Picking Locks
Introduction
Lock picking is as old as locks themselves. To pick a lock is the subtle art of opening one without breaking anything or using any force. Some locks are more difficult to pick than others, but no lock is unpickable. On this page I will explain my journey on lockpicking, by explaining how locks work, how picking works and the different kinds of locks.
How do locks work?
To be able to pick a lock, you first need to understand how it works, as with any form of hacking. I will explain the mechanics of a simple pin-tumbler padlock using my see-through practice-lock. First, let’s get a cheat sheet, this page will contain a lot of lingoes, so it is important to understand all the names.
(source)
So, from top to bottom, the shackle is the part you attach to something, like a door or some chains. The latches are brass cylinders with a pointy tip and a spring in the middle. These latches exert force onto the shackle to prevent it from moving. When the lock is opened the latches move inwards and the shackle is released.
Here, the shackle is closed and the latches are pointing out.
And here the shackle is open and the latches are moved inwards.
Now, let’s move on to the lock-mechanism itself: The Core. The core is simply a brass cylinder with a key-way and some holes. The holes in the core line up with long holes in the body, inside these holes, are the pins, counter pins and the springs.
The pins is usually a small cylinder with one flat side and one pointy side. The pointy side rests on the key once it is inserted. The other side is in contact with the counter pin. The pins length usually varies. The counter pin is a small cylinder with two flat sides. It rests on the pin and the spring, the counter pins are all the same length. lastly, the spring is there to keep the pressure on the pins, so they cannot move around in the body.
To open a lock, you insert the key. This key lifts the pins to the correct height so that all the pins are flush with the core and none of the counter pins are inside the core. This allows the core to move freely, and thus open the lock.
Picking
So, now we know how a simple lock works, but how do you pick one? We are going to need these tools to open the lock. On the right, you see two tension tools and on the right two picks. We need one of these tools to pick a lock.
You insert the end of the tension-tool inside the keyway. Then you apply some clockwise tension to the core, not to much tension or the pins won’t move. This is something that comes with practice since it is very hard to explain how much tension you need to apply.
Then you insert the pick and push every pin in, one by one. If you push the ‘correct’ pin, the counter pin will get caught on the core and the core will rotate ever so slightly. Once every counter pin is caught, the core will be able to rotate.
(source)
Sometimes a pin won’t move, this is because there is too much friction between the pin and the core, you should relive a little bit of tension to solve this, but not too much, or all your pins will fall back. Another technique to open a lock is raking, a rake is like a pick, but with a lot of bumps. Raking looks a lot like picking, but you push all the pins up at the same time, allowing you to find the correct pins much faster.
My lockpicking and disassembly
So, now we know how to pick, let’s pick and disassemble some locks.
Practice
Here is me picking my practice lock:
And raking it, this one is quick:
It took me a bit longer with the picking, this was because I applied to much pressure on the tension-tool, causing the pins to bind and be harder to press in, but I got there. The rake was very fast, because if you understand the lock, a rake is much faster.
A waver lock
A waver lock is the older version of a pin-tumbler, with small wavers instead of pins. I got mine out of a desk drawer.
The waver lock was also very easy to pick and rake
How does a waver lock work? Well, I took it apart to answer this question. The lock has a thin backplate, if you force it off, the core will come out.
As you can see, it has small plates with springs and a ball-bearing, to keep the core in place, but still able to rotate.
The key goes through the small holes in the wavers, pushing it up. Underneath the small hook on the waver is a spring with varying lengths, this spring defines the height for the key. Waver locks are very easy to pick because they are very shallow, allowing for very little key combinations and thus they are very rackable.
Pin tumbler lock
A pin tumbler lock is what I explained in the first part of this page. I am yet to pick this lock (not the clear one), because of some security precautions in this lock. Let’s take it apart and see what these precautions are.
The lock:
Once you remove the ring at the back of the core, you can slide the core out. Just like any other pin lock, there are pins, counter pins and springs. only this one has slightly different counter pins:
If look closely you can see that there are two pins with a broad rim. These are called security pins. These security pins make picking the lock considerably more difficult.
After looking into it, you can pick them by relieving a little tension to let the pin be pushed further (source), but I have not managed this.
Cheap padlock
As the last one, we have a cheap padlock I bought to practice on. I decided to break it and see what it is made of.
I cut the rubber protection off and immediately noticed something, the locks body appears to be made of plastic. Upon removing the pins keeping the iron plates in place, and the iron plates, this is confirmed. The plating is iron, the core is brass, but the body itself is plastic! Plastic is very weak, so the lock can be forced open with a wrench on the shackle.
Even the part around the core that holds the pins in place is made of plastic!
This means that you can easily drill out the pins, without hitting the core. Without the counter pins the core can rotate freely. This is a major vulnerability and makes this lock very weak.