Surreptitious Entry - Lockpicking


An overview and notes on some common lockpicking tools and techniques.

[lock-1]

This is what a common lock pick set looks like.  It consists of RAKES such as the Ball, Half Ball and Multi-Diamond designs.  These are used when raking a lock.  FEELER PICKS come in two shapes, Half Hook and Full Hook.  These picks are designed to lift one pin at a time.  TENSION WRENCH a small level-shaped metal bars used to turn the cylinder in a lock.  They are vital to lockpicking.

One of the better locking picking manuals available is the MIT Lockpicking Guide.  Print it out and study it.

Padlock Shims

[lock-3]

These are clever little metal shims to slide down into the latch on a padlock.  They do work, but will become damaged after a few uses.

Southern Ordance Padlock Shim Set Manual

The shims are designed for use on padlocks with spring operated latch(es).  Generally, they are more effective on the cheaper type of padlocks.  The more expensive locks tend to be made to better specifications and are therefor more resistant to opening with any shims.

For these shims to be effective, there must be sufficient clearance between the shackle diameter and the holes in the padlock body to enable the shims to be inserted.

On single latch padlocks, any slack in the pivot side will help if the clearance is minimal.

These shims have been manufactured from the highest quality carbon spring steel to give more durability and longer life.  Sometimes a shim or pair of shims will open several locks, whereas, occasionally with the better made locks, it may become necessary to try another new shim if it becomes damaged.

Method of Use

First, determine whether the padlock is single or double latched.  If this is not known, then slide a single shim down the inside of the pivot leg of the shackle to feel for a latch.  Ideally, knowledge of the lock is the best way of knowing whether it is single or double latch.

Single Latch Padlocks

For most padlocks, the latched leg of the shackle is generally on the same side as the serrations of the key.  Choose a shim having the same or slightly larger bend radius than the shackle diameter.

A slightly larger radius will close down to the correct shape more accurately than an undersized one will open up.  It may also be necessary to shorten the length of the arms before using a shim on smaller padlocks.

  1. Exert some pressure on the pivot side of the shackle to ease the shackle towards the latch side and increase the clearance between the shackle diameter and the hole.
  2. Then insert the shim into the clearance on the outside of the shackle opposite the latch, and twist and push the shim down as far as possible.
  3. When it is fully inserted, rotate the shim around the shackle so that the tongue of the shim approaches the latch from the side and eases it back.  Once the shim has been rotated until the wings of the shim are pointing outwards away from the lock, it is likely that the latch has been sprung and the shackle can be pulled up to open the lock.

[shim]

Double Latch Padlocks

Use the same procedure as for the single latch, but when the first shim is positioned, exert pressure on the outside of the pivot side of the shackle and ease another shim into the clearance.  Again, twist and push the shim down into the gap until it is fully down.  Then rotate this shim around the shackle until the wings are pointing outwards.  With the better padlocks, it is this last maneuver that is difficult or even impossible.  However, once both shims are down and rotated outwards, it is probable that the padlock can be pulled or easily forced open.

One some types of padlocks with weak latch springs, it may be possible to force the shim down onto the latch(es) directly from above, and ease it (them) back.  However, if this technique is used on a latch with strong springs, the tip of the shim could bend and the latch would not be pushed back far enough to release the shackle.

Picture overview of a shim on a Master combination padlock

Lockpicking Guns

[lock-6]

Though highly overrated (you can pick most locks with just a feeler pick and a tension wrench), mechanical lockpicking guns do actually work.  With a little practice, you can open some locks in seconds.  The lockpick gun also requires the use of a tension tool for turning the lock's cylinder.

E-Z Pick Gun Manual

Adjusting the Tension

Use of the Tension Tool

Inserting Point on Needle

Working the Trigger of Tool

Offset Needle

Simple Tension Tool Trick

[lock-2]

Here is simple trick you can use to apply the right amount of tension on a cylinder while trying to pick a lock.  It involves drilling several 1/16" holes in the handle of a tension wrench to allow the hanging of some lead fishing sinkers.  The sinker's eyelet need to be modified slightly by clipping one side to form a hook.  Be sure to use high quality drill bits when drilling the tension wrench holes.

Picture overview of a lead sinker tension wrench in operation

Links & Notes

  1. Surreptitious Entry Tips
  2. Finding a "Lost" Combination for a Master Padlock  (47k PDF)
  3. Master Lock Combination Calculator  Given the 3rd digit to the combination.  (Source Code: master.main.cgi and master.cgi)
  4. Master Lock Combination Cracking
  5. Several Lockpicking Text Files
  6. TOOOL - The Open Organization Of Lockpickers
  7. Lockpicking 101
  8. How to Recover the Combination for a Master Combination Lock
  9. Simplex Locks: An Illusion of Security
  10. Simplex 5-Button Combination Locks
  11. Instructions on Recovering a Lost Master Lock Combination
  12. Bumping Locks  by Barry Wels & Rop Gonggrijp  (556k PDF)
  13. Bump Keys  Photo overview by Zeke79
  14. Wendt Opening Tools  (Catalog)
  15. Lockpicking  by Deviant Ollam
  16. Southern Ordnance  Hobbiest lockpick vendor
  17. Peterson International  Professional lockpick vendor
  18. Gurney's Defcon Lockpicking Page
  19. Matt Blaze's Lock Photos
  20. Safecracking for the Computer Scientist  by Matt Blaze  (2.7M PDF)
  21. Impressioning Manual for Amateur Locksmiths
  22. Guide To Lockpicking Tubular Circular Locks
  23. Greg Miller's Guide to Lockpicking for Beginners
  24. Key Spacing & Depth Tips
  25. PlugSpinnerDrDave.ZIP  Plans for a homebrew plug spinner, by Dr. Dave
  26. Improvised Lock Picks  (2.5M PDF)
  27. CIA Lockpicking Manual  (2.3M PDF)
  28. Lock Pick Templates  (88k PDF)
  29. How Lockpicking Works  (500k PDF)
  30. Catalog of High Security Locks v1.0  by Graham Pulford  (135k PDF)
  31. Lockmaster's Catalogs  Direct catalog downloads.
  32. Lockpickshop.com  Sells lock picks
  33. Abus Internal Lock Pictures - #1  (Abus Internal Lock Pictures - #2)
  34. Compromising Locks  http://dp.penix.org/locks mirror site.  Has a few missing pictures.
  35. The (SoftDrill) Computer Manipulation System
  36. Mas-Hamilton SoftDrill Information
  37. SouthOrd TPXS Tubular Manipulation Picks  Manual
  38. Multipick-Service  Online catalog
  39. The History and Science of Lock Pick Guns  by Tommy Tyler
  40. Pickmaster - The Fiber Pick  Overview of the fiber lockpick.  Missing a few pictures.
  41. Crest Spinbrush Conversion to Electric Pick
  42. Peterson MiniKnife Instructions
  43. Convert a Oral B Toothbrush Into a Vibrating Lock Pick
  44. Project Autodialer  by Kyle Vogt
  45. Unlocking a Combination Lock Using a Stepper Motor  by Vince Long
  46. Locraker  by Neil Fraser
  47. Code to Defeat Electronic Keypads on Cars
  48. LSS+ Electronic Infobase Edition of Locks, Safes, and Security  by Marc Tobias (v4.06-0202195 Public 3-Day Time Limit Torrent)
  49. LSS+ On-Line Tour of the Electronic Infobase
  50. Cracking Safes With Thermal Imaging
  51. Illegal Engineering  An illustrated lecture about the history of safes and safe breaking.
  52. Brute Forcing Combination Locks
  53. The Lockdown: Locked, But Not Secure - Part 1  (Part 2)
  54. Falle Safe Lockpick Pictures  High-resolution JPEG scans of unknown orgin.
  55. ezPicking  The Independent Locksport Voice!
  56. The Ben-Jim Emergency Door Opening Tool
  57. Lockenpedia
  58. Chris Belcher - Tools & CB Picks for Locksmiths
  59. The Sidebar  Blog by Marc Weber Tobias
  60. Non-Destructive Entry Magazine
  61. Sneakey: Reconsidering Physical Key Secrecy  Teleduplication via optical decoding.
  62. Related Audio & Video

  63. Defcon 7 Speech: V1RU5, Stephen Wadlow, Gurney Halleck and *Hobbit* - Lockpicking Demonstration  (19.3M MP3)
  64. Defcon 8 Speech: V1RU5 - More Lockpicking - Part 1  (621k MP3)
  65. DEF CON 10: Lockpicking Techniques and Tools for High Security  by Gingerbread Man  (YouTube)  (MP3)
  66. DEF CON 10: High-Security Locks and Access Control Products  by Michael Glasser, aka Laz  (YouTube)  (MP3)
  67. DEF CON 13: Introduction to Lockpicking and Physical Security  by Deviant Ollam  (MP3)
  68. DEF CON 13: Physical Security Bypass Techniques: Exploring the Ethics of Full Disclosure  by Marc Weber Tobias and Matt Fiddler  (YouTube)  (MP3)
  69. Lockpicking at the H2K (2000) Conference in New York  Audio by Barry "The Key" Wels.  (9.9M MP3)
  70. H2K2 (2002): Lockpicking  by Barry "The Key" Wels.  (YouTube)  (MP3)
  71. The Fifth HOPE (2004): Lockpicking - Part 1  by Barry "The Key" Wels, Marc Tobias, and Matt Blaze.  (Part 2)  (YouTube)
  72. HOPE Number Six: Lockpicking - Exploits for Mechanical Locks  by Barry "The Key" Wels and Marc Tobias.  (YouTube)  (MP3)
  73. Pop Can Shim  Jason Lynn shows how to open a Master lock with a pop can.  (8M AVI)
  74. Related Patents

  75. Lock Combination Decoder  U.S. Patent 4,905,490  (400k PDF)
  76. Lock Decoder  U.S. Patent 4,433,563  (300k PDF)

  77. Tool For Determining Safe Lock Component Positions  U.S. Patent 4,056,956  (180k PDF)
  78. Microprocessor Controlled Micro-Stepping Chart Drive  U.S. Patent 4,377,847  (270k PDF)
  79. Manipulation Assistance Device and Method  U.S. Patent 4,803,860  (484k PDF)
  80. Vibratory Lock Pick  U.S. Patent 3,264,908  (116k PDF)
  81. Power Actuated Lock Pick  U.S. Patent 2,565,254  (231k PDF)
  82. Apparatus for Picking Pin Tumbler Cylinder Locks  U.S. Patent 4,156,375  (218k PDF)
  83. System and Apparatus for Opening Cylinder Locks  U.S. Patent 4,606,204  (306k PDF)
  84. Locksmith Tool  U.S. Patent 5,172,578 "Sputnik"  (369k PDF)
  85. Lock Picking Apparatus  U.S. Patent 5,956,984 "Medeco Pick 1"  (292k PDF)

Return to Homebrew Military & Espionage Electronics Page