A More Comprehensive Guide to Lockpicking

Legalities, Rationalities, etc

Don’t break the law. Lawyers are not cheap, and jail is not a pleasant place. Just buy a lock. It’s easier to work and it’s legal. If you’re low on cash, ask friends, family and coworkers for locks with no keys. You can easily fashion your own tools and such if need be.

Now, you might ask, why teach people to break the law? Trust me, I’m not. Some criminals could teach a master locksmith plenty of tricks that are completely unknown to the legitimate locksmithing trade. This is not speculation. I have known roughly a dozen guards from various high security prisons. With few tools (of a kind a guard is willing to hand to a convict), a prisoner could pop open a car or truck door in seconds on demand.

I am a security geek. Any information security professional will tell you, it’s nice to have an expensive firewall, good patch regiment, good policies, and all that. But does that help you if someone steals your physical server? I’ve seen data center doors opened with a Blockbuster card, and I’m not being sarcastic. Most locks suck. They really suck. Computer security has made huge progress over the last ten years, due to full and open disclosure. Rather than suppressing vulneralities, systems were put into place to collect security issues, get manufacturers to fix the issues, and publish the fix. There is always a worry that publishing a fix will tip bad guys to how to exploit a vulnerability. Regardless of how the bad guys are tipped off, a vulnerability exists whether it’s publically known or not. Most of the time, it is virtually impossible to know if the bad guys know about a vulnerability unless they publically expose their finding.

The lock industry and the locksmith industry often do not believe their customers have a right to know what they are getting for their money. A lot of folks think differently. Regardless of knowledge, a lock is either secure or it is not. Knowledge doesn’t change the physics of a lock. If you’re reading this, go ask a random stranger nearby how secure their locks are. If they don’t answer, “Could be opened in a few seconds, with no damage or apparent evidence”, they are not well informed. They should be.

Besides, criminals tend to bypass locks. They break a window and enter, or smash the door in. A sledgehammer on the door knob works too. If you put a Club on your steering column, they’ll cut into the steering wheel with snips, a hacksaw or whatnot and remove the club with ease. If you want to make your house relatively secure, put anti-shatter security film on your windows, use decent locks, reinforce your door jam, put motion lights around the property, etc. Get an alarm or a dog.

How to Pick Locks


Warded Padlocks

Cheapest type of lock. They work by allowing ‘any key’ that touches the latch to open the lock. Different obstacles are placed in the way to block any ‘unauthorized’ key. So you just have to avoid said obstacles (which are known as wards). Buy a $10 ward key set from any lockpick set. It’ll open any old ward padlock, and the cheapest modern warded padlocks.

The modern warded padlocks are slightly better. Most of them are specifically designed to block that generic $10 ward key set. Still pretty easy to defeat. Take your key. Count the number of things sticking out. Make that many copies of the original key. On each copy, shave off all but one of the bumps. One of said mutilated keys will open every example of that locks, it’s usually the key with the last possible bump furthest from the handle.

Shimming is not “lockpicking”, it’s a bypass. A bypass is a method of opening a lock by going around the actual locking mechanism. A shim is a flexible but slightly stiff piece of metal. It’s very simple to make. Get a Coke can. Cut out a rectangular piece one inch by half an inch. Cut a two V’s on one of the long sides, fold the end pieces over to reinforce the ‘handle’. You should have a V sticking out with a flattened end sticking out of a somewhat reinforced handle. Slide the V side of the shim on the inside of shackle into the padlock. Preferably on the side of the shackle that comes out of the padlock when opened. This trips the latch and opens the padlock.

Professionally made shims are available for sale online. They’re significantly more expensive than a mutilated soda can, so it might be work to buy a six pack and experiment. Even the best made shims won’t last more than half a dozen attempts. On the other hand, some padlocks can be opened by professional shims with relative ease and by the average homemade shim with great difficulty. Try both and see what works for you.

Combination Padlocks

The quickest way to open a combination padlock is to shim it. See above.

There is a HUGE variety of combination padlocks. The industry standard is the Master Lock silver padlock with the black and white dial. They’ve significantly improved over the years. I will give credit where credit is due, Master Lock has greatly improved their security over the years.

This trick worked when I was back in high school, it will probably work on any Master padlock made in the late 80’s to the early 90’s.

To get the first number, pull on the shackle, turning the dial to the left until it stops moving. Add five. To get the second number, reset the lock (spin it a bunch of times), enter the first number, turn to the right past the first number, now start pulling on the shackle as you continue to turn. Eventually it will stop and lock up. While locked up, pull on the shackle and try to turn. If it’s loose, keep going. If it’s very stiff, that’s the second number. For the last number… Enter in the first two combinations, then slowly turn the dial while pulling on the shackle. Eventually it will unlock. Remember, this only works on older Master Locks.

You can try the following for all but the very newest Master Locks. Sometimes it works, sometimes it doesn’t.

Reset the lock (spin the dial a few times). Stop on zero. Apply steady, firm but not insane tension on the shackle. Turn the dial slowly clockwise, eventually it will seize up. Write down the number (it might be between two integers, if so add 0.5). Now start turning counterclockwise. It will again seize up. Write down the number. Add the two numbers, divide by 2, this is your seize point. Release the shackle, turn the dial clockwise one number past the seize point. Reapply tension, repeat the process. You should get 12 seize points. Be sure to write them down.

Once you have found all seize points, knock off any that are not integers. You should have five left. Four of the five will share the same last number. The one of the five that does not share the same last number is the third number of the comination. Divide the third number of the combination by 4, write down the remainder. Now, write down the remainder (and mark it AS the remainder), and start a sequence of adding 4 until you reach the limit of the dial. For example, if your remainder was 2, write down 2, 6, 10, 14, etc. Mark this sequence as possible first numbers of the combination.

Now, if your remainder is 0 or 1, add 2. If it was 2 or 3, substract 2. Start a new sequence, starting with the number you just got. Now continue the sequence by adding 4 to it until you reach the end of the dial. Mark this sequence as possible second numbers of the combination. Remove any numbers within two digits of the third number of the combination. Now, generate a list of all possible combinations from the sequences and the known third number. Should be a total of 80 possible combinations, which is why you want to try to shim the lock.

You can also put the third number of the combination into this website and it will generate a chart for you: http://blog.dreamshire.com/masterlock.php

Wafer locks

Wafer locks are similiar to pin tumblers, except they are thin slabs of metal and much closer together. They’re very common in furniture type locks, usually in desks and filing cabinets.

Buy a try-out key set, also called a “jiggler set”. Insert try-out key, jiggle, turn the lock. Very straight forward. There are some specialized picks that can be used, but most often try-out keys are quicker and just as efficient.

One note. Often in office environments, the plug is removable by an extra pin at the end. This ‘master pin’ is the only thing actually holding the entire plug inside the enclosure. if those is the case: use a short hook pick, feel to the end of the wafers, press up, rotate the pick, the plug will come free. You can either flip the pick around and use the other end to open the lock, or (my favorite) insert a new plug to which you have the key.

Pin Tumbler Padlock

See the following entry. Pin tumbler padlocks are opened the same way as a pin tumbler cylinder door lock. These seem to be the most popular padlock for sale in most standard hardware stores and big box stores.

Pin tumbler cylinder

These are the most common locks, just about everywhere except the cheapest and most expensive locks.

See the introduction to lockpicking to get down the basics. Now onto slightly more advanced topics.

Raking. Every beginner does this more or less accidentally. If you are starting off, use only a hook pick to prevent this. A hook helps only raise one pin at a time. Raking does the opposite, you scrub the pins like you are brushing your teeth. But try to do this somewhat more slowly. Regardless of how you wish to rake, insert your rake pick to the rear of the lock and then apply torsion. There are two ways of raking.

First is fast and sloppy is to rake the pins back and forth a few times. If it doesn’t open, release the torsion and restart. The second, slowly rake holding the pick at an upward cant putting more pressure on the pins, but not to an excessive degree. Do this a few times, back to front. If it doesn’t open, slowly release some torsion until you hear the first click. Then repeat the slow back to front raking. You release the torsion because you are jamming pins above the shear line and by releasing some torsion, you are allowing those pins to release but not resetting all of the tumblers. Raking is very hit or miss unless you have a significant amount of practice on a particular type of lock. You might pop the lock much quicker than picking each tumbler individually, or it might take much longer.

Bumping is the most advanced and easiest form of picking a lock. Ever seen those desktop toys with steel spheres are suspended by two wires each? Pick a sphere on either end, slam it into the other spheres, and the sphere on the oppose end goes flying, but the center spheres don’t move? It’s also how billiards works. Basic Newtonian physics. This applies everywhere, even in locks. Bumping borrows on this. Take a key (any key that fits), shave all points down to the minimum depth. You’ll have a row of low even triangles. Optionally and optimally, the first point (furthest from the handle) is slightly higher. But it doesn’t matter too much. Take your shaved key, insert it into a lock all the way, move it back one click, turn it slightly, whack it with a rubber mallet, plastic handle or whatnot. The lock, with practice, pop open.

Believe it or not, bumping works better and quicker on more expensive locks. It often doesn’t work on the cheapest garbage locks. Why? Tolerances. Tighter the tolerance, the better transfer of energy. So, if you have a lock with loose tolerances, it is easy to pick. If you have a lock with tight tolerances that is annoying to pick, it’ll most likely bump pretty easy. Even Medeco High Security locks used at places like the Pentagon, NSA, White House, etc are susceptible to bumping even when they are near impossible to pick. And boy were a lot of said customers happy when “Open in 30 Seconds” was released.

You can probably bump 60% of all pin tumbler locks with a homemade key run through a grinder and the handle of a screw driver. But professional bumping tools are dirt cheap. Buy a Brockhage for $20 and a set of bump keys for $30, and you’ll be able to open 90% of all pin tumbler locks in a few seconds.

A quick word about “lock guns”. They’re often advertised as being the most effective and quickest means of opening a lock. They’re expensive. They’re reliable too, the first time. They’ll open a lock, and maybe destroy it in the process. A lot of ‘professional locksmiths’ use them for opening people’s doors when they’re locked out. They look impressive, expensive and PROFESSIONAL. One in 20 times, they’ll wreck a lock. Sometimes less, sometimes more. Guess it’s hard to charge people an arm and a leg for using $20-50 worth of key bumping to safely open a lock when you can use a couple hundred dollar gizmo that might destroy it. But hey, if you destroy the lock, might get to sell the customer a new one! One that wasn’t so “cheaply” made that it just fell apart for no reason at all…

References

Guides

Unofficial MIT Guide to Lockpicking – Ted the Tool (Sept 1, 1991) – Other books and references existed long before the MIT Guide, but it’s arguably the most popular and should be creditted as a very diverse guide. Highly recommended, anyone interested in physical security should read this first.

CIA Lock Picking, Field Operative Training Manual – Author unknown? – Allegedly written by the CIA. Who knows, I doubt they’ll exactly claim credit for it. Pretty good condense, good material for disk tumbler locks.

TOOOL Bumping Guide – Barry Wels, Rop Gonggrijp (Jan 26, 2005) – Excellent, definitive guide on bumping locks

Locks, Safe and Security (aka LSS+) – Marc Weber Tobias, J.D. – $200 from www.security.org, sounds expensive? No, not in the least. You’re getting 3700 pages of information. It covers everything from ancient Egyptian locks to modern locks. If you want to get into lockpicking, buy this eventually. Doesn’t have to be your first lockpick reference, but you really want this book.

Stores

www.lockpickshop.com – Pretty good store that sells lots of good stuff. You might save a dollar or two elsewhere, but these folks have never screwed up a single order I’ve placed with them. Very fast delivery and a large selection of product. Search around online, they usually have discount codes.

www.southord.com – Bargain brand, but still very functional. I recommend them for folks just starting out. I still use my first picks I got from them.

www.peterson-international.com - Peterson, higher price and quality

www.lockpicktools.com – Southern Specialities Co – Decent quality, decent prices, high shipping costs

www.lockpicks.com – Direct sale store for Brockhage Locksmith Tools, sell Brockhage bump hammers, will not

sell bump key sets

www.bumpmylock.com – Bump key sets

Lockpick set recommendations

If you are new and want to get into lockpicking, do not buy an expensive kit. Please don’t. Buy something simple. I really recommend making a kit by buying individual picks and torsion wrenches. Buy a couple different picks from different manufacturers, buy a whole mess of torsion wrenches, and pick which ones you like. But if you HAVE to buy one, go with either of the following, or the cheapest other kit you can find. I don’t recommend it, mind you, I’m just pointing them out at the least worst alternatives.

Southord PXS-05L – $16.50 – Four picks, one torsion wrench, one book

Southern Specialities BPS-6 – $9.95 – Four picks, one wrench, one book

Thoughts of Relativistic Travel (or “Why we have never met little green men”)

Very simple. Either life outside of earth doesn’t exist or we’ll only see it if we cheat.

The universe could be filled with tons and tons of planets brimming with life. We very well could live and die as a species without ever knowing. Stars are really far apart. Words can’t accurately described the distance; we make do with scientific notation. You can’t travel at light speed, or a fraction of light speed. Relativistic speed is a Bad Thing. Ignoring time issues, it takes an extraordinarily large amount of energy to get to those speeds. If you can possibly get to those speeds, you will eventually hit something. Doesn’t matter what it is, could be the size of a pea. At relativistic speeds, that’s more or less like running into a small planet or whatnot. But let’s say you COULD go the speed of light, safely. Ok, you could realistically visit a handful of nearby stars with very big starships that were multi-generational. Not a bad solution. But the probable lifespan of humanity would be limited to less a dozen solar systems, none of which could probably be reached in one lifespan. There are not more than a handful of stars within a million light years of earth. A million years is a bit long for any piece of technology to survive. Entropy is just one of those facts of life.

It doesn’t matter if you could go the speed of light, ten times the speed of light or a thousand times the speed of light. You’d be limited to a very, very small corner of the universe. The only way to realistically travel the universe would be near instantaneous travel. It’s not faster than light (FTL), it’s instantaneous or nearly so. Space folding, wormholes, alternative reality hacking, whatnot.

It may be very possible that instantaneous travel across astronomic distances is impossible. Current physics don’t seem to think it’s practical. So when someone acts smug and quotes Fermi paradox, remind them that Fermi was ignoring the distance factor. Same with the Great Silence. A civilization on a distant planet could turn their entire planet into a huge radio and we wouldn’t notice it for millions, hundreds of millions or billions of years. The universe is spreading out at a rapid distance. Each second, most galaxies move a bit further away.