Lockpicking is a practical skill that serves various purposes: from helping someone who’s locked themselves out of their house, to a challenging and engaging sport pursued by enthusiasts all around the world. In this blog post, we will discuss the basics of lockpicking, starting with the legal aspects of owning and using the related tools in the United States, and then rounding out with what you need to start cracking open your first lock.
Legal Lockpicking Considerations In The United States
In many jurisdictions, lockpicking is a perfectly lawful activity as long as it is practiced responsibly and ethically. It’s a skill that can save time, money, and stress when you or your friends accidentally lock themselves out, not to mention the gratification that comes from mastering a complex and intricate craft. On the flip side, there are jurisdictions that consider lockpicking tools to be prima facie evidence of criminal intent.
A prima facie case is a “cause of action or defense that is sufficiently established by a party’s evidence to justify a verdict in his or her favor, provided such evidence is not rebutted by the other party.” In other words, it stands as evidence that is substantial in and of itself to prove intent, and the burden of proof becomes shifted onto your shoulders as the defendant. Prima facie means literally “at first view” and by that we can understand it to mean in this context that, you are guilty “at first view”.
States that consider the possession of lockpicking tools as prima facie evidence:
- Nevada
- Ohio
- Virginia
- Mississippi
States with extremely ambiguous laws where caution is recommended:
- Tennessee
States where picks are legal due to a lack of any statute or law:
- Pennsylvania
- West Virginia
- North Carolina
- Indiana
- Arkansas
- North Dakota
The remaining states are legal by statute.
Disclaimer: This is not legal advice and should be considered personal opinion. You should consult legal counsel if you are unsure of the legality of lockpicking in your area. Do research before embarking on this journey!
Okay! Now that we’ve got all that taken care of, let’s get to the fun part.
Lockpicking Basics
The goal of this blog series is to demystify the world of lockpicking. In the following sections, we’ll guide you through the basics and equip you with the knowledge you need to get started. When considering learning an extremely difficult skill like lockpicking or penetration testing, one can be easily overwhelmed by the challenge. It might seem arcane and impossible to make those first few steps down the path of learning. If you are reading this and come from an offensive security background, consider your first few hacks. Your first “easy” Hack The Box challenge machine probably made you tear your hair out at its “easy” label. The same is true of lockpicking – your first “easy” Master Lock might seem extremely difficult and take you a good bit of time. Just remember that you have to get a feel for your tools, the nature of locks, and practice, before the mist around this skillset will clear.
My advice is to just get in there and start picking! Every mistake and broken pick will teach you many lessons and acclimate you to your playing field. To assist you on this journey, we will give you a head start by thoroughly explaining the tools of the trade, the techniques, and arm you with tips that will rapidly accelerate your skillset.
I Am A Pin Tumbler Lock: Ask Me Anything!
We pin tumbler locks are mostly humble folk, we try as best we can to protect the assets of our owners. With a little careful skill, we can be cajoled into handing over the assets we are sworn to protect.
We are composed of pins, springs, a rotatable plug, and a cylinder. The plug is encased in the cylinder, and when locked, springs push pairs of driver and key pins down into the plug, preventing its rotation by blocking the shear line. The correct key aligns all the driver pins with the shear line by pushing against the key pins. Each key has a ridge cut for each driver pin that is the correct height to align the driver pin with the shear line. When lock picking you utilize the tensioner and the pick in unison to imitate the effect of a correct key.
We pin tumblers come in many variations. Our driver pins can be customized, and instead of standard shape cylinders, special shapes can be used which make it much more difficult to pick our lock mechanism.
Types Of Pins
Serrated Pins: These contain serrated pins that catch the shear line, making it harder to pick.
Spool Pins: These driver pins are shaped like spools, causing a false set and challenging those who try to pick me.
Mushroom Pins: These pins have a mushroom-like shape, designed to mislead by giving false feedback and potentially causing false sets.
Check Pins: See the monsters over at sparrows lockpicks
Pin Tension
What about tension again? Well, here is a great video of someone destroying a good friend of mine a year ago. He teaches about spool and mushroom pin picking as well as providing a great example of how light your tension really should be. In general, you probably need to use significantly less force than you think!
How To Pick A Lock
When picking a lock, it’s essential to first understand the fundamentals of the lock. Familiarize yourself with the number of pins and their possible arrangement. Attempt to detect if any security pins are in use. Inserting a key and turning it slightly can give a preliminary feel of the pin arrangement during practice.
When the plug is turned without the correct key inside, the driver pins will contact the shear line and prevent further rotation. Although all pins in the lock are aligned in a straight line, due to unavoidable imperfections during the manufacturing process, one driver pin will always contact the shear line first. This is referred to as the binding pin, and it makes picking a pin tumbler lock possible.
The tensioner may be the most difficult tool in your arsenal to learn how to use properly. It’s placed at the bottom or top of the keyway (BOK/TOK) to apply rotational tension to the plug. Many keyways are extremely difficult to pick with a bottom of the keyway tensioner, so every beginner lock picker should purchase both top and bottom of the keyway tensioners. The amount of tension is critical when picking. The aim is to apply just enough pressure to bind the first binding pin, making it slightly harder to move than the others. There are times when applying more tension will give you better feedback, but at the beginning aim to use the least amount of tension possible, as beginners will almost always overtorque the plug. The goal is to use light to moderate tension, allowing the binding pin to move while keeping the plug slightly turned.
Insert the pick into the keyway and gently feel each pin by lifting them. The binding pin will feel different – it won’t spring up as freely as the others because of the binding force. This pin is your first target.
Once you’ve identified the binding pin and perfected the tension, gently lift the binding pin with the pick. Once it is fully lifted above the shear line, you’ll feel a slight rotation on the plug and hear a faint click. This means the pin is set, and there is now a new binding pin preventing rotation. After setting the first pin, adjust the tension to locate the next binding pin by applying slightly more tension. If you reduce the tension while performing your picking attempt, you run the risk of losing the first binding pin. Always remember that the required tension may differ from pin to pin. Repeat the process, paying close attention to the tension applied, ensuring it’s not too much to prevent the pins from setting or too little to let them fall back down.
Once all pins are set at the shear line, the plug will turn freely, and the lock will open. If the plug doesn’t turn, recheck each pin to ensure they are all set correctly.
Lockpicking Tips & Tricks
Be gentle: Beginners often start with high tension. Start lighter than you think you need, gradually increasing if necessary. Gentle does it.
Use all of your senses: Pay attention to the feedback. A click sound and a slight turn of the wrench can indicate that a pin is set.
Be flexible: Not every pin requires the same amount of tension. Be ready to adjust the tension as you move from pin to pin.
Practice makes perfect: Finding the right amount of tension is a skill developed over time. Practice patiently, and don’t force it.
Tensioning is a difficult skill, requiring a gentle touch!
A Quick Word On Lock Bypasses?
Locks are little feats (or fails) of engineering, that when engaged, prevent a mechanical action from being performed unless it is first enabled by a unique (hopefully) activator, such as a key. There are many ways that locks can be rendered ineffective other than utilizing lockpicking tools and techniques.
An example of this is the usage of the Ford Fleet key by many police departments. The Ford Fleet Key conveniently opens all the locks in the fleet, in this case, the entire police department’s fleet of cars. Since it is cheap to just use the Ford Fleet key when purchasing a fleet of vehicles, some police departments did not purchase unique keys or even a unique fleet key for their vehicles. As is the case with many of these types of bypass tools, the Ford Fleet key that can be purchased and obtained by anyone at any time. The google search screenshot below shows you could easily get a set off Amazon (for like $25). There are many more examples of this kind of mistake, but we will not be focusing on these kinds of issues until a later post.
These tools can make quick work of all manner of locks and the mechanisms they are trying to protect. Look forward to our future blog post discussing lock bypasses!
MORE FROM WHITE OAK SECURITY
White Oak Security provides deep-dive offensive security testing. We are a highly skilled and knowledgeable cyber security and penetration testing company that works hard to help organizations strengthen their security posture by getting into the minds of opponents to try to protect those we serve from malicious threats through expertise, integrity, and passion.
Our unique industry experience allows us to offer a wide range of services to help analyze and test information security controls and provide guidance to prioritize and remediate vulnerabilities.