Time to share what little knowledge I possess about lock picking. I have tried to include as much information about the different types of locks that I am familiar with and the techniques that may be used to compromise them. This list is not exhaustive by any means. It simply covers the types of locks that I have been exposed to and have had the time to research.

There is a section concerning the implications of relying on locks for your personal security purposes at the end of this document.

I do not hold a degree in this subject: remember  I said "little knowledge". If there is information in this document that you believe to be erroneous, please feel free to contact me and I will be happy to change or remove the material in question. Enjoy.

LEGAL

I guess I should indulge myself in a little preach about the implications of this knowledge. I do not in any way condone the criminal negligence that may occur from the misuse of this information. I am not teaching the reader how to become a criminal. This information is presented strictly for educational purposes. If you -DO- misuse this information you -WILL- be committing a  felony. Knowing how to pick a lock is no more criminal than knowing how to use bolt cutters or how to project a brick through a window.

ANATOMY: PIN TUMBLER PADLOCKS

What better way to become familiar with a lock than to look inside one. The following pictures pretty well surmise the inner workings of a standard pin tumbler  pad lock. To disassemble a lock you must first cut the thru-bolts. When this is achieved and the bottom plate is removed the lock will look something like what we see in figure 1.

From this view we can clearly begin to see the internal mechanisms of the lock. Let's remove them and take a closer look..


The most important component of a lock is the center item in figure 2. The locking mechanism. What exactly comprises this mechanism you ask? Move on to figure 3.


Looking more closely at figure (3)..

The main cylinder (1) terminates into an interface at the top of the lock and when rotated depresses a lever that opens the lock. The holes that are bored through the top of it accepts the key pins (4). These pins are random in size and dictate the "key" of the lock. This cylinder resides within the cylinder body (5) which holds the set pins (3) which are spring loaded into their appropriate columns. These items are assembled together and locked into place with the spring clip (6).

When a key is inserted into a lock (figure 4):


it moves the key pins to their necessary height which also raises the set pins. When the set pins clear the shear line they enable the main cylinder to rotate freely thus opening the lock.


ANATOMY: PIN TUMBLER DEADBOLTS

Dead bolts are very similar to padlocks, not only in concept but also operation. The pictures below ( figure 5 & 6 ) are that of a cylinder from a standard dead bolt. These come in various sizes and pin variations and may also be comprised of different materials depending on manufacturer.

I included Figure 5 so that you could see how the pins are arranged while at rest. Notice how the key pins stop at what is the middle of the radius of the cylinder just above a key ward. This is what keeps these pins in place.



There are some noticeable differences between padlock cylinders and dead bolt cylinders. The first thing that you will likely notice is the number of pins. Dead bolts usually contain anywhere from  5-8 pins while padlocks are limited to 4-5 pins. These pins are also slightly larger in size than those of a padlock.

The more expensive the dead bolt or padlock, the more intricate the pin design and implementation. Although there are many different implementations of parts and assembly, all locks of these types follow this basic design.

I will spend a little more time on the subtle differences between manufacturer designs a little later on as these differences pertain to picking them.
 
I would like to cover one more lock design before I jump into some theory.


ANATOMY: WAFER TUMBLER MECHANISMS

These locks can be found just about anywhere, from jewelery display cases to the furniture cabinets that are in your living room or washroom. See figure 7 for an example.

Wafer tumbler locks typically implement some type of lever catch system. The catch usually consisting of a metal stop plate or a mortised hole that accepts the lever in whatever material the lock  happens to be installed in. A quick glance at that key tells us that there is at least 6 pins in this devil. Sound threatening? Don't let these locks fool you. They are technologically inferior to their pin tumbler counterparts. In fact, they don't contain any pins at all.

These locks rely on a series of spring loaded brass wafers for their security, see figure 9.
 
To determine whether it is a pin tumbler or wafer tumbler mechanism that you are up against the following tests should quickly confirm the type:

Visual inspection:

1) Look into the key-way and examine the first pin/wafer. If they are visible it is usually a dead giveaway.

2) Cylinder displacement. The key cylinder is usually ill fitted. You will notice significant side to side play as force is applied to the cylinder.

3) Pin resets. Due to the construction of wafer locks there is a lot of dead space surrounding the parts. If you depress the wafers and quickly release them you will notice that they make a "snapping" sound as opposed to a "click" as expected of pin tumbler models.

That said, let's take a closer look at the semantics of wafer designs.


Looking at the cylinder body (item on the right in figure 8) we can see that their is more than one position that the main cylinder can lock into place. The reason for this is that the key cylinder is not controlling a complex opening mechanism (interacting with other levers, springs, etc). The state of this lever is either 1/4 turn to the right "open" or 1/4 turn to the left "closed". This of course depends on orientation.

So what are the other two flutes for? Let's look what happens when the key is inserted..


As the key passes through the wafers it moves them up and down (figure 10). The wafers that are up reside in the upper flute of the cylinder body and the ones that are pushed down reside in the bottom flute. Until the proper key has been fully inserted their will always be 6 points of contact on the main body. This ensures that the lock will provide maximum security if anything not resembling the original key were to be inserted and turned.

Wafer tumbler locks while anatomically different from pin tumbler mechanisms still react to the same pin manipulation techniques.

Now that we have covered the basics of simple design, let's move onto some theory on how it is possible to open these types of locks without the use of keys.


THEORY: PIN/WAFER TUMBLER MECHANISMS

So why are we able to pick locks? Let me explain. Look closely at the following image for a moment:


The picture above ( figure 12 ) is that of a dead bolt ( same one from figures 5 & 6 before I chopped it in half ). I have placed two set pins, one at each end to stabilize the key cylinder. The key is under pressure, gravity to be more precise. Now, carefully examine those columns. Do you notice anything odd as you peer down them?

If you look closely you can see that the top of the key cylinder is visible (brass ledge). Why?

Locks are not exactly a precision instrument. In order for a lock to operate smoothly there must be some play in the system. This play is achieved by the allowance for these columns to be slightly larger than the pins themselves. If they weren't, the first piece of dirt, grit, etc. that entered these columns or the expansion and contraction of the malleable metals that comprise these parts, would hinder it's operation. Also, as the lock ages (repeated usage's) friction may play a role in further expansion of these columns.

Going back to figure 12 for a sec. If I got out my micrometer and measured each overlap I would notice that the distances away from the cylinder body would not be consistent. What I mean by this is: If I drew a straight line across these columns, the point at which the cylinder holes make contact with the line would not be exactly parallel. This is due to the inherent play between the cylinder and the cylinder body. In order for the cylinder to spin there must be an allowance for movement. When a key ( or something simulating a key ) is inserted and turned there will be side pressure on the cylinder causing it to skew and create this situation. This "play" I mentioned varies from lock to lock. The more expensive the lock, the more likely it was designed with superior materials and more advanced machining processes. With this, tolerance levels will be decreased and the lock will be more difficult to pick. There are also other methods that manufacturers employ that can make picking a lock not only more difficult but also frustrating.


Above (figure 13) is a picture of a key pin and a set pin. These are actually butted up tight to each other. Notice how where they make contact they are rounded and not flat. Considering what we have examined so far, we can deduce that as long as there is pressure on the key, the cylinder holes will overlap the cylinder body creating a ledge. Even if the pins were flat, they would most likely get stuck on this ledge and the fact that they are tapered (more surface area for contact) just reinforces there tendency to get stuck. Now, considering the inconsistency of this ledge, every time a pin is lodged past the shear line ( see figure 4.) the cylinder will move slightly. If the pressure on the cylinder is maintained and another pin is depressed it too will get caught on this ledge, and so on. So if we can insert something into the key way and apply pressure (a torque wrench) and use another utensil (a pick) to push on those pins until they become trapped,  the cylinder will be free and the lock will open :).


TOOLS: PIN/WAFER TUMBLER MECHANISMS

Although some locks can be picked with a couple of paper clips, if you wish to tackle more difficult locking mechanisms you will require a set of lock picks. A modest set of picks will set you back around $30 and can be easily found online. Later I will explain some methods of devising your own instruments for picking locks. A basic set includes the following items.

Hook pick: This is a great all around pick. It is most useful for pin-at-a-time picking. It can also be used for scrubbing. The main advantage of this pick for scrubbing is that you can usually reach over the second last pin if it is set high while the last pin is set low. It also provides you with a little more control on individual pins.

Diamond pick: As you become a little better at lock picking this is the pick of choice for scrubbing. They are available in many different sizes but you will probably find the smaller more tapered edge type is the most versatile. The brass handle that you see is typical. The pick is held in place with a couple of hex head set screws. These can be loosened so that the handle may except other picks.

Snake pick: Again, designed specifically for scrubbing. The main advantage of this pick is the likelihood of the pick setting more than one pin at once. On an easy lock you can sometimes open it with one sweep.

Torque wrench: The torque wrench is simply used to apply pressure on the cylinder. They come in various sizes and it is a good idea to have some smaller ones (in width) on hand. When working on some of the more advanced locks a feather torque wrench (relies on springs) can really come in handy.


There are many other types of picks available on the market. However with this basic set and some skill you should be able to pick most of the pin tumbler locks you will encounter. Note: There are some lock designs that can not be compromised with conventional lock picks, such as tubular locks and warded pad locks. There are picks designed specifically for these types.


BEGINNINGS: BASIC TECHNIQUES

Before I go any further I would like to take a minute to say a couple of words to the beginners / skeptics out there. Lock picking is NOT achieved because of the tools. You don't just pick up a set of lock picks and stupefy your friends by being able to open all sorts of things.

To be a master at lock picking you must be a master of your senses. It is a skill that takes practice and diligence. Think of the picks as a physical extension of your mind. They are merely present to assist you in identifying certain qualities within a lock. Once identified and interpreted correctly, these qualities may be used to circumvent the mechanisms of the lock.

The first thing you should do If you are interested in becoming proficient at lock picking is to find some locks that you can play with. Any lock will do really but I do not recommend beginning with brands like Medeco(tm) and Schlage(tm) (explained later) and preferably not the dead bolt on your neighbors front door. Unless of course they are away on vacation and you need to feed their cat.

You may have some locks laying around your house. If not, go to the hardware store and buy the cheapest padlock you can find. Try and find one that is a decent size so that it will be more comfortable in your hand while you are still a little "wet behind the ears" lock picker. I have chosen to begin with padlocks strictly because they are a little easier to practice on while you build up your dexterity with the tools.

Lock picks; although tools are not the same as say a hammer or screwdriver. They are precision tools comprised of very soft materials. Consider this as you are practicing. If you are bending your tools, then you are definitely doing something wrong. Force is not your ally.

To begin place the lock in your hand. The easiest and most comfortable way of holding a padlock is with your middle finger through the bolt with the pins facing your body. Insert the torque wrench applying only enough pressure to keep the wrench inserted in the key way.

Next insert your pick. For this exercise we will use the hook shaped pick. We will begin by trying to set each pin individually. Although this process is usually reserved for more difficult locks it clearly demonstrates how to recognize setting pins.

How much torque?

Typically, to open a lock you require only enough torque to spin the cylinder, which once freed from the pins will be very little. The torque required to trap the pins in their respective columns varies, and is influenced mainly by environmental conditions and the quality of the lock.

The biggest mistake beginners make is applying far too much torque thus bottoming out the pins or jamming them altogether. Be gentle and reap the rewards. The easiest way to judge the proper torque for your lock is to insert your pick, beginning with the diamond or hook, and gently sweep the pins from back to front waiting for a pin to set. The lowest amount of torque that it took to set that pin is usually the amount of torque required to pick the lock.

While applying torque on the cylinder gently push down on the first pin. When a pin sets it will make an audible "click" which will also be transferred to the pick itself and felt. If nothing happens maintain your torque and depress another pin. When you reach a pin that sets search for another. If you have depressed all of the pins yet none will set increase your torque and start over.



While you were performing the above you probably noticed that as pins began to set that the cylinder also slightly rotated. This is a very important feature that locks display as the shear line is cleared of the pins. There are times when you are picking that you are unaware of pins setting, this feature helps to assist you in determining the progress of picking at hand.

There is no _real_ order as to how the pins will set or how much the cylinder will turn as pins are set. It all depends on the the type of lock and the manufacturer. If at some point you feel as though all of the pins are set yet the lock will not open, you have probably lodged a pin too far past the shear line so you must begin again.

If you get frustrated, take a break.

How many pins?

It all depends. To check insert your torque wrench, pick etc. until it hits the back wall of the lock. Depress it onto the pins and slowly drag it out of the lock. Listen carefully as the pins pop back into place counting as you go. Most padlocks have 4 pins, some have 5 (typically brass). Dead bolts have anywhere from 5 to 8. It all depends on the manufacturer. So check before you pick.

While on this subject I would just like to mention that the amount of pins rarely has anything to do with the security of a lock.

Which way to turn?


On our test subject it doesn't matter as we can see ( figure 16 ). The cylinder when in place can pull the lever either left or right. Not all locks are the same, especially when it comes to dead bolts.

Before you do anything with a lock you must determine which way to turn the cylinder. To determine the turn of a lock insert your torque wrench in the cylinder and apply moderate pressure both ways. The direction that offers the least resistance i.e.. not an instant _dead_ stop, should be the turn of the lock.

Another simple test that you can employ is to insert your torque wrench and apply ample force on the cylinder both ways. As you do, brush your pick across the pins and note whether or not they begin to set. On most locks all of the pins should set only on the correct turn.

Once you do succeed in picking your first lock, begin timing yourself on that lock. When you can pick a familiar lock, pin-at-a-time, in less than 10 seconds it's time to move on.

What about dead bolts?

Most people find it a little awkward at first working on dead bolts.This is usually due to the fact that they are accompanied by a large door and fastened to it quite well. You cannot manipulate the lock to improve your positioning so you must rely on your dexterity with your tools 100%.

The techniques that you used on the padlock are exactly the same as you will apply to dead bolts. You will however require a little more skill in identifying set pins as dead bolts tend not to give as easy as padlocks.

Note: I just noticed that from what I have said so far I am creating the impression that dead bolts are much more difficult than padlocks. This is not necessarily true. There are some very decent padlocks out there that are very difficult to pick.The likelihood of encountering one however is rare.I will maintain my current distinctions between the two for the rest of this paper but keep in mind for the sake of accuracy, that it all depends on the make of the lock.


MOVING ON: OTHER TECHNIQUES

When you are comfortable with pin-at-a-time picking you should learn these two other common methods for pin manipulation.

Scrubbing

Insert you pick and torque wrench into the key way and begin raking the the pins gently
back and forth. The idea here is to gradually yet synchronously increase the force applied by both the pick and the torque wrench until the lock opens.

I cannot stress enough that you MUST be gentle with both your pick and your wrench during this exercise. To be successful you must let the lock do all of the work. All you are trying to do is kindly coerce it into doing what it was designed to do. Feel what is happening inside, listen. The lock will tell you exactly what is happening as long as listen and feel. <- starting to sound like an excerpt from the Karate Kid.

After a few sweeps if the lock has failed to open try gently pushing on each pin individually. If the lock is a little stiff or you are over torquing the lock a pin may require a little extra push to clear the shear line. Be gentle, ease off your torque, try again.

Bouncing

Slowly insert your pick into the key way, gently rocking it up and down as you go. You should have minimal torque on the cylinder while performing this exercise.

Basically what you are trying to do is achieve as much contact at different levels with the pins as your pick passes over them. Maintaining consistent torque on the cylinder is vital for this process to work. If executed correctly the lock should open up pretty quick.


The techniques mentioned so far are typically combined to rapidly open a lock. Only the person operating the pick will know which is best and at what time to employ them. The most difficult thing about lock picking is just this. Choosing your plan of attack. You must approach each new lock as a challenge and never allow yourself to become a victim of the memory effect.

Beginners especially, may be inclined to become accustomed to a particular lock. Now, they can pick this lock in about 2 seconds, knowing exactly the order and just how much tension and pressure it will take for the pins to pop. So, with this lock they have acquired something; the sequence of operations for brand "X", a template if you will.

From this point on, this template will be used for all locks to follow. As you can guess from what we have learned so far, this will not get them very far. With each new lock, there is a new challenge.

When you first insert your pick into a lock, never begin with the assumption that it is going to open. Assume that you are going to learn something from it, nothing more. And if it happens to open, then great. If not try to gather a little more information about it and try again.


TRICKERY: SMOKE AND MIRRORS

Time to talk about some of the things that designers do, sometimes inadvertently, that make some locks more difficult and others easier to pick.

1) The most frustrating item has to do with key wards. Key wards are the guides that stabilize the key as it enters the cylinder. On some locks the wards are very close to the pins obstructing the use of a conventional pick.

Sometimes there is no way around this. Other times the use of a filed down hook pick usually solves the problem. You must remember that even a paper clip can open a lock. Use whatever you can find that will fit. Improvise!

2) Sometimes while picking a lock you will find that the order that the pins set isn't really to your advantage. If the second last pin sets high while the last pin must be set real low, and this is the order, then we have a problem.

It is sometimes impossible to get over that second last pin, and depending on clearance you may have to abandon the lock altogether. There is one way of approaching this. If you take a piece of #4 or #6 wire ( or a paper clip ) and put a slight curve in the end you may be able to sneak past that pin. When you hit the back wall of the lock apply a enough pressure to continue bend so that you may reach that last pin. This is really hard to pull off but can work.


3) The lock pictured below happens to contain two sets of pins. The second set are usually referred to as master pins. These pins are present so that the lock can be opened by two completely different keys.





Note the additional pin between your typical key and set pins. As mentioned earlier as pins are cleared of the shear line the cylinder will slightly rotate. With the addition of these pins you have created a number of different shear lines. This will greatly increase your chances of picking this type of lock.

4)The dreaded Medeco(tm). Medeco is a high security lock manufacturer. They're products are expensive and secure. Their locks are common within commercial businesses, restaurants etc. These are by far the hardest locks to pick.

Primarily these locks owe their security to precision machining practices, and the clever sidebar they utilize (figure 18). These locks are very tight and smooth with little play. The pins are beveled in all kinds of shapes to impede picking (discussed below). These bevels play a further roll in allowing the key pins to align correctly with the sidebar when the proper key is inserted. Below is the cylinder from a Medeco padlock. If we remove this bar the Medeco cylinder responds to picking as can be expected from any other cylinder. The test to the reader here is to be able too identify just when this bar is free.

Taking a look at the columns in figure 20 you will notice that their is a cutout (about 20%) into the plug which restricts the key pins to rotate within this constraint. This is not very encouraging as it severely decreases the odds of proper alignment by a foreign object. Furthermore The alignment is not static (figure 22), it varies from lock to lock which unfortunately blows away the idea of creating an alignment jig.



Theoretically speaking, it may be possible to concentrate your efforts on freeing this sidebar while not over torquing the plug to a point where pin setting would be impossible. Using your diamond pick with very little torque on the plug employ a  side to side in out sweep over the pins. You are not trying to set pins here, as this would impede the rotation of the key pins, you are merely trying to align them with the sidebar.

If you can correctly align these pins there will be a slight give in the plug, a very slight give. At this point you have not entirely freed the bar from its notch, which is good because if it travels too far you would cause pins to bottom out on the cylinder body. You have merely depressed it enough to transfer force back on these pins to keep them in line with the side bar.

Please note that this is _very_ difficult, but if you get to this point it will be possible to set the pins and open the lock. It may be worth to mention that you must be very careful while scrubbing the pins after they have been aligned. In fact you should probably concentrate on one pin at a time.

The scenario that you created by aligning the key pins with the sidebar is very delicate. Any modification in torque, while performing your pin manipulations may cause a greater force against these aligned pins thus disturbing their proper alignment.

I have often wondered if the utilization of a mechanical pick gun with a side to side motion across the pins would help. One would think that this would increase your actual time spent vs. unique attempts. However I am not sure if the pick gun would correctly reset the pins enough to allow them to rotate.

I am interested in any information that people can offer with their experiences with Medeco(tm) or any locks for that matter. If you have something to offer, please drop me a line.



ANATOMY: WARDED LOCKING MECHANISMS

The premise of warded locks has existed for centuries.  They were one of the first practical lock designs in history. Like most locks their exists many variations of this type however most of them conform to the same basic design.

Although at first glance warded padlocks appear similar to the pin tumbler padlocks that we have discussed thus far. Internally however,  they are quite different. Let's take a look..




The simplistic design of the locking mechanism in warded locks make them an excellent choice for the outdoors where a little bit of water and the subsequent rust won't hurt their "far from precision" moving parts.

These locks are unfortunately stricken with security flaws. The most apparent of which is the amount of levers that secure the bolt. Their is usually one single action an one dual lever and from what I have seen this appears to be the norm for almost all warded locks.

In some cases their will just be the upper dual lever securing the bolt. So how do we pick these locks? Warded padlocks aren't really picked per se. Although it would be possible to use a couple of pieces of  "L" shaped rolled steel to fiddle around with the levers until you perpendicularly depressed all levers present; it would be much easier to use a key blank such as the ones in figure 27.

The second from right blank on that key ring (figure 27) will open most of the warded padlocks that you may encounter. If this is not the case, insert your blank (second or third from left) into the lock ~1/8" and gently turn it clockwise checking for any resistance. If none is felt proceed further into the keyway (1/8" steps) taking note at which levels resistance is felt. Once you have established the number of levers present and at which depth they occur, it is a simple matter of stacking blanks to mimic the positions.




One of the security features present on warded locks is the association between the plate that comprises the keyway and the key itself. The keys for these locks are not flat. They are slightly "Z" shaped and vary in thickness, width, and length.

The arrangment of the stubs on these keys also vary in width and positioning. This system is a poor one. If we look at figure 28, those keys will still open their respective locks, even though i removed all but two of the stubs. If I further removed some material from the key on top and made it flat so that it may enter the key way of the other lock, it will open both locks and probably most warded locks available.



ANATOMY: TUBULAR LOCKS

I am just getting into this area so I will post some information as it arises. From what I can ascertain as of yet is that they are a real pain to pick. Requiring the person to pick the lock more than once (5 times) comes to mind just to open it. They also must be picked to be closed. There are picks on the market that can make this process quite simple, unfortunately they have a hefty price tag. So, until I get some time to analyze this type of lock a little further, this section will remain quite short. What I do know is that they make tubular drills that remove the pins from the cylinders in these babies. Sounds like a more direct approach to me.



CONSIDERATIONS: THE MORAL OF THIS STORY

My reasons for the effort expended on this web page was for two reasons really. For starters; picking locks happens to relax me and I wanted to test out my new digital camera. Secondly I wanted to dispel any thoughts that some of you might have that a typical lock is actually secure.

Am I wrong to disclose information such as this? Let's consider for a moment the IQ of a typical criminal that would break into your house. It is probably far lower than 50 (I have no statistical information to support this but I assume it is close).

Now, do you think they are going to be picking the dead bolt on your front door? The odds are probably 1 in 10,000. Assuming the low IQ of this individual he/she is probably illiterate and would never have the means to assimilate this type of information nor the brain capacity to comprehend it if they came across it. They may however, if walking erect and possessing some basic motor skills notice your bay window and throw a brick through it. Or, if their cognitive skills were slightly more advanced they may make use of a simple lever like a pry bar and test the tensile strength of your front door.

In their simplest form a lock is merely a deterrent. Analogous to the "Do Not Enter" signs that we see so regularly. If you think for one minute that a lock is protecting your privacy or your valuables you are sadly mistaken. Like that sign they are merely a simple visual aid that relay's a message, only with a little more gusto.

If you take a walk around your home, or your car, or that little cedar chest that you use in lieu of a safety deposit box at a bank you will likely notice that with a little bit of creative thinking, there are numerous ways to bypass the locking mechanisms that you rely on.

Know the value of that which you are trying to protect and act accordingly. Consider some of the following:

• Most locks can be picked. So buy a decent one.

• Using a decent lock is still not foolproof.

• It is easier to break a window or kick in a door than it is to pick a lock.

• Bolt cutters, reciprocating saws, torches, crowbars, hammers, and drills all open locks faster than trying to pick one.

• Locks are only as strong as the material that they are installed in. i.e. glass and wood break easier than steel.

• When buying a house the first thing you should do is change all locking passage sets You have no idea how many keys exist or who might have them.

• The standard passage set on new homes is usually a very cheap one that can easily be picked.

• When using a hasp, buy one that has a shroud that covers the screws that fasten it. If the screws are visible, use carriage bolts instead.

• Home security systems are a great idea.