Schneier on Security
A blog covering security and security technology.
« Plasmonics Anti-Counterfeiting Technology |
| Multiple Protocol Attacks »
December 19, 2011
How to Open a Padlock with a Coke Can
A nice tutorial on making and using shims to open padlocks.
Posted on December 19, 2011 at 1:38 PM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So now they will ban Coke ?
I bet it works with Pepsi, Dr. Pepper, and Coors Lite too. Better ban all of 'em.
This has been around for quite some time. I heard it was supposedly fixed. But who knows how true it really is.
For Master combination locks it's also well known that you can find the last number by pulling on the shackle and turning the dial. Once you have that there are only 100 combinations to try.
I've got almost no skills and have beaten Master combination locks by feel.
@craig. Yep, I figured beer would be involved.
If you can't do that, a chainsaw works just great on a lot of walls. Just saying.
Note: burg. alarms are no match for a chainsaw, and if you cut the phone lines while you do it.......caution about hitting power wiring though. 220 hurts.
I've seen this trick on youtube, with a bus ticket or something like that.
Master Lock has fixed the problem with their popular rotary combination padlock with what they call "BlockGuard". I can't find any videos on YouTube depicting shimming the "new" model, but here's how BlockGuard works:
Granted, if I had some really serious protecting (like a rental truck), I'd probably go for a far more serious padlock than the Master 1502.
It's a nice video but he didn't succeed with two shims. If you look closely, you'll see that he has the bottom of the lock covered by his hand the entire time. At the end, he makes an awkward twisting motion with it that unlocks the lock with a key.
Most of those Master locks fails after about 65 or so pounds, MAYBE upwards of 90, of continuous applied force, which is terribly easy to generate with a short bar, or other methods... cheap metal, they just pull apart. Unlike, oddly, those common cheap carabiners you see everywhere, which can be 2-5x stronger (not for rock climbing!)
Of course, a 1-2 well place swift blows with a typical hammer, or even a rock, will make a lot of padlocks give it up, but especially most Master locks, and probably all of them intended for use on lockers and such.
Try it sometime, it's disturbing how easy it is.
Next up: Bic pens and circular locks (as found in ACE, and various older Kryptonite type bikelocks), 3 seconds, and Bob's your Uncle owning a new bicycle. Sad.
This is a seriously stale story, what will you write about next, lock-bumping?
I'll make my usual comment,
All mechanical locks have "slop" or "play", they need it otherwise they would "bind" whenever the sun shines or the frost bites or a bit of dirt or even grease gets in the works.
Where ever there is play you have a crack into which you can drive the tip of an attack, be it just to "feel" or "impression" or to get in "picks" or "shims" and as we also know give it a good smack with a hammer to make use of "Newton's Cradle" effect to "bump" the tumblers/pins.
It might only be a couple of thou' (0.04-0.08 mm) in a good lock or 20-50 thou in a bad or worn lock. But you can get metal foil shims for measuring etc in even those smaller amounts of slop made out of some quite high tensile materials that don't have the maliabality of softer metals such as steel or aluminium.
And guess what you can get shims made of glass for measuring very small gaps, that are flexible enough to slide down the side of the hasp to allow a snap lock to be worked...
I've even seen someone impression a lock key with a splinter thin length of hard wood, and I've made a "pick/rake gun" with a free metal coat hanger from a dry cleaners and a hammer and pair of pliers.
I've also been told you can fold up the old style metal foil around chewing gum to work a lock.
But my favourite tools used to be the plastic tooth pick and thin metal forceps/tweesers in a "Swiss Army Knife" for opening most padlocks and some of the cheap pinlocks used on office doors.
@ alex w,
"This is a seriously stale story,"
Yes the subject is getting a little long in the tooth,however I think Bruce is aware of that which is why he refered to the quality of the tutorial not the age of the subject.
Bruce, thanks for highlighting our shimming post on ITS Tactical. Keep up the great work here!
Here's a giant laugh:
Remember to always get permission before opening any locks that don’t belong to you ...
I used to be a guard at a county jail. Bulletin went around describing how the prisoners had made a handcuff lock pick from the ink tube in a Bic ball pen. When I was in the Army, the well known method for opening one of the combination locks with the single spinner was to wrap a shoe lace around the spinner, then rapidly saw/bow the shoelace back and forth.
This does not work with even moderately well made locks, as there is not enough clearance.
Try "Ollam-Lockpicking.mp4". You should be able to find that lecture somewhere on the net.
He does a really great job of teaching this stuff.
As for combination locks... They have a well known design defect. There are 40 numbers on the wheel. But the underlying hardware supports far fewer. So you can hit every 2.5 digits, or about 16 possibilities, and cover all 40 possibilities. All possible final numbers can be tried (sequentially) without redialing. So you go from 40*40*40=64,000 combinations down to 256. If you have an idea on the first or second number, the search space becomes much smaller. I've amazed folks by cracking their locks in mere minutes. And this is far from the best crack out there...
Next up: "How to Open a Coke Can With a Padlock"
As Mongo mentioned above you can also decode the combination by mechanically determining the last digit then calculating all remaining valid combinations (~80-100 vs 64,000). I wrote a small program called Combogen back in the day to generate the valid combinations: http://www.indiecom.org/projects/combogen/
I actually just read a blurb about this technique in Eric Haney's "Inside Delta Force". He refers to being taught how to "open locks with a beer can".
Would this be part of the TSA training graduation exam ?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.