home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
AED_BOT.ZIP
/
8
< prev
next >
Wrap
Text File
|
1993-08-31
|
177KB
|
3,614 lines
8.0 LOCK PICKING
8.01 TECHNIQUES FOR PICKING LOCKS
If it becomes necessary to pick a lock to enter a lab, the world's
most effective lockpick is dynamite, followed by a sledgehammer. There are
unfortunately, problems with noise and excess structural damage with these
methods. The next best thing, however, is a set of army issue lockpicks.
These, unfortunately, are difficult to acquire. If the door to a lab is locked,
but the deadbolt is not engaged, then there are other possibilities. The rule
here is: if one can see the latch, one can open the door. There are several
devices which facilitate freeing the latch from its hole in the wall. Dental
tools, stiff wire ( 20 gauge ), specially bent aluminum from cans, thin pocket-
knives, and credit cards are the tools of the trade. The way that all these
tools and devices are uses is similar: pull, push, or otherwise move the latch
out of its hole in the wall, and pull the door open. This is done by sliding
whatever tool that you are using behind the latch, and pulling the latch out
from the wall. To make an aluminum-can lockpick, terrorists can use an aluminum
can and carefully cut off the can top and bottom. Cut off the cans' ragged
ends. Then, cut the open-ended cylinder so that it can be flattened out into a
single long rectangle. This should then be cut into inch wide strips. Fold the
strips in 1/4 inch increments (1). One will have a long quadruple-thick 1/4
inch wide strip of aluminum. This should be folded into an L-shape, a J-shape,
or a U-shape. This is done by folding. The pieces would look like this:
(1)
_________________________________________________________ v
1/4 |_______________________________________________________| |
1/4 |_______________________________________________________| | 1 inch
1/4 |_______________________________________________________| |
1/4 |_______________________________________________________| |
^
Fold along lines to make a single quadruple-thick piece of
aluminum. This should then be folded to produce an L,J,or U shaped
device that looks like this:
__________________________________________
/ ________________________________________|
| |
| | L-shaped
| |
| |
|_|
_____________________________
/ ___________________________|
| |
| | J-shaped
| |
| |________
\________|
_____________________
/ ___________________|
| |
| |
| | U-shaped
| |
| |____________________
\____________________|
All of these devices should be used to hook the latch of a door and
pull the latch out of its hole. The folds in the lockpicks will be between
the door and the wall, and so the device will not unfold, if it is made
properly.
8.02 MORE TECHNIQUES
Author: ^^^NIGHTWING^^^
So you want to be a criminal. Well, if you are wanting to be like James
Bond and open a lock in fifteen seconds, go to hollywood because that's the only
place your gonna do it. Even experienced locksmiths can spend 5 to 10 minutes
on a lock if they're unlucky. If you are looking for extremely quick access,
look elsewhere. (or for a shotgun - Eds)
The following instructions will pertain mostly to the "Lock-in-Knob"
type lock, since it is the easiest to pick. If there is sufficient demand, I
will later write a file discussing the other forms of entrance, including
dead-bolt.
First of all, you need a pick set. If you know a locksmith, get him to
make you a set. This will be the best possible set for you to use. If you find
a locksmith willing to supply a set, don't give up hope. It is possible to make
your own, If you have access to a grinder (you can use a file, but it takes
forever.)
The thing you need is an allen wrench set (very small). These should be
small enough to fit into the keyhole slot. Now, bend the long end of the allen
wrench at a slight angle..(not 90 deg.) it should look something like this:
8.021: The lockpick
\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ (This is the handle
\\\ that was already here)
\\\
\\\
\\\
\\\
Now, take your pick to a grinder or a file and smooth the end (#1) until
it's rounded so it won't hang inside the lock. Test your tool out on doorknobs
at your house to see if it will slide in and out smoothly. now, this is where
the screwdriver comes in. Is it small enough for it and your pick to be used
in the same lock at the same time, one above the other ?
Lets hope so, because that's the only way you're going to open it.
8.022: The interior of the tumbler (greatly simplified)
XXXXXXXXXXXXXXXXXXXXXXX| K
# # # # # # | E
# # # # | Y
* * | H
* * * * * * | O
| L
| E
XXXXXXXXXXXXXXXXXXXXXXX|
#= Upper tumbler pin
*= Lower tumbler pin
X= Cylindrical wall
The object is to press the pin up so that the space between the upper
pin and the lower pin is level with the cylinder Wall. Now, if you push a pin
up, its tendancy is to fall back down, right ?
That is where the screwdriver comes in.
Insert the screwdriver into the slot and turn. This tension will keep
the "solved" pins from falling back down. Now, work from the back of the lock
to the front, and when you're through...
There will be a click, the screwdriver will turn freely, and the door
will open. Don't get discouraged on your first try! It will probably take you
about 20-30 minutes your first time. After that you will quickly improve with
practice.
This is by no means the most efficient way of entering a house.
A shotgun followed by a swift kick is still preferred.
8.03 The Construction and Use of Various Lockpicks
Author: The LockSmith
From: P/HUN Magazine Vol.1 #3 (Phile #11 of 11)
[Eds - We could not find an intact copy of this article anywhere, the
first few paragraphs are missing detailing how to get the HPC book ]
You can call, or write, or if you can find a local locksmith supply
house, they may have copies available. Note that the drawings, although
detailed, are smaller than the actual tools, but the size tends to be obvious.
Note:
The correct size of a HPC pick handle is about 3 and 1/8 inches long.
If you have the the HPC drawings enlarged at a copy shop to just under 3x then
they will be of a usable size (If they can't do odd size enlargements, 3x
should be close enough).
Materials:
Many materials are suitable for making picking tools/tension tools:
1. Gutter broom bristles (those *BIG* trucks with the rotary brushes that
wash and sweep the street at the same time). Look for the bristles
after the truck leaves. Generally at least a few break off. It is
preferable to look near a irregular spot of the road, as this tends
to induce bristle breakage.
Also, depending on your area, you may find that smaller trucks are
used along with the larger ones. These generally use thinner bristles,
which make better picks, but many times, the thicker type makes better
tension wrenches.
Note: A package of strips/round strips of spring steel can be obtained from
a locksmith supply house, but you will pay at least $18.00 for this!
If you *really* to buy the tools, there 3 ways to go...
1. Try to order them through the mail, although the feds have been trying
to pass a bill prohibiting mailing picks, and door opening tools,
unless you can prove you are a bona-fide locksmith (not as hard as you
might think), this bill HAS NOT passed as of yet. Also, the last time
I checked an issue of 'High Times', there was a small advertisment in
the back, and they had a pick set (for about twice the price as the
item's standard retail price).
2. Try to work for a store that has a locksmiths license (*NOT* a
keymakers license).
Sooner or later they will ask you to pick up supplies, if the supplier
has what you need, then you can add the items to the order.
3. Try and make friends with a locksmith, and get him to get you the tools.
Tools required:
If you are trying to make your own picks these tools are a good start:
1. A set of warding files (these are often available in the tool
department of large discount stores. For example, for people in NYC,
a chain of stores called Webers tends to have these at a good price.
While you can buy a set from a locksmith supply house, you will pay
at least $20.00-$30.00 for a small set. The discount store ones are
generally $3.00-$5.00 a set. While the quality is a bit lower, at
least from my experience they do the job ok.
2. A small propane or butane torch(if butane, one that can be refilled
with a can of cigarette lighter butane will be a lot cheaper to
operate.
Note: A gas (but NOT electric) kitchen stove burner will often do in a pinch.
How to make tools:
First, let's assume that you are starting with gutter broom bristles,
as they are generally easy to get, and cost nothing.
First, let's start with a tension wrench.
Take a piece about 4-5 inches long, and make a sharp bend 1/4-1/2 inch
from the end (but DON'T make the bend so sharp that the strip cracks (if you
want to make a sharp bend, heat the strip at the point that you want to bend
to red heat and let it *air cool*. Do not cool in fluid, as this will make the
metal harder!
After, if you want to reharden it, reheat, and plunge it into either
oil or water (oil is better). If this results in the metal getting too hard,
then try cooling it a little slower. A book on metal working may be useful.
Also, if you want to make a complicated bend (a half twist, for example), then
heating the strip at the bend point will allow easy bending (this is one of
those times where a kitchen gas stove probably will not quite make it).
Picks:
You need pictures or drawings (preferably full size).
Once you have these, select a piece of metal, soften about 2-3 inches
using a torch or gas burner, then get out your warding files and get to it!
Note:
While in theory, you probably could file the strips without softening
them first, the metal is hardened, and resists being filed (this is also rough
on the files). What may help, whether you soften or not, is that a metal
nibbling tool can used for the rough shaping, and in some cases, can be used
to do most of the work. However you do it, it may be advisable to file the two
flat sides of the tool (just a bit).
Use of tools:
The use of lockpicking tools is as much an art as it is a skill, but
most people with enough practice can learn to do a decent job.
A good book on the subject comes from HPC (again) (Basic Picking and
Raking. This runs around $15.00), this is a bit overpriced, but a good guide.
But, let's go on...
Hand picks:
There are 4 different types of picks:
The rake
The hook (this has other names as well)
The diamond
The ball/double ball (2 balls stacked)
The Rake:
The rake is prehaps the easiest tool to use, but it does not teach you
much about the lock you are working on; if this does not matter to you, then
don't worry about it. Hold the cylinder or padlock in a upright position (the
way it normally be mounted). The pins should be on the top. Hold the pick with
the more prominent wiggly side up (the hollow side down). Tilt the back of the
handle downward a bit; the wiggly part should be horizontal. Now put it down
for a minute, and pick up a tension wrench (L shaped piece), and insert the
shorter bent end into the bottom of the keyway.
Now..
Rotate the wrench in the direction that the lock normally rotates to
open, if not sure, pick a direction. Then, hold the pick so that the handle is
angled towards you slightly; at this angle the curved part should be horizontal.
Insert the pick into the lock all of the way into the keyway, and making sure
that contact is attained with the pins. Draw it out, repeat until lock is open.
But, don't push the pins up by forcing the pick upward with great force. Not
only will this not open the lock, but you will bend the pick as well.
If it does not open:
First, release the tension (you should hear the pins drop).
1. Try less (or more) tension on the tension wrench
(Note: most problems are caused by too much tension).
2. Try holding the pick at a slightly different angle and/or height.
3. Try picking the lock in the other direction.
The Hook:
The hook is used to lift individual pins in a cylinder. The tension
wrench is inserted and rotated the same way as above. After putting tension
on the wrench, insert the hook into the keyway with the hook upward. Then,
starting from the rearmost pins, lift each pin. To do this: Lift the pin until
you feel a bump, or a "click", or a change in the spring action of the pin
then STOP and go to the next pin. Continue this until the lock opens. If it
does not open release the tension then:
1. Try with more or less tension
(Note: usually the problem is too much, so try lowering it first).
2. Try starting from the front pins, instead of the back ones.
3. Try picking the lock in the other direction.
The Diamond:
This tool is used the same way as the rake, as it is a modified rake
design, although it does not look the same.
The Ball or Double Ball:
These tools are mainly used for picking wafer tumbler locks. They are
used the same way as the rake, except these locks open *so* easily, that you
probably won't have to worry about the lock not opening.
Note: These locks can often be open in a pinch by using a bent paper clip
(rake the wafers and rotate the clip at the same time).
Pick guns:
The most difficult part about using a pick gun is not using it, but
getting the damm thing in the first place. They are available from most of the
same places that hand picks are sold, but unlike hand picks, are not readily
made at home. If you manage to get one. (The best one, at least in my opinion,
is the LOCKAID. This pick is made by a company called Majestic. It is made
very well, has an ajustable strike force dial, and has a LIFETIME warranty!)
Well, let's assume you have one of these tools:
Well the first thing is to get a lock (a small padlock is a good
practice item) then,
1. Insert the tension wrench at the bottom of the keyway, and rotate it
in the direction that the lock opens.
2. Starting with the pick gun's tension dial set either to 0 or 1
(0=the point that the dial will go no lower)
(1=1 full turn in the opposite direction),
take the pick gun and insert it's needle into the keyway, but try not
to insert it beyond the pins, as the needle may bind. Holding the tool
horizontal, squeeze the trigger. Do this 6-8 times, if no results then
release the tension (on the cylinder), raise the pick gun's tension
dial 1 full turn, and try to open the lock again. Keep trying until
you get it open.
Tubular lock picks:
The best guide to using a tubular lock pick, is the instructions that
come with it. However, as these may not be available, these general notes will
get you started. Also HPC has a tutorial on using tubular lock picks (Basic
Picking and Servicing Tubular Locks - a bit costly, but if it is as good as
other HPC tutorials I've seen, it may be worth it).
1. Take the pick and slide the feelers (the moveable tines) back and
forth a few times. Slide all of them (usually 7) out past the end of
the tool a bit (maybe 1/8th of a inch or so). Then press the tool
against a hard surface until all of the feelers are flush with the end
of the tool.
2. Insert the tool into the front of the lock and gently push it all of
the way into the lock. Then rotate the tool in the direction required
for opening, but use a minimum of force, as excessive force will cause
2 difficulties:
a. The front of the pick may be damaged.
b. The lock may not be able to be open at all, or if it can it may be
damaged. After rotating the pick, slowly pump it in and out of the
lock but note that the pick should only be backed out about 1/8 inch
or so. Keep doing this; eventually the lock should open.
If not, start again from the start.
8.04 Cheapo Zig-Zag Lock Pick
Author: Warp 9
Problem:
You're out trashing and looking around, and you come across one of
those cheapo little locks with the zig-zag type keyhole.
Solution:
Handy dandy lockpick by Ronco--- namely, the old fashioned paper
clip. Just open in up and bend the ends into teardrop shaped loops. The
smaller end for small locks, the larger for larger ones. Put the loop all
the way in, jiggle around and twist back and forth, Presto! It really
works, I have three of these kind of locks at home from various sources.
With a little practice, one of these mediocre pieces of security hardware
will take no more time to get by than if you had the key. These little
beauties may be found on toolsheds, toolboxes, cellar doors and mailboxes
everywhere someone is too cheap to spend the extra couple bucks for a
better lock. Those are another story (working on it).
8.05 FAQ File for alt.locksmithing
The following have contributed to this FAQ:
Scott Anguish <sanguish@digifix.com>
J. James (Jim) Belonis II <manager@dirac.phys.washington.edu>
Joe Ilacqua <spike@world.std.com>
Elizabeth Lear <eliz@world.std.com>
Larry Margolis <margoli@watson.ibm.com>
Henry Schaffer <hes@ncsu.edu>
Put together from postings by spike@world.std.com (Joe "Spike"
Ilacqua), and hes@ncsu.edu (Henry Schaffer), with a major data
collection effort by sanguish@digifix.com (Scott Anguish). Edited by
hes. Translated to English by eliz@world.std.com (Elizabeth Lear).
Last changed 6/16/92
What follows are answers to some Frequently Asked Questions on
alt.locksmithing. This FAQ does not attempt to teach you locksmithing,
just to answer simple questions, give you some hints on getting started,
and point you to sources of information. Also included is a glossary of
common terms. The Appendix covers many supply places, books and tapes.
Questions Answered:
1. Where can I get a lock pick set?
2. How can I make my own picks and tension wrenches?
3. Is it legal to carry lock picks?
4. Where can I get the "MIT Guide to Picking Locks"?
5. What books can I get on locksmithing?
6. What are "pick guns" or "automatic pickers" and do they work?
7. How do I open a Kryptonite lock?
8. How can I get keys stamped "DO NOT DUPLICATE" duplicated?
9. Do Skeleton Keys Exist?
10. Should I bother with high security ("pick proof") locks for my home?
11. What should I do after I read a book?
12. How do I continue learning about locksmithing?
Glossary
Appendix of sources, books, videotapes.
Thanks
1. Where can I get a lock pick set?
Try a locksmith supply house. Look under "Locksmiths' Equipment &
Supplies" in the Yellow Pages. Your State or the company may have
requirements, such as having to prove you are a locksmith or showing a
drivers license; call and find out. Also look for mail order houses in the
Appendix.
2. How can I make my own picks and tension wrenches?
You can file or grind picks out of spring steel. It is best to use
spring steel - sources include hacksaw blades, piano (music) wire, clock
springs, streetsweeper bristles (which can be found along the street after
the sweeper has passed), etc. In a pinch safety pin steel, or even a bobby
pin (much worse) can be used. When grinding, keep the steel from getting so
hot as to anneal (soften) it. You may have to re-harden/re-temper it. (See
a book on knife making, gunsmithing, or machine shop practice for a
discussion on heat treating steel.) Some people prefer a rigid tension
wrench and just bend a small screwdriver for this, but many prefer a
slightly flexible wrench and use spring steel.
The "MIT Guide to Picking Locks" and the "Eddie The Wire" books
(see below) cover making these tools. There are many places you can buy
picks and tension wrenches. See the appendix.
3. Is it legal to carry lock picks?
This depends on where you are. In the U.S. the common case seems to
be that it is legal to carry potential "burglar tools" such as keys, picks,
crowbars, jacks, bricks, etc., but use of such tools to commit a crime is a
crime in itself. Call your local library, district attorney, or police
department to be sure.
Places where it *is* illegal to carry lock picks:
The District of Columbia.
4. Where can I get the "MIT Guide to Picking Locks"?
You can't. The guide must exist in an online form, but no one seems
to have it. Rumor has it that (one of) the author(s) is aware of this group
and is unwilling to post the guide.
The guide is copyrighted, so scanning it in and posting would, in
addition to violating the author's wishes, be illegal.
5. What books can I get on locksmithing?
An excellent encyclopedic reference (based on reading the 1st
edition - but people have said that the 2nd and 3rd editions carry on the
coverage)
The Complete Book of Locks & Locksmithing, 3rd Ed.
C.A. Roper and Bill Phillips TAB Books
ISBN 0-8306-3522-X (Paper) 0-8306-?522-1 (Hard)
$18.95 (Paper) $26.95 (Hard)
also many people think highly of:
Eddie The Wire: How to Make Your Own Professional Lock Tools
"Eddie The Wire" Loompanics Unlimited
ISBN 0-685-39143-4
4 Volumes $20
Your local book store should be able to order these for you. You
can find other titles under "Locksmithing" in the Books In Print Subject
Index, which any decent bookstore should have. Also see the Appendix.
6. What are "pick guns" or "automatic pickers" and do they work?
A "pick gun" is a manual or powered device that uses a vibrating
pin to try to bounce the pin tumblers so there are spaces at the shear
line so the the plug can rotate. They are not a panacea, aren't always
effective, and the net seems to feel that these are no substitute
for a little skill with a pick and learning how locks work.
7. How do I open a Kryptonite lock?
Easiest: If you registered your lock, call or write Kryptonite
for a new key. Or call a local locksmith, the should be able to
pick and re-key the lock for you.
Easy: Get a car jack and jack it apart.
Harder: If it doesn't have the newer brass jacket, peel back
the plastic coating on the key end, drill out the pin that
holds in the cylinder, remove the cylinder, open.
Hardest: Chill the metal of the "U" with liquid Nitrogen or
Freon, smash with hammer.
8. How can I get keys stamped "DO NOT DUPLICATE" duplicated?
Some locksmiths will take the Reebok approach and "Just Do It".
Some will even stamp "DO NOT DUPLICATE" on the copy for you. If that
doesn't work, label the key by sticking some tape on the "DO NOT DUPLICATE"
stamp and try again.
9. Do Skeleton Keys Exists?
"Skeleton Keys" are keys ground to avoid the wards in warded locks.
There is no analog with modern pin tumbler locks. Master keys may
open a large set of locks, but this is designed in when the locks are
installed.
10. Should I bother with high security ("pick proof") locks for my home?
Why not? If you are installing locks, the better quality ones are
not much more expensive, and are physically more secure (e.g., have
hardened inserts to protect against drilling.) However, note that
protection against picking doesn't add a large amount to your security
since burglars almost always go the brute force route. Regardless, you
should have a deadbolt, and check your window security.
11. What should I do after I read a book?
After some reading, then the next thing is some experience. Go to
K-Mart, buy a deadbolt lock for around $10, and take the entire thing apart
(you'll need tools like screwdrivers, and perhaps a pair of pliers) to see
how a pin tumbler lock works. K-Mart carries a clone of the Kwikset which
is made to be very easy to take apart. (Key-in-knob locksets are both more
expensive and harder to take apart.)
You then can practice picking this lock by leaving out all but one
stack of pins. This will be exceedingly easy to pick, and will mostly
provide experience in manipulating the pick and tension wrench. Then put in
one more pin stack and try again - feeling when one stack is picked and
then the second one will let the cylinder move. Keep on adding stacks. Try
picking with the curved finger, and also raking.
12. How do I continue learning about locksmithing?
There are several things you can do to continue learning more about
locks and locksmithing. One, of course, is to subscribe to a locksmithing
magazine. Some years ago I compared the National Locksmith to the Locksmith
Ledger and felt that the latter was a bit better on technical info. Call
yourself a Student Locksmith, or perhaps a Security Consultant (surely you
have given some advice to *somebody*!). But all this reading won't help all
that much, so you have to continue buying various types of locks, taking
them apart, figuring out everything about them, and installing, removing,
modifying them. Buy some key blanks, make up a master key scheme, and file
the keys to fit (assuming you don't have a key machine) - filing may take a
few minutes, but it does work. Maybe buy a re-keying kit (kit of different
size pins, with a follower) and do some re-keying for your family or
friends (the same size pins fit, I think, the familiar Kwikset and Schlage
pin tumbler locks) so that their deadbolts can be opened with their normal
front door key. Or buy a deadbolt installation kit (hole saw plus template
- I think that Black and Decker makes a good one, available at better
building supply places) and put in a few deadbolts for your family and
friends - charging them only for the material plus a couple of bucks
towards the installation kit - and re-key the deadbolt for them, too. Buy
or make a pick set, and use your practice locks to practice picking. Do you
have a good locksmith supply catalog? If not, give a call to a local
supplier, or perhaps to Kenco of Lincoln?, Nebraska (they have an 800
number) and get their catalog - they sell lots of goodies including most
everything I've been discussing. Help people at work who have been locked
out of their desks or filing cabinets. Desks usually have wafer tumbler
locks which are *much* easier to pick than pin tumbler locks. Filing
cabinets are not as easy to pick, but are pickable (actually some are very
easy to pick - they vary greatly) and also can be opened by pushing a
flexible plastic ruler past the sliding drawer - carefully inspect some
working cabinets to see what I'm talking about.
Glossary:
blank A key that has not yet been cut to fit a lock.
core A removable cylinder and plug, used in a interchangeable core
system.
core key A key which is used to remove a core.
cylinder The part of the lock in which the the pins are set and which
contains the plug.
cuts The notches cut in the key to make it fit a lock.
key way The slot in which the key is inserted.
master key A key which opens a group of locks designed to match it.
plug The part of the lock which the key is inserted and is rotated
by the key.
warded lock A lock using wards to keep an incorrect key from
entering the key hole and turning.
Appendix
Here are some of the things collected about locations and
availabilities (most are from alt.locksmithing). We do not endorse
any of these, but feel that you can get information by reading.
Phoenix Systems Inc.
P.O. Box 3339, Evergreen, CO 80439
303-277-0305 [Survivalist Group, all though the "Shoot all the Commies
for God" stuff is kept to a minimum.]
OUR LOCK PICKS ARE THE FINEST QUALITY PROFESSIONAL TOOLS AVAILABLE.
Each pick is made of hard-finished clock-spring steel, tempered to the
correct degree of hardness. Whether the subject is wafer tumbler
locks or 6 & 7 pin tumbler locks, our picks are the best available,
and the standard of the industry. With a few minutes of practice,
even a beginner can open most padlocks, door locks and deadbolts.
NOTE: BE SURE TO CHECK YOUR LOCAL, AND STATE ORDINANCES GOVERNING
POSSESSION OF THESE TOOLS.
#604 SUPERIOR PICK SET. Hip pocket size in top grain leather case.
Our most complete set. 32 pick, tension tools & extractors. [Picks
seem to be from 'HPC' but I can't tell for sure.] Price: $75.00 ea.
#606 TYRO PICK SET. An excellent choice for the beginner. Cowhide
leather case contains 9 picks, tension wrenches & key extractor.
[Picks seem to be from 'HPC' but I can't tell for sure.] Price: $34.95
ea.
#607 WARDED PADLOCK PICK SET. This 5 piece padlock pick set is made
of the finest blue tempered spring steel. This set will pick open
most every warded padlock made today. Price: $9.95 ea.
#610 DOUBLE-SIDED TUMBLER LOCK PICKS. Set of 4 picks for use with
double-sided, disc tumbler, showcase, cam and PADLOCKS. An excellent
addition to your other pick sets. Price: $24.95 ea.
#617 PADLOCK SHIM PICKS. Open padlocks in seconds! Our new Padlock
Shim pick's unique design makes them so successful that it is
frightening! Simply slide the shim down between the shackle and the
lock housing, twist and the lock is open. Works best on laminated type
padlocks (the most popular type) but will open ALMOST ANY TYPE OF
PADLOCK -- INCLUDING THE POPULAR 3 NUMBER COMBINATION TYPE. Include
20 shims -- 5 each of the 4 most common shackle diameters for perfect
fit every time. Comes with complete instructions. Price: $39.95 set
#618 SCHLAGE WAFER PICK SET. There are two types of Schlage wafer
locks, each needing a different base key to pick with. This set comes
with both types of base keys and the pick. With the proper base key
the lock is already half picked. Very quick and easy to use. Comes
with complete instructions. [It looks like 2 filed down keys, and a
straight pointy piece of metal for the pick.] Price: $34.95 set
#620 PICK GUN. Picks locks FAST. Open locks in less than 5 seconds.
Specifically designed for tumbler locks. Insert pick into key slot,
then just pull trigger. Throws all pins into position at one time.
Lock is then turned with tension bar. Used extensively by police and
other government agencies. Gun is spring loaded, with tension
adjustment knob. Comes with 3 needle picks and tension bar. No
batteries necessary. Life-time guarantee. [The model name is
"LockAim", but I can't make out the brand name.] Price: Regular $75.00
OUR SALE PRICE $59.95 ea.
#612 THE SLIM JIM. Car door opener. The tool does not enter inside
the car. Opens a car door by "feel" rather then sight. With a little
practice, car opening will be no problem. For GM, Ford and Chrysler
cars. Made of clock-spring steel and is hand finished. Price: $16.00 ea.
#613 THE SUPER JIM. This tool will open most GM, Ford and AMC car
doors. Opener does not enter vehicle. Made wider and thicker, and is
bright nickel plated. Faster openings on most domestic automobiles.
With illustrated instructions. Price: $16.00 ea.
#614 HOUDINI CAR DOOR OPENER. The latest and best innovations on car
door openers. It works the same as your old Slim Jim, except it now
folds neatly to fit in pocket or toolbox without getting in the way.
ONLY 6 1/2 INCHES LONG WHEN FOLDED. Open up and snaps into place like
a fold-up ruler, excellent stainless steel constructions with vinyl
handle for comfort. [Looks like a cross between a slim jim and a fold
up ruler.] Price: $19.95 ea.
#615 PRO-LOK "CAR KILLER" KIT. Over the years we have had thousands
of requests for a multi-vehicle opening kit. We are now able to offer
the most complete kit that we have ever seen. This kit of tools will
open over 135 automobiles, both domestic and foreign, on the road
today. The opening procedure for each vehicle is diagrammed and
explained in the instruction manual. Kit comes with complete
instruction manual and gas cap pick tool. [It's 2 slim jims, a couple
of pieces of bent wire, one of which has a string on it, and a little
2 headed key. (I assume the key is for the gas cap.)] PRICE: $39.95
ea.
#600 TUBULAR LOCK PICK. This tool is an easy and reliable method for
picking tubular locks, as found on commercial vending machines,
washers, dryers, etc. This newest high tech design is much faster and
easier to use than the old type that used rubber bands to hold the
feeler picks. Internal neoprene "O" rings together with knurled
collar provide a very simple and easy tension adjustment. Sturdy
stainless steel construction provides for long-lasting service. This
tool will, with a little practice, easily and quickly open any regular
center-spaced tubular lock -- the most popular type of tubular lock on
the market. Comes with complete instructions and leather carrying
case. [A bunch of feeler picks around a tube.] Price: $129.95 ea. [
Yipe!!! ]
Here are a few titles: (with Library of Congress Catalog Number)
--------------------------
Title: Locksmithing
Author: F.A. Steed
LC Number: TS 520 S73 1982
Title: All About Locks and Locksmithing
Author: Max Alth
LC Number: TS 520 A37 1972
Title: Professional Locksmithing Techniques
Author: Bill Phillips
LC Number TS 520 P55 1991
or you can buy books from (no credit cards)
---------------------------------------------------------------------------
Loompanics Unlimited | When they say unusual, they
Publishers & Sellers of Unusual Books | mean it! Everything from
P.O. Box 1197 | igloo construction to
Port Townsend, WA 98368 | techniques of execution.
---------------------------------------------------------------------------
#52042 B & E: A TO Z - HOW TO GET IN ANYWHERE, ANYTIME (VHS TAPE) by
Scott French, 1987. Nearly two full hours of on-site techniques to
get in any building, beat any lock, open any safe, enter any car.
Price: $59.95
#40031 INVOLUNTARY REPOSSESSION -OR- IN THE STEAL OF THE NIGHT by John
Russell III (64pp, 1979). Written by a private detective for auto
repossessors. All the standard methods of entering and starting
locked, keyless automobiles are given. Price: $10.95
#52050 TECHNIQUES OF BURGLAR ALARM BYPASSING by Wayne B. Yeager
(110pp, 1990). Alarms covered include: Magnetic Switches, Window
Foil, Sound and Heat Detectors, Photoelectric Devices, Guard Dogs,
Central Station Systems, Closed-Circuit Television, and more. Price:
$14.95
#52047 THE B & E BOOK - BURGLARY TECHNIQUES AND INVESTIGATION by Burt
Rapp (149pp, 1989). This is an investigatory guide and practical
manual designed for the police officer in charge of a burglary
investigation and its follow-up. Price: $14.95
#52054 TECHNIQUES OF SAFECRACKING by Wayne B. Yeager (92pp, 1990).
Chapters include: Safe Mechanics and Operations, Guessing the
Combination, Manipulation Techniques, Safe Drilling Methods, Punching
and Peeling, Torches Etc., Explosives, Miscellaneous Methods of Safe
Entry, Safe Deposit Boxes, Deterrence and Prevention, and more. Price:
$12.00
#52052 HIGH SPEED ENTRY - INSTANT OPENING TECHNIQUES (VHS TAPE - 1Hr)
1990. Topics include: the Rabbit Tool and Hydra force door openers,
the Omni Force jam spreader, the best exothermic lance in the world,
two tools that open almost any auto in America, electronic locksmiths,
rippers and pullers, shove knives and re-lockers, and more "techie"
tools. A complete source guide is included. Price: $39.95
#52032 THE COMPLETE GUIDE TO LOCK PICKING by Eddie the Wire (80pp
1981). The very best book ever written on how to pick locks (quite
the claim). Topics covered include: Basic Principle and General
Rules, How To Mount Practice Locks, Warded Locks, Disc Tumbler Locks,
Lever Tumbler Locks, Pin Tumbler Locks, Wafer Tumbler Locks, Lock
Modifications To Thwart Tampering And How To Overcome Them, Various
Other Ways Of Bypassing Locks And Locking Mechanisms. Price: $14.95
#52040 HOW TO MAKE YOUR OWN PROFESSIONAL LOCK TOOLS (4 Volume set) by
Eddie the Wire (31pp, 1980; 50pp 1981; 44pp, 1981; 55pp, 1986).
Basically this set describes how to make all the tools mentioned the
above book along with mass production techniques, carrying cases,
using a PC to generate pick profiles, making "soft" break-ins, how to
"case" a subdivision, and more. Price: $20.00
#52044 PERSONAL PICKS (VHS TAPE - 72min) by Eddie the Wire, 1988.
Demonstrates the step-by-step process of making lock tools in the home
workshop. Price: $29.95
#52051 EXPERT LOCK PICKING (VHS TAPE - 60min) by Ron Reed, 1990. The
author has won the California Locksmiths Association lock-picking
championship (I guess that's good). Uses specially designed cutaway,
see-through locks, so you can view the inside mechanisms of working
locks as they respond to picking techniques. Price: $59.95
#52048 ADVANCED LOCK PICKING by Steven M. Hampton (50pp, 1989).
Describes the inner workings of the new high-security locks and
includes templates for making custom tools. Schematic diagrams for
portable electronic picks to open magnetic key and card locks. Tips
on enhancing finger sensitivity, concentration power, constructing
practice lock boxes, and more. Price: $10.00
#52045 CIA FIELD-EXPEDIENT KEY CASTING MANUAL (48pp, 1988). How to
make a duplicate key when you can keep the original only a short time.
Price: $8.00
#52043 HOW I STEAL CARS - A REPO MAN'S GUIDE TO CAR THIEVES' SECRETS
(VHS TAPE - 45min) by Pierre Smith, 1988. How to open and enter
practically any modern automobile and how to start them without the
key. Price: $49.95
#52016 HOW TO FIT KEYS BY IMPRESSIONING by Desert Publications (26pp,
1975). Subjects covered include: Fitting bit keys, Fitting flat steel
keys, Fitting lever tumbler keys, Fitting disc tumbler keys, Necessary
tools, Techniques of obtaining impressions, and more. Price: $7.00
8.06 Lock Picking
Author: Darc Deathe
This tutorial will demonstrate how to "pick" a pin tumbler lock.
Use of this material is for locksmiths only, any use of this information
for illegal purposes is forbidden and against the law. (As long as we are
at it, do you want to buy some land in florida?)
In order to pick a pin tumbler lock, you will require four items:
a lock, you, a pick, and a tension wrench. You can usually get these at a
locksmith store, if you can not find one near you there will be an address
at the end of the article that you can order them from. Here is an
illustration of a pick and a tension wrench:
________/ !________
PICK TENSION WRENCH
Most people know of the need for the pick, but have no idea what
the wrench is for. It is very important and without it it would be impossible
to pick a lock.
In order to pick a lock, we count upon the imperfection of the
lock. Before we look at how to actually pick the lock, we will look at the
parts of it and how the imperfection part fits in. Here is a dissassembled
lock:
/ / / /
\ \ \
SPRINGS -> / / / /
\ \ \
! ! ! ! ! ! ! !
! ! ! ! ! ! ! !
DRIVERS -> ! ! ! ! ! ! ! !
!_! !_! !_! !_!
_ _
! ! _ ! !
->! ! ! ! _ ! !
! ! ! ! ! ! ! !
\_/ \_/ \_/ \_/
_____________________
! : : : : : : : : !
HOUSING ->! : : : : : : : : !
! : : : : : : : : !
!___: :_: :_: :_: :___!
! : : : : : : : : !
Pg= -> ! : : : : : : : : !
!_____________________!
! !
! !
! !
!_____________________!
___
/ \
! !__ _ _
! \__ / \_/ \__
! \/
\__/------------------- <- KEY
When you insert a key into a lock, the bottom of the plug is pushed
up, and if it is the proper key, the tops of the bottom pins will match
with the spot where the plug and housing meet, thus allowing you to turn the
plug, and open the door, etc.. when you have the key, the bottom pins go
into the valleys of the key, thus meaning that the key must have the right
height valleys to make the lock open. pretty elementry, right? Well now we
can move on to how to pick a lock.
In order to pick a lock we (as i said before) depend on the
inaccuracy of the manufacturing process. the first thing to do is to insert
the tension wrench into the lock and apply a slight pressure to the left
(or right if you wish) so that if you could look inside the lock at where
the plug and the housing would meet, it would look like this:
! !*! !
HOUSING ! !*! !
! !*! !
__________! !*! !___________
__________ !*! ____________
! !*!!
PLUG ! !_!!
! _ !
! !*!!
! \_/!
Now a slight presure is on the pins. Because the pins can not be
produced exactly the same, there is one pin which is the widest and there
fore has more tension on it, and one which is the thinnest and has almost
no pressure on it. We now use the pick to >gently< push each pin up (and
try to feel it when you let it down) until we find which is the tightest on
and which is loosest. Getting the feel for this is the hardest part of lock
picking. Now that you have found the loosest one, gently press it upward
until you feel a slight reduction in tension on the tension wrench. This
will happen when the top of the bottom pin becomes even with the junction
of the plug and the housing. Do not release any tension from the wrench
now! the driver will now be trapped in the housing as illustrated here:
(don't I draw pretty)
! !*! !
HOUSING ! !*! !
! !*! !
___________! !_! !___________
____________ ___________
! !*! ! PLUG
! !*! !
! \_/ !
! !
Now you continue this process with each of the pins until you work
your way up to the one that is widest. With some practice you can get
fairly fast at this. I suggest practicing on a four pin tumbler lock that
is bought from a hardware store, the cheaper the better.
I would like to discuss a paticular configuration of the pins now
that may present a particularly hard job to pick. this is graphicly shown
here by the two middle pins:
!*! !*! !*! !*!
!*! !*! !_! !*!
!*! !*! _ !*!
!_! !*! !*! !_!
_ !*! !*! _
!*! !*! !*! !*!
!*! !_! !*! !*!
!*! _ !*! !*!
!*! !*! !*! !*!
\_/ \_/ \_/ \_/
\_______________
When you try to push the 2nd pin from the left up, you will
unavoidably be pushing the one in front of it up because of it's long
bottom pin. The only solution for this is to get a special pick that looks
like this:
\ _______________
\_/
The major problem with this is that it is hard to initially detect.
The reason that it makes it harder if it is not immedietly apperant is that
you unavoidably push the 3rd pin from the left up into the housing, getting
it jammed:
! !*! !
HOUSING ! !_! !
! _ !
! !*! !
__________! !*! !________
___________ !*! ________
!!*!!
PLUG !!*!!
!\_/!
I would also like to address a technique called raking. It uses a
tool like this:
\/\/\/|______________
Basically you "rake" it and forth across the pins, hoping that
combined with the tension it will give you the right combination. This way
has been known to work fast at times, but is not very reliable, and I would
suggest learning to actually "pick" the lock.
Earlier i promised an address to order locksmithing materials from,
so here it is:
Garrison Protective Electronics
Box 128
Kew Gardens, New York, 11415
Sources: Personal practice and many excellent books from mentor press, if
you would like their catalog, send a sase to:
The Intelligence Library
Mentor Pulications
135-53 Northern Blvd.
Flushing, NY 11354
And ask for any information available on the intelligence library.
8.07 The Arts of Lockpicking
Courtesy of: The Jolly Roger
Lockpicking I: Cars and assorted other locks
While the basic themes of lockpicking and uninvited entry have not
changed much in the last few years, some modern devices and techniques have
appeared on the scene.
Automobiles:
Many older automobiles can still be opened with a Slim Jim type of
opener (these and other auto locksmithing techniques areocovered fully in
the book "In the Still of the Night", by John Russell omo III); however,
many car manufacturers have built cases over the lock mechanism, or have
moved the lock mechanism so the Slim Jim will not work. So:
American Locksmith Service
P.O. Box 26
Culver City, CA 90230
ALS offers a new and improved Slim Jim that is 30 inches long and
3/4 inches wide, so it will both reach and slip through the new car
lockocovers (inside the door). Price is $5.75 plus $2.00 postage and
handling.
Cars manufactured by General Motors have always been a bane to
people who needed to open them, because the sidebar locking unit they
employ is very difficult to pick. To further complicate matters, the new
GM cars employ metal shields to make the use of a Slim Jim type instrument
very difficult. So:
Lock Technology Corporation
685 Main St.
New Rochelle, NY 10801
LTC offers a cute little tool which will easily remove the lock
cylinder without harm to the vehicle, and will allow you to enter
and/or start the vehicle. The GMC-40 sells for $56.00 plus $2.00
for postage and handling.
The best general automobile opening kit is probably a set of
lockout tools offered by:
Steck MFG Corporation
1319 W. Stewart St.
Dayton, OH 45408
For $29.95 one can purchase a complete set of six carbon lockout
tools that will open more than 95% of all the cars around.
Kwickset locks have become quite popular as one step security
locks for many types of buildings. They areoa bit harder to pick and
offeroa higherodegree of security than a normal builder installed door
lock. So:
A MFG
1151 Wallace St.
Massilon, OH 44646
Price is $11.95. Kwickset locks can handily be disassembled and the
door opened without harm to either the lock or the door by using the above
mentioned Kwick Out tool.
If you are too lazy to pick auto locks:
Veehof Supply
Box 361
Storm Lake, IO 50588
VS sells tryout keys for most cars (tryout keys are used since
there is no one master key for any one make of car, but there are group
type masters (a.k.a. tryout keys). Prices average about $20.00 a set.
Updated Lockpicking:
For years, thereohave been a number of pick attack procedures for
most pin and tumbler lock systems. In reverse order of ease they areoas
follows:
Normal Picking:
Using a pick set to align the pins, one by one, until the shear
line is set and the lock opens.
Racking:
This methodouses picks that areoconstructed with a series of bumps,
or diamond shape notches. These picks are "raked" (i.e. run over all the
pins at one time). With luck, the pins will raise in the open position and
stay there. Raking, if successful, can be much less of an effort than
standard picking.
Lock Aid Gun:
This gun shaped device was invented a number of years ago and has
found application with many locksmiths and security personnel. Basically, a
needle shaped pick is inserted in the snout of the "gun", and the "trigger"
is pulled. This action snaps the pick up and down strongly. If the tip is
slipped under the pins, they will also be snapped up and down strongly.
With a bit of luck they will strike each other and separate at the shear
line for a split second. When this happens the lock will open. The lock aid
gun is not 100% successful, but when it does work, the results are wvery
dramatic. You can sometimes open the lock with one snap of the trigger.
Vibrator:
Some crafty people have mounted a needle pick into an electric
toothbrush power unit. This vibrating effect will sometimes open pin
tumbler locks -- instantly.
There is now another methodoto open pin and wafer locks in a very
short time. Although it resembles a toothbrush pick in appearance, it is
actuallyoan electronic device. I am speaking of the Cobra pick that is
designed and sold by:
Fed Corporation
P.O. Box 569
Scottsdale, AR 85252
The Cobra uses two nine volt batteries, teflon bearings (for less
noise), and a cam roller. It comes with three picks (for different types
of locks) and works both in America and overseas, on pin or wafer locks.
The Cobra will open group one locks (common door locks) in three to seven
seconds with no damage, in the hands of an experiencedmlocksmith. It can
take a few seconds more or up to a half a minute for someone with no
experience at all. It will also open group two locks (including
government, high security, and medecos), although this can take a short
time longer. It will not open GM sidear locks, although a device is about
to be introduced to fill that gap. How much for this toy that will open
most locks in seven seconds?
$235.00 plus $4.00 shipping and handling.
For you hard core safe crackers, FC also sells the MI-6 that will
open most safes at a cost of $10,000 for the three wheel attack model, and
$10,500 for the four wheel model. It comes in a sturdy aluminum carrying
case with monitor, disk drive and software.
If none of these safe and sane ideas appeal to you, you can always
fall back on the magic thermal lance...
The thermal lance is a rather crude instrument constructed from 3/8
inch hollow magnesium rods. Each tube comes in a 10 foot length, but can be
cut down if desired. Each one is threaded on one end. To use the lance, you
screw the tube together with a matted regulator (like a welding outfit
uses) and hook up an oxygen tank. Then oxygen is turned on and the rod is
lit with a standard welding ignitor. The device produces an incredible
amount of heat. It is used for cutting up concrete blocks or even rocks. An
active lance will go through a foot of steel in awfew seconds. The lance
is also known as a burning bar, and is available from:
C.O.L. MFG
7748 W. Addison
Chicago, IL 60634
8.1 COMBINATION LOCKS
8.11 FINDING THE COMBINATION ON MASTER LOCKS
Authors: Gin Fizz/2600 Club!/TPM and Ninja NYC/TPM
From: ==Phrack Inc.== Vol 1, Issue 1, Phile #6 of 8
_ _ _______
| \/ | / _____/
|_||_|etal/ /hop
_________/ /
/__________/
Have you ever tried to impress your friends by picking one of those
Master combination locks and failed? Well then, read on. The Master lock company
has made this kind of lock with a protection scheme. If you pull the handle of
it hard, the knob won't turn. That was their biggest mistake...
Ok, now on to it.
Get out any of the Master locks so you know what's going on.
1st number:
The handle part (the part that springs open when you get the
combination), pull on it, but not enough so that the knob won't move.
While pulling on it turn the knob to the left until it won't move any more.
Then add 5 to this number. Congradulations, you now have the 1st number.
2nd number: (a lot tougher)
Ok, spin the dial around a couple of times, then go to the first
number you got, then turn it to the right, bypassing the 1st number once.
WHEN you have bypassed. Start pulling the handle and turning it. It will
eventually fall into the groove and lock. While in the groove pull on it and
turn the knob. If it is loose go to the next groove; if it's stiff you've got
the second number.
3rd number:
After getting the 2nd, spin the dial, then enter the 2 numbers, then
after the 2nd, go to the right and at all the numbers pull on it. The lock will
eventually open if you did it right. If can't do it the first time, be patient,
it takes time.
Have phun...
8.12 PICKING COMBINATION LOCKS
Author: The Byte Byter (Metal Communications)
First of all, let me tell you about the set-up of a lock. When the lock
is locked, there is a curved piece of metal wedged inside the little notch
on the horseshoe shaped bar that is pushed in to the lock when you lock it.
To free this wedge, you must (must is a word used too much) you usually (that
sounds much better) have to turn the lock to the desired combination and the
pressure on the wedge is released therefore letting the lock open.
I will now tell you how to make a pick so you can open a lock without
having to waste all that time turning the combination (this also helps when you
don't know the combination to begin with). First of all, you need to find a
hairpin. What's a hairpin ? Well, just ask your mom. She will have one. If she
asks what its for, say you have to hold something together... If she says use
a rubberband or use a paperclip, tell her to fuck off and die and then go to
the store and rip off a box of 50 or so.
Ok, enough stalling (yeah, I was stalling). Once you have your hair pin
(make sure its metal), take the ridged side and break it off right before it
starts to make a U-turn onto the straight side. The curved part can now be used
as a handle. Now, using a file, file down the other end until it is fairly
thin. You should do this to many hairpins and file them so they are of
different thicknesses so you can pick various locks.
Some locks are so cheap that you don't even have to file! But most are
not. Ok, now you have a lock pick.
Now if you haven't figured it out, here's how you use it. You look at a
lock to see which side the lock opens from. If you can't tell, you will just
have to try both sides. When you find out what side it opens from, take the
lock pick and stick the filed end into the inside of the horseshoe-shaped bar
on whichever side the lock opens from.
Now, put pressure on the handle of the lock pick (pushing down, into
the crack) and pull the lock up and down. The lock will then open because the
pick separated the wedge and the notch allowing us thieves to open it. Don't
say bullshit until you've tried it.
Because of this, I have got lots of beer money from doing this to
fellow students' gym lockers. Also, this technique works best on American
locks. I have never picked a Master lock before because of the shape a
pressure of the wedge but if anyone does it, let me know how long it took.
Also, the Master lock casing is very tight so you can't get the pick in.
So, if you're locking something valuable up, use a Master, because at least
you know I won't be picking it and I'm sure there aren't that many that could.
And when I say pick, I don't mean lighting a stick of dynamite next
to the lock, picking is opening a lock without using force, making a substitute
key, etc... If any of you believe that this information is not sufficient for
picking an American lock, or any other kind besides Master, leave me a message
at /\/\etallant 1.
8.15 BREAKING and ENTERING
8.151 Breakin' in A to Z (BnE Checklist)
Author: Joe Hunt of the !B!ILLIONAIRE! !B!OYS !C!LUB
This is a list of need equipment for must jobs.
Check list for equipment for operation:
Rubber Surgical Gloves 5.00-
3 Black Army Duffle Bags. 20.00-
6 Plasic Garbage Bags.... 2.55!
G.I. Army Flashlight... 7.50-
#606 Tyro Pick Set.......... 34.95+
#781 Lock Picking Simplified 6.00+
#784 Complete Guide to Lock
Picking................ 9.95+
#783 Locks & Alarms......... 15.95+
64-2165 2cyl. Pocket Gas Torch. 25.95*
64-2166 Replacement Butane Cyl.. 3.29*
64-2167 Replacement Micronox Cyl 2.59*
64-404 Crimp Tool.............. 4.49*
64-1823 Set of 7 Screwdrivers... 5.29*
64-1805 Hobby Knife............. 1.19*
278-002 6 Heavy-Duty Cables..... 3.99*
20-107 Portable Scanner....... 99.95*
ch. 2,3,4,5.........each 4.98*
33-174 Monaural Earphones...... 1.49*
21-1639 Realistic trc-219.......59.95*
-------
332.96
KEY:
- You might have them around the house
+ You can buy it a phoenix systems
* Buy them at you local radio shack
List of supliers:
Phoenix systems
P.O. Box 3339 Evergreen, CO. 80439
303-674-2653
8.2 Locks and Physical Security Devices
Author: Sterling
From: Informatik, The Journal of Priviledged Information
Introduction
------------
Ever since man has had something worth keeping, he has devised ways to
protect it. The Egyptians were the first to develop a working lock of any
complexity. It was based on a flat, wooden "key" with a series of raised pins
that enable the user to slide back a wooden bolt that protected the door from
entry. Advances in metallurgy eventually brought forth locks of iron.
As locks became more complex, the great medieval locksmiths' guilds
carefully guarded their secrets. Restrictions forbid the guild's members from
discussing the relatively simple inner workings of locks for fear of losing
their power. By protecting their secrets, the locksmiths were able to exploit
their unique skills, charging outlandish sums for their services.
The same principles apply today. That is why a locksmith can charge you
$60 to come and unlock the door to your house. Americans spend millions each
year on security systems to protect their property. Often this money is wasted
on devices that really provide only limited protection. In this text I would
like to expose how locks and security systems work, and how you can bypass them
if needed.
It is easy to lose faith in the common door lock once you understand its
simple operation. It took me less than a week with my lock picks before I
could open my front door. Any first timer can open a desk or filing cabinet
after achieving a basic understanding of the principles of modern locks.
Hopefully this article will expose to more people just how unsecure locks can
be, and with practice you should be able to pick your way into your house
should the need arise.
The content of the article comes from a wide variety of sources. Personal
experience, excerpts and summaries from the "alt.locksmithing" newsgroup, and
from locksmithing and lockpicking books. Special thanks goes out to *Hobbit*
for his simplex and hotel lock articles.
There are several types of locks that you are likely to encounter. These
locks are easy to spot and identify what you know what to look for. Here I
will discuss everything from the seldom used "warded lock" to alarm systems.
Table of Contents:
------------------
Key Operated Locks
Latches
The Warded Lock
The Lever Lock
The Wafer (Disc) Tumbler Lock
The Pin Tumbler Lock
Tubular Cylinder Locks
Lockpicking Tools
The Basic Picks
Making Your Own Picks
Purchasing Picks
Attitude and Tips for Success
Other Security Devices
Combination Locks
Magnetic Locks
Simplex Locks
Automotive Protection Systems
The Marlock System
VingCard Locks
Electronic Hotel Card Locks
Alarm Systems
Type of Latches
~~~~~~~~~~~~~~~
The latch is a spring bolt that actually holds the door shut. This is in
contrast to the deadbolt, that had NO spring, and must be manually engaged.
There are two primary types of latches, the springlatch and the deadlatch.
The springlatch is much more convenient, when the door is shut, the
springlatch springs into place, locking the door shut. This is the type of
latch found on most key-in-knob type door locks. The problem with the
springlatch is that it is easily defeated by sliding a plastic card or thin
knife and forcing it back. To prevent this, a latch guard can be installed.
This is a device constructed from heavy steel folded lengthwise at a ninety
degree angle or a T-bar shape. It is usually anywhere from six to twelve
inches in length and is fastened to the edge of the door by bolts. The latch
guard hides the latchbolt, and prevents any tampering with it.
The deadlatch cannot be shoved open like the unprotected springlatch can.
When the door is closed, the latch bolt is secure in the lock position and acts
as a deadbolt (a bolt that is not spring loaded, and resists any end pressure).
The deadlatch resembles a smaller, beveled bolt projecting from the latchbolt.
On some designs, the deadlatch takes the shape of an additional bolt, somewhat
smaller, and usually placed higher up on the lock body. A key or interior
locking mechanism must be used to engage the deadlatch and lock the door.
The Warded Lock
~~~~~~~~~~~~~~~
The warded lock's basic design was created by the ancient Romans. The
basic principle behind its operation is a series of "wards" (projecting
obstructions) that prevent all but the proper cut key from being rotated inside
the lock. These obstructions have been placed in the path of the turning of
the bit portion of the key. This type of lock utilizes a key that has been
notched in a way that it clears all the wards, but is still able to turn the
bolt. These locks are easy to recognize. They are the "classic" antique lock
that you may still find in old houses.
_______ blade (stem) ##### handle (bow)
/ \ ########
| | ################################# ##
\ / ################################# ##
| | #### ### ########
/ \ #### ### #####
/ \ ####
/ \ bit a warded key for a two-ward lock
/___________\
warded key lock entrance
The number of wards in the lock can vary, but normally two is the minimum.
When a user inserts a key into the warded lock, the metal obstructions inside
the lock allow only the proper key to be inserted. The key bittings allow the
key to turn in a circular motion, opening the lock through one of four
different mechanisms:
1) The key lifts a detent lever while throwing the bolt, providing
deadbolt action. (Deadbolt action means that the bolt is secure
against end pressure.)
2) The key moves a bolt whose locked or unlocked position is maintained
by the action of a humped flat spring in two notches on the bolt.
3) The key moves directly against the latch tail of a latchbolt, or does
so through the action of a floating lever.
4) The key inserts between two springs and wedges them apart as it is
turned. (Usually only in warded padlocks)
Picking
These locks offer only token security to the user. Besides being easy to
circumvent, the warded locks offers only about fifty alternate keying
combinations. Picking them is generally regarded as trivial. All that is
required is to bypass the wards and move the bolt into the unlocked position.
This can be accomplished by using a pick known as a "buttonhook". To make your
own buttonhook pick, use a pair of pliers to bend a six inch section of coat
hanger into a warded key shape as below:
########
### ##
################################# ##
# ## ##
### ## #
#####
The wire should be thin enough to pass into the keyway while avoiding all
the wards, but stiff enough that it can still manipulate the bolt to open the
lock. Though you may have to make a "large" and a "small" warded lock pick,
the same principle applies.
The Lever Lock
~~~~~~~~~~~~~~
Robert Barron invented the lever lock in 1778. This constituted a
considerable improvement over the ancient warded lock. It was based on a
series of several "levers" that must each be raised to their own set height.
If a particular lever was lifted to high or not enough, then the lock would not
open. When the proper key is inserted, the notches on the key raise all the
lever tumblers the required distance, lining up all the gates, allowing the
lock to be opened. Not only was this new lock much harder to pick, it offered
up to ten billion possible keying combinations. (The amount of practical
combinations is actually around fifty thousand)
#####
__ #######
/ \ ## ### #### ## ########### ##
\ / ###### ####### ########### ##
| | a lever or "lever tumbler" ########################### ##
| | lock keyhole #######
|__| ####
a lever tumbler lock key
Since its design the lever tumbler lock has undergone numerous
improvements. One of the is called the parautopic lock. The parautopic lock
consisted of two sets of lever tumbler, where the first worked on the second.
It also proved a plate that turned with the key so that one could not inspect
the locks interior construction. Lever locks, though limited in use, can still
be found today in some hospitals, suitcases, cabinets, fine furniture, and
attache cases. Lever locks are also used on safe-deposit boxes, often with
fifteen or more levers and sometimes requiring two keys.
Picking
Lever locks are a little harder to pick then the wafer and pin tumbler
variety. In fact, the type of lever locks used on safe-deposit boxes are very
difficult to pick indeed. To pick a lever lock requires that tension be placed
against the deadbolt throughout the course of lifting one or more levers within
the lock to the required alignment with the post. This requires the use of a
"lever lock tension wrench" and a "hook" or "lifter" pick. [Picks are
discussed later in the Lockpicking Tools section.]
Insert the lever lock tension wrench (a bit different than a normal
tension wrench) into the keyway, and exert torsional pressure. The long bit is
the part you hold, the next bend runs to the bottom of the lock, and the final
bend fits into the notch in the bolt. Unlike most other types of locks, the
lever locks requires you to exert considerable pressure on the tension wrench
while picking. Usually the lever springs provide enough force to cause the
levers to drop back down once picked. Because of the greater pressure, lever
locks may require a slightly thicker tension wrench then normal.
Then insert the hook pick all the way into the lock. Locate the back
lever and raise it gently until you FEEL or HEAR a slight "click". With the
lever locks, the force required to push against the spring is substantially
more than in other locks. Once it reaches the correct position, the gate will
align with the post, and you should notice a slight "give" in the deadbolt, as
there is now one less lever obstructing the lock from opening. You should note
that once a lever has been picked, the amount of force required to lift that
lever will be substantially less.
Move on to the next lever by slightly withdrawing the pick and repeat the
process. Each subsequent lever will require the use of slightly less tension
then on the previous ones. Otherwise the increased tension could cause the
lock to bind up.
Once you have picked each individual lever, the lock should open. If it
does not, then reinsert the pick (always maintaining tension with your wrench)
and jiggle each lever slightly to ensure correct alignment.
Each lever does not require very much lift. This is due to the fact that
the maximum depth of the cut under any tumbler is no more than half the width
of the key, and never more than two-thirds its width. You should therefore use
a pick that does not have too much "hook" to it.
The Wafer Tumbler Lock
~~~~~~~~~~~~~~~~~~~~~~
The wafer tumbler lock was developed as a low-cost lock that offered a
reasonable degree of security to the owner. These locks are make up over
one-fourth of all the locks in the world. The outside of the lock resembles
the pin tumbler lock (yet to be discussed), but uses a much simpler mechanism.
Wafer keyways usually have simple side ward indentions. The key is usually
shorter than that of other locks, but equally broad. It may be cut on one or
both sides. A two sided wafer lock is often called a "double wafer." The lock
consists of four main parts. The plug housing, which contains the wafers and
springs, the shell, the cam (locking bolt), and the retainer. The wafers are
sometimes referred to as "discs" because their top and bottom are rounded to
fit into the cylinder. Here is a diagram:
5
___ 7 | ___
||############## 1-> @| _ |_
## ||## ## ## ## ## @||2||/
6##||##4##3##2##1## <-keyway @||_||
## ||## ## ## ## ## \|___|
___||############## 3
|
\plug/ detail of a wafer tumbler
cutaway side view 1) spring
of a wafer lock 2) key slot
3) spring wing
1-4) spacings #1-4
5) cam (operates the bolt)
6) retainer (rear plug)
7) the shell (body of the lock)
Each lock has a series of chambers in which the wafers rest. These
spacing closest to the front of the lock is numbered with one, and their
numbers increase toward the back of the lock. Picture a number of the wafers
placed face-to-face in the plug's spacing chambers. Each wafer is equal in
overall size, but the key slots are of varying height. A metal spring exerts
pressure on the spring wing of each wafer, forcing its lower part into the
shell's "locking grooves" which lets the lower portion hang about midway into
the keyway. Looking into the lock, you should be able to see this. These
wafers act to hold the plug and shell together, preventing the lock from
turning.
When the correct key is inserted, it goes through the key slots on each
wafer, raising the wafers out of the locking groove. The key must have the
appropriate depth of cut in each position to raise the wafer the correct
amount. The depth of the key's cut (and the length of the wafer's key slot) is
any one of five different depths. The shorter the top edge of the wafer's key
slot, the lower the key cut depth value. For instance the number 1 slot (the
slot that is the largest) would require the shallowest cut in the key.
Normally lock manufacturers place a number four or five wafer near the keyhole
to block the view of the back wafers. Also note that the same type of wafer
may appear several times in the same lock.
Above some brands of wafer tumbler lock you will see a small hole. When
the lock has been unlocked, you can remove the entire lock plug by inserting a
piece of stiff wire into this hole and depressing the retainer. Though nowhere
near as secure as the pin tumbler lock, the wafer tumbler is a very popular,
low cost lock. The lock is normally found on cheaper cabinets and desks, some
padlocks, some automobile locks, locking handles, and trailer doors. Where
more security is desired, the double wafer type is used, providing wafers on
the top and bottom of the keyway.
Picking
Though harder to pick then the warded lock, the wafer lock is still easy
to circumvent. This is an excellent lock to practice on because the techniques
required to pick it are applicable to the pin tumbler lock as well. Like the
lever lock, picking the wafer tumbler lock requires use of a tension wrench and
a pick. A variety of the different picks can be used including the rake, the
hook, the half-diamond, and the half-round pick. Selection depends on the size
of the lock, the distance between each wafer, and personal preference.
Raking
One of the most common methods of picking the wafer tumbler lock is by
raking. To rake the lock, insert the tension wrench is inserted just inside
the keyway, stopping short of the first wafer, and flush with the bottom of the
keyway. Apply moderate tension to the wrench. If you apply too much tension
the wafers will bind and not be able to move into alignment. Once you have the
tension wrench in place, insert either the rake or half-round pick into the
keyway. Don't worry about feeling the tumblers, instead concentrate on
applying uniform pressure to them as you move the rake in and out of the keyway
in a scrubbing motion. This scrubbing motion should cause the wafers to lift
into alignment as they are thrown up and down in their spacings. This method
is usually quite effective on most wafer locks, and should always be tried
first.
Manipulating Individual Wafers
If the lock does not respond to raking, you can try using the half-diamond
pick to each wafer into alignment one-by-one. While maintaining light but
consistent pressure with the tension wrench, use the pick to lift each wafer
into alignment at the shear line, starting from the backmost tumbler. Once it
reaches the proper alignment, you should feel or hear a slight "click" and the
plug will turn ever so slightly, relieving a bit of pressure on the wrench.
Continue one-by-one, working outward, until each tumbler has been aligned and
the lock opens.
Vibration Picking
Often you can use a technique called vibration picking to open a wafer
tumbler lock. This uses a tool known as a "snapper" pick or a "lockpick gun".
[These are described in the Lockpicking Tools section of this article] To use
the snapper pick maintain a light tension with the wrench and insert the tip of
the pick into the keyway, just touching the bottom of the tumblers. Then use
the thumb, which rests along the top edge of the pick to depress the top loop.
Let the thumb slide off the compressed part of the pick, permitting it to snap
back. It will then strike a light blow to the tumblers, popping them up until
they are held in place at the shear line. Repeated snaps, while maintaining
tension with the wrench, usually results in aligning all the tumblers, and thus
opening the lock. The lockpick gun works automatically, with a trigger device
that "snaps" its wire pick up in the keyway.
Picking Double Wafer Locks
Double Wafer locks are picked the same way as single wafer locks, but
there two sides to the story. Not only must you align all the top wafers, but
the bottom ones as well. You can purchase special designed tension wrenches
with will let you then use a ball pick to pick both sets of wafers.
Alternatively you can use a standard tension wrench in the center of the
keyway, using a half diamond pick. Once you have picked one set, simply
reverse the pick and pick the other. It may take a few tries before you are
able to hold all the wafers in place.
The Pin Tumbler Lock
~~~~~~~~~~~~~~~~~~~~
Pin tumbler locks are by far the most popular lock today. Over half of
the locks in use are of the pin tumbler type. They look similar to the wafer
tumbler lock, but can easy be distinguished by their round pins, visible in the
keyhole. There operation is also similar to the wafer type, but is more costly
and requires much stricter machining tolerances. Here are some diagrams:
|
|
|
|________________________________________
| | @ | | @ | | @ | | @ | | @ |
| | @ | | @ | | @ | | @ | | @ | Tumbler springs
| | @ | | @ | | @ | | @ | | @ |
| | @ | 4 | @ | | @ | | @ | | @ |
| | @ | ||~|| | @ | ||~|| ||~||
|___||~||___|| ||___||~||___|| ||___|| ||__ _ _ _ _ _ _Shearline
\_ ||1|| 3 || || || || || || || | |
\_|| ||___||~||___|| ||___||~||___||~| |
|~| | | |~| | | | | |
keyway |2| | | | | | | | | | Plug
|_| |_| |_| |_| |_| |
+-----------------------------------------+
|
|
|
|
The pin tumbler lock, cutaway side view (locked)
1) top pin
2) bottom pin
3) cylinder (top of plug)
4) shell
|
|
|
|________________________________________
| | @ | | @ | | @ | | @ | | @ |
| | @ | | @ | | @ | | @ | | @ | Tumbler springs
| | @ | | @ | | @ | | @ | | @ |
| || || 4 || || || || || || || ||
| ||1|| || || || || || || || ||
|___|| ||_ _|| ||___|| ||___|| ||___|| ||__ _ _ _ _ _ _Shearline
\_ ||~|| 3 ||~|| ||~|| ||~|| ||~| |
\_||2||___|| ||___|| ||___|| ||___|| | |
| | |_| | | | | |
keyway |_| |_| |_| | Plug
|
+-----------------------------------------+
|
|
|
|
The pin tumbler lock, cutaway side view (unlocked)
1) top pin (drivers)
2) bottom pin (key pins)
3) cylinder (top of plug)
4) shell
___________________ ___________________
_/ @ \_ _/ @ \_
/ @ 3 \ / @ 3 \
| @ | | | | |
| | | | | |2| |
| ____|2|____ | | ____|_|____ |
| / |_| \ | | / | | \ |
| | _| |_ 4 | | | | _|1|_ 4 | |
| | / |1| \ | | | | / |_| \ | |
| | | |_| | | | | | | | | |
| | | | | | | | | | | |
| | | 5 | | | | | | 5 | | |
| | \_____/ | | | | \_____/ | |
| | 6 | | | | 6 | |
| \___________/ | | \___________/ |
| 7 | | 7 |
\_ _/ \_ _/
\___________________/ \___________________/
Locked Unlocked
Pin Tumbler Lock (front) Pin Tumbler Lock (front)
1) bottom pin (key pins)
2) top pin (drivers)
3) tumbler spring
4) shear line
5) keyway
6) plug (cylinder)
7) shell
OK, I will explain how the pin tumbler lock works, but you really should
consider going to K-Mart and buying a cheap lock to take apart and study. In
the lock's shell (main body) there is the keyway and three to eight (usually
five) spacings drilled from the top of the lock into the keyway. This is
similar in principle to the wafer lock. In each of theses spacings are two
pins and a spring. The top pins are always the same length, while each bottom
pins can each be any of ten different sizes (0-9). Note that the bottom pins
have a rounded bottom, allowing for them to ride up the key easier. The spring
forces the pin stack down so that the lower pin protrudes into the keyway.
(The wedge slot keeps them from falling all the way to the bottom of the
keyway) When the correct key is inserted, each pin stack is lifted according to
how deep or shallow the key is cut in that corresponding location. To open the
lock, the top of bottom pin (the point where the top and bottom pin meet) must
line up with the lock plug and the shell (the shearline). When in this
position, the lock is unlocked and the plug can rotate around, taking the
bottom pin around with it. If any pin is raised too high, or not high enough,
then that pin keeps the plug from turning inside the lock shell. Of course in
the locked position, all the pins stop the plug from turning.
These locks are used almost everywhere. The provide over a million
possible combinations for a five pin lock, and billions for the eight pin.
These are the standard door locks in most residential and commercial buildings.
Often you will find pin tumbler locks with only three pins on cheap desks, some
copy machines, and storage lockers. They offer a reasonable degree of
security, but are far from tamper proof.
Picking
Picking the pin tumbler lock is based on the principle that slight
imperfections exist in every lock. Every lock is machined to certain sets of
tolerances, such as plus or minus .0002 inches. The closer the tolerance, the
harder the lock is to pick, but the more expensive the machining costs. That
is what makes one pin tumbler lock harder to pick than another. This variation
in the lock's components means that in attempting to turn the plug in the lock
without the proper key, one tumbler will be caught up and become tight before
subsequent tumblers are. Therefore, when turning tension is applied to the
plug with a tension wrench, and the tight tumbler is lifted with a pick, there
will be either a clicking feel or a sudden relief in the tension the tumbler
exerts on the pick. This relief of tension occurs when the pin is brought up
even with the shear line. At this time, lifting can be stopped.
Use a hook pick to lift each pin to its breaking point, starting with the
pin that is bound (resisting) the tightest. Gently pry the pin up against the
spring pressure until it breaks at the shear line. Care must be taken not to
lift the pin too high, or it may become jammed in the upper chamber. It is
often impossible to get this pin back down without releasing tension on the
plug.
A common problem is applying too much tension. A light touch should be
used because too much pressure on the wrench not only makes it hard to feel any
change in torsional pressure, but tends to bind all the pins, making picking
order difficult to determine. The tension wrench needs only to provide a
little torque so that the pins stay up once picked.
Raking and Vibration picking
You can also use the raking and vibration picking methods described in the
section on wafer tumbler locks to pick pin tumblers. You can even use a
combination of raking and pin picking. Simply rake the pins a few times, and
then go back and pick any pins that the rake missed. You can use the hook pick
to probe each pin. If the pin feels "springy" then it has not yet broke at the
shear line.
Another technique: Start picking at the back pin, the one furthest away
from you as you face the keyway. The reason for this is relatively simple.
The rear pin will be the last worn, and when you break it, the lock's plug will
move the most it ever will for just one pin breaking. This will make it easier
to pick the other pins, as the break between the inner and outer cylinders will
be progressively held tight against the pin you are working, as you work the
lock from rear to front. The reason the rear pin is least worn is that
inserting a key "rakes" the pins up and down, wearing down their sides. The
rear pin is raked only once per time the key is inserted, the pin in front of
it is raked twice, and so on. Its not uncommon to see locks in which the front
pin can not be picked before the rear ones. The reason was that it was worn
down to the point that no amount of torsion would cause the inner plug to put
any force against it. Consequently, it won't break.
Rapping
Sometimes you can use a form of vibration picking known as rapping to open
a pin tumbler lock. A tension wrench is inserted into the keyway, and light to
moderate tension is applied. At the same time, the face of the plug is struck
sharply with a plastic mallet or hammer handle. The rapping forces the springs
and pins to gravitate toward the force of the blows. Hopefully this vibrates
the picks into their breaking positions. DO NOT HIT TOO HARD! Approach this
method with caution.
Practicing
To learn how to pick pin tumbler locks, it is best to go to the store and
buy a "practice" lock. Try to find either a KwikSet brand or a cheap Ilco lock
cylinder. On top of the lock shell is a little sliding strip that covers the
pin spacings. Carefully slide it out. you can then take out the spring, the
top pin, and the bottom pin. Remove all but one the assemblies and replace the
cover. Now you can practice on picking the lock with only one pin. When you
become good at that, insert another stack of pins, and so on until you can pick
the lock with all five pins in place.
Spool Pins
It is possible that in the course of picking a high security pin tumbler
locks, the plug will turn a bit as if it were going to unlock, then stop. I
will turn no more than 2 or 3 degrees around. This means you have encountered
a spool pin. These are simply drivers, or key pins, or both that have had
their center portions cut down to a smaller diameter.
______
|_ _|
| | | | Lock body Note that any torsion applied to the
___| | | |____ cylinder will tend to catch the spooled
||____|| pins at their waists instead of at the
| ____ | Cylinder break between the pins. This will
||_ _|| either prevent the pick from pushing
| | | | the pin up if the top spool is caught,
| | | | or it will prevent the pin from falling
___|| ||____ down, if the bottom spool is caught.
| |
\__/ Keyway
spool pins
With a hook pick, you'll be able to press up on each pin and feel the
difference. When you have a spool pin caught across the shear line, gentle
upward pressure will result in force in the opposite direction of the way
you're turning. Determine which pins are spool pins and push up until the
bottom of the pin (assuming it's a top pin) crosses the shear line. You might
lose some previously picked pins, but just pick them again.
Interlocking Pins
Several manufacturers have designed high security locks involving angled
and interlocking pins. Emhart makes a cylinder using angled cuts on the keys
where the top and bottom pins actually interlock:
+--------------+
| |
| Top |
| Pin |
| |
| | Interlocking Pins
+-----+ +-----+
+---+ | | +---+
| | | | | |
| +-+ | | +-+ |
| | +-+ +-+ | |
| | | | | |
| | +------+ | |
| +----------+ |
| |
| Bottom |
| Pin |
So the pins have to be turned to the correct angle in order for the pins
to slide apart when you turn the plug. This also means that the cylinder has
to be grooved to allow for the portion of the top pin sticking down, and the
bottom of each key has notches in it so that it can turn more than 180 degrees.
Tubular Cylinder Locks
~~~~~~~~~~~~~~~~~~~~~~
Tubular cylinder locks are widely accepted as the most secure locks you
can get for a reasonable price. Tubular cylinder locks are the round type
locks you find on most vending machines, ATMs, and the like. They are
basically a pin tumbler lock where the pins are arranged on a circular plane.
The key is a cylinder with cuts around its perimeter. When the key is
inserted, each pin (whose faces are visible) is pushed in the corresponding
depth and the plug can be turned.
Picking
Your best bet for picking these locks is to purchase a specially designed
tubular cylinder pick. While it can be picked with conventional tools, it
takes forever because you have to pick it three or four times to turn the plug
the 120 to 180 degrees needed to unlock it. And what's worse is that the
cylinder locks after each time you pick it -- every one-seventh of a turn! If
you want to try it, here's how.
If you don't have a tubular cylinder pick you will require a wrench that
is .062 inches square on its end. Fit this into the groove of the tubular
cylinder plug. Apply tension in a clockwise direction, then use a straight pin
to push each pin down until it clicks into place. Proceed to the next pin,
until all are picked and the plug turns a few degrees. You will have to repeat
this until it unlocks. Do not leave the locks halfway picked. If you do, even
the original key will not be able to open the lock until it has been picked
back into its original position. Good Luck!
Lock Picking Tools
~~~~~~~~~~~~~~~~~~
The Basic Picks
|
_______________________________________|
tension wrench
This is the standard tool for pin and wafer tumbler
locks. It is inserted in the bottom of the keyway
to provide a torsional force to the lock cylinder.
______________________________________/|
half-diamond pick
The half-diamond pick can be used for raking or
picking wafer tumbler locks, or picking pin tumbler
locks where the distance between pins is small.
---------------------------------\/\/\/\
rake
Not surprisingly, the rake (sometimes called a snake
pick) is used to rake wafer and pin tumbler locks.
.
______________________________________/
hook
The hook (also known as the feeler or lifter pick)
is normally used for picking pin and lever tumbler
locks, but can be used on larger wafer locks.
______________________________________O
O ball
_____________________________________OO
OO double ball
The ball type picks are actually not as pronounced
as they look here in the ascii diagram. Imagine a
"ball" of a little less height, a bit more width.
Though not essential, the ball picks can be used
when attempting to rake a wafer-tumbler lock.
Lever Tumbler Tension Wrench
The big difference with a lever tumbler is in the method of applying
torque. The cylinder, in models where it's visible, rotates freely--it does
not operate the bolt. Rather, the end of the key goes into a notch in the
bolt, directly operating it, just as in a warded lock. This means you need a
different torsion wrench, that looks like this:
_______
|
|
|
|
|
|
|
|
|__________________
Obtaining Lockpicks
Now I'm sure that you are ready to start practicing. Unfortunately,
locksmiths and the public in general seem reluctant to make picks an easy item
to obtain. Therefore you can either make your own, (not that difficult) or
obtain them from a commercial supplier (also not that difficult.)
Making Your Own Picks
You can file or grind picks out of spring steel. It is best to use spring
steel - sources include hacksaw blades, piano (music) wire, clock springs,
streetsweeper bristles (which can be found along the street after the sweeper
has passed), etc. Or, go down to the auto parts store and buy a few stock
lengths of .022 in. automobile feeler gauge. You can cut each one in thirds
and make a pick from each piece. In a pinch safety pin steel, or even a bobby
pin (much worse) can be used. Also try the metal band that holds a set of
walkman type earphones together. It is already the perfect width and all you
have to do is grind the indentations on it. It makes a really great heavy duty
wrench also.
You will need an electric grinder, or a grinding wheel mounted on a drill,
to shape the picks. When grinding, keep the steel from getting so hot as to
anneal (soften) it. You may have to re-harden or re-temper it.
Temper the steel by repeatedly getting it red-hot against the grinder,
then quenching it. What you get won't be feeler gauge and it won't be spring
steel, but something in between that has some give to it and won't shatter.
For a tension wrench, while you're at the grinder, take a medium-sized
Allen wrench and grind its hexagonal head into a flat blade. Alternatively,
you can use a small screwdriver, bent at the end. (Bending a screwdriver with
any precision is pretty tough). Bobby pins also make an alright tension
wrench, especially the larger ones. They work best if you cut them off and
flame to red hot with a burner. Then while it's still hot twist it 180 deg
with a pair of vicegrips or needle nose pliers, and bend down the end so it
looks like the professional ones, this gives it more 'spring'. The flaming
should be done, maybe 3/4ths of an inch from the end. Finally file and sand
rough spots from where you cut it.
If you take the finest or next to finest crochet hook they make and file
down the sides of the business end of it so it will fit in the lock, you can
make an excellent feeler pick.
Picks from Paper Clips
To open a lock with two paper clips, unbend one like this:
____________
/ \ This shape is your lockpick, you
\__________________________/ put the end with the little hook
in the lock and use it to fiddle
with the pins.
Unbend and re-bend the other paperclip like this:
____________
/ \ This shape is your torsion
\______________________ wrench. You use it to put
| torque on the lock cylinder.
_| When the hook is in the cylinder
the handle should hand off to
the side and the final bend on
the hook should be short enough
that there is room to get the
pick into the keyhole.
Warning: Filing cabinets and desks are pretty easy to do with these, but
it's not easy to do a door lock with them. Better materials really do help
when you're dealing with more than 4 pins in a lock.
Making a Pick Gun
Get yourself a piece of music wire from the local hobby shop. Find wire
that seems just a bit big for an average keyway. This will be ground down
later so that it can be inserted. Wire of this diameter is so stiff you may
doubt that you have the right size. But you need this stiffness for the device
to work. Don't use wire that is too light.
You want to bend a circle in the wire about 5 inches back from the end.
You want enough length in the first straight part to go all the way into the
keyway and leave enough to comfortably fit in your hand. Call this straight
part Side A. Try bending the wire around the body of a Magic Marker; this
seems to make a nice sized loop. The loop should be 360 + 180 degrees so that
the long end of your wire is now parallel to side A. Let's be original and
call this Side B.
Use pliers to make a 90 degree bend in side B so that the end of it
crosses side A. This bend should be located so that the part of side A which
extends past the bent part of the wire is long enough to go all the way into
the keyway. Hey, why don't we call this cross-piece Side C? Bend this
cross-piece 180 degrees around side A so that it forms a slot for side A to
slide up and down in. Call the wire segment which goes from A to B and is
parallel to C, Side D. Snip off the end of side D which extends beyond side B.
We now have an object which resembles a safety pin (hence the name) which
has one side (side A) which slides up and down in a slot made by sides C and D
and which is held in the bottom of this slot by the spring tension in the loop
between sides A and B.
Grind the sides of the piece which is to go in the keyway so it will fit.
Grind the top of this piece flat. The Top is the side toward side B. This is
the part which will be against the tumblers. Bevel the end so it will slide
under the tumblers more easily.
To use the gun, insert the end into the keyway with side B up. Press down
on side B with your thumb to slide the slot C-D down. Let your thumb slip off
the wire and the spring will pull side B back up. When the bottom of the C-D
channel hits the bottom of side A, it delivers a sharp blow to the bottoms of
the pins. Use VERY light pressure on the tension wrench and snap the gun a few
times to knock the pins up to the shear line. See the section on wafer locks
for a more information.
Electric Vibration Picks
The motor/base casing from a electric toothbrush, or vibrator makes a
decent vibrator pick (pick gun) when you superglue a straight pick to it. Alot
cheaper than the pro models, and generally smaller too.
Purchasing Your Picks
Generally picks are not sold over the counter. Your best bet is to order
them from a mail order firm. Most firms will inquire as to your profession
when making a purchase. They may not wish to sell them to you unless you are
some sort of pubic safety personnel such as an EMT or a fireman. They are
available from a variety of sources. Here are some of the most popular:
----------
Gall's Inc.
(800)-477-7766
Catalog #BA
----------
Item # : ALS15B
Price : $19.99
Name : 10-Piece Locksmith Pick Set
"Be prepared for any lock-out. Nine picks and wrenches are grouped in a handy
foldover carrying case that is small enough to carry in your pocket. Order you
lock pick set and keep it handy for easy entry to any lock-out situation.
Black."
Item # : PG1B
Price : $59.99
Name : Lock Pick Gun
"Our trigger action lock pick gun opens doors easily. Just use it with the
included picks and instructions -- with a little practice, you can smoothly
open any locked house or apartment."
----------
Delta Press Ltd.
(800)-852-4445
----------
Item # : LPS-002
Price : $24.95
Name : The 8 Piece Tool Set
"These high quality picks feature new lighter non-breakable plastic color coded
handles. Picks are of .022 blue spring steel - hardened to perfection Eight
piece set comes with handy see-through case."
Item # : LPS-003
Price : $39.95
Name : The 11 Piece Tool Set
"This deluxe 11 piece kit features all metal handles and comes in a discrete
carrying case for undercover operatives. All picks are .022 blue spring steel
and hardened to perfection."
Item # : LPS-005
Price : $119.95
Name : The 60 Piece Tool Set
"Here it is. The finest lockpick set we've stocked. It includes 60 picks,
tension wrenches, and a broken key extractor plus a zippered top grain cowhide
case and warded master keys."
Item # : LPS-004
Price : $59.95
Name : Professional Locksmithing Tool
"The famous lockaid Tool was designed for law enforcement agencies to quickly
pick pin tumbler locks. The american-made product is the only superior "lock
gun" available. Unlike conventional hand picks that activate only one or two
cylinder pins, this tool is designed to span all the pins at once. The needle,
powered by trigger action, strikes all t the cylinder bottom pins
simultaneously. As the force is transferred to the upper pins, they
momentarily rise in the chambers. Comes complete with 3 stainless steel
needles and tension wrench."
----------
Phoenix Systems Inc.
(303)-277-0305
----------
"OUR LOCK PICKS ARE THE FINEST QUALITY PROFESSIONAL TOOLS AVAILABLE. Each pick
is made of hard-finished clock-spring steel, tempered to the correct degree of
hardness. Whether the subject is wafer tumbler locks or 6 & 7 pin tumbler
locks, our picks are the best available, and the standard of the industry.
With a few minutes of practice, even a beginner can open most padlocks, door
locks and deadbolts. NOTE: BE SURE TO CHECK YOUR LOCAL, AND STATE ORDINANCES
GOVERNING POSSESSION OF THESE TOOLS."
Item # : 604
Price : $75.00
Name : Superior Pick Set
"Hip pocket size in top grain leather case. Our most complete set. 32 picks,
tension tools & extractors."
Item # : 606
Price : $34.95
Name : Tyro Pick Set.
"An excellent choice for the beginner. Cowhide leather case contains 9 picks,
tension wrenches & key extractor."
Item # : 607
Price : 9.95
Name : Warded Padlock Pick Set
"This 5 piece padlock pick set is made of the finest blue tempered spring
steel. This set will pick open most every warded padlock made today."
Item # : 610
Price : $24.95
Name : Double Sided Tumbler Lock Picks
"Set of 4 picks for use with double-sided, disc tumbler, showcase, cam and
PADLOCKS. An excellent addition to your other pick sets."
Item # : 617
Price : $39.95
Name : Padlock Shim Picks
"Open padlocks in seconds! Our new Padlock Shim pick's unique design makes
them so successful that it is frightening! Simply slide the shim down between
the shackle and the lock housing, twist and the lock is open. Works best on
laminated type padlocks (the most popular type) but will open ALMOST ANY TYPE
OF PADLOCK -- INCLUDING THE POPULAR 3 NUMBER COMBINATION TYPE. Include 20
shims -- 5 each of the 4 most common shackle diameters for perfect fit every
time. Comes with complete instructions."
Item # : 618
Price : $34.95
Name : Schlage Wafer Pick Set
"There are two types of Schlage wafer locks, each needing a different base key
to pick with. This set comes with both types of base keys and the pick. With
the proper base key the lock is already half picked. Very quick and easy to
use. Comes with complete instructions.
Item # : 620
Price : $59.95
Name : Pick Gun
"Picks locks FAST. Open locks in less than 5 seconds. Specifically designed
for tumbler locks. Insert pick into key slot, then just pull trigger. Throws
all pins into position at one time. Lock is then turned with tension bar.
Used extensively by police and other government agencies. Gun is spring
loaded, with tension adjustment knob. Comes with 3 needle picks and tension
bar. No batteries necessary. Life-time guarantee.
Item # : 612
Price : $16.00
Name : The Slim Jim
"Car door opener. The tool does not enter inside the car. Opens a car door by
"feel" rather then sight. With a little practice, car opening will be no
problem. For GM, Ford and Chrysler cars. Made of clock-spring steel and is
hand finished."
Item # : 613
Price : $16.00
Name : The Super Jim
"This tool will open most GM, Ford and AMC car doors. Opener does not enter
vehicle. Made wider and thicker, and is bright nickel plated. Faster openings
on most domestic automobiles. With illustrated instructions."
Item # : 614
Price : $19.95
Name : Houdini Car Door Opener
"The latest and best innovations on car door openers. It works the same as
your old Slim Jim, except it now folds neatly to fit in pocket or toolbox
without getting in the way. ONLY 6 1/2 INCHES LONG WHEN FOLDED. Open up and
snaps into place like a fold-up ruler, excellent stainless steel constructions
with vinyl handle for comfort."
Item # : 615
Price : $39.95
Name : Pro-Lok "Car Killer" Kit
"Over the years we have had thousands of requests for a multi-vehicle opening
kit. We are now able to offer the most complete kit that we have ever seen.
This kit of tools will open over 135 automobiles, both domestic and foreign, on
the road today. The opening procedure for each vehicle is diagrammed and
explained in the instruction manual. Kit comes with complete instruction
manual and gas cap pick tool."
Item # : 600
Price : $129.95
Name : Tubular Lock Pick
"This tool is an easy and reliable method for picking tubular locks, as found
on commercial vending machines, washers, dryers, etc. This newest high tech
design is much faster and easier to use than the old type that used rubber
bands to hold the feeler picks. Internal neoprene "O" rings together with
knurled collar provide a very simple and easy tension adjustment. Sturdy
stainless steel construction provides for long-lasting service. This tool
will, with a little practice, easily and quickly open any regular center-spaced
tubular lock -- the most popular type of tubular lock on the market. Comes
with complete instructions and leather carrying case."
Tips for Success
~~~~~~~~~~~~~~~~
Following is information that will help you become more adept at
manipulating locks. Solutions to common problems and general miscellaneous
information that could prove useful is included.
Determining the Direction of Rotation
Before you can pick a tumbler type lock, you must determine the correct
direction of rotation. It may sound like a trivial point, but who wants to
waste hours trying to pick a lock the wrong direction. Though there will of
course be exceptions, there are some general guidelines. Cylindrical locks,
padlocks, file cabinet locks almost always turn in a clockwise direction or
either direction to open. When confronted with a door lock, turn the plug so
that the top of the keyhole turns toward the edge of the door. There is a
notable exception here, Corbin and Russwin locks turn AWAY from the door edge.
Tight or Dirty Locks
If a lock seems exceptionally tight or dirty, it will be hard to break the
pins. It may help to lubricate the lock. NEVER use a liquid type lubrication
such as WD40, 3-in-1 oil, etc... Use powdered graphite, available in most
hardware stores. It comes in a little tube, allowing a light squeeze to blow a
puff of graphite into the keyway. If lubrication does not help, you may need
to apply a little firmer hand on the tension wrench.
Proper Attitude
It is very important to maintain a confident attitude while you are
learning to pick locks. If you feel nervous or stressed, it will only
make things harder. You will not be able to pick every lock you come to,
but with practice and patience, you may be surprised. Visualise what is
happening inside the lock, this is the key. If you don't fully
understand how a lock works and exactly what you are doing to it, you will
not experience a high degree of success.
Combination Locks
~~~~~~~~~~~~~~~~~
Combination locks work on a series of flat, round disks that have notches
and pegs (one of each, one set per disk) along their circumference. Notches
are referred to as "gates". The first tumbler determines the last digit of the
combination, and is actually attached to the dial directly. As the dial is
turned, the peg of the first tumbler catches on the middle tumbler's peg,
dragging it along. As the dial is turned further, the middle tumbler latches
on to the peg of the last tumbler, all three turning together. Turning all the
tumblers is known as "clearing" the lock, and must be done before attempting to
operate the lock. For the lock to open, the gate on each disk must align up
with the pawl (breaking arm) of the bolt.
Dialing the first digit of the combination aligns the last tumbler's gate
to the pawl. Before dialing the second digit, the dial must be turned one
complete turn in the opposite direction (assuming a three tumbler lock, twice
for a four digit one). Rotating in the original direction to the last digit
will align the first tumbler's gate, and the lock can open. Modern safe
combination locks are impossible to crack (literally). Many innovations have
given high quality locks this degree of security. Burglars learned to feel the
gates and pegs rotate about the lock, allowing them to manipulate the tumblers
into their proper position. To combat this, a searted front tumbler was
designed to create shallow "false gates". The false gates are difficult to
distinguish from the actual gates. To combat this problem, safe crackers would
hook up a high speed drill to the dial. This would wear the tumblers edges
smooth, eliminating the bothersome shallow gates. Still, despite their
security, cheap combination locks are far from foolproof.
Determining an Unknown Combination
The most common and difficult to open of these small disk tumbler locks
are the Master combination padlocks, and they are quite popular. With
practice, they CAN be opened. The newer the lock is, though, the more
difficult it will be to open at first. If the lock has had a lot of use, such
as that on a locker-room door where the shackle gets pulled down and encounters
the tumblers while the combination is being dialed, the serrated front tumblers
will become smoothed down, allowing easier sensing of the tumblers. So, until
you have become good at opening these locks, practice extensively on an old
one. Here's how.
Step One
First, clear the tumblers by engaging all of them. This is done by
turning the dial clockwise (sometimes these locks open more easily starting in
the opposite direction) three to four times. Now bring your ear close to the
lock and gently press the bottom back edge to the bony area just forward of
your ear canal opening so that vibrations can be heard and felt. Slowly turn
the dial in the opposite direction. As you turn, you will hear a very light
click as each tumbler is picked up by the previous tumbler. This is the sound
of the pickup pegs on each disk as they engage each other. Clear the tumblers
again in a clockwise manner and proceed to step two.
Step Two
After you have cleared the tumblers, apply an upward pressure on the
shackle of the padlock. Keeping your ear on the lock, try to hear the tumblers
as they rub across the pawl; keep the dial rotating in a clockwise direction.
You will hear two types of clicks, each with a subtle difference in pitch.
The shallow, higher pitched clicks are the sound of the false gates on the
first disk tumbler. Do not let them fool you-the real gates sound hollow and
empty, almost nonexistent.
When you feel a greater than normal relief in the shackle once every full
turn, this is the gate of the first tumbler (last number dialed). This tumbler
is connected directly to the dial as mentioned earlier. Ignore that sound for
now. When you have aligned the other two tumblers, the last tumbler's sound
will be drowned out by the sound of the shackle popping open.
Step Three
While continuing in a clockwise direction with the dial, listen carefully
for the slight hollow sound of either one of the first two tumblers. Note on
the dial face where these sounds are by either memorizing them or writing them
down. Make certain that you do not take note of the driving tumbler (last
number dialed). If you hear and feel only one hollow click (sounds like
"dumpf"), chances are that the first number could be the same as the last one.
You should have two numbers now. Let us say one of them is 12 and the
other is 26. Clear the tumblers again just to be safe and stop at the number
12. Go counterclockwise one complete turn from 12. Continue until there is
another "dumpf" sound. After the complete turn pass 12, if you feel and hear a
louder than normal sound of a tumbler rubbing on the pawl, the first tumbler is
properly aligned and the second tumbler is taking the brunt of the force from
the shackle-you are on the right track. When the second tumbler has aligned in
this case, you will feel a definite resistance with the last turn of the dial
going clockwise. The final turn will automatically open the shackle of the
lock. If none of these symptoms are evident, try starting with the number of
the combination, 26, in the same way.
Step Four
If the lock still does not open, don't give up. Try searching for a
different first number. Give it a good thirty or forty minute try. If you
play with it long enough, it will eventually open. The more practice you have
under your belt, the quicker you will be able to open these padlocks in the
future.
Using a stethoscope to increase audibility of the clicks is not out of the
question when working on disk tumbler locks, though usually not needed for
padlocks. A miniature wide-audio-range electronic stethoscope with a magnetic
base for coupling a piezoelectric-type microphone is ideal for getting to know
the tumblers better.
Sesame Locks
Another type of disk tumbler padlock is the Sesame lock made by the Corbin
Lock Co. Its unique design makes it more difficult to open than Master
padlocks, but it can be opened. Let's take one of the three or four wheel
mechanisms, look at a cross section, and see how it works. The wheel has
numbers from zero to nine. Attached to the wheel is a small cam. Both the
wheel and cam turn on the shaft. Each wheel in this lock operates indepen-
dently with its own cam and shaft. The locking dog is locked to the shackle.
In this position the shackle cannot be opened. The locking dog operates with
all three or four wheels. The locking dog is riding on the round edge of the
cam. The spring is pushing up on the cam. The locking dog cannot move up
because it is resting on the round part of the cam. When the wheel is turned
to the proper combination number, the locking dog rests on the flat of the cam.
The spring can then raise the locking dog to release the shackle, and this
opens the lock.
Magnetic Locks
~~~~~~~~~~~~~~
Magnetic locks are a recent innovation to the security world. Their basic
operation involves the principle that like poles of a magnetic repel each
other, while opposite poles repel. A magnetic lock then does not have pins,
but magnets (which are often behind a plastic "roof" on the keyway). When all
these magnets are in the "repelled" position, meaning a similar magnetic pole
is below them, a lever arm releases the lock. A key then would have a magnet
arrangement identical to that of the lock. These locks may be activated either
by a flat, notchless key, or by use of a magnetic card, where in the lock
actually uses a two dimensional arrangement of magnets. These are not too
common, but can be found in some installations.
Opening Magnetic Locks
By using a pulsating electromagnetic field, you can cause the magnets in
the lock to vibrate at thirty vibrations per second, thereby allowing it to
open by applying constant tension to the bolt. You should be able to purchase
one of these "picks" from a locksmith supply company. Unfortunately, this
method usually ruins the properties of the lock's magnets, so use it in
emergencies only. The magnetic pick can be used in padlocks by stroking it
across the place where the key is placed. It is also designed to fit into a
doorknob and is then used by stroking one pole in and out.
Simplex 5-button combination locks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(*Hobbit*'s in-depth evaluation)
This deals with the Simplex or Unican 5-button all-mechanical combination
locks. They are usually used in a variety of secure but high-traffic
applications, and come in a number of flavors: dead bolt, slam latch, lock
switches for alarms, buttons in a circle or a vertical line, etc. The internal
locking works are the same across all of these. Herein will be described the
mechanical workings and a method of defeating the lock that falls out by
logical inference and observations from playing with it.
The internals
Caveat: If this seems unclear at first, it is because the absolutely best
way to understand the inner mysteries is to take a Simplex lock apart and study
it. It is highly recommended that the reader obtain and disassemble one of the
units while studying this; otherwise the following may be confusing. The
locking mechanism box is swaged together at each end, but it is trivial to open
up without destroying it. To set a lock up for study, remove the back, leaving
the front plate held on by its Jesus clip. Put a spare thumb turn down over
the shaft so you have something to grab. Take care not to lose the button
connecting pins; they drop out.
In the round configuration, the buttons talk via bent bars in the
faceplate to the same vertical column as the straight ones. Thus all buttons
henceforth shall be referred to as if they were in a straight vertical row,
numbered 1 to 5 reading downward. The actual locking mechanism inside is a
small metal box, about 3 inches high and .75 x .75 inch across the base. It
contains five tumblers, one corresponding to each button, a common shift bar,
and a couple of cams to handle reset and unlocking. The user dials the
combination and turns the handle to the right to open the lock, or to the left
to reset any dialed digits if he made a typo. If the proper combination has
not been dialed yet, the shaft will not turn to the right. Setting a
combination shall be described later. Some of the linear-style locks are
actually made by Unican, but have the Simplex box inside. For these, a
clockwise twist serves as both open and reset. There is a detent plate and a
screwy lever system; if the lock is not open yet, the lever cannot turn to the
*box*'s right. The detent slips, allows the levers to shift the other way, and
the box arm is then turned to the left. If the detent does not slip, it's
open, and the plate locks to the latch shaft and pulls it back.
Each of the five tumblers has six possible positions. Each button does
nothing but push its corresponding tumbler from the 0 position to the 1
position. Therefore, each button can only be used once, since once the tumbler
has moved, the button has no further effect. The trick comes when *subsequent*
buttons are pushed. Each button press not only shoves its tumbler from 0 to 1,
it also advances any "enabled" tumblers one more step. When a tumbler is
enabled, its corresponding gear has engaged the common bar and pushed it around
one position, so the next button press will do this again, thus taking
previously enabled tumblers around one more notch. This way, the further-in
tumbler positions can be reached. It can be seen that there are undialable
combinations; for instance, only *one* tumbler can reach position 5 for a valid
combination [Positions labeled 0 thru 5, totalling six]. If one sits down and
figures out possible places for the tumblers to go, many combinations are
eliminated right away, so the number of possibilities is *not* 6^5 as one might
expect. Two-at-once pushes are also valid, and are *not* the same as pushing
the given two in some other order. Pushing two [or three or ...] at once
simply enables two tumblers at once and shoves them to position 1 at the same
time. [This of course leaves less buttons unused to push them in farther!] The
tumblers themselves are small round chunks of metal, with gear teeth around the
top half and a notch cut into the bottom edge. When all these notches line up
with the locking bar, the lock is open. The tumblers are mounted on a vertical
shaft so they can spin, with the locking bar fingers resting against the bottom
of each one. The locking bar is prevented from rising if any notch is turned
away from it. Juxtaposed to the tumblers is another shaft containing idler
gears, which in turn talk to the common bar in the back. The intermediate
shaft slides up and down and makes combination changes possible. Note: The
buttons actually talk to the idler gears and not the tumblers themselves. This
is necessary since during a combo change, the tumblers cannot move because the
locking bar teeth are sitting in the notches.
[Editor's note: Simplex locks are set at the factory with a default code of
(2-4), 3. This is often not even changed.]
Combination change, other random facts
Once you know the current combination, you might want to change it.
Instructions for doing this undoubtedly come with the lock; but it's real easy.
There is a screw in the top with a hex hole; remove this from the lock body.
Dial the proper combination, but don't move the handle. Press straight down
through the hole with a small screwdriver, until you feel something go "thunk"
downward. The lock is now in change mode. Reset the tumblers [leftward
twist], enter your new combination, twist the handle as though opening the
lock, and your change is now in effect. Re-insert the screw. This does the
following: The thing you hit with the screwdriver pushes the tumblers down onto
the locking bar [which is why the proper combination must be entered], and
disengages them from their idler gears. Button presses turn the *idler*
*gears* around, and then the opening action shoves the tumblers back up to mesh
with these gears in their new positions. A subsequent reset mixes the tumblers
up again to follow the new combination. This description is admittedly
somewhat inadequate; the right thing to do is take one of the locks apart and
see for one's self what exactly happens inside.
The Unican model has a disk-locked screw on the rear side. Removing this
reveals a round piece with a flat side. Twist this clockwise to enable change
mode as in the above. This lock, of course, would be a little more secure
against random people changing the combination for fun since you ostensibly
need a key to get at it. Keep in mind that "reset" on these is done by turning
the knob all the way *clockwise* instead. There is a linkage that ensures that
the shaft inside goes counterclockwise for the time that change mode is
enabled.
It is amusing to hear local locksmiths call the Simplex internals a
"computer". It would seem that none of them have taken one apart to see what
is really inside; the box is painted black as far as they are concerned and
non-openable. Obtaining one is the unquestionably best way to learn what's in
there. Unfortunately they cost on the order of $120, a price which clearly
takes advantage of the public's ignorance. These locks are *not* pick-proof
after all, and anyone who maintains that they are is defrauding the customer.
There are a variety of ways to increase the picking difficulty, to be discussed
elsewhere. Your best bet is to borrow one from somewhere for an evening and
spend the time learning its innards.
Determining an unknown combination
Contrary to what the marketing reps would have you believe, the locks can
be opened fairly quickly without knowing the set combination and without
damaging the lock. Through a blend of a soft touch, a little hard logic, and
an implicit understanding of how the locking mechanism works, they generally
yield within five minutes or so. [There are *always* exceptions...]
This method requires that one does not think in terms of a sequence of
button presses. One must think in terms of tumbler positions, and simply use
the buttons to place tumblers where desired. For practical description
purposes, it will be assumed that the buttons connect right to the tumblers,
rather than the idler gears that they really do. The idler gears are a
necessary part only during combination changes. Unless you are doing a change,
considering it this way is pretty close to the facts. Remember that a 0
position means the button was never pushed, and 5 is enabled and shifted as far
as possible.
Turning the thumb handle to the right [clockwise] raises the locking bar
against the tumblers. Since the lock is never machined perfectly, one or more
tumblers will have more pressure on it than other ones, and this shows up as
friction against it when it is turned via the button. This friction is felt in
the short distance between fully-extended and the detent on the button [the
first 2 or 3 mm of travel]. Some will travel easily to the detent, and others
will resist efforts to push them in. Suppose you are twisting the handle, and
tumbler 1 has lots of pressure on it [you can feel this when you try to push
button 1 in]. When you back off the tension on the handle a little bit, the
button can be pushed in against the resistance. The fact that the button has
resistance at position 0 tells you that tumbler 1's proper position is *not* 0,
or there would be no pressure if the notch was there! Upon pushing button 1
in, you find that no pressure has appeared at any other button. This
eliminates position 1 for tumbler 1, also. Now, how do you get tumbler 1 to
different positions so you can test for pressure against other ones? Push
subsequent buttons. Push any other button, and tumbler 1 advances to position
2. Ignore what the other tumblers are doing for the moment. Now, perhaps
another button has some resistance now. This means that tumbler 1 is either at
the right position, or getting close. Basically you are using other tumblers
to find out things about the one in question. [Keep in mind that the first one
with friction won't *always* be tumbler 1! Any tumbler[s] could have the first
pressure on them.] Continuing, push another "don't care" button. A "don't
care" button is one that is not the one you're trying to evaluate, and not the
one that recently showed some friction. What you want to do is advance tumbler
1 again without disturbing anything else. Did the pressure against your test
tumbler get stronger, or disappear? If it got stronger, that points to an even
higher probability that tumbler 1 is supposed to be at 3, rather than 2. If
the pressure vanished or became less, 1 has gone too far, and you were safer
with it at position 2. Let's assume that the pressure against your test
tumbler increased slightly when tumbler 1 was at 2, increased even more when
tumbler 1 was at 3 and vanished when you pushed it onward to 4. Reset the
lock. You now know the proper position of tumbler 1 [that is, whatever tumbler
first had pressure on it]. You've already drastically reduced the number of
possible combinations, but you aren't finished yet.
You can now eliminate positions for the next one or two tumblers the same
way -- but to set things up so you can feel the pressure against these, you
must ensure that your newly-known tumbler [1 in this case] is in its proper
position. It is useful to make a little chart of the tumbler positions, and
indicate the probabilities of correct positions.
Positions
0 1 2 3 4 5
----------------
1 : L L + T L | <-- Indicates that tumbler 1 is not
0, not 1, maybe 2, more likely 3.
Tumbler 2 : | | | | | |
number
3 : | | | | | |
4 : L | | | | | <-- Indicates that tumbler 4 is not 0.
5 : | | | | | |
This chart is simply a bunch of little vertical lines that you have drawn
in a 5x6 matrix; the topmost row corresponds to button 1 and the lowest to 5.
Mark the probabilities as little hash marks at the appropriate height. The
leftmost bar indicates position 0, rightmost 5; a high mark on the left side
indicates that the tumbler is 0, or is never used. The relative heights of
your tick marks indicate the likelihood of the notch on the respective tumbler
being there. If you don't know about a position, don't mark it yet. This
chart serves as a useful mnemonic while learning this trick; as you gain
experience you probably won't need it anymore if you can remember tumbler
positions.
A tumbler at the 0 position is already lined up before any buttons are
pressed. This will feel like a lot of loose play with a little bit of pressure
at the end of the travel, just before the enable detent. Be aware of this;
often enough the first button with pressure can be a 0, and if you aren't
watching for 0 positions you can easily assume it's a don't care, push it, and
screw your chances of feeling others. Make sure your "don't care" test buttons
aren't supposed to be at 0 either. It's a good idea to run through and try to
find all the zeros first thing.
Let us continue from the above. You have found that tumbler 1 is most
likely to bet at position 3, with a slim chance of position 2. This is marked
in the above chart. The reason this can happen is that the tops of the locking
bar teeth are slightly rounded. When the tumbler is one away from its opening
position, the locking bar can actually rise higher, since the notch is halfway
over it already. So don't assume that the first increase in pressure on other
buttons is the right position for the one you're finding out about. Let's
assume that the next pressure showed up on button 4. You can feel this when
tumbler 1 is at position 3; to get tumbler 1 out there, let's say you used the
sequence 1,2,3. 2 and 3 were your "don't care" buttons used only to push 1
around. Therefore now, tumbler 1 is at position 3, 2 is at 2, and 3 is at 1.
5 and 4 are at 0, and can therefore be felt for pressure.
The next step is to find the proper position for the next button with
pressure against its tumbler. Many times you'll get more than one that exhibit
pressure at the same time. Figure out which button has more pressure on it now
with your first tumbler in the right position. In this example, only 4
applies. You now want to advance tumbler 4 to different places, *while*
keeping 1 at its proper place. 1 must always advance to 3 to free the locking
bar enough to press on other tumblers. To place tumbler 1 at position 3 and 4
at position 1, you would do something like 1,2,4 and check 3 and 5. To place
tumbler 1 at position 3 and 4 at 2, you would do something like 1,4,2. To
place 1 at 3 and 4 at 3, you have to press 1 and 4 at the same time, and then
advance that mess by two positions. If you use 2 and 3 for this, the notation
is (14),2,3, which means 1-with-4, then 2, then 3. You can also do 4,1,2,5 to
put 4 at 4 and check 3. If all these tests fail, that is, no pressure appears
at any other button, you can start assuming that 4 is supposed to be way out
there at position 5. For the example, let's say you did 1,4,2 and pressure
showed up on button 3. To double-check this, you did (14),2,5, and the
pressure on 3 went away. So tumbler 4 must have gone too far that time. Place
a fairly high tick mark on the chart at tumbler 4, position 2 to indicate the
probability.
Note: A better way to do that last test, to avoid ambiguity, is to do
1,(42),5 and check 3, then do (14),2,5 and check 3. This ensures that the only
change you have made is to move tumbler 4 from 2 to 3 an avoids the possibility
of movement of tumbler 2 giving bogus results. Through the entire process, you
want to try to change one thing at a time at every point. Sometimes one of
this sort of possible test setup won't tell you anything and you have to try
another one [in this case, perhaps 1,(45),2 and then (14),5,2 while checking 3.
This has simply swapped the positions of 2 and 5 during your testing].
You now know two tumbler positions, with a high degree of confidence, and
have further reduced the possible combinations. From here, you could mix
tumblers 2,3 and 5 into the sequence with various permutations, as long as you
place 1 and 4 correctly every time. This would still take some time and brain
work ... let's try to find out something about some other buttons. Place 1
and 4 where they're supposed to go ... the sequence 1,4,2 will do it, and see
what's up with the other buttons. 1,4,3 will leave 2 and 5 available. You
find eventually that 2 and 3 have the next bit of pressure distributed between
them [and are nonzero], and 5 feels like a 0, as described above. To confirm
this, advance 5 along with some other button and check 3. Bingo: There is no
pressure on 2 when 5 is enabled [and you have not changed anything else besides
5's position], so you can firmly decide that 5 is 0 after all. So leave it
there. [You did this by advancing 1 to 3 and 4 to 2, as usual, so you can feel
2's pressure in the first place.]
By now you should know the proper positions of three of the tumblers, and
have eliminated any other zeros by feeling their initial pressure. Now, since
2 and 3 have the next pressure on them, try and find out more about them. You
know they aren't zero; suppose we try 1? To do this you must get one of them
to 1, 1 to 3 as usual, 4 to 2, and leave 5 alone. How? Use hitherto unknown
buttons as dummies to position the tumblers right. For instance, the sequence
1,4,3 will do what you want here; you then check pressure on 2. Or 1,4,2 and
check 3. Here you may notice that the pressure on the leftover is a *little*
stronger than before, but not enough to make any sure judgement. Well, now you
want to advance an unknown to position 2 - but you suddenly notice that if you
do [by doing something like 1,(42),3] there are no free buttons left to test
for pressure! 'Tis time to try possibilities. Your only unknowns are 2 and 3
now. You must now advance 1 and 4 to their proper positions, leaving 5 alone,
while sprinkling the unknowns around in the sequence in different permutations.
Use your chart to remember where the known tumblers must go. Sometimes you get
two possibilities for a tumbler; you must work this into the permutations also.
In this particular example, you know that either 2 or 3 [or both!] must be the
last button[s] pressed, since *something* has to get pressed after 4 to advance
4 to position 2. An obvious thing to try is putting both the unknowns at
position 1 by doing 1,4,(23). Try the handle to see if it's open. No? Okay,
now leave one of the unknowns down at 1 and mix the other one around. For
instance, for 2 at 1 and 3 at 2, you do 1,(34),2 -- nope. Advance 3 one more;
(13),4,2 *click* -- huh?? Oh, hey, it's *open*!!
Well, when you are quite through dancing around the room, you should know that
your further possibilities here ran as follows:
3,1,4,2 ; to end the permutations with 2 at 1
1,(24),3 ; and permutations involving 3 at 1.
(12),4,3
2,1,4,3
One may see how things like 2,1,(34),x are eliminated by the fact that 1
must get to 3, and 5 must stay still. Since only 4 buttons could be used, no
tumbler can get to position 5 in this particular combination. Note also that
the farther *in* a tumbler has to go, the earlier its button was pressed.
If all this seems confusing at first, go over it carefully and try to
visualize what is happening inside the box and how you can feel that through
the buttons. It is not very likely that you can set up your lock exactly as
the example, since they are all slightly different. Substitute your first-
pressure button for the 1 in this example. You may even have one that exhibits
pressure against two or more tumblers initially. Just apply the
differential-pressure idea the same way to find their most likely positions.
The example is just that, to demonstrate how the method works. To really
understand it, you'll have to set your lock up with some kind of combination,
and apply the method to opening it while watching the works. Do this a few
times until you understand what's going on in there, and then you'll be able to
do it with the lock assembled, and then in your sleep, and then by just waving
your hands and mumbling....
A 5-press combination makes life a little tougher, in that you lose
versatility in your freedom of test positions, especially if your first-
pressure tumbler is at position 5. Here you can use the "almost" feature to
your advantage, and advance the errant tumbler to one before its proper spot,
and hope to see increased pressure on other tumblers. When a tumbler is one
away from right, the locking bar tab is hanging a large section of itself into
the tumbler notch, and the tab's top is slightly rounded. So it can rise a
little higher than before. If you twist the handle fairly hard, you can
distort the locking bar slightly and make it rise higher [but don't twist it
hard enough to break away the safety clutch in the shaft!] The chances of
someone setting this sort of combination without prior knowledge about the
*specific* lock are almost nonexistent.
As if that wasn't enough, the next thing to deal with is the so-called
"high-security" combinations involving half-pushes of buttons. The long
initial travel of the tumbler permits this. If you look at your open mechanism
and slowly push in a button, you'll see that the tumbler actually travels *two*
positions before landing in the detent, and further motion is over one position
per press. There is no inherently higher security in this kind of combination;
it's just a trick used against the average person who wouldn't think of holding
a button down while twisting the latch release. It's quite possible to defeat
these also. When you are testing for pressure against a tumbler set at
"one-half", you'll feel a kind of "drop-off" in which there is pressure
initially, and then it disappears just before the detent. Before testing
further buttons, you'll have to "half-enable" the appropriate "one-half"
tumblers so the locking bar can rise past them. Set your lock up with a couple
of combinations of this type and see how it works. Note that you must hold
down the "half" buttons just before the detent click while setting or opening.
This makes an effective 7 positions for each tumbler, but in a standard [no
"halfs"] setup, it's effectively 6. This is Simplex's "high-security" trick
that they normally only tell their high-dollar military customers about. After
working the lock over for a while, it's intuitively obvious.
The Unican type has no direct pressure direction of twist; if you turn too
far to the right you only reset the tumblers. What you must do is hold the
knob against the detent release just tight enough to press the locking bar
against the tumblers inside the box but not hard enough to slip the detent.
There is a fairly large torque margin to work with, so this is not difficult to
do. Unicans do not twist to the left at all, so ignore that direction and work
clockwise only.
Possible fixes
The obvious things improvements to make are to cut notches of some kind
into the locking bar teeth and the tumblers, so that the pressure can't be as
easily felt. Another way might be to have a slip joint on the locking bar that
would release before a certain amount of pressure was developed against it, and
thus never let the tumblers have enough pressure against them to feel. The
future may see an improved design from Simplex, but the likelihood does not
seem high. They did not seem interested in addressing the "problem".
Automotive Protection Systems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are several types of locking devices found on cars today. Standard
window locks, exterior locks, ignition locks, and the famous third party "club"
type steering wheel locks.
Wing or vent windows have several types of locking devices. The most
common is simply a lever that turns to prevent the window from opening.
Another type of wing window lock has a lever latch equipped with a plunger at
the pivot of the latch. The plunger deadlocks the latch against rotation,
unless the plunger is first pushed in and held until the initial stage of
rotation has been accomplished. Naturally, these are a bit more secure.
The most popular auto locks for the exterior and ignition are a derivative
of the wafer tumbler locks called the "side-bar wafer lock." Side-bar wafer
locks offer more protection then either the wafer tumbler or pin tumbler (of
course they cost more.) When all of the tumblers have aligned to their breaking
points, a spring-loaded bar falls into place, allowing the cylinder to turn.
Ford auto locks are an exception, as they have pin tumbler locks.
Club Type Locks
One of the "club" type auto locks is an extensible bar that has opposing
hooks that nominally wedge between spokes on the steering wheel. The bar
itself is notched at 1" intervals or so. The key on these is rather
impressive; it's a brass tube with at least three sets of chamfers drilled into
their sides.
Defeating Club Type Locks
The weak part of these locks is not the keyway; it's the extensible bar.
The notches provide built-in weak spots. The lock can be forced in about three
seconds. Do as follows (it helps to be relatively strong):
1) Put on weightlifting gloves.
2) slide driver's seat all the way back.
3) tilt driver's seat all the way down.
4) tilt steering wheel all the way down.
5) put your feet on ends of "club" (past the rim of the steering wheel)
6) grasp center of the notched extension bar. Don't interlace fingers,
just grab with your dominant hand and then grab over that hand in the other
direction with the other hand.
7) Take a deep breath
8) While smoothly exhaling, hold on tight with your hands and straighten
your legs. (classic leg press -- even Joe Average can exert twice his body
weight in this mode.)
9) "Club" will conveniently bend into a horseshoe or shatter at a convenient
notch, depending on the mood of the guy running the tempering furnace.
This is why you wear weightlifting gloves while doing this trick- it keeps
the steel fragments from cutting you.
There is another "club" that has a collar that wraps around a segment of
the steering wheel; these cost more, are much less common, and the above
technique does not work for them. However, you can hacksaw the wheel in one
place and "spring" the wheel enough to allow the collar to pop off the wheel.
Bend the wheel back, add some tinted epoxy, and you're clean.
Auto Alarms
More and more, people are using auto alarms to try to protect their
vehicles. Unfortunately, if somebody wants to steal your car, they will. No
amount of protection will prevent this. The strategy behind an auto alarm is
to make your car more of a pain to steal then somebody elses. Here are the
basics of car alarms.
The Brain
The main alarm unit, sometimes called the "brain", is mounted in the most
secure place that can be found. Up inside the dashboard for instance. They
basically took the whole dash apart, install the alarm, and then put the whole
dash together around it. Some places install the brain under a seat or even up
under the carpet on the passenger side ("so they can adjust it easier"). This
is incredibly stupid.
Starter Kill
Basically, when the alarm is armed, the starter is electronically
disconnected so the car cannot be started or even hot wired. Most alarms have
this as a standard feature.
Valet switches
This is a toggle switch that can be set to keep the alarm from going off
if the owner has to leave it with a valet or for car repairs. Most of the
systems have this feature.
Passive vs Active Arming
With passive arming, the alarm becomes armed after a given time period
after the last car door has closed. To disarm, you can either get in to the
car and place the key in the ignition within a certain time period or press a
button on a remote transmitter to disarm the alarm.
With active arming, you have to press a button on a transmitter to arm the
alarm. To disarm, you press the transmitter button again.
Arming and Disarming beeps
Most alarms give you an audible alert when the alarm is armed or disarmed.
This serves two purposes. One is to let you know the alarm is working and on
the job. The other is to let others know the car has an alarm.
Motion Sensors
Some alarms like the UNGO box and others have a motion sensor. In the
UNGO Box's case, it is a tube filled with mercury surrounded by a wire coil.
When the car moves, the mercury moves within the tube causing current to flow
in the coil. This is what sets the alarm off. Other have some type of spring
with a weight on it so when the car moves, the weight bobbles back and forth
and makes contact with the casing causing the circuit to be completed. The
former method has a patent, the latter has no patent because it is worthless.
If you have ever heard a parking lot full of alarms going off at an airport or
a parking deck, it is because of this type of sensor. These are prone to false
alarms from passing trucks, thunder, airplanes, etc.
The UNGO Box's sensor is highly adjustable, however, if you adjust it to
eliminate all false alarms, then you have basically disabled its usefulness for
triggering real alarms.
Shock Sensor
This is what comes standard on most alarms. It basically senses motion
like a motion sensor but scans a very short period of time. You can rock the
car and push up and down on it and the shock sensor will not go off. If you
kick a tire or hit the window or door with your fist, the alarm goes off.
Glass Breakage Sensor
What this is supposed to do is pick up on the particular high frequencies
of glass being broken or cut and to trigger the alarm. It is basically a
microphone placed somewhere inside the car.
Field Motion Sensor (Perimeter Guard)
Basically this is the type of sensor which sets up some type of field
around the car and inside the car to detect masses coming close to the car. It
is a must for convertible owners. These aren't as common as most other types
because of the extremely high cost. There are many cheap ones available to add
to any alarm, but they have nothing but problems with them (i.e. false
alarms). Some Alpine systems are designed especially for this type of sensor
and have a price tag to match.
They are basically useless on hard top cars. Some cheap units are set off
by anything. There is a car parked right outside of my classroom which is
always being set off by falling rain and passers by. Very annoying. There are
other fancy alarms which have a pre- recorded message like "Please step away
from the car ...". These are really stupid and a waste of money. I heard of a
new BMW being tortured by a group of kids throwing rocks at it just to hear the
little voice go off.
Current sensor
This basically monitors the current drain on the battery. If it changes,
i.e. a door is opened causing a light to come on, the alarm is triggered.
This is how many cheap alarms are triggered. They just monitor the current.
The doors and trunk are all protected because they have lights which will come
on when opened.
The problem is, most newer cars have a fan inside the engine compartment
which comes on even after the car is turned off. The resulting drain on the
battery will trigger a current sensor.
Seat pressure sensor
If someone sits in the seat, the alarm is triggered. Not very practical
unless on a convertible. By the time the thief is in your seat, your car or
your stereo is history anyway.
Backup Battery
This is an emergency backup battery for the car alarm. It charges off of
the car alternator just like the car's battery. If the car's battery goes dead
or if the power cables are cut, the battery can still run the alarm and the
siren. The alarm will remain armed.
With cheaper alarms and/or poor installations, some systems might end up
wired into the car in a haphazard way. Most alarms flash the car's parking
lights when activated. All a thief has to do is short out a parking light, set
your alarm off and whammo, your car and the alarm goes dead. Thief gets in,
replaces the right fuses and off he goes.
Automatic Door locks/Unlocks
Another neat feature is automatic door locking. This is an option on most
alarms. It uses what they call an "output" from the alarm which can be
programmed to do various things. Most installers set this up so that when the
alarm is armed, all doors lock and when the alarm is disarmed, all doors
unlock.
Pagers
A pager (sometimes called Autopage) is used to page the owner's beeper
when the car alarm goes off. This way they can run to the parking lot and
chase a potential car thief away or catch the person who just rammed in to your
car before they speed away. Pagers may also use up an "output" on the alarm
unit. Some hook on to the siren and are triggered off of the vibration when
the alarm goes off.
Transmitters
These of course are used to remotely turn the alarm on and off. It seems
that with cheaper and/or older alarms, it is possible to transmit all of the
codes in rapid fire sequence to a car alarm. Eventually, you will hit upon the
right code combination to disarm the alarm. The average alarm has around 2 to
the 29th codes which is not very many. Newer (and probably more expensive)
alarms can sense this and lock out any further attempts for a given time
period.
The Marlock System
~~~~~~~~~~~~~~~~~~
The Marlock System uses a key consisting of a piece of metal with holes
bored in it, and then covered up with strips of IR-invisible plastic. Thus,
you can't see anything in the plastic, but IR in the keyhole reader can see
thru just fine. It decodes this, sends it to a controller interface box, which
sends it to a controller PC, which says "cool or uncool", and if cool, then the
interface box sends power to the strike on the door, and turns the LED on the
reader green.
Each area that is to be accessed via Marlock must have some sort of reader
device. This can be either a "keyhole" in the knob, a plate on the wall with
the keyhole in it, or whatever. The reader is hooked up to a controller
interface box. this box is locked with a really poor lock (like you'd have on
your diskette box) and is located close to the area being secured, often in the
ceiling. The controller interface box simply provides power for the reader,
the little LED over the top of the reader, and the electric strike locking the
door. The whole thing is controlled by an IBM PC with a reader keyhole mounted
on the front of the PC which runs to an interface card inside the PC.
To program a key into the system, one simply inserts it into the keyhole
on the front of the PC, and then tells the program when and where this key can
work. This is stored in its database, and recalled by the reader as needed.
Also the PC keeps logs of when and where a key was used -- whether or not it
worked! There are audit trails all over the place.
If the power goes out, then whether or not the door opens is dependent
upon the strike which was installed. IT can be either fail-safe (i.e. no
power -- open!) or fail-secure (i.e. no power- lock!). However, for fire
safety code requirements, companies often install it on the side of the door
which allowed entry to a restricted area -- not exit.
Some of the Marlock cylinders have a small brass spot in the middle of the
LED. This is an emergency override. One would insert a marlock key, and use a
9V battery between the key and the pin to provide a signal to the interface
controller to pop the strike. This may not still be the case however.
Defeating the Marlock System
Since there's an electric strike all you have to do is provide power to
the strike so it'll release. This is usually 12-24 volts DC, and is easily
obtained from some lantern batteries. The activation wires for the strike
usually run down inside the door jamb from the controller interface box. And
if you have access to the controller interface box, then just pick the lock on
the front of it. The heavier wires are for the electric strike (the thin wires
are from the reader). Then just apply power to the thing -- use jumper wires
to get the power from the controller interface box...
VingCards
~~~~~~~~~
These cards are used primarily by hotels, and our quite unique. The lock
is a matrix of 32 pins which have two possible positions each [sort of like a
vax...]. Two of these are special and aren't really used in the keying. The
remaining 30 are constructed out of standard pin and driver parts, except that
all the drivers are the same length and all the pins are the same length. The
pin-driver combinations sit pointing upward [the springs are underneath] in a
sort of matrix about 1.5 inches on a side. Above each pin-driver combination
sits a steel ball. The entire matrix is enclosed in a *plastic* assembly, part
of which can slide "forward" [i.e. away from the user]. Some of you may be
familiar with the keys: white plastic cards about 3 inches long with a bunch of
holes in one end. Pushing this into the slot until it "clicks" forward opens
the locking mechanism.
The lock combination is set by inserting a similar card, only half as
long, into the *back* of the lock. This card is the same thickness as the
opening card and has part of the hole matrix cut out. A juxtaposition of this
combination card from the back and the key card from the front closes the
matrix: i.e. if you overlay the combination and key cards in their opening
configuration, there are no open holes left, *exclusively*: i.e. where there
is a hole on the combination card there is solid on the key card, and vice
versa. Thus the complement of the proper key card is the combination card.
This is enforced by the placement of the ballbearings and pins in relation to
the sliders and top plate, so a workaround like a card with all holes cut out
or a solid card does not open the thing.
The combination card slides in between the conical pin ends and the steel
ballbearings [and is thus harder to push in than the key card]. The key card
comes in over the balls, and its thickness pushes the balls under its solid
regions downward. So each pin assembly is pushed down, when the lock is open,
the same amount, be it by the key card hitting the ballbearing or the
combination card wedging the actual pin downward. Clarification: Let us define
a "1" pin as a hole in the opening card. Thus a "0" pin sits under a solid
portion of the opening card and a hole in the combination card. A 0 pin opens
as follows: Since the combination card lets the pin rise up against the steel
ball, the keycard pushes the ball [and its pin] down to the bottom of the
keycard slot. This brings that pin to its shear line. Simple. Here's the
magic -- a 1 pin opens in the following fashion: Since the combination card is
solid there, the steel ball is sitting directly on the combination card, and
the pin underneath is *already* at its shear line. If a solid keycard portion
arrives over this ball, the ball is pushed down against the combination card
and *pushes the entire area of the combination card down under it*, lousing up
not only that pin's shear line but probably a few around it. Although a clever
mechanism, this depends on the elasticity of the combination card to work.
Note that as the key card is inserted and removed, the combination card will be
flexed up and down randomly until the keycard comes to rest at its opening
position. [Correction to above: each pin really has *three* possible
positions. Hmm.]
All this happens within the confines of the sliding *plastic* frame; this
part carries the two cards, the balls, and the top halves of the pins. The
stationary part underneath this contains the drivers and springs. A metal
plate bolts down on top of the sliding piece, leaving a gap just big enough for
the key card. If the screws holding this plate were to become loose, the plate
would rise up, the key card would sit too high up, and the lock would not open.
All the positioning is done by the thickness of the keys while they rest
against the surfaces of their slots. Therefore a piece of thin cardboard will
not serve as a duplicate key. We found that two pieces of plastic "do not
disturb" sign, cut identically and used together, were thick enough to position
things correctly and open the lock.
A rough top view: Pin mechanism:
Back _ = top plate Front Back
o o o o <> = balls ________________________________
o o o H = keycard HHHHHHHHHHHHH<>HHHHHHHHHH<>HHHHHH ## QQ
o o o o O = comb. card --> QQ OOOOOOOO<>OOOOOOOOOOOOOOOOOOOOOO
o o o # = slider QQ# [] [] [] ## QQ
@ o o @ [] = pins QQ###[]####[]####[]#################
o o o || = driver/ QQQQQ||QQQQ||QQQQ||QQQQQQQQQQQQQ
o o o o spring asm QQQQQ||QQQQ||QQQQ||QQQQQQQQQQQQQ
o o o Q = stationary QQQQQ||QQQQ||QQQQ||QQQQQQQQQQQQQ
o o o o housing QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
Front
It is hoped that the diagram on the right, with its three example pins,
will show sufficiently that if two holes coincide the pin will rise too far,
and if two solid places coincide, the entire combination card would be pushed
down by the ballbearings. There is sufficient space underneath the combination
card for it to sag down and foul the shear line; it is normally held upward by
the pins' spring tension against the underside. This diagram may be misleading
if it is not understood that the balls are actually larger than shown; i.e.
the height of approximately three cards stacked up equals the diameter of the
ballbearing. There is a thin layer of slider plastic between the keycard and
the combination card, which separates them and retains the ballbearings.
The @'s in the top view are the two magic pins. These prevent the lock
from working at all unless a combination card is inserted. They are a bit
thicker than the other pins and do not have ballbearing parts. The slider
above the combination card slot here is solid, so these pins have nothing to do
with the keycard. They simply hold the lock shut if no combination card is
installed, regardless of what is done with a keycard. Therefore if one were to
make a combination card that only pushed down these pins, a solid keycard would
work. And if one inserts a solid combination card, the lock is already open
before you insert anything. [This is a useful hack that will allow anyone to
open the door with just about any tool, in case you are crashing lots of people
in a room, don't have enough keys, and don't feel like making more. Naturally
your security is compromised, but only those who know what's going on will be
able to get in.]
The slider has a bracket bolted on to it, which reaches down toward the
doorknob and pushes a moveable sleeve with a square hole through it. This
joins two sections of a three-section split shaft together, which allows the
outside knob to retract the bolt. The inside knob is "hardwired" to the bolt
action and always opens the door. The extra split in the shaft is so that with
the card in place, the lock will still behave like a regular split-shaft
knobset [and disable opening if the deadbolt is shot].
There is a hinged plastic door on the back [inside] of the lock, which is
held shut with a screwdriver tab inside a slot. This is where the combination
card goes, although this door exposes enough to see the entire slider mechanism
[except for its inner works; the entire back must be taken off to get the
slider out].
Now, the security evaluation: I see no clear way to "pick" it. The rear
pins are hard to get at without touching the frontmost ones. However, this
lock would be *very* easy to defeat, in the following fashion: A thin tool
about the thickness of a keycard and about .2 inch wide can cover one column of
ballbearings. If this tool is slowly slid straight into the slot along each
column in turn, the resistance encountered as it contacts each ball indicates
whether there is a hole or not underneath it in the combination card. The
combination card presses upward against the ball more strongly than the pin's
spring does, so this would allow one to map the combination card and then
construct the keycard complement. This process wouldn't take very long. I
therefore recommend that these locks be considered less than high-security.
Furthermore, come to think of it, a small hole drilled in the front plate
[which I doubt is hardened] would make it easy to frob the slider or split
shaft.
Electronic Hotel Card Locks
~~~~~~~~~~~~~~~~~~~~~~~~~~~
These are wonderful little microcomputer projects masquerading as door
locks. Inside there's a processor running a program, with I/O leads going to
things like the magnetic strip reader, or the infrared LEDs, and the solenoid,
and the lights on the outside. They are powered entirely by a battery pack,
and the circuitry is designed such that it draws almost nil power while idle.
The cards are usually magnetic-strip or infrared. The former uses an oxide
strip like a bank card, while the infrared card has a lot of holes punched in
it. Since IR light passes through most kinds of paper, there is usually a thin
layer of aluminum inside these cards. The nice thing about these systems is
that the cards are generally expendable; the guest doesn't have to return them
or worry about lost-key charges, the hotel can make them in quantity on the
fly, and the combination changes for each new guest in a given room. The hotel
therefore doesn't need a fulltime key shop, just a large supply of blank cards.
Duplication isn't a problem either since the keys are invalidated so quickly.
The controlling program basically reads your card, validates the number it
contains against some memory, and optionally pulls a solenoid inside the lock
mechanism allowing you to enter. The neat thing about them is that card
changes are done automatically and unknowingly by the new incoming guest. The
processor generates new card numbers using a pseudorandom sequence, so it is
able to know the current valid combination, and the *next* one. A newly
registered guest is given the *new* card, and when the lock sees that card
instead of the current [i.e. old guest's] card, it chucks the current
combination, moves the next one into the current one, and generates the new
next. In addition there is a housekeeping combination that is common to all
the locks on what's usually a floor, or other management-defined unit.
There is no wire or radio connection to the hotel desk. The desk and the
lock are kept in sync by the assumption that the lock won't ever see the "next"
card until a new guest shows up. However if you go to the desk and claim to
have lost your card, the new one they give you is often the "next" card
instead. If you never use it and continue using your old card, the guest after
you will have the wrong "next". In cases like this when the hotel's computer
and the lock get out of sync, the management has to go up and reset the lock.
This is probably done with a magic card that the lock always knows about [like
in ROM], and tells it something akin to "use this next card I'm going to insert
as the current combination". The pseudorandom sequence simply resumes from
there and everything's fixed. If the lock loses power for some reason, its
current memory will be lost but the magic "reset" card will work.
Rumor has it that these locks always have a back-door means of defeating
them, in case the logic fails. Needless to say, a given manufacturer's method
is highly proprietary information. In theory the security of these things is
very high against a "random guess" card since there are usually many bits
involved in the combination, and of course there is no mechanical lock to be
manipulated or picked. The robustness of the locking hardware itself sometimes
leaves something to be desired, but of course a lock designed for a hotel door
probably isn't the kind of thing you'd mount on your house.
Security Alarm Systems
~~~~~~~~~~~~~~~~~~~~~~
Security alarm systems are becoming more and more common in the home and
small business. They will become more and more popular in coming years as
their prices continue to fall. There are basically two types of systems, the
open circuit and closed circuit system.
The Open Circuit System
An open circuit system is composed of magnetic detectors or contacts that
are "normally closed." That means that their contacts are separated when the
door or window is in the normally closed position.When the door or window is
opened, the contacts are released, causing them to close. This allows current
to flow through the wires, and the alarm sounds. All the contacts and
detectors are wired in parallel. This means that current flows ONLY when any
contact or detector switch makes contact. Let me illustrate:
switch is open switch is closed
wire
----#############1############# ----#############1#############
#############2#############---
#############2#############----
########## wire
==========================
| MAGNET | (Magnet has been removed)
==========================
A Normally Closed Switch Assembly
In the first figure, the "normally closed" switch assembly, which would be
mounted about the door, is help open as the lower portion (#2) is pulled to the
magnet which would be mounted on top of the door. The magnet has an attractive
force greater than the force of a spring which normally holds the two parts of
the switch closed. In this position, no current flows through the switch. In
the second figure, the door would be open, and thus the magnet not aligned
under the switch. Both halves of the switch have been returned to their
"normal" position, closed, by the spring.
The obvious disadvantage of an open circuit system is that it become
inoperative if a transmission wire is cut, a contact or terminal wire becomes
loose, or some similar condition. For this reason, circuit wiring for this
type is often concealed. The vulnerability of the system is minimized by a
test switch or key position which sends current through the main circuit wiring
and reveals any line breaks. This test lights a small warning lamp on the main
panel, bypassing the main alarm. This will only test the integrity of the
circuit, not individual detectors.
When the open circuit system is engaged, an alarm will occur immediately
if any doors are windows have been left open. Of course the alarm will also
sound anytime a door is used while the alarm is in operation. Many times a
bypass switch will be placed next to frequently used access ways. This can be
dangerous because someone can break a door or window pain, activate the bypass
switch, and have free access to the entrance.
The Closed Circuit System
In a closed circuit security system, low amperage current continuously
flows from the power source, throughout the detector switches, to the
supervising relay (a type of switch) in the control panel. The detector
switches are of the normally open type. This is the opposite of the normally
closed type. The magnet holds the normally open switch assembly together, so
current flows through the switch. When the magnet is removed, the switch
springs open, and current ceases to flow throughout the circuit. The
supervising relay monitors the current in the circuit, and should it be
interrupted (by a door opening and causing a detector switch to open), it will
activate the alarm buzzer, telephone dialer, siren, or whatever.
Note that in the closed circuit system, any attempt to cut the wires would
have the same effect as opening a detector switch. The current would be
interrupted and the alarm would sound. This makes the closed circuit a much
more secure system than the open circuit type.
The closed circuit system requires more sophisticated equipment and the
circuit installation must be precisely wired. Closed systems are also prone to
more frequent false alarms.
Security Alarm System Power Sources
The current for most systems comes from battery, transformer, or a
recharging pack. The recharging pack is a complete power supply providing 6-12
volts of power. This is enough to run several separate alarm circuits and even
a six volt telephone dialer. It is usually equipped with nicad backup
batteries in case of power failure.
Magnetic Detectors
I used the "Magnetic Detector" when explaining the closed and open circuit
types of security systems. These are by far the most common type of detectors
used. As discussed before, they are a two part assembly consisting of a magnet
and a switch. Both are encased in a weatherproof plastic case.
Tamper Switch or Plunger Contact
Another popular type of detector is the tamper switch. It may be used on
windows, alarm boxes, or control panels. It consists of a switch assembly with
a spring loaded "plunger" protruding from one end. It is available in both the
normally open and normally closed configurations.
All-Purpose (Bullet) Detector
This is a beveled button used primarily on doors or double-hung windows.
The button is installed in the hinged side of the door frame, recessed into the
frame. When the door is closed, the button is depressed. When opened, it of
course pops out.
Floor Mats
Pressure sensitive mats wired with open or closed circuits to make or
break contact when stepped upon are used as backup to perimeter security
systems such as rear entrance doors. They can be placed under regular
carpeting or loose rugs.
Door and Window Traps
These are basically "trip-wires" and aren't used too often. They do work
well in areas where conventional detectors would not work, and are
substantially cheaper than infrared. They can be placed in either a horizontal
or vertical configuration. For open circuit systems, an insulated plug is
placed between the contacts of the detector. When it is tripped, the plug is
pulled out, causing the detector's switch to close. For a closed circuit
system, one end of the trip wire is attached to one end of the switch, and the
other end of the trip wire to the other half of the switch. This way current
still flows in the circuit. When the wire is tripped, the circuit breaks.
Photoelectric Systems
Photoelectric systems transmit invisible pulse modulated beams from
projector/transmitter to receiver. Interruption of the beam sets off the
alarm. Although the system is designed primarily for interior used, military
systems have been developed for use on the exterior, even in dense fog.
Emergency Panic Button
This permits an alarm to be activated by use of a pushbutton located near
a front door, in a bedroom, or hidden under a counter. In a business, such a
button could be used as a "holdup" button, silently summoning the police or
activating the normal store alarm system.
Automatic Telephone Dialer
This is a device that will automatically call the appropriate telephone
number and relay a prerecorded message. These devices are often used to
contact the police, private security, or store officials. Of course, the
system is at risk if the exterior phone wires are accessible. For this reason
the phone wiring will be either incased in a steel sheath or wired for alarm.
