Why Locks are pickable
Contents
The world isn’t a perfect place. Every machining operation produces a product with small defects but still within specified tolerances.
If you machine a hundred parts, no two are precisely the same, no holes identical in diameter, no line perfectly straight.
Yes, the variations may be small, but they’re there and they’re cumulative when you assemble all the different parts into a lock.
The locksport and security communities exploit these accumulations of defects, to detect the subtle differences between pins, cores, spring tension, and feedback – all of which contain defects and remnants from the manufacturing process.
The sloppier the tolerances in a lock, the easier it’s to find the binding order and pick the lock open.
There are locks that no one has ever picked, and there are locks that will take far too long to pick for it to be feasible in a movie-style heist.
That is about as unpickable as things get.
TL;DR (Too long; didn’t read )
Resistant Lock
| # | Preview | Product | Rating | |
|---|---|---|---|---|
| 1 |
| Master Lock 8143D Bike Lock Cable with Combination | 27,389 Reviews | Price & Reviews |
Internal Access
Office Doors, Closets, Gym locker, Protecting Privacy & Supplies, low-security lock.
High Security Lock
| # | Preview | Product | Rating | |
|---|---|---|---|---|
| 1 |
| Abus AB148TSA/30 B Padlock, Black, 30mm | 110 Reviews | Price & Reviews |
External Access
Personnel Doors, Utilities, types of equipment that are susceptible to Vandals & Thugs
Ultra High Security Lock
| # | Preview | Product | Rating | |
|---|---|---|---|---|
| 1 |
| Schlage B60 N 619 Deadbolt, Keyed 1 Side, Highest Residential Security, Satin Nickel | 4,155 Reviews | Price & Reviews |
Sensitive Access
Expensive valuables, Sensitive data
Window Film Security
| Preview | Product | Rating | |
|---|---|---|---|
| BDF S8MC Window Film Security and Safety Clear 8 Mil (36in X 24ft) | 105 Reviews | Price & Reviews |
Absorb impacts from break-in attempts and holds shattered glass together.
With a standard pin tumbler lock, such as a Kwikset and/or Schlage deadbolt cylinder the human aspect of their creation gives them the flaw that makes them pickable.
The basic idea of picking comes from the slight misalignment of the holes in the plug of the lock.
The holes in the plug are meant as slots for the pins to rest in.
By not being perfectly aligned, the pins will set at different times.
When one pin sets before another, this will allow the lock to be opened.
The first pin to set is the binding pin, and after that, the picker just needs to find the binding order.
If a lock could be made perfectly, and the pinholes were all perfectly aligned, this would, in theory, stop single pin picking (SPP).
With the hypothetical perfectly machined lock, all of the pins would have to be moved to the proper height at the same exact time.
Something like a bump key, however, would be able to open this type of impossible lock.
Why is this type of lock impossible?
It just comes down to imperfection in the machining process.
Flaws in the machining process leaves pin tumbler locks vulnerable to picking.
How fixed are you on protecting your valuables?
Obviously, you don’t want to be the victim of theft, but preventing that is going to take time and money.
The heavier your protections are, the more you are going to deter criminal activity.
Your security does not have to be better than the skill of the thief, it just needs to be better than the security of the person next to you.
This may make your life more difficult, so take into account how at-risk you are for the threats that concern you.
Your intention to protect has to be great enough to make you a less attractive target than the people on either side of you.
Make sure that your protections are not well known, and people will not know how to defeat them.
It is often not practical to have excessive protections on everything you own.
Locks are not perfect and security is most certainly not perfect without a perfect lock.
Locks are built to open, so people are going to find a way to open them.
There are certainly locks that are beyond the skills of most pickers.
There are also locks that have yet to be picked.
Security in any form can only ever give you time.
How a Pin Tumbler Lock Works
The basic design of the pin tumbler lock has been in use since 4000 BC.
Of course, it’s gotten more complex over the millennia.
The design that is used in most cylinder locks – like the one on your front door — has been around since 1861 and it hasn’t changed much.
The pin tumbler is the lock we are most familiar with and it’s the most common type found.
It has been in widespread use for almost 100 years and, depending on the manufacturer, can provide medium security.
The security of this lock is guided by the number and type of pins in the lock and the number of depths on the key cuts.
Basically, most of the world is using a technology that’s been around for a century and a half to keep their most prized possessions safe and secure.
When it comes to picking pin tumbler locks, there are essentially two fundamental styles of lock picking.
These two styles are single pin picking and raking.
Single Pin Picking
The act of picking a single pin at a time.
source: https://www.art-of-lockpicking.com/types-of-lock-picks-guide/
Raking
An erratic and volatile style of lock picking whose purpose is to manipulate as many pins as possible in the shortest amount of time.
Security Pins
In 1865, Linus Yale Jr. (inventor of the modern pin tumbler lock) took a first step in solving this problem by slicing a notch into the driver pins (Patent US48475).
This simple modification would cause the driver pins to “catch” at the shear line if the plug was lifted under tension.
Security pins are commonly designed to prevent lockpicking, but are also designed to resist decoding, impressioning, key bumping, and other compromise techniques.
Spool
source: https://www.art-of-lockpicking.com/types-of-lock-picks-guide/
Spool pins are the most commonly found security pin due to the low manufacturing cost compared to other security pins.
They add very minimal pick resistance and really only keep out novice pickers.
The way this work is while pushing up on the key pin, you’ll first push the top of the spool past the shear line.
This will cause the core to rotate a small bit, putting it into what’s called a “false set” since the smaller mid-section of the pin is caught in the shear line.
This is where you think the pin was set to shear, but in fact, it was not.
Mushroom
A top or bottom pin with a beveled cut around their circumference, resembling a mushroom shape.
Top pin mushroom designs are much more common, but companies like Mul-T-Lock use them for bottom pins, as well.
Since the mushroom pin has a tapered edge on one side, rather than the characteristic ridge of the spool pin, once the top of the mushroom pin clears the shear line the plug will ride down this taper rather than falling over the ridge.
This makes for a less abrupt rotation, but the plug will still rotate in an exaggerated manner.
Picking a mushroom pin, employ all the same techniques as picking a spool pin.
Serrated
Serrated pins are some of the least commonly found security pins, mainly due to their manufacturing costs.
They offer a higher degree of pick resistance, especially when accompanied by threaded chambers.
While picking, the serrations on the pin will catch on the shear line, giving you a false notion of having been set to shear.
The more serrations, the more times it will try and fool you.
Serrated pins come in both driver and key pin varieties – the serrated key pins only serving the purpose to trap an over-lifted pin above the shear line, especially when combined with a serrated driver pin.
The purpose of a serrated pin is to prevent the natural sliding of the pin across the shear line that is observed as a result of the binding effect.
Rather, when a serrated pin binds, each serration acts as a mini ridge that gets trapped at the shear line.
When coupled with a serrated/threaded chamber, not only will each serration hang up on the shear line, they will also hang up on each of the serrations within the chamber, adding more difficulty. The goal of the pin is to make it hard to know when you have it to the shear line because each click of a serration will feel like a click of a shear line.
Hybrid
A combination of the previous three designs.
A serrated spool is nothing special.
First, you’d treat it like you would a serrated pin, and once you get past the serration it will then act like a spool.
Once you’re past the spool, it will act like a serrated again; so it’s really not much more difficult.
Sometimes if you think you’ve lifted all pins to shear and the lock still doesn’t open, you may have to intentionally overset one pin at a time, allowing it to fall back down each time, to test for serrations or other security features.
Security pins are designed so that use of a tool other than a key will trigger the pins and lock one or more pins at the shear line.
This can be due to individual manipulation of components or tension on the cylinder.
When triggered, security pins bind between the plug and cylinder, blocking the rotation of the plug until tension on the cylinder is released and pins are dropped back to their resting position.
With patience, practice & experiences, security pins can be defeated through Single Pin Picking (SPP) method.
Other Types of Locks
Warded Locks
Warded locks are among the earliest types, and in spite of their resistance to impression and manipulation, they are deemed low-security by modern standards.
Although it appears complex, the mechanism is very simple and easily defeated in under a minute.
Inside the lock are simple chambers separated by thin metal walls, called wards.
The keys have slots cut so the key can rotate freely, with the ward passing through the cut in the key. In reality, the only security offered by these locks is people’s unfamiliarity with how simple the mechanism actually is.
For most locks, a thin pick can bypass all of the wards and rotate the actuator in only a few seconds.
In addition, there are skeleton key sets for these locks that can be obtained for under $20.
These locks offer the least amount of security of all lock designs.
Warded locks are widely used in outdoor and extreme climates because the stationary parts make them more durable and resistant to changes in the weather.
They can be used in places where non-valuable belongings are kept or back gates to old buildings and similar.
Wafer Locks
A wafer is a kind of lock that operates with a series of flat wafers that stop the lock from opening if the wrong key is inserted.
The wafer lock is similar to the pin tumbler lock and uses the same mechanism.
But instead of a pin comprising two or more pieces, as in the pin tumbler lock, each wafer in the lock has only a one-piece pin.
Many people tend to confuse wafer tumbler locks with disc tumbler locks that operate using an entirely different system.
Wafer locks are pretty simple mechanisms and are often used in dirty, high use environments because they are so tolerant of debris and contamination.
You will find them in most cars and last for many years with little or no maintenance.
Inside are small discs or wafers that must be raised to a certain height to align and allow the lock to open.
Tolerances are usually pretty loose and these are pretty easy to pick.
Most wafer tumbler locks with low tolerances can be opened with a set of jigglers,try-out keys, or Single Wafer Picking method.
However, there are high-security versions that have additional grooves cut onto the wafer, called false gates.
These are an anti-picking design and many modern cars use these along with a security sidebar, that fits into a slot on the side of the wafers once they align properly.
These types of locks are not easy to pick.
Tubular Locks
The tubular lock is another common type of lock that’s incorrectly considered “high security”.
That assumption is wrong and is usually because of the lock’s obscurity.
All the features of a standard pin-tumbler lock are still there, just configured in a circular pattern rather than inline as the standard pin-tumbler lock is.
In fact, while the purpose of this post is to explain tubular lock picks, specifically built for picking tubular locks, they can also be picked with common single-pin picking.
Only with a lot more effort.
There are tools such as Tubular Lock Picks that allow these locks to be defeated in less than 1 minute.
The ease with which it’s defeated is due to the low number of pins and the depth settings.
Dimple Locks
A dimple lock is not more secure when compared to traditional pin tumbler locks, but the untraditional nature of the key makes many dimple locks appear sophisticated.
Dimple locks are basically normal Pin Tumbler locks turned sideways.
This is a very common lock in Europe but isn’t very common in North America.
It was designed to prevent manipulation by putting the pins in a very narrow space, thus depriving the lock picker of the working area.
A dimple key has the dimples cut on both sides of the keys so it can be used either way.
Unfortunately, there are specialized tools such as flag picks to pick these locks and lock pickers have become quite proficient at opening them quickly, usually in under 2 minutes.
It’s usual to rake the dimple lock first, set as many pins as possible using the simplest technique, raking – and usually have the success of at least two, sometimes three.
And then Single pin pick the remainder with Dimple (Flag) picks
Interactive Dimple (Mul-T-Lock)
This is a modern high-security lock manufactured by Mul-T-Lock Corporation, is a maker of world-class dimple locks under the Assa Abloy umbrella.
There are a number of different models with increasing levels of picking difficulty.
MTL uses a very unique telescopic pin arrangement (pin-in-pin) to improve key control and pick resistance.
The idea of pin stacks inside pin stacks is the heart of Mul-T-Lock’s design.
It consists of a large key pin with a hole drilled through the center of it.
Inside this hole is a smaller pin, hence the name pin-in-pin.
There is a floating button-like piece in MTL Interactive keys that is pressed into the high-setting pin stack by a spring-loaded pin from below.
Along with an interactive alpha spring at the tip of the key.
This alpha spring adds a key control feature in that photographing the key gives you no information on how high the alpha spring pin needs to be lifted.
The top of the line model is the MT-5+ and offers the highest level of security.
It takes very highly lock picking skills to open it, and there are very few people that can open these with ease.
Unlikely for any criminal to waste their time picking a lock like this.
Bi-Axial (Medeco)
Medeco Biaxial locks are some of the highest security locks available.
They are so secure that the Military used a pair of 6-pin Medeco-cored locks to secure nuclear weapon magazines.
For conventional ammunition and weapons storage rooms, a single Medeco is enough.
The way a Medeco lock works is that in addition to the standard Pin Tumbler lock, keeping the plug from rotating.
There’s also a sidebar that runs along the side of the plug that fits into a groove in the core wall.
Lifting the pins to shear will take care of one shear line.
Rotating the pins to the correct orientation will allow the sidebar to retract into the plug, clearing the sidebar shear line, pin rotation does not apply to the BiLevel.
Still, it’s possible to pick them but they are, by far, the most difficult-to-pick locks. (> 5 pins)
Disc Detainers (Abloy)
This is a disc detainer lock, one of the most secure and pick resistant locks made today.
This simple design contains discs that must be rotated to a precise angle. If a single disc is misaligned, the lock will not open.
It contains no springs or other mechanisms to provide feedback to the lock picker.
The Abloy brand disc detainer is the top of the line and offers the highest level of security of all locks.
If you want the ultimate high-security lock, look no further than an Abloy.
Like every type of security, disk detainers can be incredibly secure, or offer almost no protection.
Everything comes down to the construction of the lock.
How well is it machined?
Have there been more security measures placed in the device?
What are the materials that the lock’s components are made out of?
Any compromise in construction is a detriment to the lock’s security.
There are lesser quality copies of the Abloy design.
These knock-offs are cheaper, contain fewer discs, are made from inferior materials, and don’t contain the anti-picking features.
They are easier to compromise.
There are several Chinese distributors offering disc detainer picks for sale.
With a bit of practice, one will be able to pick open many off-brand disc detainers, but NOT Abloy.
Do Not Use Locks (Basic Lock)
Most locks available for purchase at hardware stores and other non-specialty retail outlets are “basic” in design.
They incorporate no special protections and are trivial to pick or bypass.
Either via brute force “raking” attacks or “lifting” attacks with lockpicks, nearly all basic locks can be opened in short order by an amateur.
Particularly troubling is the fact that the majority of the locks included in mainstream office products (desks, file cabinets, storage boxes, and luggage) are of the basic design.
Featuring no special protections nearly all office furniture and catalog-purchased corporate equipment can be opened in seconds.
- No special protections
- No bypassing resistance
- Unskilled Attacker with basic tools & techniques to unlock under 5 minutes
Basic locks should be avoided.
They provide a sense of false security.
Acrylic Padlocks
Mallory Wheeler
China padlocks
Cutaway Locks
Brinks R80 disk lock
Master Lock #1 , #2 , #3, #4, #5, #6, #7 and #8.
Resistant Locks
Internal Access
Office Doors, Closets, Gym locker, Protecting Privacy & Supplies, low-security lock.
- Some pick-resistant pins and possibly tighter keyway.
- Bump Resistant, low potential of shimming.
- Unskilled Attacker with basic tools & techniques to unlock more than 5 minutes.
- Skilled Attacker with basic tools & techniques to unlock under 5 minutes.
Occasionally one can find items on the shelves of a hardware store labeled with terms like “Pick Resistant”, “Commercial Grade” and “Hardened”.
While some of these locks are legitimate, many others offer no significant protections beyond the “basic” level.
A “pick resistant” design sets itself apart by incorporating features that would prevent an average attacker from easily opening the lock in under five minutes and which fully mitigate the potential for “unskilled” attacks like bumping or shimming.
The use of features like security pins and tight, jagged keyways that frustrate the use of typical tools will make a lock more resistant to basic picking.
Padlocks that incorporate what is known as a “double-ball” mechanism and keyed locks that utilize “anti-bump” pins can adequately quash the risk of zero skill attacks.
Sadly, there exists no standard for packaging and labeling locks that incorporate features such as this.
Most locks that prominently labeled as being “commercial” or “hardened” are referring primarily to the construction of their outer housing and shackle and therefore are touting resistance to brute force attacks with crowbars or bolt cutters as opposed to finessed, covert attacks.
- Suggested Resistant Locks
AmazonBasics Keyed Padlock
Abus 72/40
Abus 74/40 LOTO
Abus 75/50 / 75IB/50
Abus Brady 71/40 LOTO (Lock Out Tag Out)
Abus Bravus 1000
Abus Bravus 2000
Abus E-series (E20-E90)
Abus EC (spool pin version)
Abus Integral
Abus Pfaffenhain
Abus Titalium 80TI
Abus WavyLine
Abus WavyLine Pro
Abus XP10
American Clone
Bab Ikon DS
Bab Ikon P031
Basi CX6
Bks 51-SL
Bks 88
Bks Detect 3
BKS Helius
Burg Wächter Boccia
Burg Wächter Diamant
CES with dustcover
Chateau C970 disk padlock
Commando IC3 Tactical
Commando Marine
Commando Peacemaker
Corona
Corona M
DOM IX 5N
DOM IX HT
DOM RS 5
DOM SC
DOM SV
EVVA FPS
EVVA TSC
Fab 200RS
Federal Lock 5Y3110
Federal Lock 6Y3110
Gera Iseo MC 6500
Gera Iseo MC5
Gera Iseo R6
Guett Dern
Kai Kai
Kasp 14040
Kale 164 CE
Kryptonite 6-pin padlock
Lockwood 120/50 — Non-removable core
Master Lock 410 LOTO (Lock Out Tag Out)
Master Lock 6835
Master Lock 911
Master Lock 931
Master Lock Pro Series
Master Lock S32 LOTO (Lock Out Tag Out)
Mauer Elite 1
MCM SCX
Mottura Champions C10
Mul-T-Lock 7X7
Paclock 90A
Paclock UCS
Schlage Everest
Tokoz Beta
Vachette standard cylinder
Wetzel Pfaffenhain
Wilka 3600
Wilka 3VE
Wilka Primux HX
Winkhaus RAP
Winkhaus RAP+
Winkhaus VS 6-pin
Winkhaus ZRV
Winkhaus ZRV6
Yale 210C/51
Yardeni
Zeiss Ikon K2
Zeiss Ikon N1
Zeiss Ikon P031
Zoo Hardware V10
High Security Locks
External Access
Personnel Doors, Utilities, types of equipment that are susceptible to Vandals & Thugs.
High-Security Locks will be highly recommended.
- Advanced pick resistance with new mechanisms.
- Zero potential of shimming or bumping.
- Unskilled Attacker has no chance in less than 30 minutes
- Skilled Attacker with special tools & techniques will take at least 5 minutes
Many store displays and catalog listings might lump the following locks and the immediately preceding locks into a single category, but there is an important distinction to understand what makes a “high security” lock.
Both a “resistant” and “high security” lock are unlikely to be affected by zero-skill attacks like bumping and shimming, but they perform quite differently when setting up against skillful attacks with lock picking entry tools.
The previous category of “resistant” locks contain features that will frustrate and interfere with the unskillful attacker equipped with basic lockpick tool but they do not ultimately prevent compromise with these tools.
In the hands of a person with some training and understanding of how locks work, a typical lockpick kit of the style sold on the internet will open a “resistant” lock.
A “high security” lock, on the other hand, employs mechanisms that completely block the effort of most average skilled lockpickers.
An attacker with anything less than stellar skill would be unable, in my definition, to open a “high security” lock in under a half an hour.
Even a skilled attacker would require specialized tools and techniques to compromise a high-security lock in anything less than five minutes.
The fact that non-standard tools and techniques are required in these scenarios is the key factor of this category.
- Suggested High-Security Locks
# Preview Product Rating 1 
The Voynich Manuscript 1,255 Reviews Price & Reviews 2 
The Master and His Emissary: The Divided Brain and the Making of the Western World 1,153 Reviews Price & Reviews Abus Bravus 4000
Abus EP10
Abus TS5000
Abus XP2s / Abus XP20s / Cisa AP3
ASSA 600
ASSA d12 / ASSA P600 / ASSA Neptun 1900
ASSA Desmo (6 sliders)
ASSA Twin Combi
Burg Wächter Alpha 800
CEI “Five Colors”
Illinois Duo
Chubb Biaxial
DOM IX 6SR
DOM IX 10
Eagle “Supr-Security”
EVVA DPI – Slider version
EVVA DPS
EVVA DPX
EVVA EPS
Fichet 450
Gerda HSS †
Ingersoll CS
Kaba 8 (3-rows)
Kale Kilit 164 BNE
Lips Keso padlock
Lockwood Twin
M&C Color Pro
M&C Condor
M&C Matrix
Magnum Atlantic
Medeco Camlock (5-6 pins)
Medeco Original / Biaxial / M3
Miracle Magnetic
MLock
Mottura Champions C30 / C31 / C39
Mottura Champions C38
Mul-T-Lock Interactive / Classic / Junior
Mul-T-Lock MT5
Nemef NF4
SFIC format locks
Sergeant Signature
Tesa Tk 100
Tubar
Trioving d12 level 1
US Star Tech “Hi Security”
Yale Superior / Milencio Magnum
Ultra High Security Locks
Sensitive Access
Server Racks, Networking Equipment, Expensive valuables.
- Advanced pick resistance with complicated new mechanisms.
- No potential of shimming or Bump resistance.
- An unskilled attacker has no chance at all.
- Skilled Attacker with highly special tools & techniques needs at least 30 minutes.
(exclude god-level skilled lockpicker like LockPickingLawyer or Bosnianbill)
There does exist one final category beyond the “high security” designation when it comes to locks and access control mechanisms.
There are a small number of products for which there is no known bypass or compromise attack.
A highly skilled attacker, given enough research and time, might be able to open one of these Ultra High-Security locks without the proper key or token or combination.
But it is unlikely to be done in under thirty minutes and would always require special tools and perhaps a multitude of special, self-research techniques.
Even then, it is quite likely that most attacks would involve more than the covert types of action most commonly associated with lockpicking.
Where Ultra High-Security locks truly excel is in the fact that to compromise them, an attacker must almost certainly attempt acts of mass devastation or otherwise render the mechanism damaged easily visible.
Ultra High-Security locks are available for purchase in small, inexpensive form factors.
These locks can be cut with large bolt cutters or smashed apart with sledgehammers or door rams.
What use do they have, in the face of attack?
Their use is in the fact that an attacker has no other option than to destroy the whole lock.
There will be obvious signs of entry, and precaution can be made.
If the morning shift employees arrive at a facility and discover the server room
In situations that demand the highest security, the greater risk is the non-destructive entry, since the victim has no means of identifying the intrusion and responding swiftly.
By forcing an attacker to take a destructive route, it could give you peace of mind in the absence of any signs of forced entry.
If things look in order, you can rest assured that no one has bypassed your security perimeter without your knowledge.
Some of the lock mechanisms of Ultra High-Security locks.
The Protec rotating disk design by the Abloy group, the Bi-Axial lock by Medeco, and the MT5+ series (5 pin version) by the Mul-T-Lock company.
- Suggested Ultra High Security Locks
Abloy Protec2
ASSA dp4400ASSA Twin 6000 / Twin Exclusive
ASSA Twin Pro / Twin Maximum / Twin v10 / Twin Global
ASSA Twin Combi / ASSA Triton / ASSA Neptun 4900 / Trioving System 10
Bowley
Chubb Detector
DOM ix Twinstar
EVVA 3KS / 3KS+ / 4KS
EVVA Dual
EVVA ICS
EVVA MCS gen 1 / Zeiss Ikon M
EVVA MCS gen 2
Fichet F3D
Kaba 20 / MIWA JN
Kaba Star
Kaba Quattro / Kaba Expert
Kaba Penta
Kromer Protector
MIWA PR
MIWA U9
Mul-T-Lock MT5+ (5 pin version) / Zeiss Ikon R10
UrbanAlps Stealth Key
Yuema 750 / Forte Enigma
Zeiss Ikon WSW
