CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 707
- Points
- 83
Ways to open any locks
Lockpicking, that is, breaking locks, is not only a criminal act on the way to other people's valuables, but also a popular entertainment among information security specialists. Knowledge in this area will be useful both when choosing a lock, and, for example, if you lose your key.
From this article, you will learn what types of locks are, what each of them has weak points and how to distinguish the more reliable from the less reliable.
WHERE IT ALL BEGAN WITH
The need to protect one's property and control the access of some people to the premises of others has long been. The first locks were invented in Ancient Egypt. Then they were more like modified bolts, in which there were special holes for pegs. With the help of the "key" it was necessary to lift the pegs up, after which you can pull the key and pull out the locking part.
But the history of the castles has been strongly developed since the 18th century. In 1784, Joseph Bramah exhibited his original castle in a shop window, promising a reward of 200 guineas (about 200 thousand dollars in the current century) to whoever opened it. Despite a solid award, for 67 years in a row, the efforts of enthusiasts have remained in vain. This lock was broken open by Charles Hobbs in 1851 at the World's Fair. He spent 51 hours on it.
Another notable inventor is Jeremiah Chubbs. He invented the lever lock in 1818, which is named after him: Chubbs Castle. This lock is interesting in that it requires two keys. The first key was used in ordinary cases to open and close the lock. But if you try to open the lock, it will go into protective mode, after which the first key will no longer fit. Then you need to use the second key to return the lock to normal mode, where the first key will do. Such a mechanism not only complicates hacking, but also informs the owner of an unsuccessful hacking attempt. However, this castle was also opened, and this was done by the same person and at the same exhibition that worked on the castle of Joseph Bram.
Things have gotten much more interesting these days. Let's walk through the most popular types of castles, starting with the most common - English.
ENGLISH CASTLE
The lock consists of several parts: this is the lock body, the rotating cylinder where we insert the key, the holes for the pins and the pins themselves (upper and lower) with springs pressing on them. In our conversation, the pins of such a lock are often called "pins".
On the right side of the picture, we see the positions of the pins when the key is not inserted or the wrong key is inserted. In this case, the upper pins are between the lock body and the cylinder, preventing the latter from rotating. If a suitable key is inserted, they do not prevent the key from turning with the cylinder.
Mechanism vulnerability
Why is it possible to open this type of locks? Many cybersecurity professionals love random numbers. In the lockpick, they love the error, which will play a key role here. If you look at the axis of symmetry of the lock from above, then in theory all the pins will be on this axis. In practice, it is almost impossible to implement this and they will be on different axes.
Let's go back to the front view. If we begin to slightly turn the cylinder clockwise, then it will rest against the pins. And it is important that not all at once, but only one, extreme. This will be the leftmost pin. Having lifted it, we will let the cylinder rotate slightly, resting against the pin next to the left.
Lock picks
The classic tool for opening these locks is the hook and tensioner. The hook is a metal plate that somewhat resembles half of the curved tweezers. The tensioner is also a plate, only bent into an L-shape. First, we insert the tensioner into the cylinder bore from the side opposite the pins, and begin to rotate the cylinder slightly with it. After that, we start the hook about the length of the key in order to reach the far pin, and we begin in turn, from the far to the nearest, raise and lower the pins. As you can see in the illustration, some of the top pins drop back. This means that the cylinder does not rest against them at this moment. But when the upper pin remains in the lock case, it means that the cylinder rested against it and we picked up the pin.
There are other tools for working with pins. In this illustration, we see snake rake. The difference between working with it, in comparison with a hook, is that we do not need to lower it after trying to raise the pin. This can greatly speed up the selection if there are no additional protections.
Another technique that allows you to open the lock relatively quickly is called "bumping" in English sources (from English bump - "blow"). It will require a prepared key, which fits the side pattern to the lock cylinder, with the notches ground down to a minimum position and a pair of rubber rings put on the key - they allow you to insert it not completely. Further, the algorithm is simple - we insert the key and hit it with a rubber hammer, from which the pins fly up. While the top pins are in flight, we try to turn the cylinder with the key.
There is also a semi-automatic bumping - the idea is the same, but the pins are tossed by a special spring mechanism and a trigger. There is also an automatic bumping - there the vibration motor does all the work.
Additional protections
A small change in the shape of the upper pin allows protection against burglary. There are several types of safety pins with a specific shape. In the picture, the leftmost pin is normal and the rest are security pins.
When we pick up a regular pin, we lift it up and it is fixed. When you try to lift the mushroom safety pin, it will move identically to the usual one, but it will stop and fix itself earlier: when the “mushroom head” rests against a small protrusion of the lock case. This may give a burglar the false impression that the pin is locked.
The peculiarity of the boat-shaped security pins is that when you try to turn the cylinder relative to the lock case, they swing and are fixed like a spacer, preventing themselves from being lifted. Moreover, it will not allow itself to lift the navicular pin with a notch, since it has a thin protrusion in the middle, which rests against a notch on the cylinder, made especially for it.
DISK LOCK
Another noteworthy type of locks is disc locks. Instead of pins, they use discs (1), a lock body (7) and an element that opens the lock (6).
When the lock is closed (left picture), the lock body with the movable part is fixed with a pin (4). To open the lock, you need to turn it at a certain angle: the pin will fall into the recess (2) and combine elements 6 and 7.
Let's analyze step by step how such a lock opens. At first, the recesses for the pin on the discs are on different axes. When we start to turn the key, the notches are aligned along the same axis. The fact is that the protrusions on the key are made at different angles and they turn each disc at its own specific angle. Next, we turn the key, the pin falls into the recesses, and the lock is open.
Such a lock can also be opened due to the error in the position of the discs in height. This is done using the tools in the picture below. However, it is more difficult to do this, since, unlike previous locks, the simplicity of the design allows it to be manufactured with less errors.
The picture below shows the tool with which the disks are selected in turn.
Fraudulent notches can be used as additional protection. They give the cracker the false impression that he has picked up the disk.
CROSS-SHAPED CASTLE
Another castle, the so-called cruciform, is a kind of English castle. His scheme of work is the same, only the pins are not on one axis, but on four. Accordingly, it opens with a similar tool.
SUVALD CASTLE
Leveler lock is also an extremely common variety. Its mechanism is as follows: there is a bolt (marked in light gray in the picture) and a ledge on the bolt (dark gray). The lugs on the bolt are located in the levers (yellow). The key has a strongly protruding tongue that will try to push the bolt through. It is often the widest and centered. The remaining serifs on the key will raise each leveler to its specific height. Only then can the bolted protrusion be able to move inside the leveler.
Opening locks like this again is helped by a manufacturing error. Here we see the classic serif wrench for levers, tongue and L-shaped wire. With the help of the latter, the levers are picked up in turn. Again, due to an error, some of the levers will be closer, which means that it will more strongly rest against the ledge on the bolt. When we lift it, then with the help of the tongue we can push the bolt with the protrusion a little, and then we will pick up the next levers.
In the picture below you can see a slightly higher quality master key made in China.
There are specialized tools for opening such locks - the so-called self-impression keys. They are adjusted in size to the lock, they, like the key, have a tongue, and instead of serifs, they have movable cylinders. First, we put them in the extreme position so that they protrude the entire length from the side of the tongue. Then we begin to slowly turn the key in the lock. Since each leveler must be raised to a certain height, the movable cylinders will move a different distance from the initial position (the third key from the left). After a few careful attempts to turn the key, we will have a pattern that matches the original pattern of the key. This is convenient because we can turn the lock several times, or even take a mold of the key, if necessary.
As for additional protection mechanisms in lever locks, they also exist. Their essence lies in the fact that when trying to raise the leverage, the ledge on the bolt rested or got stuck in the additional protection mechanism, not reaching the hole, which is the "passage" to the turn of the lock.
BONUS
Unfortunately, I have bad news for the owners of regular locks with English cylinders. Firstly, anyone - from a baby to a pensioner - can go to YouTube and calmly watch a detailed video on how to open many locks. Almost all cheap locks have materials where it is written how to make an elementary master key literally from a paper clip. This applies to most apartment locks, as well as padlocks, mailbox locks, and so on.
When people want to improve security, they go to the store and buy a cool, new lock that has a punch key cylinder. However, if it has a rotary handle ("turntable") on the other side, which can easily close the door from the inside, then this lock can also be opened using a paper clip with a bent end. Or use a special technical means, which in the common people is called "runner".
The scheme for using such a master key is simple: we insert it through the hole in the cylinder with the pins and rest against the knot that turns the turntable, and calmly turn it. Almost all Chinese locks open this way, and domestic ones like Paladium and Apex do the same.
Also, remember that the lock may become less secure over time. Today you put up an expensive door with cool locks, and tomorrow someone will find a way to open it and put it on YouTube or start selling a finished tool. Locks Mottura, Abus, Tesa, Kaba, Mul-T-Lock ("multilocks") - all of them suffered this fate. For the same "multilock 7 by 7" there are several options for inexpensive master keys - in the region of 2-4 thousand rubles. Therefore, if you are serious about choosing a castle, you will have to periodically check whether it has joined the number of vulnerable ones.
HOW TO LIVE WITH IT?
First of all, you should think about the appropriateness of protection. If the break-in will cost 10,000 rubles, and 1000 will be stored outside the door, then you can leave it that way: if someone does break it, it will only be out of great stupidity. If there is something very valuable behind the door, then there will still be a way - it's just a matter of time. Therefore, it is worth first of all thinking about the motives of the attack, its goals and existing defenses.
From low budget funds, it is best to use an iron door and two locks. You can also put a dummy camera, although this is a contradictory measure: someone will scare away, and someone may be attracted.
Another trick is to put up a sticker like "guarded by someone there." If it looks like a sticker of some private security guard, then it can scare off the intruder.
Lockpicking, that is, breaking locks, is not only a criminal act on the way to other people's valuables, but also a popular entertainment among information security specialists. Knowledge in this area will be useful both when choosing a lock, and, for example, if you lose your key.
From this article, you will learn what types of locks are, what each of them has weak points and how to distinguish the more reliable from the less reliable.
WHERE IT ALL BEGAN WITH
The need to protect one's property and control the access of some people to the premises of others has long been. The first locks were invented in Ancient Egypt. Then they were more like modified bolts, in which there were special holes for pegs. With the help of the "key" it was necessary to lift the pegs up, after which you can pull the key and pull out the locking part.
But the history of the castles has been strongly developed since the 18th century. In 1784, Joseph Bramah exhibited his original castle in a shop window, promising a reward of 200 guineas (about 200 thousand dollars in the current century) to whoever opened it. Despite a solid award, for 67 years in a row, the efforts of enthusiasts have remained in vain. This lock was broken open by Charles Hobbs in 1851 at the World's Fair. He spent 51 hours on it.
Another notable inventor is Jeremiah Chubbs. He invented the lever lock in 1818, which is named after him: Chubbs Castle. This lock is interesting in that it requires two keys. The first key was used in ordinary cases to open and close the lock. But if you try to open the lock, it will go into protective mode, after which the first key will no longer fit. Then you need to use the second key to return the lock to normal mode, where the first key will do. Such a mechanism not only complicates hacking, but also informs the owner of an unsuccessful hacking attempt. However, this castle was also opened, and this was done by the same person and at the same exhibition that worked on the castle of Joseph Bram.
Things have gotten much more interesting these days. Let's walk through the most popular types of castles, starting with the most common - English.
ENGLISH CASTLE
The lock consists of several parts: this is the lock body, the rotating cylinder where we insert the key, the holes for the pins and the pins themselves (upper and lower) with springs pressing on them. In our conversation, the pins of such a lock are often called "pins".
On the right side of the picture, we see the positions of the pins when the key is not inserted or the wrong key is inserted. In this case, the upper pins are between the lock body and the cylinder, preventing the latter from rotating. If a suitable key is inserted, they do not prevent the key from turning with the cylinder.
Mechanism vulnerability
Why is it possible to open this type of locks? Many cybersecurity professionals love random numbers. In the lockpick, they love the error, which will play a key role here. If you look at the axis of symmetry of the lock from above, then in theory all the pins will be on this axis. In practice, it is almost impossible to implement this and they will be on different axes.
Let's go back to the front view. If we begin to slightly turn the cylinder clockwise, then it will rest against the pins. And it is important that not all at once, but only one, extreme. This will be the leftmost pin. Having lifted it, we will let the cylinder rotate slightly, resting against the pin next to the left.
Lock picks
The classic tool for opening these locks is the hook and tensioner. The hook is a metal plate that somewhat resembles half of the curved tweezers. The tensioner is also a plate, only bent into an L-shape. First, we insert the tensioner into the cylinder bore from the side opposite the pins, and begin to rotate the cylinder slightly with it. After that, we start the hook about the length of the key in order to reach the far pin, and we begin in turn, from the far to the nearest, raise and lower the pins. As you can see in the illustration, some of the top pins drop back. This means that the cylinder does not rest against them at this moment. But when the upper pin remains in the lock case, it means that the cylinder rested against it and we picked up the pin.
There are other tools for working with pins. In this illustration, we see snake rake. The difference between working with it, in comparison with a hook, is that we do not need to lower it after trying to raise the pin. This can greatly speed up the selection if there are no additional protections.
Another technique that allows you to open the lock relatively quickly is called "bumping" in English sources (from English bump - "blow"). It will require a prepared key, which fits the side pattern to the lock cylinder, with the notches ground down to a minimum position and a pair of rubber rings put on the key - they allow you to insert it not completely. Further, the algorithm is simple - we insert the key and hit it with a rubber hammer, from which the pins fly up. While the top pins are in flight, we try to turn the cylinder with the key.
There is also a semi-automatic bumping - the idea is the same, but the pins are tossed by a special spring mechanism and a trigger. There is also an automatic bumping - there the vibration motor does all the work.
Additional protections
A small change in the shape of the upper pin allows protection against burglary. There are several types of safety pins with a specific shape. In the picture, the leftmost pin is normal and the rest are security pins.
When we pick up a regular pin, we lift it up and it is fixed. When you try to lift the mushroom safety pin, it will move identically to the usual one, but it will stop and fix itself earlier: when the “mushroom head” rests against a small protrusion of the lock case. This may give a burglar the false impression that the pin is locked.
The peculiarity of the boat-shaped security pins is that when you try to turn the cylinder relative to the lock case, they swing and are fixed like a spacer, preventing themselves from being lifted. Moreover, it will not allow itself to lift the navicular pin with a notch, since it has a thin protrusion in the middle, which rests against a notch on the cylinder, made especially for it.
DISK LOCK
Another noteworthy type of locks is disc locks. Instead of pins, they use discs (1), a lock body (7) and an element that opens the lock (6).
When the lock is closed (left picture), the lock body with the movable part is fixed with a pin (4). To open the lock, you need to turn it at a certain angle: the pin will fall into the recess (2) and combine elements 6 and 7.
Let's analyze step by step how such a lock opens. At first, the recesses for the pin on the discs are on different axes. When we start to turn the key, the notches are aligned along the same axis. The fact is that the protrusions on the key are made at different angles and they turn each disc at its own specific angle. Next, we turn the key, the pin falls into the recesses, and the lock is open.
Such a lock can also be opened due to the error in the position of the discs in height. This is done using the tools in the picture below. However, it is more difficult to do this, since, unlike previous locks, the simplicity of the design allows it to be manufactured with less errors.
The picture below shows the tool with which the disks are selected in turn.
Fraudulent notches can be used as additional protection. They give the cracker the false impression that he has picked up the disk.
CROSS-SHAPED CASTLE
Another castle, the so-called cruciform, is a kind of English castle. His scheme of work is the same, only the pins are not on one axis, but on four. Accordingly, it opens with a similar tool.
SUVALD CASTLE
Leveler lock is also an extremely common variety. Its mechanism is as follows: there is a bolt (marked in light gray in the picture) and a ledge on the bolt (dark gray). The lugs on the bolt are located in the levers (yellow). The key has a strongly protruding tongue that will try to push the bolt through. It is often the widest and centered. The remaining serifs on the key will raise each leveler to its specific height. Only then can the bolted protrusion be able to move inside the leveler.
Opening locks like this again is helped by a manufacturing error. Here we see the classic serif wrench for levers, tongue and L-shaped wire. With the help of the latter, the levers are picked up in turn. Again, due to an error, some of the levers will be closer, which means that it will more strongly rest against the ledge on the bolt. When we lift it, then with the help of the tongue we can push the bolt with the protrusion a little, and then we will pick up the next levers.
In the picture below you can see a slightly higher quality master key made in China.
There are specialized tools for opening such locks - the so-called self-impression keys. They are adjusted in size to the lock, they, like the key, have a tongue, and instead of serifs, they have movable cylinders. First, we put them in the extreme position so that they protrude the entire length from the side of the tongue. Then we begin to slowly turn the key in the lock. Since each leveler must be raised to a certain height, the movable cylinders will move a different distance from the initial position (the third key from the left). After a few careful attempts to turn the key, we will have a pattern that matches the original pattern of the key. This is convenient because we can turn the lock several times, or even take a mold of the key, if necessary.
As for additional protection mechanisms in lever locks, they also exist. Their essence lies in the fact that when trying to raise the leverage, the ledge on the bolt rested or got stuck in the additional protection mechanism, not reaching the hole, which is the "passage" to the turn of the lock.
BONUS
Unfortunately, I have bad news for the owners of regular locks with English cylinders. Firstly, anyone - from a baby to a pensioner - can go to YouTube and calmly watch a detailed video on how to open many locks. Almost all cheap locks have materials where it is written how to make an elementary master key literally from a paper clip. This applies to most apartment locks, as well as padlocks, mailbox locks, and so on.
When people want to improve security, they go to the store and buy a cool, new lock that has a punch key cylinder. However, if it has a rotary handle ("turntable") on the other side, which can easily close the door from the inside, then this lock can also be opened using a paper clip with a bent end. Or use a special technical means, which in the common people is called "runner".
The scheme for using such a master key is simple: we insert it through the hole in the cylinder with the pins and rest against the knot that turns the turntable, and calmly turn it. Almost all Chinese locks open this way, and domestic ones like Paladium and Apex do the same.
Also, remember that the lock may become less secure over time. Today you put up an expensive door with cool locks, and tomorrow someone will find a way to open it and put it on YouTube or start selling a finished tool. Locks Mottura, Abus, Tesa, Kaba, Mul-T-Lock ("multilocks") - all of them suffered this fate. For the same "multilock 7 by 7" there are several options for inexpensive master keys - in the region of 2-4 thousand rubles. Therefore, if you are serious about choosing a castle, you will have to periodically check whether it has joined the number of vulnerable ones.
HOW TO LIVE WITH IT?
First of all, you should think about the appropriateness of protection. If the break-in will cost 10,000 rubles, and 1000 will be stored outside the door, then you can leave it that way: if someone does break it, it will only be out of great stupidity. If there is something very valuable behind the door, then there will still be a way - it's just a matter of time. Therefore, it is worth first of all thinking about the motives of the attack, its goals and existing defenses.
From low budget funds, it is best to use an iron door and two locks. You can also put a dummy camera, although this is a contradictory measure: someone will scare away, and someone may be attracted.
Another trick is to put up a sticker like "guarded by someone there." If it looks like a sticker of some private security guard, then it can scare off the intruder.
