Pin-tumbler lock interactive diagram

Understanding locks the easy way

Laser cut acrylic, vinyl, model paint plus a whole lot of time are the raw ingredients for one of these excellent, double-sided teaching tools. If you teach lockpicking on a regular basis as part of your job or just a hobby, you can already see how useful this interactive diagram is. No more wild hand gestures or painting in the sky while trying to describe the difference between a standard driver pin and a spool pin. No more pushing salt and pepper shakers around next to a carefully positioned silverware “sheer-line” which only makes sense if you already know how locks work. Put this in a student’s hands and they will quickly understand what is going on inside of a pin-tumbler lock.

This video by bosnianbill includes a little demo of an ancient revision:

It isn’t easy to verbally describe how a lock works. I’ve been doing this regularly for many years and wishing I had a thing to make the process simpler. Something that would clearly and intuitively show how all of the significant parts of a pin-tumbler lock interact. I wanted it to be small enough to carry around, big enough for people to see across a table and not weigh a ton. It seemed like such a thing must exist somewhere. I thought I just wasn’t looking hard enough. In early 2014, I gave up looking and started designing. Two and a half years later, I finally have a prototype I mostly like.

This design allows for tool-free replacement of the pin-stack in case you want to swap out for serrated pins, or upgrade the spring. Multiple drop tests on cement and thin carpet have resulted in only minor cosmetic damage. Prototypes are hand made and very time consuming, but I’m willing to make them for you. Lots of machine time goes into raster engraving the labels. Even more time goes into hand painting the engraved areas.

  • $40 - Barebones: no raster labels
  • $60 - Simple: raster labels without paint
  • $80 - Standard: high contrast labels
Select your style:

Each piece is made to order. So get in touch and I’ll make something awesome for you! See the about page for contact info.

IDA Pro auto-offset

Another day with IDA…

So you have IDA runnig and you dropped in some random binary that you just pulled from a black-box. Every little bit of context helps and those strings used via immediate offsets are invaluable hints for what a section of code is up to. Sure, you could press ‘o’ every time you come across an immediate that wasn’t automatically treated as an offset, but wouldn’t it be nice to have this done for you? The little code snippet below may as well be the “hello world” of IDA scripting because everyone else has probably done it already. Here is a version to share, for those of you who don’t feel like doing it yourself.

Please feel free to improve and submit pull requests. (Get yourself to the GitHub Gist with the link in the bottom left of the code window.) Thanks to @jessemichael for sending me down this path.

Abloy “high security” cam locks can easily be opened with a bolt and hammer.

Huge thanks go to bosnianbill for recording this informative video and working with me to publicly disclose an interesting physical security vulnerability. Go subscribe to Bill’s locktube channel.

This weakness is not shared with the ruggedized Abloy CL110 cam lock. Abloy mortise cylinders only used this retaining mechanism from 1984-1987.

There was significant confusion about the applicability of the mortise cylinder attack Bill demonstrated. The chances of this attack being effective against a mortise cylinder in the field are very low. But don’t be distracted, this attack is very effective against Abloy cam locks.

Advanced Lockpicking Techniques - BSidesPDX 2014

This 2-hour workshop covered specific tips and tricks for picking spool and serrated pins. We were setting the bar for “advanced” based on a local level. Obviously, this would have been pretty beginner stuff for the international LockSport community. The workshop later turned to a photo-gallery tour of Portland municipal locks including commentary about interesting lock characteristics and approximations of security over asset value.

Introduction to Exploring Embedded Devices - BSidesPDX 2013

This 4-hour workshop did not come with slides. An introduction discussion about what to look for and how to get started was followed by hands on lab. We dug into bins of real actual assorted cheap hardware (from FreeGeek) and struggled through finding consoles on unfamiliar devices. With people working on a variety of devices, we made several stops along the way to look at interesting characteristics of specific boards and how they might be interpreted to get us closer to finding secrets.