The document is a presentation about lockpicking and attacking master-keyed systems. It discusses pin tumbler locks and how to pick them by exploring the bitting depths of each pin position. It shows how information can be extracted from a lock's response to different key configurations to determine the full bitting of the lock. The goal is to demonstrate how master-keyed systems can be compromised by extracting bitting information from keys that have access to different parts of the system.
2. http://enterthecore.net
bash# whoami
TOOOL
• TOOOL.NL Founded in Amsterdam, Netherlands in 2002
• President, Co-Founder, US Division of The Open Organisation of
Lockpickers, circa 2006
• Over 21 Chapters in North America
• Public Education, Lockpick Villages, Conferences, Local
Competitions, and World Championships
• Serving Lock Enthusiasts and Professionals
4. http://enterthecore.net
bash# whoami
The CORE Group
• Founder / Director of Research and Development for The
Consulting, Operations, Research, and Engineering Group
• Founded 2006
• Education
• Independent Research
• Design Review, Analysis, Reverse Engineering
• Live Auditing (Red Team Engagement / Penetration Testing)
• Intelligent Risk Management
79. http://enterthecore.net
The Cylinder is Our Oracle
• What does the oracle check?
– Key Bitting
• How does the oracle respond?
– Cylinder Turns or Doesn’t Turn
• How can we extract information?
264. http://enterthecore.net
OMG WHAT DO I DO!?
• Don’t Use Master Keying
• Remove Important Assets from
Master Key System
• Use Electro-Mechanical Systems
Such as ASSA CLIQ