as Muad suggested, Lock picking might indeed be a good topic.
It's odd how I find myself fascinated by protections, and more specifically by breaking them. This doesn't just include software, I've also read some interesting guides about real life lock picking.
It's quite fun to understand these concepts, and be able to manipulate them.
I understand most of the basics, but I don't really feel like paying a lot of cash for a lock pick set (These things are VERY expensive).
Could anyone give some ideas on how I could create or buy my own tools (That are less expensive than a professional kit, and still *decent*)
Some beginning advice would also be nice.

Hey, nice to be on the student end of 'how do I break a protection' again ;)

-Kwazy Webbit

Ahh! Here is something I know. I don't know if they have street sweepers in dutchie land, but if they do, the metal bristles they drop are PERFECT for lockpicks. You just file them down into this shape:

________/
-------------

But you want a more shallow angle than that...maybe 45 degrees would be perfect. That will pick most any house or masterlock. If you need a torque wrench, just bend one of the bristles in a 90 degree angle and there you go. I think that phone cord wrapping (take the guts out) makes a GREAT handle for the picks...keeps you from cutting your hand when working on a stiff lock. Does this help? :)

Helpful ;)
Though, I knew about the bristles, dont think we have those here..
I check some bicycle spokes, but .. bleh.. Guess I just need an anvil.. ;)
How would I make, say, a bicycle spoke into that angle tho?
Hammer it or smth? I don't quite see how I'd transform a straight spoke like that into a pointy shaped lock pick..
Will this kind of tool also work for pin tumblers? Or will I need diff tools for that? Guess I should just start simple, and work my way up.

-KW-

A bicycle spoke won't work, but one of those copper bands that holds a stack of bricks together works too. If you can't find any long, flat piece of metal, I can send you some if you have an address you don't mind giving to me to send it to :P

buying premade tools is like using a keygen, you learn more by making your own tools and your successes and failures you learn from them. there is pretty much no lock i cant open. nothing beats stiff sweeper bristles and spam can openers(for cheaper locks like slaymakers). ive even 'keygenned' the master combination padlock, a silver dial i can open in 10 secs, a black dial about 5 minutes. Anyway just thought id drop by to see how the site is doing. :D

buying premade tools is like using a keygen, you learn more by making your own tools and your successes and failures you learn from them.

I agree 100%. If you make your own picks you will discover what works best and get the feel for why it works the way it does.

Anyway just thought id drop by to see how the site is doing. *:D

Well, welcome to the RET board! It's good to see you here, please come visit us frequently, old friend =)

:twisted:

Can i attach files here? I have some ebooks about lockpicking that i would like to share :-)

Can i attach files here? I have some ebooks about lockpicking that i would like to share

Good question.. I'd think not actually, since if a lot of people would do that, Itd be a pretty big load on the server (both HD space as bandwidth)..
Do you have any other place to put it? If so, you could just drop a link in here :?
Either way, I'd love to see that book :D

-Kwazy Webbit

btw, welcome deffy ;)

To have pressure on the lock while picking, I've so far used a small screwdriver (on of those with a led in it to detect power).. But a screwdriver means I can no longer directly use the pick in the lock, I have to bend it (I'm using a paperclip atm ;))
The paperclips seems strong enough but the bend in it is the weak point.
Basically:

It bends here
/
_________________/
|
|
|
|
|
|______

When I lift the pick now by hold onto the vertical part, the 90 degree corner just bends outwards, if you know what I mean.
I think it'd be ok if it was straight, and an easy tool to make ;)
However, that means I would need a different method of applying pressure.. That way I wouldnt need the bend.
Any suggestions on this? Im trying to do all this without spending money. I know, Im a cheap bastard, but hey :D Its worth trying.

Thx,
Kwazy Webbit

can be fabricated from the blade of a large steel drywall knife with a dremel tool. Get a set of jeweler's files too.

--nb

Very nice topic :)

I picked my first lock today using 2 hammered down nails.
Here's a pic of the lock and the 2 nails (http://www.mycgiserver.com/~Rens/lock.JPG)

This is probably the easiest lock to pick in the world. Time for a new challenge :)

I like the hammered down nails. That's a great idea for anyone who can't find something flat like street sweeper bristles (hint hint kw :)

Hmm, looks good. Which is which? I assume the pick on the left is used for pressure, and the other one for picking?
If so, wouldn't you need some kind of small edge to push down an individual pin? Or can you just push all the pins down and see which one clicks with a flat surface like that?

-KW-

Yeah, I use the left one for pressure. The right one is bended real lightly, just enough for this simple lock.
For the other lock I tried I needed different nails because these one were too short and a bit too wide.

although i see i'm a bit outdated, i feel i should reply ;)
i'm really happy that this topic appeared here, coz until
now i wasn't sure if the other crackers have similar interests
as me...now something to topic:
you discussed materials usable for creating of picks.
so called brush bristels are the best, i prefer them to anything else, but
if you cannot get them, there are also another suitable things
at first, hacksaw blades - you can ge them in regular store, it's really
good material(hard,maybee too much), but requires more filing to create a tool
second one: brick tape(the thing binding bricks for building together)-not so good, too thin and soft,but usable
+ i also have some tools made of (NINE INCH) nail ;), 1mm wire, paper clip, cork w/ nails etc.

there are also completely different methods of opening locks and also completely different locks ;)
and i'd be really glad to share my knowledge with anyone interested
*L

Hey guys,

You have all probably seen this article already, but I thought I would post it anyway just in case. It doesn't really have anything to do with Lock Picking, but it talks about how to make a Master Key from a single lock and key from a building.

h**p://www.nytimes.com/2003/01/23/business/23LOCK.html

I thought it was pretty interesting how he applied his understanding of computer security to a real life target.

Regards,
mrboggles

It appears to want me to register first ;(

-kw-

This will make it easier on everyone, heres the article. :)

<BEGIN_ARTICLE>
Master Key Copying Revealed
By JOHN SCHWARTZ


A security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building.

The researcher, Matt Blaze of AT&T Labs-Research, found the vulnerability by applying his area of expertise — the security flaws that allow hackers to break into computer networks — to the real-world locks and keys that have been used for more than a century in office buildings, college campuses and some residential complexes.

The attack described by Mr. Blaze, which is known by some locksmiths, leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape. No special skills or tools are required; key-cutting machines costing hundreds of dollars apiece make the task easier, but the same results can be achieved with a simple metal file.

After testing the technique repeatedly against the hardware from major lock companies, Mr. Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys."

AT&T decided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. The alert describes the technique and the possible defenses against it, though the company warns that no simple solution exists.

The paper, which Mr. Blaze has submitted for publication in a computer security journal, has troubled security experts who have seen it. Marc Weber Tobias, a locks expert who works as a security consultant to law enforcement agencies, said he was rewriting his police guide to locks and lock-picking because of the paper. He said the technique could open doors worldwide for criminals and terrorists. "I view the problem as pretty serious," he said, adding that the technique was so simple, "an idiot could do it."

The technique is not news to locksmiths, said Lloyd Seliber, the head instructor of master-key classes for Schlage, a lock company that is part of Ingersoll-Rand. He said he even taught the technique, which he calls decoding, in his training program for locksmiths.

"This has been true for 150 years," Mr. Seliber said.

Variations on the decoding technique have also been mentioned in passing in locksmith trade journals, but usually as a way for locksmiths to replace a lost master key and not as a security risk.

When told that Mr. Seliber taught the technique to his students, Mr. Tobias said: "He may teach it, but it's new in the security industry. Security managers don't know about it."

In the paper, Mr. Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in hand — an approach that cryptanalysts call an oracle attack. The technique narrows the number of tries that would be necessary to discover a master-key configuration to only dozens of attempts, not the thousands of blind tries that would otherwise be necessary.

The research paper might seem an odd choice of topics for a computer scientist, but Mr. Blaze noted that in his role as a security researcher for AT&T Labs, he examined issues that went to the heart of business security wherever they arose, whether in the digital world or the world of steel and brass.

Since publishing Mr. Blaze's technique could lead to an increase in thefts and other crimes, it presented an ethical quandary for him and for AT&T Labs — the kind of quandary that must also be confronted whenever new security holes are discovered in computing.

"There's no way to warn the good guys without also alerting the bad guys," Mr. Blaze said. "If there were, then it would be much simpler — we would just tell the good guys."

Publishing a paper about vulnerable locks, however, presented greater challenges than a paper on computer flaws.

The Internet makes getting the word out to those who manage computer networks easy, and fixing a computer vulnerability is often as simple as downloading a software patch. Getting word out to the larger, more amorphous world of security officers and locksmiths is a more daunting task, and for the most part, locks must be changed mechanically, one by one.

But Mr. Blaze said the issue of whether to release information about a serious vulnerability almost inevitably came down to a decision in favor of publication.

"The real problem is there's no way of knowing whether the bad guys know about an attack," he said, so publication "puts the good guys and the bad guys on equal footing."

In this case, the information appears to have made its way already to the computer underground. The AT&T alert to law enforcement officials said that a prepublication version of the paper distributed privately by Mr. Blaze for review last fall had been leaked onto the Internet, though it has not been widely circulated.

"At this point we believe that it is no longer possible to keep the vulnerability secret and that more good than harm would now be done by warning the wider community," the company wrote.

There is evidence that others have chanced upon other versions of the technique over the years. Though it does not appear in resources like "The M.I.T. Guide to Lockpicking," a popular text available on the Internet, Mr. Blaze said, "several of the people I've described this to over the past few months brightened up and said they had come on part of this to make a master key to their college dorm."

Mr. Blaze acknowledged that he was only the first to publish a detailed look at the security flaw and the technique for exploiting it.

"I don't think I'm the first person to discover this attack, but I do think I'm the first person to work out all the details and write it down," he said. "Burglars are interested in committing burglary, not in publishing results or warning people."

Mr. Tobias, the author of "Locks, Safes and Security: An International Police Reference," said that the technique was most likely to be used by an insider — someone with ready access to a key and a lock. But it could also be used, he said, by an outsider who simply went into a building and borrowed the key to a restroom.

He said he had tested Mr. Blaze's technique the way that he tests many of the techniques described in his book: he gave instructions and materials to a 15-year-old in his South Dakota town to try out. The teenager successfully made a master key.

In the alert, AT&T warned, "Unfortunately, at this time there is no simple or completely effective countermeasure that prevents exploitation of this vulnerability, short of replacing a master-keyed system with a nonmastered one."

The letter added, "Residential facilities and safety-critical or high-value environments are strongly urged to consider whether the risks of master keying outweigh the convenience benefits in light of this new vulnerability."

Other defenses could make it harder to create master keys.

Mr. Blaze said that owners of master-key systems could move to the less popular master-ring system, which allows a master key to operate the tumblers in a way that is not related to the individual keys. But that system has problems of its own, security experts say.

Mr. Blaze suggested that creating a fake master key could also be made more difficult by using locks for which key blanks are difficult to get, though even those blanks can be bought in many hardware stores and through the Internet.

But few institutions want to spend the money for robust security, said Mr. Seliber of Schlage. His company recommends to architects and builders that they take steps like those recommended by Mr. Blaze, measures that make it more difficult to cut extra keys — like using systems that are protected by patents because their key blanks are somewhat harder to buy, Mr. Seliber said. Even though such measures would add only 1 to 2 percent to the cost of each door, builders were often told to take a cheaper route. He said that they were told, " `We're not worried about ninjas rappelling in from the roof stuff — take it easy.' "

That is not news to Mr. Blaze, who said it was also a familiar refrain in the world of computer security. "As any computer security person knows," he said, "in a battle between convenience and security, convenience has a way of winning."
</END_ARTICLE>

I'd like to get my hands on his published paper. :wink:

Regards,
mrboggles

I'd like to get my hands on his published paper. *:wink:


I figured I would as well, so I threw the guy's name into google. It turned up http://www.crypto.com/ as first hit. It turns out to be the guy's own website, which has the masterkey publication on it. I downloaded it already, will read it tonight. It looks good, nice illustrations etcetera.
Enjoy :)

-kw

Awesome kw, I did the same but figured nah it wouldn't be on his homepage. I should learn not to overlook things so easily. :D

Thanks for the heads up on it though.

Regards,
mrboggles

there are also completely different methods of opening locks and also completely different locks ;)
and i'd be really glad to share my knowledge with anyone interested *
*L

Of course that would be great :)

You could post something here, or write it into an essay (preferably for beginners, because I am one ;D), whichever you prefer.. But it would of course be greatly appreciated.

-kw

I just came over one site that you guys might find interessing.

http://www.gregmiller.net/locks/

Acid

I just came over one site that you guys might find interessing.

Despite this worrying remark, this is not a porn site.. ;)
It's a very nice collection of essays dealing with lock picking.. Thanks for sharing acid :)

-KW

this is a good page for a visual explanation on what's going on for people new to this protection.

http://www.howstuffworks.com/lock-picking.htm

p.s. how stuff works is great site :) i luv it

I'd like to see some information on picking tubular locks (the kind on coke machines & motorcycles) if anyone has any...I haven't found any good info on this myself...

KW pointed me here,

here's what you should check about lock picking: The MIT Guide to Lock Picking (http://www.lysator.liu.se/mit-guide/mit-guide.html). There's pdf translations in french and italian for what i know, use google. I've put some pictures of lock picking tools here (http://freddo.netfirms.com/img/lockpick/index.html). I'm sure one could do those tools by himself, but trust me, it's better to at least have seen one first. And forget hammering down nails, those tools are really thin, less than 0.25 millimeters. Try with the metal stem you find in windscreen wiper.

sice

I found a nice place to buy books and equipment.. Includes tubular locks, muad.. They sell a book and lockpicks for that.. Might be something to look into? I'm considering buying the $35 set myself.. The really good ones are too expensive for something that I'm just looking to learn as a hobby, and the $15 one with book seems like a really bad kiddie version which will no doubt break within 2 days.
The page I'm talking about is http://www.selfdefenseproducts.com/lockpick.htm
Have a looksie, and give me some feedback (those of you that know which are good etc, coz I have no idea myself)

-Kwazy Webbit

At the moment, I'm staring at the topmost set (book+picks = $14.95) since I'm a complete beginner.. But in the back of my head something's shouting "NOOooo DONT DO IT! IT'LL BREAK OR BEND OR JUST BE HORRIBLE TO WORK WITH, JUST GET SOMETHING DECENT RIGHT AWAY CAUSE YOU'LL WANT IT ANYWAY!"
Someone know anything more about this sorta thing? Would be appreciated...

-kw

Hey,

I think it is great you guys are all interested in this. I originally got into it when I read about lock picking in the original anarchists cookbook. I bought a lock picking set from

htp://www.devonlocks.com/cgi-bin/cart/section/2/

They are UK based but you might be able to persuade them to ship to the US if you can't find anything similar. The set I bought was the 15 piece slim line set, they are very good quality but I did find that I had a tendency to bend them early on. Due to my lack of skill at that stage I was applying too much pressure and damaging the picks, maybe this is something to consider. I am now able to pick 4 pin padlocks and getting there with 5 pin Yale locks. I am now looking at buying this:

htp://www.devonlocks.com/cgi-bin/cart/section/9/ (The Jack-knife)

Hopefully it should make things a lot faster :-)

Regarding tubular locks for coke machines and motorcycles, I once read that you can open these locks using quick drying clay from modelling shops. Basically you jam a load of clay into the lock and pull it out, let it dry for an hour or so and there you have your key. The plus side of this is that if you get caught you can drop the clay on the floor and stand on it, crushing it and destroying any evidence.

Thanks you very much for posting the information about creating master keys. I haven't read it yet but will do soon.

All the best.

KAOS
aka - mullaa

I remember when I was 12/13/14 I was on my boxen printing lock picking guides I found. Mostly come from anarchists cookbooks 'n related. Couple months of learning I made a torque out an allen key (filed the shortest length down to like a flathead screwdriver), made another out of a small screw driver (used hammer to bend it on an angle), I made a standard lock pick out of a crosure needle I stole from my grand ma.. worked like a charm.. I then could pick basic pad locks, etc. I remember at school picking the PE gear lockers and stealing the locks for more practise :P.

Any ways KW it's just the normal proc. search and yee shall find, learn and thee shall know.. ? haha

:lol:

It takes time to build

hey i have looked up how to open master locks the kind that you spin but all of the solutions i find are for the ones that are from 1990. anybody know how to open the new ones?

charles

As a child I always wanted a room filled with all kinds of locks, when I grew up. I loved the idea of picking locks. I still don't have my room, but one day. Eventually, I came across a lock pick set and swiped it. Been a couple years since I played with them. Not an expert but can pick most common locks I come across. Few months back I decided to make a video tutorial on picking. Like most ideas I never stepped forth and produced it. Yesterday, one of my friends asked me how to pick a lock. I pulled my set out of my laptop bag ( they go everywhere my laptop does! ). Even had to pick a lock a couple times for bosses at various jobs. Anyway, it took me about two minutes to draw out a diagram and explain how a lock works and how lock picks are used. Within two minutes he was able to pick one of the cheap locks we had laying around. A couple minutes later his sister came in asking what we were doing. We told her the plan. I described the details in about 75 seconds ( diagram already drawn ). She popped it in one minute 30 seconds flat!

Couple seconds ago one of his sister's friends was brought in the room, she got the chump lock in about 30 seconds. It helps that she had seen a lock reKeyed before. I just got done writing this article and was fixin to post it when she walked in. This is great! You know how many years I've waited to find someone else to pick with? This is great stuff. Thanks for the extra incentives you fellow reversers!

I was amazed at how fast they learned. Of course my desire to create the video grew exponentially. So last night we ran up to the store and bought a dozen different locks and some video tape. We shot half of the tutorial. We will shoot the rest some time this week. I still have to edit the video and create a 3D animation of a lock. I am going to disassemble one of the locks and show the inner workings. Rebuild the lock in 3D and animate a lock picking simulation. I plan to release the video in a couple months. I'll eventually put up a link if anyone is interested?


Until then, here are some resources we dug up last night for further exploration.

Go to google video and search for: lock picking
You will find some decent videos.

muaddib: -> ( From The Shadows Box 06 )
This one in particular has a brief demonstration about tubular locks. This is a video of a defcon with a lock picking section. I found it on google video. If you don't want to watch the whole thing just fast forward to around 5:30/28:51 of the video.

After seeing that video it may not be to hard to make one of these yourself. Have you ever seen one of those boxes that imprints objects with nails(points cut off)?. If you stick your hand under it, it will form around your hand, by indenting the nails with the object under it. Not sure what they are called. Something you would see at sharper image. You could use the same theory to create this tool. I have seen this technology used for allen bolts, for allen wrenches. You just need one tool and the pins will form into the indention of the allen bolt. You can use the same tool for various different sized bolts.
---

For those of you who need a banana cheap lock set try this google video:
( Banana Lock Picking Video )
Wow! What a champ. I don't suggest using this as your first lock picking exercise, but hey if its all you got? At the end of this video he uses a frozen banana to tap a bump key. This is a custom key that you can make. Instead of trying to pick each pin at a time. You can use a bump key. Just bump or tap the key a couple times and bam!
---

If you want to create your own tools I suggest checking out the lock pick sets here:
lockpicks.com
You will find all kinds of tools for: Pinned locks, tubular locks, car locks( slim jim type and keyed type ), and many more. Look at the pics and you will be able to mimic them. You can use all kinds of things. Street sweeper bristles, brick palette bands, coat hangers, nails, bananas, allen wrenches, paper clips, metal scraps, etc. You can also use a dipStick from a car. Grind, sand or cut it to your needs. Temper it with a blow torch. Through some oil on it and you're good to glow!

lockpickshop.com
This has a catalog you can check out. Don't recall the quality of the pics here.
---

***All kinds of great info can be found here***:
lockpicking101.com

Search this forum for lock picking:
irvineunderground.org

Just found this one:
toool.nl/index-eng.php
They have a 600MB video on bumping locks. Gotta check this out! You just might be surprised. I have not tried this technique, yet. It's on the to do list now.

totse.com/en/bad_ideas/locks_and_security/makelockpicks171047.html
Simple page about how to make a set of lock picks with a coat hanger.
---

Anyone looking for a challenging lock can try these:

2nd hardest lock to pick (that I have found):
( master 6270 ) -> try googling for it. You will also find it on images.google
Yes, it is a master lock. Around 35$.

hardest lock to pick ( that I have tried):
( american lock 700 series ) -> google or images.google
Around 30$. This one is by American Lock Company.

cheers to all the curious out there,
qsmt

For some,

lockpickers.nl
Dutch lock picking forum

eyepopper.nl
Nederlandse lockpick webShop

---

For others,

Making lockpicks
I dont know if these change? So here are two links (same video):
youtube.com/watch?v=uB_tYW9pCMY
youtube.com/watch?v=hgSEdWdnY5k