Categories
Security

Picking my first lock

…and my second

Given my obvious interest in cyber security, I decided to give physical penetration testing a go. A lot of cyber security professionals use lock-picking skills when out in the field, so it’s an important to skill to learn.

Knowing absolutely nothing about lock picking, I decided to buy the first lock picking kit I could kind from a quick search online. I settled with a ‘Lokko’ Lock Pick Set from UK BumpKeys. I confess – I still know very little about lock-picking so please bare this in mind when reading this post. 🙂

The set consisted of a 12-piece lock set, two practice locks, a credit card concealed lock picking set, and a number of tension levers.

The set came with an e-book (though you can pay extra for a real book if you wish) which describes the basics of lock-picking. I haven’t actually read the book yet, as I watched a couple of basic lock-picking videos on YouTube before the set arrived in the post.

Before trying to pick a lock, we need to understand a few of the lock types. A common lock type (most often seen in padlocks) is a basic pin lock. Aside from the terrible background music, this video by DaveHax on YouTube is helpful in explaining the basic fundamentals of picking a pin-based lock. I recommend giving it a watch if you don’t already understand the basics.

What picks do we have?

As you can see, there are 12 picks in this set. I’m still yet to learn about the different types of picks myself, but from what I have learnt so far, you have a few picks designed to target individual lock pins (starting from the left), moving onto your rake style picks on the right which target several pins at once in a more brute-force style of picking. The one on the end is apparently called a snowman – I have no idea what this one is for?

I managed to pick both locks several times in the picking kit using a variety of different picks – the first attempt only took a few minutes. I found the practice locks fairly straight-forward. These locks have the obvious advantage that they are transparent, allowing you to see the individual pins as you pick them. This makes it far easier, but after a short-while, I found I was able to pick them without looking at the pins.

It’s really exciting when you manage to pick your first lock, but the effect quickly wears off when you realise the lock you have picked a lock that is designed to be picked. My next step was to buy a real lock.

I went onto eBay and ordered one of the first few locks I could find (a Master Lock M5). I picked two of these locks up for £12.99.

It was only after I purchased both locks I noticed the following wording in the product description:

“The 4-pin cylinder prevents picking”

As someone who has only picked a couple of practice locks, there’s no way I could pick a lock which “prevents picking”, right? Wrong!

The M5 lock is certainly a lot more difficult to pick and I need to give it some more practice, but I was relieved that I was able to successfully pick this despite the (rather inaccurate) product description. Picking a real lock gives far more satisfaction than picking a practice lock. I guess I’m going to have to order more to practice my new hobby on.

By Thomas Williams

Thomas Williams is learning ethical hacking and hacks things as a hobby. Learn new hacking skills, follow up-to-date cyber security news, and play along with CTFs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.