
Lock Picking – A Basic Guide - hackthisuk
https://www.hackthis.co.uk/articles/picking-locks-a-basic-guide
======
GuiA
I taught myself how to pick locks my final year of high school - in France,
high school students have to take the "baccalauréat", a set of exams that
cover everything you've studied in high school, in all subjects. It spans the
course of 2 weeks or so, and you get 1 week to prepare before it.

I hadn't been doing so hot in high school (writing assembly for my TI-83's z80
was more fun than reading Shakespeare and doing derivatives), so my parents
locked my laptop in the attic for me to focus on revising during that week.

Of course, I spent a few hours reading at the local library on lock picking,
and managed to get my laptop from the attic on the first day (the lock was a
fairly old model too, which helps). I spent the rest of the revision week
writing C and hanging out in IRC :')

For the record, I did pretty well on the baccalauréat :)

~~~
entropy_
Similar thing happened with my when I was ~14, except it was the family
desktop -- laptops were way too expensive for us back then -- and they had a
lock on a power switch that led up to the computer. Learned to pick locks and
got extensively lectured about why I shouldn't do things just because I can.
My parents eventually gave up on trying to lock my out of the PC(after trying
BIOS passwords, OS-level passwords and combination locks).

Funnily enough, I learned C when I was supposed to be studying for the
baccalauréat. I'd learned programming in BASIC for a casio calculator(mainly
for making games and a few solvers for things that we were supposed to solve
manually in exams but that were too tedious). A friend of mine linked me to
[http://siteduzero.com/](http://siteduzero.com/) (apparently it's changed to
[http://fr.openclassrooms.com/](http://fr.openclassrooms.com/) recently) and I
ended up not studying. That really hurt me in History, Geography and
Biology(which require a lot of memorization) but otherwise I breezed through
everything else.

PS: I'm not in France but in a country where the french baccalauréat is
considered equivalent to the state-mandated exams(Lebanon, used to be under
French mandate).

~~~
sitkack
I am going to make a new word, "learnacrastinator", "learnicrastor" (feel free
to fix/expound). One who learns a subject or skill while procrastinating
studying for another.

~~~
rkallos
Maybe "procrastilearner"?

~~~
girvo
I like that better.

The word, not the fact you've just described my life.

------
emhart
Pardon the self-promotion, but this hits a bit close to my area. If you'd like
a much more comprehensive guide:

[http://www.youtube.com/playlist?list=PL66CD42F86F3A1F85&feat...](http://www.youtube.com/playlist?list=PL66CD42F86F3A1F85&feature=plcp)

I also cover disc detainers, and a bunch of other stuff. I'm shooting a new
series on lock forensics presently, just got a great microscope that can take
my DSLR for high def microscopy.

~~~
Smerity
Self promotion is no issue when you have high quality content! I started
picking locks recently for fun and your guide on YouTube is one of my
favourite resources. It's also my go-to whenever trying to show someone in a
minute or two the gist of lockpicking.

To find you on Hacker News is a pleasant surprise =] Keep up the good work!

~~~
emhart
Thanks for the kind words! Really appreciate it and always happy to bump into
folks who know my work. My name on here comes from one of my 5 favorite locks,
the Emhart interlocking pin system:
[http://www.lockwiki.com/index.php/Corbin_Emhart](http://www.lockwiki.com/index.php/Corbin_Emhart)

It was invented by Leo Raskevicius, who sadly passed away years ago. In his
original patent he actually made provisions for a magnetic version as well.
Brilliant guy. Sadly the lock isn't made anymore.

------
jheriko
A much cheaper and easier approach that works for most locks is to get a coke
bottle and tear a strip out of it, then use it to do the 'hollywood credit
card trick'.

unlike a credit card it doesn't snap or break very easily - the type of
plastic will become softer when placed under pressure and is very flexible but
strong - if you continue to force it in the right area it will work its way
around hard corners and into tiny gaps until there is enough pressure to pop
the bolt. when the bolt has an edge that is sloped towards you it will pop on
the first push (the way i see most 'yale style' locks fitted on doors that
open inwards - i.e. most front doors)

it takes an exceptionally tightly fitted door frame to prohibit this (e.g. one
with brushes or hermetic seals)

the one time i couldn't break into my own home doing this was because there
was a brush fitted down the side of the door - fortunately there was not one
fitted in the letter box, so i found a long spanner at a nearby construction
site and then spent the next four hours of my life whacking the mechanism from
through the letterbox blindly until i caught the handle the right way and the
door popped open...

~~~
Theodores
I did this a few times when I was a student. A variant on this is to wedge a
kitchen knife between the door frame and the door jamb. Sure some paint gets
damaged but it gets you in...

Another use for the coke-bottle strip is with padlocks - simply push inside
and it opens using the method you describe on most of them.

In fact there are so many ways to get round a lock that going to all of the
trouble of picking it is rather quaint. Here are some common things that
happen:

Emergency services - they go straight for the 'Big Key' which is that
battering ram we have all seen on TV.

Bicycle thieves - no interest in the lock. Bolt croppers cost less than a good
lock and they are far quicker at getting the job done reliably.

Car thieves - break into the house and steal the keys.

Regular folk locked out of homes/cars - call the locksmith or simply break
some glass.

If you need to gain entry surreptitiously (and not damage a lock) it can be
far easier to use social engineering to temporarily obtain keys, e.g. from an
employer, then get them cut in a matter of minutes at some place around the
corner.

Alternatively an impression can be made in 'plasticine' or a photo taken. A
friendly locksmith can sell you the blank, and, with some time with a needle
file, a key made.

Although fun can be had picking locks, 'in the wild' it rarely happens because
brute force or a bit of Coke can is usually far more effective.

~~~
pavpanchekha
In fact, key blanks and stampers can be purchased online.

------
smilliken
The MIT Guide to Lockpicking[1] is the classic resource for getting started.
It's an exceptionally good tutorial because it teaches you how locks work so
you have a solid mental model you can refer to.

[1]
[http://www.capricorn.org/~akira/home/lockpick/](http://www.capricorn.org/~akira/home/lockpick/)

~~~
shocks
I came here to say this. My father provided me with a printed copy of this
book and a few locks from the garage and I learnt a lot. A very rewarding
experience for a young mind.

------
mynoseknows
This is why my deadbolt uses an Abloy Protec2 cylinder (custom ordered from
Bay Area Locks: [http://www.bayarealocks.com](http://www.bayarealocks.com)).
It's drill resistant, and it's disk-based so it's bump and rake proof.

Abloy also claims it's pick proof. Whether that will remain true in the future
I'm not sure, but I do know that at the very least it has yet to be
successfully picked. If someone did figure out a way it would likely be
extremely difficult to do in practice.

After watching some videos that showed just how easy it is to simply kick a
door in, another thing I did was replace my strike plate with a heavier duty
one, and replace the worthless 3/4" screws that "hold" most strike plates in
with 4" screws that actually go into the 2x4's of the house frame.

~~~
jheriko
> After watching some videos that showed just how easy it is to simply kick a
> door in, another thing I did was replace my strike plate with a heavier duty
> one, and replace the worthless 3/4" screws that "hold" most strike plates in
> with 4" screws that actually go into the 2x4's of the house frame.

This is good advice. I did this on my own door frame after being broken into
on the first day where the door had simply been kicked in. I can not kick the
door in now - I tried. Although the quality of the door is important too -
mine bends really quite far before breaking. :)

If you are really security conscious and you don't have them already - I
suggest brushes at the door frame edge and the letterbox to prevent approaches
other than picking.

~~~
mynoseknows
If you have a door that's not very strong and you can't afford to replace it
with one that is, they do make metal plates that wrap around the deadbolt and
optionally the door handle, which apparently makes it much more difficult to
break the door itself.

They look something like this: [http://hostedmedia.reimanpub.com/TFH/Step-By-
Step/FH11JAU_DO...](http://hostedmedia.reimanpub.com/TFH/Step-By-
Step/FH11JAU_DOOSEC_02.JPG)

------
logfromblammo
A good place to start is office furniture locks. They usually aren't very well
made, and therefore easy to pick. The nearby office supplies can be used as
your tools. You can use the large wire from one side of a binder clip as-is as
your torque wrench, and a bent paper clip as your rake pick. First, straighten
the clip, then bend the middle into a triangle shape. Bend the ends outward
for better control over depth and angle.

Insert the binder clip wire, apply some torque, and scrub the pointy end of
the triangle on your former paper clip against the pins. The lock will turn in
seconds. You may need to adjust the shape of the triangle somewhat to achieve
best results.

Popping open your first lock with entirely improvised materials is a powerful
reminder that cheap locks are little deterrent to anyone but the most casual
and unmotivated intruders, just like privacy locks in bathrooms.

~~~
jheriko
actually i find that 'mechanically' opening these kinds of things is usually
easier - I remember getting into one of those lockable little cashboxes (that
every office seems to have) when I lost a key for it by prying the lid open
and bending the case just enough to get one of my fingers far enough in to
unhook the catch from the inside with it - pointless little boxes really.

~~~
na85
They're not designed to be thief-proof. For that you need a bank vault or
safe.

Those little boxes are designed to prevent me from swiping your $50 bill in
your drawer when your back is turned or you step out of the room for 30
seconds.

------
samstave
I have been locksporting by myself for some time, and I make my own picks from
street sweeper blades.

If you're at all interested in picking, do yourself a favor and get this
practice lock for ~$40 it is amazing:

[http://learnlockpicking.com/](http://learnlockpicking.com/)

Also, I highly recommend getting on the TOOOL email list for your area.

in the SF bay it is tooosf@googlegroups.com - great group and good list,
although I mostly lurk.

Here are some of my picks.... ignore the lame embellishments; I am not very
artistic :)

[http://imgur.com/a/ug2wI#0](http://imgur.com/a/ug2wI#0)

~~~
emhart
I love your pinning tray! Absolutely gorgeous. Nice work rolling your own, few
things in this world are as satisfying as opening a lock with tools you made
yourself.

------
herbig
I was really into this back in high school but never got proficient in it. The
concept is simple to understand but actually executing it takes a LOT of
practice. Raking can open a lot of older locks pretty quickly, but that
doesn't mean you're skilled.

Also, just owning the tools is illegal in some states.

~~~
runjake
_> Raking can open a lot of older locks pretty quickly, but that doesn't mean
you're skilled._

I disagree. Raking has opened a lot (most I've tried) of locks in my
experience. So, I'd say I'm pretty skilled at picking locks.

~~~
corin_
I've managed to open a lot of unlocked doors (most I've tried) but wouldn't
consider myself "skilled" at it, since it's a pretty easy task. I think the
definition of "skill" implies something that isn't easy, thus being able to do
something isn't automatically proof of skill.

~~~
breischl
>>I've managed to open a lot of unlocked doors

Me too! My success rate is over 90% for unlocked doors. Locked ones are
harder.

;)

~~~
corin_
Do you refer to yourself as skilled at opening unlocked doors? :)

~~~
samstave
[http://i.imgur.com/Kcerv5S.jpg](http://i.imgur.com/Kcerv5S.jpg)

------
lewaldman
One thing that I did when I was learning it, was to prepare a set of training
locks.

I bought two locks, diassembled then and reassembled leaving aside a number of
pins out.

So I had a lock with only one pin, one with two, one with 4 and one with all
the 5 pins.

It helped a lot because you learn to feel when the pin stucks on the open
position and also to learn about how much pressure you need to put on the
tensor. Too much and it will prevent the pins to go down. Too little and the
pins will not stuck on the outer frame.

Ahh, and ofcourse, see the lock diassembled over my desk, and reassemble it
gave a lot more insight on how it works than to just watch some animations.

------
vincentbarr
Helpful animations on how locks work:
[http://toool.us/deviant/](http://toool.us/deviant/)

Good presentation on types of locks and approaches to picking:
[http://www.blackhat.com/presentations/bh-
europe-08/Deviant_O...](http://www.blackhat.com/presentations/bh-
europe-08/Deviant_Ollam/Presentation/bh-eu-08-deviant_ollam.pdf)

And a guy who knows a ton about picking:
[http://deviating.net/lockpicking/slides.html](http://deviating.net/lockpicking/slides.html)

------
codezero
Can anyone explain how the pins getting "set" works? I understand there is
torque applied to the entire cylinder, but once you push a pin up, why does it
stay there, is it just the torque? How can you push many pins up when the
torque required for each pin to become set is presumably variable?

~~~
emhart
It catches on the shelf of the pin chamber. Every time you set a pin, the plug
actually rotates ever so slightly, misaligning the upper and lower pin
chambers of whatever pin you were working on. The driver pin can't return to
the lower chamber, and now you are putting pressure on another pin. Find that
one, lift up, plug rotates, it sits on the shelf, next pin binds, and so on
and so forth.

~~~
codezero
So does this mean that you have to set pins sequentially? It seems like if the
plug rotates slightly, it does it for the entire length of the lock, so
doesn't this affect whether or not other pins are able to be set?

~~~
emhart
The reason we can pick locks is that there are many minute differences between
the various internal objects. Pins may not be perfectly round, pin chambers
may not be in alignment, etc. Small small differences, but when you apply a
very light pressure to the pins, you'll actually bind the "weirdest" one
first. You aren't binding every pin, just one at a time, when that one is set,
you move on to the next weirdest.

The order the pins set in will be unique to the lock, not a universal
sequence. In fact, the order will change depending on the direction you pick,
and even two locks pinned exactly the same will likely set pins in a different
order.

This is called the "tentative method" and it was pioneered in the late 1700s.
This idea of tension & manipulation can be applied to nearly every mechanical
locking system (there are a very small number of exceptions).

~~~
codezero
I see, I guess what I am thinking is that if you are applying pressure to one
pin, you must be applying (at least some) pressure to all the other pins since
you apply the pressure via torque from turning the cylinder which turns
(presumably?) uniformly from front to back. I guess the entire cylinder can
jostle slightly within its chamber, so that could affect where and how
pressure from torque is applied.

~~~
emhart
Sorry to say, but what you are thinking is actually just wrong. Drop your
mental model and adopt mine.

You apply very light pressure to the wrench, which turns the plug, which
collides with the weirdest pin out. There are circumstances in which you may
bind multiple pins. If the lock is made to absurdly high standards (and I mean
lock manufacturer playing a prank on lockpickers level of high standards) or
if you apply your tension too heavily.

Watch this video to see what I mean:
[http://www.youtube.com/watch?v=gNKvPS1ac6E&list=SP66CD42F86F...](http://www.youtube.com/watch?v=gNKvPS1ac6E&list=SP66CD42F86F3A1F85&index=14)

The first several pins in the lock, as I am searching for the binding pin, are
under no pressure whatsoever and can move freely between the upper and lower
pin chambers.

Also - noticed you are at Quora, I actually write about lockpicking in film
and television over there from time to time:
[http://tvpicking.quora.com](http://tvpicking.quora.com)

~~~
codezero
Thanks, to be clear, I wasn't assuming I was right, but was making
assumptions, thanks a lot for replying to my comments, you've been very
helpful :)

~~~
emhart
No problem :) They are really beautiful, complex systems, and as amazing as it
is to understand and then manipulate them, I passionately believe that the
real genius is holding them all together in your head before they've ever
existed in the first place.

Lock engineers have incredibly sharp minds.

~~~
codezero
The video you shared gave me a much better idea of what's happening I'm sure
it's still not close to what really is going on, but thanks for that.

Unrelated, are there any locks which use full length pins that are hollow and
encapsulate the spring? It seems like a big source of the misalignment that
allows setting is from the pin itself being able to move off its axis where it
attaches to the spring.

~~~
emhart
Great question! Yes, there are a few locks that have hollow pins that the
springs rest in. Typically they do that for space constraints, though, rather
than to improve alignment.

There's a great example whos name is escaping me at the moment...its a South
American company. Anyway, they have a lock with two rows of pins, one normally
aligned and the other coming in from the side. However, there isn't as much
room horizontally (you'll notice most plugs are located toward the bottom of
the housing, yet centered horizontally) so they use the encapsulating pins to
make up for the lost space.

That's one of the most interesting challenges in lock engineering, actually.
There are a handful of standard formats for locks around the world, and
whatever you build needs to fit within those agreed-upon (and very compact)
formats, or you won't enjoy wide adoption of your concept.

------
yason
Finland is nearly completely fitted with Abloy rotating disk locks for
anything worth locking down, and this was a nerdly disappointment when I was a
teenager and got interested in how to pick locks. There weren't meaningful,
pickable locks to play with.

The older Abloy locks from 60's/70's can apparently be picked if you're really
skillful but it takes a lot of time and effort, and this was never common
knowledge.

I read about hackers who were picking locks in the USA, or just outside of
Scandinavia, and how pin tumbler locks work, and realized that those would
indeed be plausibly pickable but I never had access to them in practice. I
think probably could've found some if I really, really wanted to but nobody
was using them for anything serious so learning to pick something considered
as toy locks wasn't very motivating.

------
lowglow
I'm trying to prototype something called The Hacker Pen and wanted to get some
community feedback. It's basically a nice heavy pen, with lock picks on the
inside. It will also include a USB key with a digital penetration testing
suite on it.

What are your thoughts?

~~~
jamesbritt
Nice idea. Depending on where you sell this from you may want to check the
laws about providing such a tool and if you need to verify anything about the
customer before allowing a sale. For example in some parts of the USA one has
to show proof of either being a licensed locksmith or a member of some law
enforcemnt group.

~~~
portmanteaufu
Here's a good starting reference on the legality of owning lockpicks from
state to state:

[http://toool.us/laws.html](http://toool.us/laws.html)

It doesn't cover sale / purchase, just ownership by state.

~~~
sitkack
Wow, two different colors of green. That person must hate the color blind with
a passion.

------
kriro
It's fun and relaxing but most locks are too easy to pick. For me it's kind of
similar to knitting as a relaxing exercise :D

I still remember a fun talk I heard about the safety of gun safes (or lack
thereof). They cracked it and told the manufacturers how easy it was and got a
reply along the lines of "well maybe it's easy for a specialist like you with
good equipment but it's safe enough for normal folks". Next slide contained a
video of a 6 year old kid (highly trained security specialist) cracking the
thing with a straw (specialized security equipment).

------
DonateKarma
Growing up as the middle of 7 children - 5 of them girls - I taught myself how
to open padlocks with their bobby pins. It started for the usual mischief,
opening their secret young girl things, and then moved onto more rewarding
achievements. My technique was to break the pin into two, using the wavy pin
as the tension pick, and the straight pin to rotate the barrel. This hasn't
failed me on any padlock I've come across, and with practice will take only a
few seconds.

------
Aloha
As a field engineer, I often use the universal key (screwdriver) to open doors
- sometimes you don't even need to pick the lock - just move the hasp out of
the way.

~~~
vacri
I met a guy who used to check fire extinguishers for a living. Frequently in
places that weren't staffed. Rather than wait, he said he'd sometimes just
pick the lock (with prior permission), check the extinguisher and go on his
way.

------
gcb0
How I and the ocasional lock smith uses lock pick "practicaly":

1\. get any torque wrench (L-shapped metal that goes in the keyhole)

2\. get any triangular pick (any thin metal that goes in the hole, saw a
triangular tip)

3\. insert the pick as far as it goes, apply some tension to the torque
wrench, pull the pick out it pressing against the lock pins.

4\. repeat #3 until lock is open. you will usually ram the lock like there is
no tomorrow, so some graphite or other kind of lubricant may help.

------
nulluk
Trained as a locksmith out of college, dad and sibling still trade mainly on
"warrant runs" for the large energy providers when they need to get access to
house to cut people off.

It's really cool seeing people take an interest in picking, but just wanted to
point out that professional & hobbyist picking is completely different. A
professional’s first priority normally is to get into the property, damage
generally not being a huge issue so the approach changes dramatically.

First you try all the doors, as you would be surprised by how many people just
simply don't lock their doors whilst making a judgment what will be the
easiest entrance. Then you target the door with the worst lock, normally a
UPVC door with a euro cylinder and use an electric pick gun to give it a quick
blast. This gets you in within 5 minutes 90% of the time. [1] If the pick gun
doesn't work you snap the cylinder in the door and replace the lock for a
total cost of about £5 [2]

The hardest part of the whole job is when you have to identify a mortice lock
in order to bypass it and knowing if it's worth an attempt at a pick. (Simple
3 lever locks are worth a pick first before a drill) Once the lock has been
identified though it's easy to drill, you get your template out [3], mark up
the holes and drill out the stump

There are also other methods and the general gist of the story is you use the
method which takes the least amount of time with doesn't leave an unreasonable
amount of cost!

Some other methods/products to look at which are interesting and commonly
used:

\- Mica, a specifically made plastic for slipping rim latches, most commonly
referred to as "yale locks": [http://uklockpickers.co.uk/mica-
shim.html](http://uklockpickers.co.uk/mica-shim.html)

\- Letterbox tool, very basic (its just posh string on a stick) but also very
effective at knocking off deadbolts or opening a latch that won't slip:
[http://www.walkerlocksmiths.co.uk/bypass-tools/letterbox-
too...](http://www.walkerlocksmiths.co.uk/bypass-tools/letterbox-
tools?product_id=161)

\- Try out keys for mortice locks with a low number of levers:
[http://www.walkerlocksmiths.co.uk/mortice-picks-tools/try-
ou...](http://www.walkerlocksmiths.co.uk/mortice-picks-tools/try-out-
keys?product_id=121)

\- Plug spinner for when you pick the lock the wrong way:
[http://www.youtube.com/watch?v=fUmCUj44BPg](http://www.youtube.com/watch?v=fUmCUj44BPg)

[1]
[http://www.youtube.com/watch?feature=player_detailpage&v=mTt...](http://www.youtube.com/watch?feature=player_detailpage&v=mTtk9QtcoPc#t=190)

[2]
[http://www.youtube.com/watch?v=FqhhXyROxQM](http://www.youtube.com/watch?v=FqhhXyROxQM)

[3]
[http://www.eltonlockservices.co.uk/drill%20template%20new%20...](http://www.eltonlockservices.co.uk/drill%20template%20new%20front.jpg)

------
justinzollars
I feel like Lock Picking is an obligatory subject for hackers. Defcon hosts
these events, hackernews features these posts. I don't find it interesting to
break into something mechanical

------
jgg
I may or may not have learned at a boring job with filing cabinets and other
locks...I promise if you hire me, I won't do that, though.

Anyway, this is a crazy hard skill to master, simply because of the feel
required to actually push each pin in place, and the fact that you're doing it
blindly and often without so much as audible feedback from the lock.

You definitely need to practice to get good, and there are all types of funky
locks outside of your home country

------
Schweigi
It looks like most lock picking videos focus on the easy locks. How hard would
it be to pick a lock with side pins or however they are called? For example
the Kaba locks use them and most houses e.g. in Switzerland do have one of
them.

[http://www.kaba.sg/media/470570/v4/resized650x-1/mechanical-...](http://www.kaba.sg/media/470570/v4/resized650x-1/mechanical-
locks-kaba-star-schluessel.jpg)

------
kazagistar
The fatal flaw with physical keys is that the image IS the key. As 3d
fabrication and photography become ubiquitous, it becomes more and more absurd
to use these locks to protect anything. In essence, anyone who has seen a key
gains the permanent irrevocable ability to bypass that lock, until the lock is
replaced.

~~~
emhart
So - don't let anyone see your key.

------
sussman
A couple years ago I bought this book, read it in a few days, and was on my
way. Highly recommended. Super fun.

[http://www.amazon.com/Practical-Lock-Picking-Physical-
Penetr...](http://www.amazon.com/Practical-Lock-Picking-Physical-Penetration-
ebook/dp/B008S8I77E)

------
blunte
I don't know if this affects everyone as it does me, but light text on black
background is really, really tiring for me to read. It leaves white and black
horizontal stripes in my vision for many minutes. On sites like this I have to
open my developer view and fix the CSS.

------
smiro2000
cached page =>
[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://www.hackthis.co.uk/articles/picking-
locks-a-basic-guide)

------
timeecho
Wont always work thoughwith every lock. What does work is a drill. All
cylinders must be made of soft non-corrosive metal like brass.Just send a big
enuf drill down the cylinder and twist it with a screwdriver, quiker;)

------
cmiller1
With the inexpensiveness of electronics today, why haven't we moved from a
mechanical "password" (the height of the pins) to a simple electronic code
programmed into the key?

~~~
Schweigi
My key to the office building has a chip inside. So i guess they are slowy
coming.

------
obtino
The MIT guide to lock picking is rather good as well: www.lysator.liu.se/mit-
guide/MITLockGuide.pdf‎

------
crsmith
Does anyone have a lock recommendation for making an apartment/house more
secure?

