Lock picking

A traditional set of lockpicks. The two tools on the left are tension wrenches

Lock picking is the art of unlocking a lock by analysing and manipulating the components of the lock device, without the original key. Although lock picking can be associated with criminal intent, it is an essential skill for a locksmith. Lock picking is the ideal way of opening a lock without the correct key, while not damaging the lock, allowing it to be rekeyed for later use, which is especially important with antique locks that would be impossible to replace if destructive entry methods are used.

Usually it is possible to bypass a lock without picking it. Most common locks can be quickly and easily opened using a drill, bolt cutters, or a hydraulic jack. The hasp, door, or fixture they are attached to can be cut or broken.

A lock that offers high resistance to picking does not necessarily make unauthorized access more difficult, but it will make surreptitious unauthorized access more difficult. They are often used in combination with alarms to provide layered security.

Some people enjoy picking locks recreationally, because they find it brings high satisfaction and hack value.

Techniques to pick different types of locks

A tension wrench (or torque wrench) is used to apply a torque to the cylinder, while a lock pick (or picklock) is used to push individual pins up until they are flush with the shear line. As each pin is manipulated to its correct height, the cylinder will turn fractionally causing another pin to bind. The pins will not bind simultaneously because they will not be aligned perfectly with the axis of the cylinder. Once all of the pins are flush with the shear line, the tension wrench can be turned fully to open the lock.

Raking or scrubbing a pin tumbler lock is usually done before individual pins are pushed up. While applying torque with the tension wrench, a lock pick with a wide tip is placed at the back of the lock and quickly slid outwards with upward pressure so all the pins are pushed up. Raking may allow some of the pins to be flush with the shear line and can make the job easier.

Most simple pin tumbler automatic padlocks can be picked without a torque wrench using the so-called safety-pin-method. These padlocks allow the picker to open the lock while applying pressure to the side and raking at the same time - with the same tool (a bent wire in this case). Because the cylinder has to be turned only 1/8th of a full turn, and there are only 3 or sometimes just 2 pins to set, the lock simply jumps out of its place. Cheap and small padlocks may even open more easily with a safetypin than with a key.

Some pin tumbler locks have special security pins, with serrations, mushroom heads, or spool shapes, that make lock picking more difficult by causing the pins to bind in locations other than their correct ones.

Another technique, often the fastest, uses a vibration pick or gun, which sharply strikes all the bottom pins simultaneously while light torque is applied; like a cue ball, the energy is transmitted through to the top pins, which fly to the top of their well. This momentarily creates a large space between the two pins, and, given the right timing, the lock can be turned. The Pick Gun was initially developed for law enforcement, allowing officers who are not adept at lock picking to open a lock quickly and easily.

A refinement of this kinetic technique is the use of bump keys. These are keys with all the cuts at or slightly below the deepest level for a key made by the manufacturer, and a small amount of material removed at the tip, and, where applicable, at the shoulder - the part of the key that prevents the key from entering the lock too deeply. By sharply striking the bump key, it is possible to apply an even impact to each pin column, which then separates as if struck using a pick gun. Bump keys will work in many locks that pick gun needles will not fit into.

To defend against these attacks, high-security locks use a sidebar, which engages from another axis and also prevents the lock from turning. Medeco locks do this by requiring the pins to be rotated to a correct position, as well as moved to their correct height. Other brands put the sidebar cuts in the side of the key.

Pin tumbler locks are particularly suited to master keying, where each lock in the group can be opened by either a master key, which will open any lock in the group, or a specific change key, which will open only that one lock (or others identical to it). This is done by using pins with more than two parts, so that it will shear at more than one position. However, in poorly supervised areas, those who have access to a door that is unlocked or for which they have a legitimate key can remove the lock from the door and disassemble it to determine the master keying pattern.

In 2002, a method was published that allowed a person with a change key to find out the master key using a few blank keys (one for each pin in the lock) and finding out the alternate cut of the pin for each pin individually, without dismantling the lock at all, thus effectively eliminating the "poorly supervised area" requirement for the attack. [Citation needed]

Pin tumbler locks

Function

Pin tumbler locks work in the following fashion. There exists a cylinder which has a key hole in it. This cylinder fits into a housing. The cylinder is the part of the lock you normally put your key (typically Kwikset or Schlage) into. The cylinder has vertical holes (typically 5-7) drilled into it. These holes are perpendicular with the keyhole. These holes correspond (although not perfectly) to holes in the housing which the cylinder sits. Within each of these vertical holes are pin stacks.

There are 2 pins (one on top of the other) to a pin stack (assuming a non-masterkeyed system) and a spring. If you were to remove the cylinder from the housing, and put the proper key into the cylinder, due to the varying cuts of the key, the key would lift these bottom pins such that they are flush with the cylinder. If there is no key in the cylinder, the springs on top of each pinstack press the top pins (driver pins) downward into the cylinder and thus preventing the cylinder from turning unless the proper key is inserted.

Picking manual

Two elements are needed to pick this type of lock. Torque (or tension) and a pick to lift or rake/scrub the bottom pins. There are also snap guns which easily accomplish the following feat. Essentially, you insert your tension wrench into the cylinder to apply a light amount of torque on the cylinder. You then take your pick and feel around until you find what pins you can lift.

The reason you are able to lift the pin is because it is impossible to perfectly machine the vertical holes exactly in a line. If this was possible, lock picking would be impossible.

After you lift the pin, the tension you are placing on the cylinder will force the pin to lock in place. This process is repeated until all pins are set, then the cylinder turns and the lock is successfully manipulated.

Finding the right picking force

First, feel inside the lock with your pick (don't worry about the tension tool for a moment), and try to check each pin in turn. The pins will feel springy (as they are on springs), and you should be able to count the pins, and note carefully how much force you needed to move them. In most cases, this force is much less than most people imagine. Picking a lock is not like eating a tough piece of beef, and the most common error at every stage is to use too much force. So the force you have used to push the pins with no tension tool inserted is almost the force needed when picking.

Finding the right tension-tool force

When you apply a small turning force on the lock in the direction that you would turn the key, the tumbler will rotate a little bit. Keep in mind what the smallest force is that takes up the slack in the lock. This is almost the force you will need when you pick the lock, at least until the pins are set. More force might be needed to open the lock once the pins are set, but we will come to that later.

Picking - automated

Operating on the same principle as that of a cueball suddenly hitting the 8-ball and coming to a stop, while sending the 8-ball flying, the snap gun strikes all of the bottom pins at once, and thus sending the driver pins up into the lock. This only lasts for a fraction of a second because the springs will force the pins back down into the lock. The tension wrench is also required in this situation.

Newton's cradle is often used to explain the mechanism, but really we need to consider a modified Newton's cradle with unequal masses^[1]. When the masses in Newton's cradle are not all equal, the situation is more complex, but to avoid considering the physics in detail, we consider two simple examples. Real locks do not in general have all equal masses!

Example 1. Consider three masses 2m, m, and 2m, in that order, and suppose that the first mass is moving at velocity v and the other two are touching and at rest. After the first mass hits the two touching masses, the first and second masses are at rest and the third mass is moving at velocity v. So, in this case, it is almost like Newton's cradle with all equal masses.

Example 2. We use the same three masses as in Example 1, but in a different order. Consider three masses of 2m, 2m, and m, in that order, and suppose that the first mass is moving at velocity v and the other two are touching and at rest. After the first mass hits the two touching masses, the first mass is at rest, the second mass is moving at velocity v/3 and the third mass is moving at velocity 4v/3. Notice here that both the second and third masses are moving in the same direction, and think about the effect this might have in a lock being picked as described above.

However, even when the masses are not equal, we do in general create gaps between the masses that were originally touching, so the hope is that we can arrange it so that this gap contains the shear line for all the pin stacks at the same time. If so, the lock is picked!

Bumping

Another method for defeating this type of lock is known as bumping. In this method, a key blank that fits the target lock is specially cut, with all the cuts at or slightly below the deepest level for a key made by the manufacturer, and a small amount of material removed at the tip, and, where applicable, at the shoulder - the part of the key that prevents the key from entering the lock too deeply. This allows the key to be inserted slightly farther into the lock than normal. The key is inserted into the target lock to normal depth, and by striking the head of the key while applying slight torsion, the lock can be opened in seconds.[1] This method emulates the snap gun approach with decidedly simpler tools — the special key and a device (e.g., mallet, screwdriver handle) to deliver the blow. When used with criminal intent, bumping often does not allow the victim to make a successful insurance claim because it leaves no sign of forced entry.

Bump keys, like electric pick guns and snap picks exploit impulsive impacts on the pin stack, as described above, to open the lock quickly and effectively.

Lever locks

Lever locks can be picked by putting a force on the bolt in the direction that withdraws it, then moving the levers up (and down again if necessary), generally one-by-one until the stump on the bolt passes through the holes in the levers.

Many lever locks use anti-picking notches on the stump and levers, for example British-standard (BS) lever locks. These are the equivalent of security pins in a pin tumbler lock, and cause the picker to incorrectly believe that a lever is at the correct height.

Chubb's detector lock, which is no longer in general manufacture, could mechanically detect a lever being lifted too high, and would then refuse to open until the mechanism was released by using the correct key (sometimes called a regulator key) in the lock. This method is very difficult and should not be attempted unless you can master simpler methods.

Tubular pin tumbler locks

A tubular pin tumbler lock has the pins arranged in a circular pattern (parallel to the keyhole), and uses a tube shaped key. Tubular locks are commonly seen on vending machines, computers and some bike locks.

A tubular lock pick is used to keep the pins from moving once they have been picked until all have been picked. These locks can be picked using a pin and a torsion tool, but using this method is far slower than using a tubular lock pick, and for many locks the process has to be repeated several times as the cylinder is rotated to open the lock.

It is possible to open many tubular pin tumbler locks by inserting a ring of soft material, cardboard, or even the tube from a ballpoint pen into them, and wiggling it while applying a constant gentle rotative force. The soft material deforms, allowing each pin to work its way into the picking tool until the pin is in the correct position, whereupon the pin no longer deforms the cardboard, or plastic etc. When all pins are correctly set, the lock opens. This is a form of impressioning.

Wafer tumbler locks

To open a wafer tumbler lock, one can use a double-sided pick to keep the discs from moving once they have been picked until all have been picked. Although double-sided picks may work well with wafer locks, many times using a hook pick rightside up, then upside down works equally well.

Combination locks

Various methods can be used to open combination locks, none of which are technically picking. These methods are instead called bypassing.

Cheap combination padlocks can be opened using a thin metal piece slid between the body and shackle; the padlock shim technique can also work with non-combination padlocks.

Other combination locks require the opener to find the combination to the lock. The exact techniques differ and some manufacturers, such as Master Lock, make this process very time-consuming on their latest models.

All combination locks carry the inherent flaw that a finite number of random attempts will eventually open the lock. This process can be dramatically shortened by using techniques that the lock-maker has built into the lock, such as patterns in the combinations often using factorial and modulus. See hacking a Master Lock.

Warded locks

With a warded pick, warded locks are probably one of the easiest locks to pick. Warded picks have basic shapes that fit many types of warded locks. They are inserted into the keyhole and slowly turned until the lock opens.

Key impressioning

Concept

Contrary to what one might think upon hearing the term, key impressioning does not have anything to do with silly putty, molds, or plaster of Paris. Instead, you start with a key blank and use the following method to arrive at a functioning key for a lock.

Method

Tools required: Proper key blank that will fit the lock; Vise-grip pliers; Rat tail and pippin files (Swiss cut #4 variety); Skilled eyes

Clipping the vice grips on the key blank, you take your file and polish the top of the key; that is, the part of the key that the pins come into contact with. (Before starting the impressioning, it is generally good to count the number of pins in the lock with a hook pick, thus helping choose the correct sized blank.) You put the key into the keyhole using the vicegrips, and gently turn it thus binding the key, then you jiggle the key up and down. You pull the key blank out and look at it. Initially you are looking for the perpendicular scrapes that the pins of the lock will have left on the key. File a few thousandths of brass of the key with your pippen or rat tail file (usually 4 total swipes of the file).

You repeat this process. Be very careful to only file if you see a little dimple in the key grooves that you are starting to file on the key. When you have filed enough material from the blank, you will have approximated the cut of the appropriate key and the lock should open when the key is turned.

This method is exceptionally good because high-security drivers (if they are grooved or mushroomed) are made irrelevant. This method works fantastically well on car doors and other wafer locks. To impression wafer locks, you should sharpen both sides of the key (only if the key is two sided) then the wafers will slice a nice little groove into your key.

This process could take 15 - 75 minutes based on 1) the skill of the locksmith and 2) the difficulty of the lock.

Please note, this method is more time consuming and difficult on locks with sidebars (ie Medeco, mul-t-lock, GM cars)

Type of tool

The following is a list of tools that would be found in a commercial set. Depending on the size of the set it may contain sizes and/or desings to better fit different locks. Most all of them are made of thin steel or other hard metals.

Tool sets

The tools for lock picking are usually different for each type of lock and can sometimes be improvised from common items.

Lock pick kits can be purchased openly via the internet. Many different selections are present. 9-piece sets and a 32-piece set equipped with a Pick Gun for example differ in value and price greatly. However, many lockpickers state that for most locking devices, a basic set of 5 picks should be enough, therefore it is unnecessary even to carry around a wide variety of professional lockpicks.

Tension wrench

The Tension wrench is used to apply tension to pins to keep pins from being pushed back down by springs after they are correctly set. Usually anywhere from 1/8th inch to 1/16th inch wide, bent into a L with a quarter twist on the long side to allow tension to be put on it, in the direction the lock is desired to be turned.

Hook pick

The hook pick is self explanatory, it is similar to the half diamond pick, but has a hook shaped tip rather than a half diamond shape.

Legal status

United States

In United States, laws concerning possession of lockpicks vary from state to state. Generally, possession and use of lockpicks is considered equivalent to the possession of a crowbar or other tool that may or may not be used in a burglary. Illegal possession of lockpicks is generally prosecuted as a felony under the category of possession of burglary tools or similar statutes. In many states, simple possession is completely legal as their statutes require proof of intent. In some states, however, possession without appropriate licensure is considered prima facie evidence of intent to commit a crime, rendering simple possession a crime.^[2].

California

In California, locksmiths must be licensed by the state^[3]. However simple possession is completely legal as illegal possession must be coupled with felonious or malicious intent^[4].

European Union

Most countries of the European Union don't regulate the possession of lockpicks. All responsibility concerning criminal or legal acts using the picks is taken by the owner of the lockpicks.

Netherlands

In the Netherlands, owning lock picks is legal, but using them on someone else's locks without permission is not. There is even a lock picking championship, the Dutch Open, which was reported on in the newspapers. ^[5]

United Kingdom

In the United Kingdom, a person who carries a lock pick set (even a home made one) can be charged with the offence of "going equipped", unless they have a good reason for carrying them.^[6] The penalty for this can be upward of 5 years' imprisonment. The arresting officer must have "reasonable cause".

New Zealand

In New Zealand, possession of lock picking tools "without lawful authority or excuse" falls under the crime of "being … in possession of instrument for burglary", which carries a maximum penalty of three years' prison, if accompanied by the intent to use it for burglary.^[7]

References

^ "TOLG". {{cite web}}: Text "The Open Locksport Guide" ignored (help)
^ "Code of Virginia Section 18.2-94". Virgina General Assembly Legislative Information System.
^ "Locksmith Companies and Employees". California Department of Consumer Affairs.
^ "California Penal Codes, Sections 466-469". California Legislative Information.
^ "Lockpickers hebben slot in paar seconden open", the Leeuwarder Courant, 2002-12-02
"Vito Tieke", Even Vragen Aan, the Algemeen Dagblad, 2002-12-02
"Duitser kampioen sloten openen", the Sp!ts, probably 2002-12-02
"Duitser wordt in Sneek kampioen sloten openen", the Friesch Dagblad, probably 2002-12-02
"Duitser eerste kampioen sloten openen in Sneek", the Dagblad van het Noorden, probably 2002-12-02
"Sloten openen als nieuwe sport", Dagblad de Limburger, probably 2002-12-02
Note: the dates of some articles were not available, but considering the fact that newspapers generally report promptly, it can be assumed the given dates are correct.
It was also documented on television, in the programs Hart van Nederland and on Omproep Friesland.
^ "Police-information.co.uk legislation index". Retrieved 2006-08-10.
^ "New Zealand Crimes Act Section 223 subsection 1 - Being disguised or in possession of instrument for burglary". Retrieved 2006-08-14.

External links

A collection of useful external links.

[1] "TOLG". {{cite web}}: Text "The Open Locksport Guide" ignored (help)

[2] "Code of Virginia Section 18.2-94". Virgina General Assembly Legislative Information System.

[3] "Locksmith Companies and Employees". California Department of Consumer Affairs.

[4] "California Penal Codes, Sections 466-469". California Legislative Information.

[5] "Lockpickers hebben slot in paar seconden open", the Leeuwarder Courant, 2002-12-02
"Vito Tieke", Even Vragen Aan, the Algemeen Dagblad, 2002-12-02
"Duitser kampioen sloten openen", the Sp!ts, probably 2002-12-02
"Duitser wordt in Sneek kampioen sloten openen", the Friesch Dagblad, probably 2002-12-02
"Duitser eerste kampioen sloten openen in Sneek", the Dagblad van het Noorden, probably 2002-12-02
"Sloten openen als nieuwe sport", Dagblad de Limburger, probably 2002-12-02
Note: the dates of some articles were not available, but considering the fact that newspapers generally report promptly, it can be assumed the given dates are correct.
It was also documented on television, in the programs Hart van Nederland and on Omproep Friesland.

[6] "Police-information.co.uk legislation index". Retrieved 2006-08-10.

[7] "New Zealand Crimes Act Section 223 subsection 1 - Being disguised or in possession of instrument for burglary". Retrieved 2006-08-14.

[1]

[2]

[3]

[4]

[5]

[6]

[7]