How to learn lockpicking

Posted September 6, 2017 | View revision history

I’m preparing to teach lockpicking to my class of 20 students in my information security management course at CU Boulder as an object lesson on the importance of physical security. My colleague Tony Vance has done the same at BYU, so he shared with me how he approaches it. I’m documenting what I’ve done.

  1. Make lock stands out of wood. I used 2x4 cut to 11”, which I screwed onto some scrap 1x wood I had lying around. Screws need about 1” bite, more going into endgrain, so I used 2” screws for the joint. (I’ll post a picture soon). 2x4’s are just baaarely wide enough to receive a doorknob jig like this, but it doesn’t matter if the hole goes off the wood a bit. The deadbolt doesn’t rely on a perfectly in-tact hole for stability. (You don’t have to use a stand – you can just hold the deadbolt in the same hand applying the tension. But I think the stands are fun.)
    • 1” hole saws, like the kind that come in knob jigs, are a bane of my existence. I had the hardest time getting them to release the wood plug. I much prefer using a 1” spade bit.

  2. I bought a slew of Defiant single-cylinder deadbolts, $11 each. They use a KW1-keyway. Defiants are good for beginners, but that doesn’t mean they’re too easy for beginners. All Defaint deedbolts have at least once security pin (a spool) in position #3. But even with those, I picked my first lock within two days.

  3. Since these deadbolts use a KW-1 keyway, they’re bumpable with these bump keys, which I also bought several of. These deadbolts aren’t expensive enough to have any kind of anti-bumping pins, so they’re super bumpable. For bump hammers, I just bought a bunch of <$1 screwdrivers from HD. They work well enough. I strike with the handle.

  4. For lock picks, I ordered several sets of Southord “Eleven Piece Lock Pick Set With Metal Handles”. This set also looks nice, and they’re a little cheaper, but I haven’t tried them.

  5. My first read was Deviant Ollam’s Practical Lock Picking: A Physical Penetration Tester’s Training Guide, which got me started. I struggled my first day though – probably because I didn’t read far enough into it to learn about security pins. Reading Lock Picking: Detail Overkill, which I found on the /r/lockping wiki, helped me get a better feel for the right amount of tension to apply, and also for how to deal with the spool security pin. Also, by the second day, I had a better feel for how to hold the pick and tension wrench. I think sleeping on it helped. I’ve been practicing at the office for 2-minute breaks, and it’s feeling even more natural.

The single lock picking stand on my desk right is very interesting to anyone who visits my office. I haven’t taught that class yet, but the students are excited. My neighbor isn’t so excited (“Hi Dave, what’s new?” “Just picked my first lock!” “… so my neighbor is a criminal…” “I’m also going to teach it to 20 college students, making them all criminals, too.” “… oh, that’s… good.”)

Tags: security, pedagogy

Dave Eargle is a Senior Consultant in Cybersecurity Assessment at Carve Systems. More about the author →

This page is open source. Please help improve it.

Edit