Hacker News new | past | comments | ask | show | jobs | submit login
The MIT Lockpicking Guide (blurofinsanity.com)
215 points by AndyBaker on Apr 14, 2014 | hide | past | web | favorite | 71 comments



If anyone is wondering, everywhere the guide mentions "sheer force" and "sheer line", that should be "shear force" and "shear line". It's like "wind shear".

"Sheer" doesn't even make any sense in this context: "sheer force" would be twisting the tumbler so hard you break all the pins, and that would not exactly be considered "lock picking"!

What's interesting to me is how pervasive this misspelling has become. A Google search for "lock picking sheer force" finds 17,500,000 matches, but "lock picking shear force" finds only 205,000. I wonder if all these misspellings originated from this MIT guide, or if there was something else before that?


> "sheer force" would be twisting the tumbler so hard you break all the pins

That's not how I read it... The best gloss of "sheer" in this context would be "pure", which would mean something like "force, devoid of any other tool or method". Like, "I moved the rock with sheer force" would imply I just pushed it and didn't use a lever or anything.

(You are correct that it's the wrong word choice, of course; the above is not what the author is meaning to say.)


Rest assured, soon there will be only one word, with multiple, conflicting meanings - same as the last hundred or so conflicts. That's living language for you!


Eye no.


On a legal note;

IANAL, but I did a little research before getting started in lock picking a while back. iirc, there are no federal laws against having picks. However, states often have laws against "possession of burglary tools". In my jurisdiction, if they can establish intent to burglarize -- ie, you're also carrying an empty duffel bag, a crowbar, and a map with the bank circled on it -- its a class II felony.

I repeat; I am not a lawyer.


Presumably then the issue is more about carrying them with you when you're out and about rather than having them in a toolbox at home?

In the same way you can have a big knife at home but carrying it in your bag is a problem.


Then you should just build them into your business card.

https://www.flickr.com/photos/ranh/106709219/


I like how the torsion wrench works, thats clever.

I used to carry a similar card. It was a fake credit card that opened up, and had a small set of picks inside. I kept it in my wallet in case I was ever locked out.


I could not access Appendix B (Legal Issues) from the online version but someone posted the PDF which includes that section.

In it this very issue is addressed including the advice "It may be a good idea to carry around a xeroxed copy of the appropriate page from your state's criminal code."

Problem solved.


State by state (and some non-us countries): http://lockwiki.com/index.php/Legal_issues


An obvious hack to get around this would be to put 'Locksmith' on your business card, or get a set of cards advertising a side business as a Locksmith. Bingo, they're not burglary tools, they are required tools of the trade for your profession, similar to knife exemptions for Chefs.


Most states require locksmiths to be certified and advertising services without being licensed is a bigger infraction than carrying picks.


Depends on where you live - in Japan, you probably don't want to be carrying them around..


> if they can establish intent to burglarize

That's a line that'll generate hours of debate going nowhere.


Why does most of the world continue to use the pin tumbler locks, when the disc tumbler lock (invented in 1907) is almost impossible to pick?

http://en.wikipedia.org/wiki/Pin_tumbler_lock

http://en.wikipedia.org/wiki/Disc_tumbler_lock


Burglars in general do not read MIT guides. Even if some might, security is still a weakest link problem. The easiest way into a house is by window, the letterbox, etc, speaking of locks in general it's easiest just to use a bolt cutter.


Precisely.

Locks are mere tamper-proof seals, lock-picking is the art of breaking into those seals without breaking them.

I have seen a lot of broken locks in my time (I worked in a the bicycle industry). I have also removed quite a lot of locks in my time (the days working in a bike shop).

Thieves just use those big bolt cutters that cost £10 or so and get the job done in seconds. Even the most expensive locks are fair game for this basic approach, the biggest fear is that there is some CCTV somewhere. The amount of 'pin tumblers' makes no difference.

In the bike shop where there is the choice of the bolt-croppers, the oxy-torch, the disc-cutter, the vice, the big hammer and so on one doesn't think for one moment 'oh, I will just download that lock-picking guide off the internet, follow the instructions and be in here in a minute...'. The feature I always found charming was how many bicycle locks have a plastic coating around the cable. This makes it very easy to use a normal saw. The plastic works as a guide meaning the saw does not slip.

Hence, for my own bicycle I use a £4.99 combination number lock for that short shopping trip to town and a £24.99 D-lock for the company bike shed.


The canonical quote is that "we lock our doors to keep honest people honest."

Practically, we cannot guarantee the security of our locks, or homes, or cars/bikes, etc. But we erect barriers to help enforce societal norms regarding security and privacy. These can be explicit measures such as door locks and deadbolts, and more holistic things like living in a good neighborhood, meeting your neighbors, preempting the broken windows effect, etc.

The only guarantee, in terms of home security, is a great insurance policy with riders for your major possessions.


>>> speaking of locks in general it's easiest just to use a bolt cutter.

Which is why I never understood the Master Lock commercials where they shoot a bullet into the body of one of their padlocks showing how tough it is.


No, I think you understand the commercial just fine.


And most ironically, no one take notice of the person nonchalantly carrying 36 inch bolt cutters.


Disc Detainer locks are far from impossible to pick: Disc Detainer lock talk from LayerOne: https://www.youtube.com/watch?v=jv5N6pHXf-E

"We need to start attacking disc detainer locks" from Shmoocon: https://www.youtube.com/watch?v=nT0PDQUZi74

Nirav Patel's 3D printed DDetainer key: http://eclecti.cc/hardware/physical-keygen-now-for-disc-deta...

Guide to Disc Detainer Locks: https://www.youtube.com/watch?v=wnW5GgaDKFc&list=PL7F406AFC7...

But, as to your actual question of "why" there is a lot that goes into it. Henry Robinson Towne is a central figure in particular, but so is the great lock controversy of 1851, which was a watershed moment in how most english-speaking societies dealt with mechanical security ever after.


For those interested in the Great Lock Controversy of 1851: http://www.slate.com/articles/life/crime/features/2013/the_l...


"...the great lock controversy of 1851..." That's so quaint. I wonder if "The Browser Wars", or something of its ilk, will have the same ring to it in 160 years.


oh absolutely, and I try to be as solemn as possible about it:

"I used to be a web developer during the Browser Wars, man ... A veteran, yes. I remember being happy when we could develop for IE7 compatibility ..."

(embellish with stories about getting up at 4am, walking barefoot in the snow, uphill both ways, etc. as you see fit)


Hah, that's funny. I often forget that we may be participating in some future historians most exciting discovery...


Agree. Think the late 1800's is most fascinating period in economic history.



They're very difficult to pick but not impossible. It can be done but it takes time and expertise.


Is it more difficult because the locks are less common?


Says Wikipedia: "Picking the lock is not impossible, but requires a lot of time, a dedicated, professionally made tool and special expertise."


Thanks, I can read Wikipedia. The point is that picking a tumbler lock requires those things too.


So does a half decent pin-tumbler lock.


Abloy has patents on many of the unique features of disc locks and keys that make them harder to pick.

In this case the patents help prevent unauthorized duplication of "secure" keys.


fyi, gambling machines made by Austrian/German conglomerate Novomatic/Löwen Entertainment use Abloy disc tumbler locks for securing the case and access switches.


Best guess? Pin tumbler locks are probably cheaper to produce.


I believe one of the more famous Richards were mentioned in this everlasting classic:

Richard P Feynman, who, on having picked a certain lock, complained that "[t]he trouble with playing a trick on a highly intelligent man like Mr. Teller[0] is that the time it takes him to figure out from the moment that he sees there is something wrong till he understands exactly what happened is too damn small to give you any pleasure!"

The volume »Surley, You're Joking Mr Feynman!«[1] contains many, at times only seemingly so, light-hearted reminiscences in similar spirit.

[0] Edward Teller (1908, Budapest – 2003), a Hungarian-US nuclear physicist known colloquially as "the father of the hydrogen bomb"; see https://en.wikipedia.org/wiki/Edward_Teller

[1] https://en.wikipedia.org/wiki/Surely_You%27re_Joking,_Mr._Fe...!


Here's another Feynman lockpicking anecdote: a video about his exploits cracking peoples' safes at Los Alamos during the Manhattan Project: http://www.youtube.com/watch?v=Waw11zhaKSk


A really invaluable skill. Picking locks has saved me on multiple occasions, to get into my own property. It has also made me rethink the way I secure my valuable goods. If only for this second reason, I think basic picking skills should be learned by everyone.


I've had to pick a lock twice, once on a closet in my (work place) office and once on my sister's basement door. Both times I used paperclips for pick and torsion wrench. Very handy to not have to tear apart the entire door.

I have not been able to pick front door locks the same way. Probably need real tools for that. Plus some locks have wards in the way which are harder to deal with when using a fat paperclip.


There is a guy on youtube called bosnianbill, his channel: https://www.youtube.com/user/bosnianbill is full of useful information.

You can also find Mike Gibson's "Lock Picking: Detail Overkill" which is a great book for starters!


thank you for that. I've seen the MIT guide bouncing around the internet since forever, but never fully digested. the narrators comments are helpful to understand just what he is doing and what the locks are made like. i recommend any of the 'Gutted' versions.


That's a pretty cool channel. I've ended up spending like 30 minutes watching him pick different locks and its fairly entertaining.


bosnianbill is a great guy. Also writes articles for locksmithing mags, etc. Real crossover star for the Locksport/Locksmithing communities.



http://www.lysator.liu.se/mit-guide/MITLockGuide.pdf

PDF Version for anyone interested.


After I saw this guide a while ago, I got really interested in lock picking and ended up buy a kit. There a decent subreddit and it's a good resource to get started. I purchased the kit they recommend PXS-14, and it works great. I remember I picked my first lock in about 5 minutes and then spend another hour trying to do it again. It takes a while to feel right and become consistent.

Subreddit:

http://www.reddit.com/r/lockpicking

Plus there getting starting guide:

http://www.reddit.com/r/lockpicking/comments/bzq80/where_do_...

PXS-14 Kit:

http://www.lockpickshop.com/PXS-14.html


Peterson sells some good kits for beginners and they are a bit more comfortable to use than the Southord ones mentioned above:

http://www.thinkpeterson.com/picksets.html#LESS%20EXPENSIVE%...

Of course, its up to personal preference, they are both great brands.


The goal of your [physical?] security shouldn't be to be uncrackable, but to delay the would-be criminal long enough to be detected and, hopefully, apprehended. "Yes, the lock can be picked in a week, but by then, your employees should have returned to the office and noticed the burglar picking away at it."

It's easier to just walk into the open bank, masked, and make demands. And there's still a chance to get away with it. A chance, however slim.


I remember reading this as a teenager and buying my first keychain lockpick set. One of my favorite sayings is that, "In order for a locksmith to fix a lock, he must first understand it's inner workings. Just like a locksmith, before we can understand X, we must understand how it works first."

I fell out of practice, but whenever I cruise by a hacker space with a lockpick area I will try and take the time to test my abilities. These days lock technology makes some locks very difficult (double-mushroom pins, etc), so I usually can only do the medium difficulty locks.

I had amassed a huge collection of lock/key templates and even some stuff about safecracking, but unfortunately had a hdd crash and lost most of it.

The bottom line with lockpicking, like other things, is that nothing beats practice.


I still don't see why this was "renamed" or why it's being posted at other sites -- was it originally taken down from MIT or moved or not maintained or what?


At a guess, "MIT Lockpicking Guide" implies a guide to picking locks at MIT, but "MIT Guide to Lockpicking" implies a general guide supplied by MIT.


Does anyone know of a link to download this resource? I'm not confident that it will remain active, especially after all of this attention.


If you are on a *nix machine you can run:

wget -rkp -l3 -np -nH --cut-dirs=1 http://www.blurofinsanity.com/mit/lockpick.html

If on mac os you'll need to brew install wget or follow this tutorial to use curl http://psung.blogspot.com/2008/06/using-wget-or-curl-to-down...

After you've downloaded the website you can run a simple server in a terminal by navigating to where you downloaded the website and running

python -m SimpleHTTPServer

Then navigate to http://0.0.0.0:8000/lockpicking.html in your web browser.

LPT: I do this with coding tutorial sites before getting on planes so I don't waste money buying internet and time browsing other content.


The Guide has been available for decades. No amount of attention will suppress it; individual copies & links, maybe, but not in general.


This particular text has been floating around the Internet since the eighties, I doubt that this will make any difference. Just search for "mit lockpicking filetype:pdf" and you'll find thousands of copies.


It's just text so hopefully it should be able to stay up.

However I really like backing up things and making a local mirror so I'm not going to stop you. I hate it when something interesting like this vanishes from the internet and it turns out no one has a copy.

So I'm hosting a copy of it for you and anyone else that would like to help preserve it. I just downloaded the copy with:

"wget --mirror --page-requisites --no-parent --convert-links --no-parent --wait=5 --random-wait -U "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" -e robots=off --progress=bar --level=8 --referer=$2 $1"

Here's a copy I just put on my server: http://www.ifnotequal.com/The-MIT-Lockpicking-Guide-Mirror/m...

I've included a download for it (also hosted on my server) at the top of that page. It's only 290.5KiB.

All the best and enjoy.


mkdir lockpick_guide; cd lockpick_guide

curl "http://www.blurofinsanity.com/mit/chapter[0-9].html" -O http://www.blurofinsanity.com/mit/lockpick.html -O http://www.blurofinsanity.com/mit/appendix.html -O

for i in $(cat * | grep -P "\w+-\w+\.gif" -o | uniq); do curl http://www.blurofinsanity.com/mit/$i -O done

`which python2` -m SimpleHTTPServer

Edit: apparently wget has a magical flag that allows you to download all resources on an HTML page as well. Consider this solution inferior to Ellipsis753's and jamiis's. However, I will leave my reply up since this method is applicable to a lot of other situations as well.


Funny thing but my only real life experience of lock picking and none of those techniques were used. It was a combination lock with 4 wheels and it was easy to figure out the combination with a little piece of plastic wedged between each wheel and the lock face.


Are there any successful, self-taught lockpickers here? I have tried to learn a few times, and I think I understand the theory, but it is hard to put into practice. Every time I need to open a lock I don't have a key for, I still grab a drill.


I am self-taught (Google) and have had success only with inside doors where the locks are cheaper. I've also just used paper clips which could explain my problem with front door locks. It also still takes me 10 min+. (And I've only done it twice.)


I remember there being a neat 3D gif floating around Google+ that showed how to pick a lock in a few (frames per?) seconds.


Look up Schuyler Towne & any of his animations. Also, I believe http://www.theamazingking.com/ has a lockpicking game on his site, but it is a little dated


Schuyler has an entire instructional series on lock picking on YouTube that's very good. He introduces the concepts and terms, uses cutaways to illustrate the mechanisms and walks through basic beginner techniques for common locks. Highly recommended.

https://www.youtube.com/watch?v=VVSL0liiWoc


Lock Game 3D was the best :)


For a while tv shows commonly had people getting in using a credit card to push back the bolt.

You don't see it anymore though


Deadlatches have existed for a very long time, to prevent that problem. Next time you are looking at a door with a latch instead of, or in addition to a bolt, look "behind" the main latch and you should see a small, separate bit protruding. Press that bit in, and then try to push the latch back. The latch shouldn't budge. That's a dead latch.

Found a good picture, here: http://www.gaterslocksmith.com/images/deadbolts/Deadlatch-bu...

Unfortunately, while they have been on the market for a very very long time, not everyone uses them, and many that do use them don't use the proper strike plate for their door, or just allow them to go into misalignment. So, the deadlatch doesn't actually get pushed back when the door is closed, and the latch can be carded as though it weren't even there.


Thanks for explaining that and for the link


It only works on fairly bad locks. Although I have one it works on.


This looks instructive, is it a legal copy and if so is there a downloadable version?


We all know the story, the Book Hackers by Steven Levy tells it all.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: