|Lock picking, or being in possession of lock picks, may be a crime in some countries. See Legal Status page for more information.|
Locksmith techniques are generally categorised into 3 main categories:
- Lock Picking - manipulating the tumblers of a lock by hand
- Lock Bypassing - exploiting weaknesses in a lock to bypass the locking mechanism
- Destructive entry - breaking or damaging the lock to gain access
Pin tumbler locks
Wikipedia article on pin tumbler locks
Pin tumbler locks are particularly suited to master keying, where each lock in the group can be opened by either a master key, which will open any lock in the group, or a specific change key, which will open only that one lock (or others identical to it). This is done by using pins with more than two parts, so that it will shear at more than one position. However, in poorly supervised areas, those who have access to a door that is unlocked or for which they have a legitimate key can remove the lock from the door and disassemble it to determine the master keying pattern.
In 2002, a method was published that allowed a person with a change key to find out the master key using a few blank keys (one for each pin in the lock) and finding out the alternate cut of the pin for each pin individually, without dismantling the lock at all, thus effectively eliminating the "poorly supervised area" requirement for the attack.
Some pin tumbler locks have special security pins, with serrations, mushroom heads, or spool shapes, that make lock picking more difficult by causing the pins to bind in locations other than their correct ones.
A tension wrench (or torque wrench) is used to apply a torque to the cylinder, while a lock pick (or picklock) is used to push individual pins up until they are flush with the shear line. As each pin is manipulated to its correct height, the cylinder will turn fractionally causing another pin to bind. The pins will not bind simultaneously because they will not be aligned perfectly with the axis of the cylinder. Once all of the pins are flush with the shear line, the tension wrench can be turned fully to open the lock.
Most of the simple pin tumbler automatic padlocks can be picked without a torque wrench using the so-called safety-pin-method. These padlocks allow the picker to open the lock while applying pressure to the side and raking at the same time - with the same tool (a bent wire in this case). Because the cylinder has to be turned only 1/8th of a full turn, and there are only 3 or sometimes just 2 pins to set, the lock simply jumps out of its place. Cheap and small padlocks may even open more easily with a safety pin than with a key.
A refinement of this kinetic technique is the use of bump keys. These are keys with all the cuts at or slightly below the deepest level for a key made by the manufacturer, and a small amount of material removed at the tip, and, where applicable, at the shoulder - the part of the key that prevents the key from entering the lock too deeply. By sharply striking the bump key, it is possible to apply an even impact to each pin column, which then separates as if struck using a pick gun. Bump keys will work in many locks that pick gun needles will not fit into.
To defend against these attacks, high-security locks use a sidebar, which engages from another axis and also prevents the lock from turning. Medeco locks do this by requiring the pins to be rotated to a correct position, as well as moved to their correct height. Other brands put the sidebar cuts in the side of the key.
Raking or Scrubbing
Raking or scrubbing a pin tumbler lock is usually done before individual pins are pushed up. While applying torque with the tension wrench, a lock pick with a wide tip is placed at the back of the lock and quickly slid outwards with upward pressure so all the pins are pushed up. Raking may allow some of the pins to remain flush with the shear line, and can make the job easier.
Wikipedia article Snap Guns
Another technique, often the fastest, uses a vibration pick or gun, which sharply strikes all the bottom pins simultaneously while light torque is applied; like a cue ball, the energy is transmitted through to the top pins, which fly to the top of their well. This momentarily creates a large space between the two pins, and, given the right timing, the lock can be turned. The Pick Gun was initially developed for law enforcement, allowing officers who are not adept at lock picking to open a lock quickly and easily.Operating on the same principle as that of a cueball suddenly hitting the 8-ball and coming to a stop, while sending the 8-ball flying, the snap gun strikes all of the bottom pins at once, and thus sending the driver pins up into the lock. This only lasts for a fraction of a second because the springs will force the pins back down into the lock. The tension wrench is also required in this situation.
Wikipedia article Bump Keys
Another method for defeating this type of lock is known as bumping. In this method, a key blank that fits the target lock is specially cut, with the shoulder of the key filed down to allow the key to be inserted slightly farther into the lock than normal. The key is cut from a standard blank for the intended keyway, with each cut made for the greatest depth pin. Between each cut an angled tooth is left behind. The key is inserted into the target lock to normal depth, and by striking the head of the key while applying slight torsion, the lock can be opened in seconds. As the key is struck, each tooth "bumps" the pin it connects with upwards towards its shear line. This method emulates the snap gun approach with decidedly simpler tools — the special key and a device (e.g., mallet, screwdriver handle) to deliver the blow.
Wikipedia article on lever locks
Lever locks can be picked by putting a force on the bolt in the direction that withdraws it, then moving the levers up (and down again if necessary), generally one-by-one until the stump on the bolt passes through the holes in the levers.
Many lever locks use anti-picking notches on the stump and levers. These are the equivalent of security pins in a pin tumbler lock, and cause the picker to incorrectly believe that a lever is at the correct height.
Chubb's detector lock, which is no longer in general manufacture, could mechanically detect a lever being lifted too high, and would then refuse to open until the mechanism was released by using the correct key (sometimes called a regulator key) in the lock. This method is very difficult and should not be attempted unless you can master simpler methods.
Tubular pin tumbler locks
Wikipedia article on tubular pin tumbler locks
A tubular pin tumbler lock (also known as a Brahmah or ace lock) have their pins arranged in a circular pattern (parallel to the keyhole), and uses a tube shaped key. Tubular locks are commonly seen on vending machines, computers and some bike locks.
A tubular lock pick is used to keep the pins from moving once they have been picked until all have been picked. These locks can be picked using a pin and a torsion tool, but using this method is far slower than using a tubular lock pick, and for many locks the process has to be repeated several times as the cylinder is rotated to open the lock.
It is possible to open many tubular pin tumbler locks by inserting a ring of soft material, cardboard, or even the tube from a ballpoint pen into them, and wiggling it while applying a constant gentle rotative force. The soft material deforms, allowing each pin to work its way into the picking tool until the pin is in the correct position, whereupon the pin no longer deforms the cardboard, or plastic, etc. When all pins are correctly set, the lock opens. This is a form of impressioning.
Wafer tumbler locks
Wikipedia article on wafer tumbler locks
Wafer tumbler locks are generally regarded as low security devices, as they can be easily raked similar to the method used in pin tumbler locks.
One of the most common methods to pick a wafer tumbler lock is to insert a try out key or jiggler. The key is then moved in a rocking motion back an fourth in the lock, whilst a turning force is applied.
Each key can be tried one by one until the lock opens.
Wikipedia article on combination locks
Various methods can be used to open combination locks, none of which are technically picking. These methods are instead called bypassing.
Cheap combination padlocks can be opened using a thin metal piece slid between the body and shackle; the padlock shim technique can also work with non-combination padlocks.
Cheap bicycle locks, which consist of four rings in a line that each have to be turned to the correct number, can often be defeated by pulling gently at either end of the lock, and then turning each ring until it it is in a position in which it becomes difficult to turn. If this does not work for a particular ring, then try getting other rings to their open position first, as they may be holding the tension from the ring currently being worked on.
Other combination locks require the opener to find the combination to the lock. The exact techniques differ and some manufacturers make this process very time-consuming on their latest models. Certain manufacturers commonly use specific values repeatedly (across many locks) for their locks' combinations.
All combination locks carry the inherent flaw that a finite number of random attempts will eventually open the lock. This process can be dramatically shortened by using techniques that the lock-maker has built into the lock, such as patterns in the combinations often using factorial and modulus.
Warded picks (or skeleton keys) are essentially keys for a warded lock that have been filed down to their most basic parts, hence the term "skeleton key".
The picks work by bypassing the warded locking mechanism inside of the lock.
Picking warded locks is regarded as fairly easy as all you need to do is choose and insert a warded pick (see right hand image) and turn until the lock opens. If the lock does not open, choose another pick until it does.
- MIT Guide to Lock Picking Ted the Tool (1991)