Difference between revisions of "Lockpicking"

About lockpicking

What is Lockpicking?

Lockpicking is the art of opening a lock without damaging it or using a key. This 'opening without damage' can be done in various ways, but is generally done with special tools for that purpose.

Tools?

So-called 'lockpick sets' are available. In these sets a number of lockpick tools may be found. These little toolsets are freely available, and are not restricted by special laws or the like. Which makes sense, considering such a set is worthless without the proper knowledge and a lot, a whole lot of practice.

Why lockpicking as a 'door hardware sport'?

"Door hardware sport" made its way here from Germany, where the 'Sportsfreunde der Sperrtechnik' have been involved with this unusual sport. Lockpickers see locks as puzzles, and solving such a puzzle provides an enormous thrill ;) This thrill motivates people to carry on with it, and try an even more difficult lock. It is addictive, but pacifying all the same. Since we have not yet decided what 'sort' of sport lockpicking is, we practice in the thinking sport room of a sport hall in East Amsterdam. The nice thing about lockpicking is that you can practice just about anywhere. A long journey by rail, or are you obligated to go along to a boring lecture? Bring a couple of difficult locks with you, and your day will not be long enough! There are even members who lockpick in the movie theatre, or while waiting for the light to turn green in the car! Of course, we are talking about our most fanatical members, who practice themselves silly in preparation for the championships.

Championships?

Of course, there's no sport without championships. Toool is involved with two types of competitions. Stefaan Offerman came up with the continuous competition. This competition goes on all year, and provides an opportunity to learn the 20 to 30 different competition locks inside and out. So you can pick a particular lock as many times as you like, and your fastest time will be the only one that counts. Some times are difficult to improve upon, as they are reaching below the half-second mark. That is including the time it took to push start and stop on the stopwatch! Here's an example of Paul Boven setting such a time on a lock video. You can also look at the results from previous competitions at the page of the continuous competition.

And since 2002 we have been organizing the now world-famous and world-infamous 'Dutch Open' lockpick championships. This is where lockpickers from different countries (Germany, France, the Netherlands, and even the US) battle it out for the highly coveted cup. Unlike in the continuous competition, competitors in the Dutch Open get a different new lock each time. So this is the day to be in top form. Since 2008, the Dutch Open is held during LockCon.

Gathering?

Every two weeks, the Amsterdam and Eindhoven chapters of Toool meet. During these gatherings, the members exchange tips and practice their lockpicking. Beyond that, it is simply a fun event, because the members come from the most diverse circles. It is simultaneously a chance for would-be members to come and have a look, and get acquainted with door hardware sport. During this introduction you get explanations of how a lock works, and why it is at all possible that locks can be opened without damage. Subsequently, you may open your very first lock with the club's tools! We are rather confident in our field, and promise that you will be certain to open a lock after receiving instruction! Some say that the feeling of your first lock opening is unforgettable, and incredibly 'addictive' :) You have been warned! There are, however, a number or rules that members and interested parties are to adhere to ...

The Rules?

Every member must be acquainted with the by-laws. The rights and responsibilities of (would-be) members and the board are grounded in these. Furthermore, sport lockpickers do not like to talk about opening doors, stealing bicycles or opening techniques in which means other than lockpick tools are employed. Of course, there may be exceptions, but these dark matters have nothing to do with our sport. The board will also take action if this sort of subject matter is discussed (in excess). We do our best to make it a nice sporting organisation, and try to keep criminal elements out.

Criminal Elements?

If you want to be able to break in as needed, then just go buy a crowbar or a screwdriver; lockpicking will be of little help to you. With a crowbar, breaking in takes seconds. To be good in lockpicking, on the other hand, you need years of practice and enormous amounts of patience.

And we open locks in our hands, or fix them to a table with a clamp. This works quite differently than opening a lock in a door. In fact, that is an inconvenient placement, and demands an entirely different position and technique. And that is the last thing we have to say about this.

The association shall also cooperate with the authorities at all times (provided of course that its officers come with a valid request). What's more, we know from experience that agents of the law do in fact come to have a look, and do not always go to the trouble of identifying themselves as such. That is no problem for us, and we hope that this has the effect of frightening off persons with bad intentions. It would do justice to the name of law officers if they would identify themselves to the board, but that is their choice.

And then there's the 'forbidden information'.

Obviously, criminals never rest in coming up with new techniques to get around locks. If there are techniques that pose a great risk to society, or if a lock manufacturer fails to inform its customers about a particular vulnerability in its products, then we blow the whistle. The question of whether you should publish flaws or keep them secret is an easy one for us to answer. A weakness or flaw in a product can no longer be reversed, and once it is has already been published within a certain scene then it is much better if everyone knows about it. This is the only way in which people acting in good faith can protect themselves against people acting in bad faith. Even specialised installation companies are sometimes unaware of techniques that are broadcast on prime time TV just over the border of the neighbouring country. For instance, there is the bump-key method, which caused quite a stir in Germany, but which is practically unknown in other countries.

Another example is the Winkhaus blue chip lock. This lock has a reputation of being very secure because it uses 128 bit encryption technology; but in practice, it can frequently be opened without a scratch by using a magnet costing 39 euros. That was well-known in Germany in mid-2004, and at the Essen security show of 2004 the security firm Wendt demonstrated it before a large audience. But in the Netherlands, (almost?) no one knows about this serious problem, and Toool has already demonstrated the vulnerability of this lock at least three times for blue chip users who thought that they had bought a secure lock system. But even if a customer blows the whistle by calling Winkhaus, they will get only a lukewarm response. It would behoove Winkhaus to pubish the problem to its entire customer base and to offer them a real solution. If customers ask for it themselves, Winkhaus offers the following 'solution'. We don't think that this is a solution, and we want to give them a little help by telling them that the blue chip cylinders using an external battery are not vulnerable (or at least don't appear to be), while locks with a built-in battery are vulnerable. One solution would be then to replace all of the locks with a built-in battery with a version using an external battery.

Winkhaus update 04/2006: It is confirmed the first generation BlueChip even has one completely different vulnerability to bypass them damage free. However, Winkhaus has completely re-designed the inner working of the bluechip. The solenoid in this new design is mounted on the other side of the lock (like we advised), far away from evil magnetic fields. And their engineers tried real hard to break their own product this time. Credit where credit is due, we have examined the new design (V 1.2) and it looks very good and solid. We know it's not going to be easy to bypass this new model, but will try to do so anyway ;) For the moment we don't see any weaknesses.

As you have noticed we are very open about locks and security. But we can even be more open. Several Toool-people have written a series of articles on high security locks. The high resolution images and technical explanation of the inner working of these locks is completely in line with Toool's open attitude. Check out our special page for Publications publications.

Frequently Asked Questions

Why does TOOOL have three O's?

Every aspect of lockpicking has to do with the three O's!

Huh?!? The three O's? Explain?

The three O's stand for practising Over and Over and Over again!

Help, I'm locked out of my house, and I need to get inside

Some of Toool's finest members are also professional locksmiths. In a wide circle around Amsterdam you can call Intact Noodopening to get your lock opened. These locksmiths are all specialized in the art of opening doors while leaving the lock undamaged. So in most cases the Toool related locksmiths can open your lock without damaging it, and when the lock is open you receive a working key again for your lock! This saves you money as there are no extra charges for replacement locks and extra spare-keys. This skill is especially useful for people who lost their keys and have multiple locks on their door. The cherry on top is that even some some expert safe-technicians are Toool members too. In some cases high security safes can be opened without damage too. (note: all customers must provide ID)

Where can I find more information about lockpicking?

People with a good internet connection can download (for free) these workshops. Stuff to read is also available. The English-language MIT Guide to lockpicking is world-famous. In the Netherlands, we have some articles from the hacker periodical ' Hack-tic' where you can pick up a few pointers.

How many members do you have?

About 75. In Germany, there are more than 1000 (!) members, so we have some catching-up to do...

What does membership cost, and how does it work?

The first sporting evening is free; afterwards, you decide if you want to become a member. You do not have to pass up the chance because of the cost, because membership is 20 euro per year. We count the year from the day that we receive payment.

What does damage-free opening mean?

Damage-free means for us that the lock is not broken and can still be used. People think that lockpicking does not leave any traces, but nothing could be less true. The tools make scratches in the lock in places a key would never come into contact with.

These scratches can even be ascertained with the naked eye. In Germany, the SSDev has co-operated with an investigation done by the German federal forensic laboratory. Five test locks belonging to the lab were opened by the club, using various methods. After some research, the lab was able to tell exactly what technique was used and (approximately) how many times the locks had been opened. The German federal forensic laboratory even gave a workshop about its findings during the annual CCC convention in Berlin.

What do the Dutch authorities actually think of this?

We have had the police visit us a couple of times, and even given them some instruction :) Once again, Lockpicking is legal, and anyone is allowed to have a lockpick set in his or her possession.

Which lock is difficult to open, or even impossible to open for you?

As 2.6 million viewers could see in the VARA programme 'Kopspijkers', we do not get all locks open. There are many types of locks, and every lock has its own 'character'. Most 5- or 6-pin locks can be opened after a great deal of practice. It is not our task to recommend a particular type of lock, we would prefer to leave that to the police seal of approval.

All the same, we do want to give a few tips as to what you have to watch out for when buying a cylinder lock. Damage-free picking does not constitute a realistic threat of break-ins, and an 'unpickable lock' is in our opinion of only limited value. It is much more important that the lock is resistant to the most common break-in techniques: breaking and/or drilling (also called the Bulgarian method). Take care that your lock is resistant to pulling, breaking and drilling.

Toool has a great deal of knowledge about door hardware techniques. As such, members of the association have even (successfully) been called to the stand as expert witnesses in complicated trials. We also increasingly advise businesses and we are often invited to speak at various seminars. If you have any serious technical questions or problems, please do not hesitate to contact us at info@toool.nl