Lock picking is part science and part art. This article provide a look at how locks work, their weaknesses, and how they can be exploited. It’s easy to learn but difficult to master. Picking has been around as long as there has been locks to pick.
Brief History of Lock Picking
Since people began wanting to deny others entry to areas, there have been locks. Locks have been picked and bypassed since they were first created. As soon as the first lock was built, someone began figuring out how to bypass. Locks date back further than the days of ancient Egypt. However, modern lock picking/smithing has its origins in 1700s England.
In the 1770s, Joseph Braham designed the world’s most secure lock. He inadvertently created lock picking as a sport when he advertised a cash reward to anyone who could pick his lock. At the time no one was able to get the lock open. (Source)
Locks and lock picking became a critical facet of espionage. Governments and corporations lock their secrets behind closed doors and in vaults. Unfortunately, no one is particularly eager to reveal the secrets behind their tradecraft. Agencies like the OSS, CIA, SOE, MI6, KGB, and FSB all have utilized lock picking.
The KGB would often conduct covert entry into the offices, homes, and businesses of state enemies to gather information. Sometimes even using a radiation emitting device and x-ray sensitive film to see inside of locks. Spetsnaz used covert entry techniques like lock picking during the Beslan School Siege to enter the building without alerting the Chechen terrorists. (Source)
Today locks have become increasingly more complex. Especially with the addition of electronics into the equation. However, you can exploit a lock’s weaknesses if you understand how they work.
How a Lock Works
To pick a lock, it is important to understand how locks function. The most common lock is the pin tumbler lock. Pin tumbler locks are most used in doors and pad locks and require a key for entry. Four major components make up the lock.
- The key
- The pins – driver pins (blue) and key pins (red)
- The plug/core (yellow)
- The cylinder (green)
In the same way that an iPhone uses a multidigit code to open, locks require a code too. The key is the physical manifestation of a passcode. All three axis of the key have information that can be given a numerical value. The ridges on the key, its length, and the cross-sectional groves are all just a physical code required to open the lock.
- The vertical axis is the bumps/cuts on a key. The cuts are known as the key’s “bitting”. You can assign a numerical value to each cut, typically ranging from 0 to 6. A zero indicates no cut at all and a six is the deepest cut possible. The value of each cut determines how high the pins in the lock will be raised.
- The number of pins is determined by the length of the key. A key with only four cuts means that it’s lock will only contain four pins. This is also considered part of the key’s bitting. The number of pins in a lock typically ranges from 4 to 6.
- The key’s profile determines which type of locks it will fit into. This is the wavy shape when you look directly at where the key slides into or the “keyway”. Its also known as the key’s “milling”. Lock manufactures have key profiles that are unique from other companies. They also generally have more than one profile that they use. This way a key that has the correct bitting but the incorrect profile cannot open the lock.
Locks have two kinds of pins inside the lock: key pins and driver pins. Key pins and driver pins are like peanut butter and jelly, you can’t have one without the other. Therefor if a lock has 6 pins, it technically has 6 key pins and 6 driver pins. However, the lock is said to have only six pins because they’re dependent on each other.
- Key pins are the element of the lock the interact directly with the key. They pin closest to the outside of the lock is the #1 pin, the second closest is the #2 pin, and so on. The key’s bitting raises the key pins. These pins vary in length corresponding to the cut in the key. If the key has a 6 cut in the #1 pin position, then the #1 key pin will be long. If the key has a 0 cut the #1 key pin will be very short.
- Driver pins sit directly on top of the key pins. Driver pins have tension from springs which are pushing downward on them. Typically, driver pins are all the same size.
The core is the part of the lock that the key is inserted into. The core contains the key pins and part of the driver pins.
The cylinder contains the springs for the driver pins. The core also sits inside the cylinder. The sheer line is where the core and cylinder meet. As you insert the proper key into the lock it raises the pins as it slides in. The key’s biting will raise each key pin into the correct position. All key pins will be as high as they can go in the cylinder. All driver pins will be resting on top of the key pins inside the cylinder. This clears the sheer line and the lock can open.
Lock Picking/Bypass Tools
There are multiple ways to bypass a lock other than traditional picking. However, few leave as little of a trace as picking the lock. Keep in mind that this is by no means a comprehensive list. One’s imagination is the only limit to how a lock can be opened/bypassed.
Cutting through the locking bar or shackle of a padlock. Not a particularly covert method.
Drilling the core out of the lock and rendering the lock useless. Again, not a particularly covert method.
Taking a photo or impression of a key can allow one to “decode” the bitting. You can cut a new key blank to match the bitting. Alternatively, you can cut thick plastic to match the bitting. However, you need a torsion device to rotate the core.
On door-based locks it is sometimes possible to use a small tool and physical manipulate the latch back into the lock. In old movies characters do this with a credit card, but a traveler’s pick is a commercially available tool.
Hinge Pin Removal
Rather than attacking the lock, you can target the door’s hinges. You can only do this on outward swinging doors where the hinges are visible. All you do is hammer out the hinge pin with a punch.
Bump keys have the lowest bitting possible for all cuts. You partially insert the bump key into the keyway along with a torsion device. Then you strike the bump key with a special hammer while using the torsion device to provide rotational force on the core. The goal is to make all the driver pins bounce above the sheer line via kinetic energy. As a result, there is a brief second where the sheer line is clear and you can open the lock.
Traditional picking relies on the use of a torsion device and various pick utensils. You apply rotational force via the torsion device and the pick manipulates each pin.
Basic Entry Kit. (From left to right)
- Decoder pick – for combination locks
- Hammerless hinge pin remover
- Travelers pick
- Two bundles of lock picks
- Torsion wrenches
Lock picking can seem like a daunting task in the beginning. There is a learning curve to figuring out how much pressure should be applied at any given time. It’s also worth noting that everyone has their own nuances to how lock picking is approached. Some far better video resources are Deivant Ollam and the LockPickingLawyer on YouTube.
Like most mechanical devices, the parts that comprise a lock can vary minutely in size. When picking a lock, one is exploiting this inevitable flaw in the manufacturing process. You continuously apply rotational force to the core with a torsion device. This stacks the tolerances of the pins. Then you insert a pick and begin feeling the pins. All the pins will react normally except for one. One pin will be stiff and not react to light pressure from the pick. Once you apply heavier pressure to the pin it should slide upward.
When done successfully, the driver pin will be inside the cylinder and the key pin will remain in the core. This will free up the core to rotate enough so that the driver pin won’t fall back into the core. Then another pin in the lock will have tension on it. Your repeat this process for all the pins in the lock. After you set all the pins the lock opens.
I like to begin by using a pick to determine the number of pins in the lock. I do this by inserting a pick into the keyway as far as it will go. Then I use the tip of the pick to apply pressure to the top of the keyway where the pins would be. I “scrape” the top of the keyway/the pins as I slowly retract the pick for the lock while applying light pressure. I am listening and counting the faint clicks of the pins falling back into their resting positions. The number of clicks indicates the number of pins.
Next, I insert my torsion device into the bottom of the keyway and apply rotational pressure to the core. On a padlock this is typically clockwise but on a door it would be away from the doorframe.
I insert my pick into the keyway and begin to feel all the pins. If you feel no resistance from the pins, then they are not ready to be picked.
Once I find the pin that will not move, I apply gradually increasing pressure to it. I know its “set” when I hear an audible click. If you have to use gorilla strength to move the pin, then you need to reduce the rotational pressure on the core.
I then move onto the next pin that is not moveable and repeat step 4. There is no expected order that the pins will catch in. It could be 1 2 3 4 5 or it could be 3 1 2 5 4. It is completely random.
I feel less resistance in the core through my torsion device. Subsequently, I know I have set all the pins. I rotate the core all the way and the lock opens.
When picking, you may possibly pick a pin into a false set. A false set happens when you push the key pin past the sheer line. A false set usually frees up enough slack to give another pin resistance. This is part of the learning curve of knowing how much pressure to apply.
Another method uses a “rake” pick to open the lock. This can be a faster method, but it is also less precise and may take more time. You tension the lock like normal. However, you insert a rake pick and rapidly moved back and forth/up and down. The goal is that the rake will set all the pins by rapidly bumping the pins rather than deliberate picking.
Picking locks is a useful and fun skill to have. It is easy to get into but takes years to master. The skills presented here are only a primer on lock picking and covert entry. Covert actors have used lock picking to conduct espionage operations for decades. However, you should not use the information provided here for nefarious purposes. Don’t break into your neighbor’s house and steal their tv. Additionally, you should also never practice lock picking on a lock that you intend to use. It is possible to damage a lock while picking it. Please practice responsibly.