Jump to content
Survival Threads
Thomas

Lockpicking anyone? Lots of frustration today.

Recommended Posts

Thomas    903

Today my Grandmother called me, asking for my help in retrieving her keys (which she locked inside her shed behind a padlock by accident) she knew lockpicking was one of my hobbies so I went over and dealt with the offending metal shackle.

 

The offending lock in question, felt like standard 5 pins ( no spools or serrations) but due to the age of the padlock and the fact it was parked outside for years, the inside was heavily gunked up.

IMG_20170424_165432043.jpg.235f49a45713338ac11f849a17a0f9e6.jpg

Tools I used, I ended up depending on my Southard lockpicks as they can handle abuse. I had to put a serious amount of pressure for the mushy pins to click- lots of pseudo-sets where I thought I had it but no, some debris or something else got in the way and I had to lessen the tension.

Unbelievably annoying. 

IMG_20170424_165420954_HDR.jpg.92089214eecbe6730202184a6b3ac599.jpg

Normally a lock like this would take me 30seconds flat but due to the lack of feedback and how rough the action was it ended up being more like 10minutes.

It refused to be raked open using a city rake.

Snake rake = no go.

So I had to pick them individually until I felt like it the pins were set (guesswork is all I had- zero feedback, it was like poking rusty jello) then I pulled out a heavy duty tension tool and just torqued it open. 

It worked out but I can't say I was happy with how long it took!

 

How about you guys? Into lockpicking? Any cool stories?

 

  • Upvote 4

Share this post


Link to post
Share on other sites
Thomas    903
10 hours ago, West Virginia Ridge Walker said:

lol in my house, if it's a lock ( master loc style ) we use bolt cutters lol  sorry bro couldn't resist 

Aye, I find that its faster for me (95%) of the time to pick my way in. With that said, I did have a hacksaw at the ready!

 

8 hours ago, dthomasdigital said:

Wow @Thomas that is an awful lot of lock picking tools! 

D: I have maybe 20 times more picks than that!

 

3 hours ago, Dan Seven said:

A ryobi p530 10k rpm rotary cutter with thin cutting discs works fast..

cheers

True enough, but then I can't pretend to be James Bond ;) 

  • Upvote 2

Share this post


Link to post
Share on other sites
Gary_Gough    1,167

Fastest I did lacked any subtlety and finesse. Forgot the key 75 km away on a Master lock, locking a chain through my stored motorcycle. Put two 60 cm steel bars through the hasp and pulled the ends apart. Tore the hasp out of the lock body in apx. 1 second. Have also unlocked 5 bikes for a friend that had a series of "Kryptonite" locks holding them all together, a couple of minutes with an angle grinder. All the keys had been lost by his five year old and they'd spent a day searching. Even if the locks had been opened, without keys they were useless for the intended purpose.

I can usually "pick" the rotating disk locks in a few seconds, but really those things are just cosmetically locks, much like the doorknobs with keys, they only deter honest people. ( I have been known to reset the combination to make a point )  

  • Upvote 1

Share this post


Link to post
Share on other sites
Thomas    903
On 25/04/2017 at 11:59 AM, Gary_Gough said:

Fastest I did lacked any subtlety and finesse. Forgot the key 75 km away on a Master lock, locking a chain through my stored motorcycle. Put two 60 cm steel bars through the hasp and pulled the ends apart. Tore the hasp out of the lock body in apx. 1 second. Have also unlocked 5 bikes for a friend that had a series of "Kryptonite" locks holding them all together, a couple of minutes with an angle grinder. All the keys had been lost by his five year old and they'd spent a day searching. Even if the locks had been opened, without keys they were useless for the intended purpose.

I can usually "pick" the rotating disk locks in a few seconds, but really those things are just cosmetically locks, much like the doorknobs with keys, they only deter honest people. ( I have been known to reset the combination to make a point )  

100% agree with the description of "cosmetic locks", its like the Master "3" series of padlocks, I can pick 'em with hair pins in around 5 seconds. Its the illusion of security.

  • Upvote 2

Share this post


Link to post
Share on other sites
Walter    58

My lockpick tools are 2' bolt cutters in the BOV and a 3' one in the house lol.  Just used the latter on a lock that refused to open, rusted/corroded shut after years of being left out in the elements.

Any recommendations for reasonably priced padlocks that you find difficult to impossible to pick?  Or the worst/easiest other than the Series 3 ones?

Share this post


Link to post
Share on other sites
Thomas    903
2 hours ago, Walter said:

My lockpick tools are 2' bolt cutters in the BOV and a 3' one in the house lol.  Just used the latter on a lock that refused to open, rusted/corroded shut after years of being left out in the elements.

Any recommendations for reasonably priced padlocks that you find difficult to impossible to pick?  Or the worst/easiest other than the Series 3 ones?

For a hobbiest, very few locks are unpickable- I would say only the Abloy PL series are basically impossible. I would go with a padlock that is resistant to lock picking like this American Lock- Nice construction with security pins that can't be shimmed unlike low end Master locks. Will also last forever as the cylinder can be replaced should you ever need to, for whatever reason.

This Abus is the cheapest I have found that features security pins- but it isn't suitable for outdoor use (corrosion).

 

 

  • Upvote 1

Share this post


Link to post
Share on other sites
Gary_Gough    1,167
3 hours ago, Thomas said:

For a hobbiest, very few locks are unpickable- I would say only the Abloy PL series are basically impossible. I would go with a padlock that is resistant to lock picking like this American Lock- Nice construction with security pins that can't be shimmed unlike low end Master locks. Will also last forever as the cylinder can be replaced should you ever need to, for whatever reason.

This Abus is the cheapest I have found that features security pins- but it isn't suitable for outdoor use (corrosion).

 

 

Surrounded by Abloy locks here, they replaced the Medeco that were here when a key got lost ( right expensive key ) I gather they are basically the same company now.

Share this post


Link to post
Share on other sites
Thomas    903
9 hours ago, Gary_Gough said:

Surrounded by Abloy locks here, they replaced the Medeco that were here when a key got lost ( right expensive key ) I gather they are basically the same company now.

Medeco's are decent locks with solid single pin picking resistance but they have security flaws unlike the Abloy PL series that are resistant to traditional methods- hence their wide adoption for secured facilities (these days).

Same with Mul-T-Lock- used to be the standard but have flaws that results in being able to purchase bump keys for them and they have yet to fix these issues.

Share this post


Link to post
Share on other sites
Thomas    903
1 minute ago, Thomas said:

Medeco's are decent locks with solid single pin picking resistance but they have security flaws unlike the Abloy PL series that are resistant to traditional methods- hence their wide adoption for secured facilities (these days).

Same with Mul-T-Lock- used to be the standard but have flaws that results in being able to purchase bump keys for them and they have yet to fix these issues.

Oh & yeah. Abloy own all (mainstream) high security lock companies like Medeco, Mul-t-lock, securitron and Assa- they are by far the largest lock manufacturer in the world.

Share this post


Link to post
Share on other sites
Gary_Gough    1,167

@Thomas I expect electronic will be the goto soon. If you think about it RSA would be ideal. every  exchange could be unique but the fob would identify and only respond to the lock , and the lock would identify the fob. Lots of number crunching though so for field powered fobs, they'd tend to be slow. Still Microchip makes micros that run under 600 nanoamps , and can kick up the clock on demand, so a little power storage and could be done already.

  • Upvote 1

Share this post


Link to post
Share on other sites
Gary_Gough    1,167

Hmm , maybe I should expand on that. Fob has the locks "public key" and also it's own. Lock would have both it's keys and a list of fob keys. The lock does the heavy lifting. Generates a random number, decrypts it with it's own set of keys and sends that to the fob. Fob "encrypts" with the lock public key ( and so gets the original random number ) then encrypts again with it's own key, maybe with a clear identifier just to keep the next stage to a sane amount of crunching, and the lock then decrypts with it's stored keys for that fob, and compare the random number.  Since all the keys are actually kept secret that should work, and is pretty close to standard RSA handshaking ( which is encrypt-decrypt and send then decrypt-encrypt to recover the data and at the same time verify both unique sender and receiver. )

  • Upvote 1

Share this post


Link to post
Share on other sites
Thomas    903
On 29/04/2017 at 4:32 AM, zackmars said:

I need to get into lockpicking, any good places to start? Good kits to learn with?

Well, seeing as you mention it.. http://morethanjustsurviving.com/southord-pxs-14-usa-made-14-piece-lock-pick-set-review/;) 

its by far the best "all-around" kit for beginners (and advanced pickers). Its resilient, when you start out you tend to be a touch too aggressive so having a kit where the picks can withstand abuse will save you time and frustration (as well as money!).

 

  • Upvote 1

Share this post


Link to post
Share on other sites
Thomas    903
On 28/04/2017 at 8:55 PM, Gary_Gough said:

@Thomas I expect electronic will be the goto soon. If you think about it RSA would be ideal. every  exchange could be unique but the fob would identify and only respond to the lock , and the lock would identify the fob. Lots of number crunching though so for field powered fobs, they'd tend to be slow. Still Microchip makes micros that run under 600 nanoamps , and can kick up the clock on demand, so a little power storage and could be done already.

The problem with electronic locks is that access control can be duplicated too easily (cloning) compared to high end magnetic locks and they can be rendered unusable by vandals (my experience with a guy and a 12v battery). 

I reckon Evva MCS cylinders will be the new "standard" for fed contracts with the Abus Protec2 as the mainstream option.

Share this post


Link to post
Share on other sites
Dan Seven    1,300

@Thomas   

13 minutes ago, Thomas said:

The problem with electronic locks is that access control can be duplicated too easily (cloning) compared to high end magnetic locks and they can be rendered unusable by vandals (my experience with a guy and a 12v battery). 

I reckon Evva MCS cylinders will be the new "standard" for fed contracts with the Abus Protec2 as the mainstream option.

Interesting observation..i wonder what happens when a person hits an electronic lock with a tazer..

:|

 

Share this post


Link to post
Share on other sites
Gary_Gough    1,167
3 hours ago, Thomas said:

The problem with electronic locks is that access control can be duplicated too easily (cloning) compared to high end magnetic locks and they can be rendered unusable by vandals (my experience with a guy and a 12v battery). 

I reckon Evva MCS cylinders will be the new "standard" for fed contracts with the Abus Protec2 as the mainstream option.

The new micros have "security bits" ( well last 25 years ) once they are blown after program verification, the only way to get at the contents is by pealing the case and silicon layers while reading off the contents, and one error would be enough to fail. It's not a trivial process, involves even, controlled, application of hydrofluoric acid and maybe chlorine trifluoride ( this stuff will burn cement, sand and ashes from a normal fire. Best avoid ). Where the fobs are a problem is the lock makers are either lazy, cheap or ignorant of the technology. A passive response with a key number, which never changes, isn't a challenge for any 8 year old playing with Arduinos , spare blank fobs and a reader/writer is $6.00.

Share this post


Link to post
Share on other sites
Gary_Gough    1,167

Guess I should expand a bit too. Physical is always a problem ( cyanoacrylate injection into locks , shorts / power applied to electronics, attempted drilled locks with the remnants of drill bits jammed inside ) so if you are doing electronic it pretty much needs to be near field powered ( bring the fob withing a few cm of a buried coil / antenna ). Think of the anti shoplifting tags as a start.. those are basically a on/off setup depending on a tuned antenna loading the field while in the armed state , and set or cleared by magnetization.   Useless as a key but still remotely powered. A cloneable electronic key is about the same level as a standard brass key ( wax impressions anyone ), you're depending on the key itself not falling into the wrong hands long enough for a thief to grab a copy. Anything that always produces the same response falls into that class too. Magnetic strips for instance, there are published standards for the encoding standard on all three tracks, and I know a $0.50 PIC can decode those because I've written the code to do it. ( read all the bits and store, figure out if it was swiped forward or reverse and apply the rules ). If you actually want a secure system it has to be two way, challenge and response , with no two challenges being the same and the correct response being unique to the challenge. Also assume anyone trying to break the system has unlimited access to both the lock and fob. If a lock always sends out the same challenge code , it can be read and used to get a response from the fob, and the response will always be the same ( so no security at all ). The fob could have a battery, and there is nothing to stop the exchange from being a sequence of events including some clear commands ( like "wake up" ). 

One of the big gas pump manufacturers decided to use a near field wireless hand held remote to program their pumps, some employees ( and anyone else soon after ) discovered they could set the gas price to $0.00 , buy fuel , and reset the price to cover their tracks. Since the system depended on no one discovering what cheap remote was being used, it was a security hole waiting to happen. The remotes are purely a transmitter anyhow so they could be figured out in a few minutes by a laptop and a software defined radio ( $10 USB fob that were made to be digital TV receivers but can be made to grab several megahertz of radio band at a time and save it to memory if you want )

I think I've mentioned this before.. Have an attached garage with a remote door opener? You aren't doing much better then leaving the door open. While the remote sends an 11 bit identifier, three times, at a fairly slow rate ( so several days worth of attempts to brute force guess the code, if you want to send each guess 3 times ) the receivers never bothered to actually check even for a single repetition or even for a single series. So a constant string that has the key series anywhere in it will open the door, this takes on average around 60 seconds. This actually opens all the garage doors in range of the transmitter on a single attempt as the full string of all codes will get sent out. Since the garage system is one way, it depends on slow speed , long codes and secrecy, which would be fine if the manufacturers hadn't been lazy about how they programmed the receivers to work. Even done correctly they would have been vulnerable to a monitor recording the remotes code and being used to recreate it, but as they made no effort at all, it's a moot point. This isn't just one brand by the way, they are all just as bad.

In many ways electronics and keyed locks share a large amount of their effectiveness to the common opinion that they are beyond human understanding, and both are subject to the actual key being stolen.

 

Share this post


Link to post
Share on other sites
Thomas    903
On 02/05/2017 at 3:39 PM, Gary_Gough said:

Guess I should expand a bit too. Physical is always a problem ( cyanoacrylate injection into locks , shorts / power applied to electronics, attempted drilled locks with the remnants of drill bits jammed inside ) so if you are doing electronic it pretty much needs to be near field powered ( bring the fob withing a few cm of a buried coil / antenna ). Think of the anti shoplifting tags as a start.. those are basically a on/off setup depending on a tuned antenna loading the field while in the armed state , and set or cleared by magnetization.   Useless as a key but still remotely powered. A cloneable electronic key is about the same level as a standard brass key ( wax impressions anyone ), you're depending on the key itself not falling into the wrong hands long enough for a thief to grab a copy. Anything that always produces the same response falls into that class too. Magnetic strips for instance, there are published standards for the encoding standard on all three tracks, and I know a $0.50 PIC can decode those because I've written the code to do it. ( read all the bits and store, figure out if it was swiped forward or reverse and apply the rules ). If you actually want a secure system it has to be two way, challenge and response , with no two challenges being the same and the correct response being unique to the challenge. Also assume anyone trying to break the system has unlimited access to both the lock and fob. If a lock always sends out the same challenge code , it can be read and used to get a response from the fob, and the response will always be the same ( so no security at all ). The fob could have a battery, and there is nothing to stop the exchange from being a sequence of events including some clear commands ( like "wake up" ). 

One of the big gas pump manufacturers decided to use a near field wireless hand held remote to program their pumps, some employees ( and anyone else soon after ) discovered they could set the gas price to $0.00 , buy fuel , and reset the price to cover their tracks. Since the system depended on no one discovering what cheap remote was being used, it was a security hole waiting to happen. The remotes are purely a transmitter anyhow so they could be figured out in a few minutes by a laptop and a software defined radio ( $10 USB fob that were made to be digital TV receivers but can be made to grab several megahertz of radio band at a time and save it to memory if you want )

I think I've mentioned this before.. Have an attached garage with a remote door opener? You aren't doing much better then leaving the door open. While the remote sends an 11 bit identifier, three times, at a fairly slow rate ( so several days worth of attempts to brute force guess the code, if you want to send each guess 3 times ) the receivers never bothered to actually check even for a single repetition or even for a single series. So a constant string that has the key series anywhere in it will open the door, this takes on average around 60 seconds. This actually opens all the garage doors in range of the transmitter on a single attempt as the full string of all codes will get sent out. Since the garage system is one way, it depends on slow speed , long codes and secrecy, which would be fine if the manufacturers hadn't been lazy about how they programmed the receivers to work. Even done correctly they would have been vulnerable to a monitor recording the remotes code and being used to recreate it, but as they made no effort at all, it's a moot point. This isn't just one brand by the way, they are all just as bad.

In many ways electronics and keyed locks share a large amount of their effectiveness to the common opinion that they are beyond human understanding, and both are subject to the actual key being stolen.

 

Aye, as they often say- locks exist to keep honest people honest. Using destructive means, I can get by any lock- my experience with electronic/rfid locks (I lived in Singapore for a while, where this tech is very common) is that young people get a kick out of it. 

I see people dragging their fobs on random peoples doors "just to see". Whenever new technology emerges, especially when access can be tested under subterfuge, people will fuck around with it. My friend with the electronic lock got his wrecked by vandals because of the stupid flashing blue light. Idiot passerby's decided this was fun and kept messing with it (maybe they watched too much TV), in the end they blew it using a 12v battery.

The advantage of keys is that they are ubiquitous, design cannot be fiddled with, without leaving a trace- with a high security lock its either going to take you hours and lots of kit (which looks very suspicious) or they will use destructive means that you can spot. My concern with electronic platforms is that someone like me with a high gain receiver can MITM over a period of days...weeks etc. all without notice (garage door is the perfect example, as you said). Its like lock-picking but without needing access to the lock nor being in the vicinity of busybodies/neighbours.

In the end, gotta accept that all locks can be defeated but the goal should be to make it obvious when someone has tried. Force them to compromise themselves in the process. A guy with a laptop near an electronic lock perhaps has plausible deniability. Guy with his picks in the lock? Not so much. 

Interesting topic, thanks for sharing your thoughts Gary- we always learn something new!

Share this post


Link to post
Share on other sites
Gary_Gough    1,167

With so much of what we consider valuable being information, locks are a fair way down my personal list of things to worry about ( and really until the laws mandated locks I didn't even bother to have one on my door. Saves the windows getting smashed. ) Being in the country, if no one is around then the locks are a formality, and if someone really needs to get in ( freezing etc. ) I wouldn't have a problem with it anyhow.

Electronic break ins ... many years ago Wim Van Eck published a theoretical paper on using the EM radiation from a CRT to remotely read the screen. Thus Van Eck Phreaking. It depends on two things, radio harmonics and cheap manufacturers. Any electronic wave form can be broken down into composite frequencies and amplitudes. A square wave ( like the transition between off and on ) is every third harmonic , and the sharper it is the higher the frequencies go, so a nice sharp display of text can be radiating well up into microwaves from what amounts to a spark gap transmitter through a CRT. Good shielding would stop that dead, but it takes a little effort and some metal foil during manufacture.   If you wonder how bad your own equipment is, tune an AM radio to a dead spot on the band then set it by whatever you want to check and turn it on. Hear a loud buzz? That buzz has all sorts of information in it if you can guess the ( standard ) scan rates. Higher harmonics just make a directional antenna easier and smaller. 

Oh yeah, and foil... if it's thin enough to vibrate with sound, it's also a modulator for any microwaves bouncing off of it ( like the wrapping foil in a pack of cigarettes ). Windows bounce infrared light quite well, if the window is moving ( like when there is sound in a room ) the movement will phase modulate the reflected light.

Given physical access of course does make it easier. A modified VGA cable can radiate on a known frequency and doesn't take long to swap. What can be made into a radio transponder is pretty much only limited by imagination. Two conductors with a noisy junction ( like copper and iron ) will radiate harmonics, might even be microphonic entirely by chance.

This stuff is only "high tech" if it's a news person writing it up, for any tech it falls into the obvious category. So short version if someone wants to monitor your place, they can. 

Actual high tech.. do you set your cell phone down near your computer keyboard? The inertial sensing chip has next to no security ( as who really cares which way is up on your phone other then you ) , the vibrations from you typing can be picked up and analyzed real time into text ( been demonstrated ) with a fairly small percentage of error.

  • Upvote 1

Share this post


Link to post
Share on other sites
Thomas    903
On 08/05/2017 at 10:17 AM, Gary_Gough said:

With so much of what we consider valuable being information, locks are a fair way down my personal list of things to worry about ( and really until the laws mandated locks I didn't even bother to have one on my door. Saves the windows getting smashed. ) Being in the country, if no one is around then the locks are a formality, and if someone really needs to get in ( freezing etc. ) I wouldn't have a problem with it anyhow.

Electronic break ins ... many years ago Wim Van Eck published a theoretical paper on using the EM radiation from a CRT to remotely read the screen. Thus Van Eck Phreaking. It depends on two things, radio harmonics and cheap manufacturers. Any electronic wave form can be broken down into composite frequencies and amplitudes. A square wave ( like the transition between off and on ) is every third harmonic , and the sharper it is the higher the frequencies go, so a nice sharp display of text can be radiating well up into microwaves from what amounts to a spark gap transmitter through a CRT. Good shielding would stop that dead, but it takes a little effort and some metal foil during manufacture.   If you wonder how bad your own equipment is, tune an AM radio to a dead spot on the band then set it by whatever you want to check and turn it on. Hear a loud buzz? That buzz has all sorts of information in it if you can guess the ( standard ) scan rates. Higher harmonics just make a directional antenna easier and smaller. 

Oh yeah, and foil... if it's thin enough to vibrate with sound, it's also a modulator for any microwaves bouncing off of it ( like the wrapping foil in a pack of cigarettes ). Windows bounce infrared light quite well, if the window is moving ( like when there is sound in a room ) the movement will phase modulate the reflected light.

Given physical access of course does make it easier. A modified VGA cable can radiate on a known frequency and doesn't take long to swap. What can be made into a radio transponder is pretty much only limited by imagination. Two conductors with a noisy junction ( like copper and iron ) will radiate harmonics, might even be microphonic entirely by chance.

This stuff is only "high tech" if it's a news person writing it up, for any tech it falls into the obvious category. So short version if someone wants to monitor your place, they can. 

Actual high tech.. do you set your cell phone down near your computer keyboard? The inertial sensing chip has next to no security ( as who really cares which way is up on your phone other then you ) , the vibrations from you typing can be picked up and analyzed real time into text ( been demonstrated ) with a fairly small percentage of error.

Stuff like this is why I am 2 cups of coffee away from being a paranoid mess. O.o 

Share this post


Link to post
Share on other sites
Thomas    903

Got my grandmother a new lock, big upgrade.IMG_20170510_163808247.jpg.63e846aba004b1a66780efe61f405f1b.jpg

 

Interestingly for such an inexpensive lock, the Abus has some mean security pins (spools, based on initial feedback from the picks). Only weak point from what I can see is the potential for the locking wedge to be shimmed but other than that- for "low security" areas- its a solid option.

Very. Very low feedback.

  • Upvote 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×