Review thread: _Open in 30 Seconds_

[Legion303]

This is a placeholder post for the thread, which is for reviewing _Open in Thirty Seconds_ by Marc Tobias and Tobias Bluzmanis. Moderators will add their reviews as they finish the book and LSS+ supplement. Please note that we are locking the thread to prevent comment clutter, but that anyone may PM a review to a moderator or admin and we'll post it here for you.

-steve

[digital_blue]

I've already posted this onsite, but it should probably be included here.



Marc Tobias and Tobias Bluzmanis have put together, undoubtedly, the most comprehensive work on Medeco locks ever to see its way to print. The Compromise of Medeco High Security Locks (Printed version: "Open in 30 Seconds") is an exhaustive, yet exhilarating venture through every corner of these previously formidable high security locks. No stone is left unturned and clearly there remains no secrets. My own journey through the pages of this book brought to me moments of utter disbelief, of forehead-slapping recognition, and of genuine laughter and head shaking.

Medeco has long been the de facto standard for high security locks in North America. With millions upon millions of locks in service the release of this book is truly earth shaking. Whether you rely on Medeco locks to protect your home or business, or are in the business yourself of supplying these locks to your customers, or even if you're simply a lock-crazy hobbyist, you must read this book. I've often seen the debate as to whether defeating locks is more art or more science. Marc and Toby have made this a science and provided the reader with all the facts, all the data, and all the evidence needed to successfully defeat a Medeco deadbolt, mortice, or rim cylinder.

Whether it's bumping, picking, or even breaking, these locks are falling open in the hands of even moderately skilled lock pickers. Marc and Toby teach us how to get past the sidebar with almost comedic ease, how to defeat the M3 slider in two seconds flat, and even some downright sneaky "tricks" that will leave your head spinning.

Marc's renowned work Locks, Safes, and Security has long been considered THE book on lock defeats and, teaming up with Toby, he has once again set the standard. It is almost certain that no work will ever come close to the depth and breadth of exposure of Medeco locks.

Josh Nekrep
Administrator, LockPicking101.com
President, Locksport International

[Legion303]

_Open in Thirty Seconds: Cracking One of the Most Secure Locks in America_ (review)
2008
Marc Weber Tobias and Tobias Bluzmanis


I would like to thank Marc and Toby for the review copy of the book, and Marc for LSS+ and the high security supplement. My intention for this review was to make it harsher than usual simply to stave off the appearance of being "bribed"; as readers of certain game review sites are aware, some things get great reviews simply because the reviewer got free swag. However, as I review my notes and thoughts about the book, I'm finding it hard to identify major problems.

A great deal of testing and thought clearly went into MT and TB's methodology. Chapters are laid out logically, beginning with a brief description of the differences between "conventional" and high security locks, moving through professional definitions according to U.S. standards bodies (UL and BHMA/ANSI), comparing and contrasting other well-known high security locks with Medeco, and finally identifying general and specific flaws in the Biaxial and m3 designs. I did find some of the first chapters to be tedious reading, if only because I'm already familiar with the subject matter. Readers who don't already have a strong knowledge of lock and security history--or those who simply need a quick refresher--may find it more interesting.

The real meat of the book, for me, came in chapter eight ("The Modern Enigma: Cracking Medeco Codes," pg. 109). While chapters 5-7 are excellent references and taught me several things I didn't know about Medeco designs, chapter 8 is where everything "clicked" for me and I realized exactly how the authors had managed to get four special code keys to work with any of the 729 Medeco generation-2 codebook sidebar codes--not from any genius on my part, but because of the authors' logical progression in the chapter. The four keys can easily be generated with a copy of the generation-2 codebook, the knowledge that Medeco's sidebar tolerance is +/- 10% and the knowledge that keys can have both fore and aft cuts on them at the same time. I am unaware of anyone putting these three things together prior to MT and TB's collaboration. AFTER I was made aware of these facts from chapter eight, the patterns in the generation-2 sidebar codes were glaringly obvious, but it would have been impossible for me to make the leap to 4 code setting keys on my own without the authors' insights.

The rest of the book deals with defeating m3 sliders (and I stand firm in my belief that this topic didn't require its own chapter where one or two pages might have done the job), master keying vulnerabilities, Medeco bumping, and the total compromise of Biaxial and m3 cylinders using destructive entry techniques developed by the authors. The LSS+ high security supplement includes videos showing these techniques; it's incredible to see someone bypass an m3 deadbolt in about 5 seconds flat with a few common items, and even more incredible to see how fast Medeco's key control efforts disintegrate with an X-Acto knife and a credit card. (Aside: because DE is still considered an advanced topic, I am unfortunately unable to discuss these methods in the general forums. We rarely discuss DE in Advanced either, so I don't yet know whether there will be a thread there. If we do have one I'll link it here, so those with advanced access can jump straight to it.)

And now the nitpicking:

Throughout the book--and especially in the first several chapters--there are numerous references to LSS+, which may frustrate readers who don't own it ("I can't 'read chapter 11 in LSS+ for more depth,' because I don't have it!"). It's my view that people who own (or plan to buy) LSS+ might as well spend the extra $25 and get the LSS+ supplement version of this book rather than the softcover. For one thing, the CD supplement contains specific tables and information (such as the angles for the G-2 code setting keys) that aren't found in the public softcover. For another, the videos make some of the text's concepts crystal clear.

I also believe the book could use some thorough editing. Although the number of typos was not excessively high for a first edition, I believe many of the chapters would benefit from trimming and clarification. This would make the work less methodical but more clear.

So there you have it. Would I buy this work for $80? Before I hit chapter 8 I might have declined. After reading the entire thing, I would be more likely to say yes--but again, even MORE likely to say "spend a few extra bucks on the CD version if you have LSS+."

-steve

[SFGOON]

Open in Thirty Seconds details the history, formulation of theory, experimentation, and engineering of tactically-applicable techniques which expose serious security flaws in currently deployed Medeco sidebar locks. In my opinion, this particular work represents a very powerful breakthrough in the security industry, as it exposes several outdated and frankly incorrect assumptions regarding what it means for a lock to be truly “secure.â€