The Four Types of Locks - SecTor 2018 · Deviant Ollam The Four Types of Locks by Deviant Ollam...

View
6
Download
0
Category

Documents

Preview:

Citation preview

Deviant Ollam

http://deviating.net /lockpicking

The Four Types of Locks

by Deviant Ollam

Event Name

XXXX-XX-XX

Deviant Ollam

http://deviating.net /lockpicking

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

auditing

assessments

research

trainings

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

auditing

assessments

research

trainings

workshops

public lectures

lockpick village

contests & games

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

Who am i ?

Deviant Ollam

http://deviating.net /lockpicking

But on to locks…

Deviant Ollam

http://deviating.net /lockpicking

But on to locks… … why do they matter ?

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

All your hard work here…

Deviant Ollam

http://deviating.net /lockpicking

All your hard work here… gets undermined here

Deviant Ollam

http://deviating.net /lockpicking

The Lowest Grade of Lock…

a.k.a. “The Locks That You Are Probably Using”

Deviant Ollam

http://deviating.net /lockpicking

Pin Tumbler Locks

Deviant Ollam

http://deviating.net /lockpicking

Pin Tumbler Locks

Deviant Ollam

http://deviating.net /lockpicking

Pin Tumbler Locks

../_media/lifting_picking.avi

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Pin Stacks

Deviant Ollam

http://deviating.net /lockpicking

Key Operation

Deviant Ollam

http://deviating.net /lockpicking

Bitting Too Low

Deviant Ollam

http://deviating.net /lockpicking

Bitting Too High

Deviant Ollam

http://deviating.net /lockpicking

In a Perfect World

Deviant Ollam

http://deviating.net /lockpicking

In the Real World

Deviant Ollam

http://deviating.net /lockpicking

In the Real World

Deviant Ollam

http://deviating.net /lockpicking

In the Real World

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Lifting Picking

Deviant Ollam

http://deviating.net /lockpicking

Raking

Deviant Ollam

http://deviating.net /lockpicking

Wafer Locks

Deviant Ollam

http://deviating.net /lockpicking

Wafer Locks

Deviant Ollam

http://deviating.net /lockpicking

Wafer Locks

Deviant Ollam

http://deviating.net /lockpicking

Wafer Locks

Deviant Ollam

http://deviating.net /lockpicking

Raking & Jiggling

Deviant Ollam

http://deviating.net /lockpicking

Shimming

Deviant Ollam

http://deviating.net /lockpicking

Bumping

Deviant Ollam

http://deviating.net /lockpicking

Bumping

Deviant Ollam

http://deviating.net /lockpicking

Pick Guns

Deviant Ollam

http://deviating.net /lockpicking

Bump Key Attack

“Pull” Method

Deviant Ollam

http://deviating.net /lockpicking

Bump Key Attack

“Push” Method

Deviant Ollam

http://deviating.net /lockpicking

Bump Key Attack

“Push” Method

Deviant Ollam

http://deviating.net /lockpicking

Where are you using these weak locks ?

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Outdoor “Rugged” Locks

Deviant Ollam

http://deviating.net /lockpicking

Desk Drawers & Filing Cabinets

Deviant Ollam

http://deviating.net /lockpicking

Power Panels

Deviant Ollam

http://deviating.net /lockpicking

Sensitive Wiring

Deviant Ollam

http://deviating.net /lockpicking

Sensitive Wiring

Deviant Ollam

http://deviating.net /lockpicking

Sensitive Wiring

Deviant Ollam

http://deviating.net /lockpicking

Why are most locks this bad?

Deviant Ollam

http://deviating.net /lockpicking

• American National Standards Institute

• Classification A156

• No Covert Security Ratings At All

• American Society for Testing Materials

• Classification F883

• Toughest Rating is only 15 minutes

It’s a Problem of Standards

Deviant Ollam

http://deviating.net /lockpicking

Many Times, Picking is Instantaneous

Deviant Ollam

http://deviating.net /lockpicking

You Need a Response Window

Deviant Ollam

http://deviating.net /lockpicking

One Step Up…

“Pick Resistant” Locks

Deviant Ollam

http://deviating.net /lockpicking

Simple… straight and wide

Advanced Keyways

Deviant Ollam

http://deviating.net /lockpicking

Simple… straight and wide

Medium… straight but narrow

Advanced Keyways

Deviant Ollam

http://deviating.net /lockpicking

Simple… straight and wide

Medium… straight but narrow

Complex… thinner and curvy

Advanced Keyways

Deviant Ollam

http://deviating.net /lockpicking

Simple… straight and wide

Medium… straight but narrow

Complex… thinner and curvy

Harder… lots of angles

Advanced Keyways

Deviant Ollam

http://deviating.net /lockpicking

Simple… straight and wide

Medium… straight but narrow

Complex… thinner and curvy

Harder… lots of angles

Fiendish… overlapping wards

Advanced Keyways

Deviant Ollam

http://deviating.net /lockpicking

Un-Shimmable Padlocks

Deviant Ollam

http://deviating.net /lockpicking

Pick Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Pick Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Pick Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Pick Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Pick Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Top Gapping

Bump-Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

Anti-Bump Driver Pin

Bump-Resistant Pins

Deviant Ollam

http://deviating.net /lockpicking

The Next Step Up…

“High Security” Locks

Deviant Ollam

http://deviating.net /lockpicking

Schlage Everest

check pin

key (bottom) pins

driver (top) pins

pin springs

plug

check pin spring

specialized key

Side Pin

Deviant Ollam

http://deviating.net /lockpicking

Schlage Everest

photos courtesy of Matt Blaze

Side Pin

Deviant Ollam

http://deviating.net /lockpicking

Schlage Everest

photos courtesy of Matt Blaze

Side Pin

Deviant Ollam

http://deviating.net /lockpicking

Schlage Everest

specialized “finger tensioner” modified Everest key

Side Pin

Deviant Ollam

http://deviating.net /lockpicking

Similar to side pins

Restrict plug movement

Harder to pick

than pin stacks

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Finger Pins

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Finger Pins

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Finger Pins

Schlage Primus

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Sliders

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Sliders

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Rotating Pins

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Rotating Pins

Side Bars

Deviant Ollam

http://deviating.net /lockpicking

Medeco Locks

Medeco plug exposed, key pins rotating to align sidebar cuts

Top View Side View

Rotating Pins

_media/medeco_top_view.avi

_media/medeco_side_view.avi

Deviant Ollam

http://deviating.net /lockpicking

Medeco lockscertainly not “unpickable”

Can be picked

Can be bumped

Numerous weaknesses

“Open in 30 Seconds”

Marc Tobias

Tobias Bluzmanis

Rotating Pins

Deviant Ollam

http://deviating.net /lockpicking

Sometimes Very Good Security

Mimics a safe lock

Difficult To Pick

Takes much time and great skill

Specialized tools required

Rotating Disks

Deviant Ollam

http://deviating.net /lockpicking

Sometimes Very Good Security

Mimics a safe lock

Difficult To Pick

Takes much time and great skill

Specialized tools required

Two-in-One Tool

Manipulates disks individually

Decodes cut positions

Barry Wels picking a rotating disk lock with Mike Glasser

Rotating Disks

../../_media/rotating_disk.avi

Deviant Ollam

http://deviating.net /lockpicking

The Highest Grade…

Dare we say “unpickable” locks ?

Deviant Ollam

http://deviating.net /lockpicking

Abloy Protec

Not just rotating disks

Disk blocking mechanism

“Unpickable?”

Closest I ever come to using that word

Two-in-one tools cannot be used

Specialized Rotating Disks

Deviant Ollam

http://deviating.net /lockpicking

Miwa

Japanese company

Array of magnetic pins

Simple North / South

Evva MCS

Austrian company

Axial-rotated magnets

Interaction with sidebar

Certain Magnetic Locks

Deviant Ollam

http://deviating.net /lockpicking

Possibly the most duplication-resistant lock

Evva Magnetic Code System

Deviant Ollam

http://deviating.net /lockpicking

Protec

MCS

No Known Attack or Bypass

Deviant Ollam

http://deviating.net /lockpicking

photo courtesy of Don the Shadow

What About Safes ?

Deviant Ollam

http://deviating.net /lockpicking

What About Safes ?

Deviant Ollam

http://deviating.net /lockpicking

S&G 8400

What About Safes ?

Deviant Ollam

http://deviating.net /lockpicking

photo courtesy of Barry Wels

What About Safes ?

Deviant Ollam

http://deviating.net /lockpicking

What About Safes ?

Deviant Ollam

http://deviating.net /lockpicking

But what about destructive entry ?

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

There’s one upshot… you know it happened

Deviant Ollam

http://deviating.net /lockpicking

The scarier risk is non-destructive entry

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Different locks for different purposes

Deviant Ollam

http://deviating.net /lockpicking

No special protectionsNo bypassing resistance

Unskilled Attacker – basic tools & techniques, under 5 minutesSkilled Attacker – basic tools & techniques, under 5 minutes

1. Basic Locks

Deviant Ollam

http://deviating.net /lockpicking

Some pick-resistant pins (possibly tighter keyway)Bump resistant, Zero potential of shimming or over lifting

Unskilled Attacker – basic tools & techniques, more than 5 minutesSkilled Attacker – basic tools & techniques, under 5 minutes

2. Resistant Locks

Deviant Ollam

http://deviating.net /lockpicking

Advanced pick resistance, possibly wholly new mechanismsZero potential of shimming or over lifting or bumping

Unskilled Attacker – no chance in less than 30 minutes

Skilled Attacker – special tools & techniques, at least 5 minutes

3. High Security Locks

Deviant Ollam

http://deviating.net /lockpicking

Advanced pick resistance, possibly wholly new mechanismsNo potential of shimming or over lifting / Bump resistance

Unskilled Attacker – no chance at all

Skilled Attacker – highly special tools & techniques, at least 30 minutes(and quite possibly a lot of disturbance created)

4. “Unpickable” Locks

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Deviant Ollam

http://deviating.net /lockpicking

Protecting against force or finesse?

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

Three Types of Secured Area

External Access

Internal Access

Sensitive Access

Which Locks Go Where…?

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

Basic Locks

Utterly unacceptable

Should be removed, in my view

False sense of security

Inevitable “cross-contamination”

X

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

“Cross Contamination” with Locks

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

Basic Locks

Utterly unacceptable

Should be removed, in my view

False sense of security

Inevitable “cross-contamination”

X

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

X

External Access

Personnel Doors

Wiring / Utilities

Susceptible to Vandals & Thugs

High Security Locks Should Be Required

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

X

Internal Access

Office Doors

Closets

Protecting Privacy & Supplies, not Data

Pick Resistant Locks Are Acceptable

Deviant Ollam

http://deviating.net /lockpicking

A New Physical Security Framework

X

Sensitive Access

Server Racks

Networking Equipment

Any Termination-Worthy Data

“Unpickable” Locks Should Be Used

Deviant Ollam

http://deviating.net /lockpicking

Be Totally Immune to Zero-Skill Attacks

To Me, a “Proper” Lock Should…

Resist Skilled Tactics for Thirty Minutes

Leave Behind Clear Signs of Tampering

Deviant Ollam

http://deviating.net /lockpicking

Security is only as effective

… as the people behind it

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering Preparedness

Stop

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering Preparedness

Stop Challenge

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering Preparedness

Stop Challenge Authenticate

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering Preparedness

Stop Challenge Authenticate

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering Preparedness

Stop Challenge Authenticate

… then you follow this with “Reward”

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering

Deviant Ollam

http://deviating.net /lockpicking

Social Engineering

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 250 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 1,500 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 5,000 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 250 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 1,500 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – 5,000 uses

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – picking

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – raking

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – both

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – ugh

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – wow

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – pin sides

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – tail cam

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – bumping

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence – bumping

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

Sometimes major insurance implications

Suspect something fishy?

Don’t compromise the scene

Contact a professional

Forensic Locksmith vs. Yellow-Pages Locksmith

Having newer locks matters

Age makes for a mess, internally

Also… your locks should be updated as a matter of routine

The facts are out there!

Forensic Evidence

Deviant Ollam

http://deviating.net /lockpicking

“Unpickable”

Protec (rotating disks)

MCS (magnetic)

MT5 and MT5+

(electronic safe dials)

High SecurityGranit & Diskus (rotating disk)

Twin (counter-milling, finger pins)

3KS (sliders), DPI (new models)

Primus (if upgraded properly)

ResistantPadlocks (heavy duty models)

Interchangeable Cores (modern models)

So Which Locks are Which ?

Deviant Ollam

http://deviating.net /lockpicking

Thank you so much.

Thank you to TOOOL, Babak, Dave, Steve, JVR, Mouse, Mr. E, Barry & Han, Laz, Valanx & the FOOLS,

Datagram, Matt Blaze, Jackalope, Renderman, Bruce & Heidi… and especially Daisy

Deviant Ollam

http://deviating.net /lockpicking

“Unpickable”

Protec (rotating disks)

MCS (magnetic)

MT5 and MT5+

(electronic safe dials)

High SecurityGranit & Diskus (rotating disk)

Twin (counter-milling, finger pins)

3KS (sliders), DPI (new models)

Primus (if upgraded properly)

ResistantPadlocks (heavy duty models)

Interchangeable Cores (modern models)

So Which Locks are Which ?

http://deviating.net/lockpicking

http://enterthecore.net http://toool.us

this presentation is CopyLeft by Deviant Ollam. you are free to reuse any or all ofthis material as long as it is attributed and freedom for others to do the same is maintained

Recommended

The Imperial Riding School Vienna, Austria · 2010-03-26 · Throughout the conference the hardware specialists Deviant Ollam and Babak Javadi of TOOOL will set up their „Lockpicking

Documents

Ten Things You Should Know About Lockpickingrageuniversity.com/PRISONESCAPE/PRISON LOCKS AND KEYS/TEN NEW...Ten Things You Should Know About Lockpicking by Deviant Ollam Event Name

Documents

Conference Kit version 1 · 7. Deviant Ollam (Member of The Open Organization of Lockpickers) 8. Dino Covotsos (Managing Director, Telespace Systems) 9. Domingo Montanaro (Information

Documents

Deviant Behavior 6

Technology

Exploiting Elevator Security Weaknesses by Deviant Ollam

Devices & Hardware

Deviant Heterotopias

Documents

Introduction to Lockpicking & Key Bumpingthe-eye.eu/.../Lockpicking/Lockpicking-LayerOne-Datagram.pdfLockpicking & Key Bumping by datagram Animations by Deviant Ollam About Me •

Documents

Web viewGoffman : stigma- secondary deviant จะมีการพัฒนาเป็น deviant career- ขึ้นอยู่

Documents

Practical Lock Picking - Rage Universityrageuniversity.org/PRISONESCAPE/PRISON LOCKS AND... · Practical Lock Picking A Physical Penetration Tester’s Training Guide Deviant Ollam

Documents

Deviant Ollam - Rage University LOCKS AND KEYS... · 2013-05-29 · This presentation is CopyLeft by Deviant Ollam. !

Documents

Chapter 7 Deviant Behavior and Social Control. Normal v. Deviant Eccentric Person Creative/ Unique Person Deviant Person

Documents

Workplace Deviant Behaviour

Science

deviant assignment

Documents

Deviant workplace behavior

Business

Packing & the Friendly Skies - DEF CON · 2011-02-26 · Packing & the Friendly Skies Deviant Ollam extra pointers… •don’t be a dumbass when you declare •name tags on everything,

Documents

Guns & Privacy Hard Truths and Straight Talk Coming From a Place of Love Deviant Ollam

Documents

Lockpicking, - Informatikai Intézet · SPP (Single Pick Picking), ültetés,... Deviant Ollam http:// deviating.net / lockpicking Raking, lifting, jiggling, overlifting,... Deviant

Documents

Lockpicking & Physical Security Deviant Ollam A Security Fable American 700 Padlock Solid design Serrated pins Interchangeable cores

Documents

Deviant art links

Documents

Deviance & Social Control. A deviant is.... Deviant?

Documents