Practical Lock Picking: A Physical Penetration Tester's Training Guide

Overview

For the first time, Deviant Ollam, well known lock picking teacher from DEFCON and Shmoocon is putting all of his knowledge into one book! Infosec professionals that need knowledge of lock picking will find this the perfect tutorial and later reference with solid and fast-acquired understanding of a variety of locks including electronic devices. You will find everything you need including quick-entry tricks like shimming, bumping, and bypassing, along with details on how ensure ...

See more details below
Available through our Marketplace sellers and in stores.

Pick Up In Store Near You

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (5) from $23.99   
  • New (2) from $41.62   
  • Used (3) from $23.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$41.62
Seller since 2005

Feedback rating:

(430)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
2010-07-23 Paperback New NEW, no remainder markings. Ships fast with tracking!

Ships from: Palm Coast, FL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$175.00
Seller since 2014

Feedback rating:

(178)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Practical Lock Picking: A Physical Penetration Tester's Training Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$34.95
BN.com price

Overview

For the first time, Deviant Ollam, well known lock picking teacher from DEFCON and Shmoocon is putting all of his knowledge into one book! Infosec professionals that need knowledge of lock picking will find this the perfect tutorial and later reference with solid and fast-acquired understanding of a variety of locks including electronic devices. You will find everything you need including quick-entry tricks like shimming, bumping, and bypassing, along with details on how ensure future access and how to cover your tracks.

  • Author has taught 1000s of individuals many at leading conferences like DEFCON and Shmoocon
  • Only up-to-date book available for the information security professional
  • This knowledge completes the penetration tester’s toolkit for internal and external audits of a company’s security
Read More Show Less

Editorial Reviews

From the Publisher
Winner of the Best Book Bejtlich Read in 2010

"Practical Lock Picking (PLP) is an awesome book. I don't provide physical testing services, but as a security professional familiar with Deviant's reputation I was curious to read PLP. Not only is PLP an incredible resource, it should also serve as a model text for others who want to write a good book. First, although the book is less than 250 pages, it is very reasonably priced. Second, Deviant wastes NO space. There is no filler material, background found in other readily available texts, reprinted Web site content, etc. Third, the writing is exceptionally clear and methodical, with extreme attention to detail and a master's approach to educating the reader. Finally, the diagrams, pictures, and figures are superb."—Richard Bejtlich, TaoSecurity

"No matter what your background is, if you want a new and fascinating insight into this world, I don't think any book will give you a better introduction to this field than this one."—Barry Wels, Founder and President, The open Organisation Of Lockpickers

"You have exhausted your budgets on the myriad of high tech cyber threats and finally have time to take a breath. Just as you settle in your chair to review the dashboard which shows the fruits of your tireless effort, an alert hits your phone. The voice on the phone cries out 'The servers are GONE!' This book will show you what happens when attackers decide to 'get physical."—Chris Nickerson, Lares Consulting

"The clear explanation and plentiful diagrams leave the reader with a clear idea of how lock mechanisms work, and the practice exercises that follow build on this knowledge to allow the reader to quickly progress before moving on to the simpler techniques, shimming and bumping...Overall the book does much to dispel the myth that lock-picking is an arcane, difficult art and puts the reader in a position to carry out more effective physical security reviews...In summary this is an excellent practical introduction to the subject and the publishers are to be congratulated for producing another good niche penetration testing book."—Nick Dunn, BCS, The Chartered Institute for IT

Read More Show Less

Product Details

  • ISBN-13: 9781597496117
  • Publisher: Elsevier Science
  • Publication date: 8/10/2010
  • Pages: 256
  • Product dimensions: 7.40 (w) x 9.10 (h) x 0.70 (d)

Meet the Author

Deviant Ollam's first and strongest love has always been teaching. While paying the bills as a security auditor and penetration testing consultant with The CORE Group, he is also a member of the Board of Directors of the US division of TOOOL, The Open Organization of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted lockpick training sessions at Black Hat, DeepSec, ToorCon, HOPE, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, DeepSec, and the United States Military Academy at West Point.

Read More Show Less

Read an Excerpt

Practical Lock Picking

A Physical Penetration Tester's Training Guide


By Deviant Ollam

Elsevier Science

Copyright © 2012 Elsevier, Inc.
All rights reserved.
ISBN: 978-1-59749-990-3


Excerpt

CHAPTER 1

Fundamentals of Pin Tumbler and Wafer Locks


CHAPTER OUTLINE

Pin Tumbler Locks 2
Wafer Locks 26
Summary 39


While there are a multitude of lock designs on the market today, produced by many different manufacturers, the bulk of these offerings are not in widespread use. Nearly all of the locks that you are likely to encounter on a day-to-day basis stem from just a few basic varieties, and the mechanisms inside of all of these devices operate in almost the exact same manner. If you can understand the basics of just a few styles of locks, I'm confident in suggesting that you should be able to open with great ease at least three quarters of the locks you're likely to encounter ... even more, as you become more skilled with time.

The overwhelming majority of locks that are in use today, particularly in North America, are either pin tumbler locks or wafer locks. A handful of other designs are prevalent in certain international regions. Lever locks, for example, are an older design originating in the 17th century with keys that tend to be larger and their operation more cumbersome than more recent designs. These are a common sight in Europe, central Asia, and parts of South America. Rotating disk mechanisms are popular in northern Europe and parts of the Pacific Rim, while some locks in Austria and Japan feature magnetic components. However, in all cases—even in the regions outside of North America—it should be understood that these designs are usually not nearly as prominent as basic pin tumbler locks and wafer locks, particularly as far as penetration testing is concerned.

Typical office doors, desk drawers, filing cabinets, and access panels will usually be equipped by default with lower quality locks because they are the easiest to mass produce, the simplest to service, and the most economical to replace or re-key should the need arise. Until furniture manufacturers and hardware stores cease ordering bulk shipments of locks with low production costs and lax quality standards, we are likely to continue encountering them for a very long time.


PIN TUMBLER LOCKS

The style of lock with which the majority of people are most familiar is the pin tumbler design. I realize that many of you may already be somewhat aware of this hardware (and, indeed, diagrams and photographs of all shapes and sizes seem to abound on the internet and in other printed works), but I feel it would be helpful for us to analyze this mechanism briefly, from the ground up, in order to properly understand how it functions and how it can be exploited.

Pin tumbler locks come in many forms and styles and can be incorporated into hardware that appears in a number of different shapes. Take a look at the locks in Figures 1.1, 1.2, and 1.3.

While each lock is clearly a very different form factor, all three function with a traditional pin tumbler mechanism which is operated by means of a simple "blade" style key, shown in Figure 1.4, the likes of which you have seen multiple times before.

The pin tumbler mechanism is one of the oldest lock designs in existence and is still widely used today. Let's take a closer look at how the components of these locks are made and assembled, paying particular attention to how the lock attempts to hold itself shut without the key present. There are two primary large pieces that comprise the bulk of a pin tumbler lock: the housing and the plug. These are the two items that can easily be seen from an exterior perspective and are thus the most understood. We will now walk through the manner in which these two segments are fabricated and how they fit together.


The plug

The plug of a pin tumbler lock is constructed from a cylindrical billet, typically made of brass although occasionally steel is used in high quality models. Often the first feature to be added, after the metal is cut to the requisite length, is a small divot in what will become the front face of the plug. This helps to seat and align the key during user operation. See Figure 1.5 for a better understanding of how we shall look upon the various components of lock hardware. On the left is a frontal view, what the user would typically see from a straightforward perspective. On the right of the diagrams in Figures 1.5 through 1.12 we see a perspective from the side.

Given that the bulk of what concerns us takes place further inside of the lock, we will begin to focus our "straight forward" view (on the left side of these diagrams) further inward. In Figures 1.6 through 1.12, that image will correlate to a cross-section of the plug (or the lock as a whole) approximately 5mm in from the front face.

The plug will be milled with a small lip around the front facing edge. This is dual-purpose, in that it prevents the plug from sliding inward through the lock housing while also precluding a potential attacker's insertion of material that could penetrate the front of the lock and interfere with the operation of the pin tumblers within.

It is quite common for this front milling process to be more intricate, involving additional ridges or deeper grooves. Again, this is to prevent pieces of thin metal or other tools from being inserted and worked into the depths of the lock from the outside.

In addition to this front lip, the rear section of the plug is also typically milled with either a grooved notch or given a threaded end to accommodate a retaining clip or screw cap, respectively. While threading is typically produced at the end of the process, a clip notch can often appear at this time, as represented in Figure 1.8.

The next component to be milled is the keyway. The shape of the slot for the key is called the keyway profile. The primary reason for using more than a simple rectangular slot is the need to help seat and align the key as it is inserted into the lock. The curvature present in nearly all keyways results in protrusions of metal (called wards) that align with deeper cuts and bends on the key. These help keep the key level and raised to the appropriate height during operation.

The warding created in the design of a keyway has an additional function. As we will see in Chapter 4, the more complicated the curvature of the keyway profile, the more the wards will potentially interfere with the usage of picks, snap guns, and other tools that could potentially be used in attacking a lock.

A third consideration for manufacturers when designing a keyway profile is also one of intellectual property protection. If a specific pattern is unique and unprecedented, the lock manufacturer will enjoy copyright protection of this "new design" for a period of twenty years. This right is typically leveraged not for the prevention of knock-off or copycat locks, but is in fact used by hardware manufacturers to prevent the availability of unauthorized key blanks on the open market. When a design is still relatively new, the vendors can market that their locks incorporate "restricted keyways" for which there is not a widespread supply of blanks available to third parties.

As you may have seen when having a key duplicated at a hardware store, the large racks or drawers of uncut blank keys are not typically filled with name-brand components. Kwikset and Schlage may be among the most common logos stamped on our locks in North America, but take a look at the actual keys in your pocket. If I were a betting man, I'd wager that many (if not all) of them are embossed with names like Ilco or Hy-Ko (or bear no markings whatsoever). This is because manufacturers of locksmithing components and supplies now primarily handle the production and sale of blank keys to most hardware stores, strip mall kiosks, and key copying centers. While this often results in a savings in cost (passed on to consumers, who can typically copy a key nowadays for one to two dollars), the flood of "unauthorized" key blanks across the market can have security implications.

A number of tactics for defeating a lock are feasible only if the attacker has a supply of blank keys that can be inserted into the keyway. Bump keying and impressioning are two such methods of attack. (Impressioning is a bit beyond the scope of this work, but bump keying will be discussed in Chapter 5.) Even more basic is the risk of unauthorized copies of keys being made without permission. While it is possible to stamp "Do Not Duplicate" onto the bow of a key, this direction is routinely ignored ... particularly by non-locksmiths.

At this stage of production the keyway is typically milled into the plug blank. I have seen this done in person at the EVVA factory in Austria and it's an astonishing process. A large pneumatic ram forces the plugs along a track, exposing them to a series of fixed blades in an ornate and intricately-arranged jig. As the plugs pass each blade, the slot for the keyway grows deeper and wider and more intricate. The whole process takes mere seconds.

Often, additional milling and cutting takes place at the rear end of the plug, in order to accommodate and interface with tail pieces or cams. These are the components of the lock that actually interact directly with the bolt or latch mechanism which is holding a door or drawer shut.

Remember, it's not a lock's job to hold something shut. You can easily prevent someone from, say, accessing a particular room of your house by applying brick and mortar to the doorway. That will surely keep unwanted people out, right? What's the problem with such a solution? The answer, of course, is that such a solid wall of stone isn't the best thing to have if you're also concerned with allowing authorized people in. That is what locks attempt to do for us ... they assist in giving otherwise robust security a means of quickly, easily, and reliably opening when necessary. It is our deadbolts, our padlock shackles, and other similar hardware that actually provide the means by which things remain shut. Our locks are mechanisms that simply trigger the release of said deadbolts and shackles at (we hope) the appropriate time.

There are a number of attacks that we will discuss in Chapter 5 which focus on ignoring the lock mechanism entirely as one seeks to simply interact directly with the latch or bolt hardware deeper within the door. Many of these attacks focus on weaknesses in the way that the lock core (often, the rear of the plug specifically) interacts with a tailpiece or cam.

The final stage of fabrication of the plug (usually) is the drilling of pin chambers. These are often drilled from above, all to a uniform depth, and equidistant from one another. That is by no means a hard-and-fast rule, however. We will discuss some unique designs in Chapters 5 and 6 that vary from this norm. However, one feature that tends to be uniform in almost all locks is the alignment of the pin chambers from front to rear. Ideally, these chambers will be drilled in a perfectly straight line ... but, as we will see in the following chapter, that is unfortunately a very difficult thing to achieve with utmost precision.

There are some additional features that may be added to plugs by certain manufacturers. It is not uncommon for small additional chambers or holes to be fabricated near the front face of the plug. These are subsequently filled with ball bearings or ceramic inserts that can frustrate and impede drilling attacks. Such features are shown in Figure 1.12.

The other large component from which the core of a lock is constructed is the housing. This contains the plug and all other associated smaller elements such as pins and springs. Much as we did with the plug, let's take a look at how the housing is constructed in order to properly understand its function and role within the lock (see Figure 1.13).

One of the first components to be milled into a lock's housing is often the large, central bore that will accommodate the plug. It is typically fabricated straight through with an even diameter (see Figure 1.14).

An additional ridge is milled into the housing at the very front of the bore opening, to interface with the lip on the front edge of the lock's plug. Figure 1.15 shows this ridge from both the front and side view.

Pin chambers are then drilled into the housing from the top surface. As with the fabrication of the plug, every attempt is made to ensure that these chambers are uniform and that they align perfectly from front to rear. These chambers appear in Figure 1.16. As with our discussion of the fabrication of a lock's plug, the figure's "front view perspective" on the left side of the diagram now reflects a point approximately five millimeters in from the lock's face.
(Continues...)


Excerpted from Practical Lock Picking by Deviant Ollam. Copyright © 2012 by Elsevier, Inc.. Excerpted by permission of Elsevier Science.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1: Fundamentals of Pin Tumbler and Wafer Locks Chapter 2: The Basics of Picking-Exploiting Weaknesses Chapter 3: Beginner Training-How to Get Very Good, Very Fast Chapter 4: Advanced Training-Learning Some Additional Skills Chapter 5: Quick-Entry Tricks-Shimming, Bumping, and Bypassing Chapter 6: They All Come Tumbling Down - Pin Tumblers in Other Configurations Appendix: Guide to Tools and Toolkits

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Anonymous

    Posted June 28, 2012

    Terrible

    Terrible

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Posted March 2, 2012

    VERY VERY HIGHLY RECOMMENDED!!

    Do you want to learn how to pick a lock? If you do, then this book is for you! Author Deviant Ollam, has done an outstanding job of writing a book that educates penetration testers and incorporates an additional level of expertise into their repertoire of skills. Author Ollam, begins by exposing you to the inner components of the most typical styles of locks in use today. In addition, the author examines the types of flaws that are commonly found in the locks people rely on day in and day out. He then discusses the basic types of equipment that are particularly helpful when starting out with a study of lockpicking, and presents information on the process by which this equipment can be serviced and reconfigured. The author then, provides an overview of some of the basic styles of pick-resistant designs that manufacturers will seek to introduce in certain products. He continues by focusing o quick-entry tricks like shimming, bumping and bypassing; with detailed emphasis on padlock shims, snapping and bumping, comb picks, American Lock bypass tool and door bypassing. Finally, he presents an overview of some of the most common alternative designs of pin tumbler lock and summarizes the tools and tactics which can be effective against them. The goal of this most excellent book, is to provide you with an overview of some of the basic tools and techniques for lockpicking. Perhaps more importantly, the author will walk you through a series of exercises and lessons that you can use when becoming familiar with these tools in your own hands as you develop your skill.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 24, 2011

    No text was provided for this review.

  • Anonymous

    Posted January 29, 2012

    No text was provided for this review.

Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)