirts now available in a wide range of sizes to fit your needs. These shirts are American Apparel - 2007 Fine Jersey Long Sleeve T-Shirts. Their ultra comfortable, 100% cotton design makes them great for both summer and winter. If you are a member of Locksport International, see your chapter president for discount information.
All proceeds go directly towards legal fees to make L.I an offical 401c3 (non-profit) organization. Shirt orders are fulfilled by our friends at Security Snobs and can be found here.
- 05/09/2010 - Doug
Datagram was nominated and selected for the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. Datagram is well known for his work on two separate endeavors: lock forensic analysis (www.lockpickingforensics.com), and Lockwiki (www.LockWiki.com), a repository of lock related information. I sat down with Datagram in his Los Angeles villa over a New York Strip to discuss his passage into the locksport community.
Q: First off, why do you call yourself Datagram?
A: I've been part of the computer security/hacker community for longer than I've been working with locks, and many of the lock-related events I do are at computer/security events. Using a handle is pretty traditional for US security groups and events so it has become what people know me as. There's a running joke between friends that no one would know who I was if I started putting my real name on my presentations and research papers. I don't remember why I chose 'datagram' in particular, though.
Q: So I understand that you your work in forensics was your debut into the locksport community. Is it okay if I go ahead and describe you as an amateur lock forensics guy gone pro? Can you explain how this progression occurred?
A: That's not true, exactly. I've been working with locks for about a decade but it wasn't until a few years ago that I became interested in the forensics aspect. Before doing forensics I did training and presentations on locksport at various security conferences and events. Eventually I started looking for resources on forensic locksmithing but had a hard time finding much. I decided to do my own research and make the website. Since then I've gotten an increasing amount of work teaching and performing forensic locksmithing both at home and overseas. In the sense that I am an amateur turned pro, you're correct.
Q: Have you developed any proprietary methods of forensics analysis or published any discoveries?
A: I don't believe in having secrets in forensic locksmithing. A big part of the job is knowing what to expect and what is possible. Free exchange of information between forensic locksmiths helps to promote awareness of different attacks and the evidence they leave behind. To that end, I have a few articles and sections on the site that detail uncommon attacks or rare types of evidence. The next few articles for the website will also have similar information that has, to my knowledge, never been published before.
Q: What is the coolest for-hire forensics job have you done?
A: Well, forensic locksmithing is not like the CSI show on TV, but there have been many interesting cases. The most fun, for me, comes from the investigations where I have to try a variety of attacks against a duplicate lock to see if they produce the same tool marks/signature as what was found on the lock in evidence. The best example of this was testing different chemical (acid) attacks against brass-based padlock bodies. Teaching has also been rather cool, especially when you get to teach government/law enforcement. The best part is getting to see what equipment they use and hearing what they think of locks and physical security in general.
Q: What are the plans for the future, etc, etc…?
A: I'm working on a few new articles for the website. They detail attacks and forensic techniques for some popular and upcoming American brand locks. I expect the articles to be useful to forensic investigators because of the overwhelming popularity of these locks. As for the website, I'd like to expand into other lock types, particularly lever and disc-detainer locks. They are uncommon in the United States but are an interesting lock mechanism with unique forensic evidence, picking tools, and attack methods. Right now I just need to build up a budget to purchase some new lever locks and picking tools. They are not too expensive by themselves, but the shipping costs from the UK are killer!
Q: For those that don't know, what is LockWiki?
A: Lockwiki is a collaborative website, like Wikipedia, that focuses on locks, safes, locksport, and physical security. Anyone can contribute information and resources to the site, and the content is reviewed and edited by many people to make sure that all the information is accurate and non-biased.
Q: I know I am not alone when I say that LockWiki is a fantastic source for lock and physical security related information. How “complete” is the repository?
A: As far as the end-goal, it is very incomplete. I'd say that what you see on Lockwiki today would be less than 1% of the information available a few years from now. In light of that, there are certain pages that are very thorough, containing information, images, media, and references for further information. Lately, I have been working on lock-specific pages because they are the easiest to do and provide a good amount of information. Once they are done, they require little upkeep - which is great cause I don’t have to worry about the older articles and focus on getting new/improved articles on other parts of the site.
Q: What are your long-term goals and strategies to increase content on the site?
A: Right now I have been focusing on going through my lock collection and doing very detailed articles for each lock I own. Many that I've done have turned into really thorough pages that rank higher on Google than most of the official pages for those locks! In the long term I hope to get more editors contributing the site by editing articles, uploading images, or doing more administrative work like writing help pages and creating templates for other editors to use. I'm probably the worst salesman you could find, so I rarely try to sell people on the idea of editing or contributing. Those that have contributed have done much to improve the site and motivate me to keep going with my own updates.
Q: I understand that you are responsible for 99% of all contributions to the site. Why do you think people are so reluctant to contribute?
A: That's actually true, but I would like to truly thank the 1% that have gone out of their way to contribute to the site. Finding people to continually contribute is difficult but understandable. Many people just don't have the time, which I think is the biggest factor. Some don't have the technical knowledge to write in-depth articles, and others don't have the writing skills. Many people get upset when they write a long article and someone else (usually me) goes in and edits it to be more readable or better organized. But that's the point of the site. That's why everyone can contribute and improve everything on the site. You have to develop a thick skin to have your writing publicly accessible by anyone in the world. People are going to pick on every possible thing about your writing, but in the end the site benefits from all those opinions.
- 05/05/2010 - Doug
TJ was nominated and selected to debut the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. TJ, known on www.lockpicking101.com as tjweaver84, has been interested in lockpicking since high school. He is now 25 and nearing the end of a 6 year stint in the Navy operating nuclear reactors. TJ is known in the community for his work at finding a vulnerability in the Abloy Protec, known by many as one of the most secure locks ever made. I asked TJ to discourse the events that lead up to his discovery and this is what he wrote:
“….I got the Protec so I could learn how they work. Within minutes of getting the package at work, the Abloy was in about a million pieces. It took about 3 hours to reassemble it but I learned a ton about the lock. Then a couple nights later I was lying in bed when an idea struck me. The lock was already apart and on my desk so I started playing with the disc blocking system with the lock removed from the body and figured out a process that may someday be used to open the Protec consistently.”
TJ doesn’t claim to be able to pick the Protec consistently, but he has demonstrated his technique successfully at least once. In the meantime, he is in contact with the manufacturer, Abloy, to implement a fix.
More information on TJ’s findings can be found here: http://www.tjweaver84.com/protecpicking.php
- 04/19/2010 - Doug
TJ Weaver lives in Greenville, North Carolina with his wife and child. He is interested in computers, electronics, R/C stuff, locks, Amateur Radio, building stuff, outdoors stuff, and bonsai trees. He would like to be contact by others in the area interested in sharing his interests with locksport. email@example.com
Welcome to the new Locksport International homepage! I am pleased to announce our new online presence and some of the exciting things we are working towards in the coming year. If you get a chance, take a few minutes to explore the new site. If you are interested in starting a chapter, you will surely be pleased with the resources that we have made available. In addition, we have added a new element to the site called Locksport Person of the Month (LPOTM). Every month we will choose someone from the locksport community to recognize for their contributions.
We hope that if you have any feedback you wont hesitate to inform us. Thanks for visiting, and check back often!
- 4/17/10 - Doug
- Schuyler Towne is making news again, spreading the good word of Locksport post-kickstarter-debacle.
- The Columbus branch of L.I got a nice writeup in the local paper.
- Cody's electronic lock bypass has been exploited by an actual theif. Remember, folks, use your powers for good not evil!
- Peterson is making their Government Steel picks with plastic handles now.