lockpicking hacks

53 Articles

A Lockpicking Robot That Can Sense The Pins

July 21, 2025 by 15 Comments

Having a robot that can quickly and unsupervised pick any lock with the skills of a professional human lockpicker has been a dream for many years. A major issue with lockpicking robots is however the lack of any sensing of the pins – or equivalent – as the pick works its magic inside. One approach to try and solve this was attempted by the [Sparks and Code] channel on YouTube, who built a robot that uses thin wires in a hollow key, load cells and servos to imitate the experience of a human lockpicker working their way through a pin-tumbler style lock.

Although the experience was mostly a frustrating series of setbacks and failures, it does show an interesting approach to sensing the resistance from the pin stack in each channel. The goal with picking a pin-tumbler lock is to determine when the pin is bound where it can rotate, and to sense any false gates from security pins that may also be in the pin stack. This is not an easy puzzle to solve, and is probably why most lockpicking robots end up just brute-forcing all possible combinations.

Perhaps that using a more traditional turner and pick style approach here – with one or more loadcells on the pick and turner- or a design inspired by the very effective Lishi decoding tools would be more effective here. Regardless, the idea of making lockpicking robots more sensitive is a good one, albeit a tough nut to crack. The jobs of YouTube-based lockpicking enthusiasts are still safe from the robots, for now.

Continue reading “A Lockpicking Robot That Can Sense The Pins”

Physical Key Copying Starts With A Flipper Zero

March 25, 2025 by 26 Comments

A moment’s inattention is all it takes to gather the information needed to make a physical copy of a key. It’s not necessarily an easy process, though, so if pen testing is your game, something like this Flipper Zero key copying toolchain can make the process quicker and easier when the opportunity presents itself.

Of course, we’re not advocating for any illegal here; this is just another tool for your lock-sports bag of tricks. And yes, there are plenty of other ways to accomplish this, but using a Flipper Zero to attack a strictly mechanical lock is kind of neat. The toolchain posted by [No-Lock216] starts with an app called KeyCopier, which draws a virtual key blank on the Flipper Zero screen.

The app allows you to move the baseline for each pin to the proper depth, quickly recording the bitting for the key. Later, the bitting can be entered into an online app called keygen which, along with information on the brand of lock and its warding, can produce an STL file suitable for downloading and printing.

Again, there are a ton of ways to make a copy of a key if you have physical access to it, and the comments of the original Reddit post were filled with suggestions amusingly missing the entire point of this. Yes, you can get a key cut at any hardware store for a buck or two that will obviously last a lot longer than a 3D printed copy. But if you only have a few seconds to gather the data from the key, an app like KeyCopier could be really convenient. Personally, we’d find a smartphone app handier, but if you’ve got a Flipper, why not leverage it?

Thanks to [JohnU] for the tip.

This Robot Picks Locks, If You’re Very Patient

May 5, 2024 by 17 Comments

We all know the Hollywood trope of picking a lock with a paperclip, and while it certainly is doable, most reputable locks require slightly more sophisticated tools to pick effectively. That’s not to say that wire is off the table for locksports, though, as this cool lock-picking robot demonstrates.

The basics behind [Sparks and Code]’s design are pretty simple. Locks are picked by pushing pins up inside the cylinder until they line up with the shear plane, allowing the cylinder to turn. Normally this is done a pin at a time with a specialized tool and with a slight bit of torque on the cylinder. Here, tough, thin, stiff wires passing through tiny holes in a blade shaped to fit the keyway are used to push all the pins up at once, eliminating the need to keep tension on the cylinder to hold pins in place.

Sounds simple, but in practice, this looks like it was a nightmare. Getting five wires to fit into the keyway and guiding them to each pin wasn’t easy, nor was powering the linear actuators that slide the wires in and out. Applying torque to the lock was a chore too; even though tension isn’t needed to retain picked pins, the cylinder still needs to rotate, which means moving the whole picking assembly. But the biggest problem by far seems to be the fragility of the blade that goes into the keyway. SLA might not be the best choice here; perhaps the blade could be made from two thin pieces of aluminum with channels milled on their faces and then assembled face-to-face.

The robot works, albeit very slowly. This isn’t [Sparks and Code]’s first foray into robot lock picking. His previous version attempted to mimic how a human would pick a lock, so this is really thinking outside the box.

Continue reading “This Robot Picks Locks, If You’re Very Patient”

An illustration of a key sitting on an ID card. The key is light grey and the ID card is a darker grey gradient. The ID card says ID-1 Card 85.60 by 53.98 mm

All Your Keys Are Belong To KeyDecoder

January 21, 2023 by 56 Comments

Physical security is often considered simpler than digital security since safes are heavy and physical keys take more effort to duplicate than those of the digital persuasion. [Maxime Beasse and Quentin Clement] have developed a smartphone app that can duplicate a key from a photo making key copying much easier.

KeyDecoder is an open source Android app that can generate all the necessary bitting info to duplicate a key from just an image. Luckily for the paranoid among us, the image must be taken with the key laying flat without a keyring on an ISO/CEI 7810 ID-1 ID or credit card. A passerby can’t just snap a photo of your keys across the room and go liberate your home furnishings, but it still would be wise to keep a closer eye on your keys now that this particular cat hack is out of the bag.

The project’s GitHub page is awash in warnings that this tool is designed solely for “pentesters and security enthusiasts” to warn their friends and clients about the dangers of leaving their keys exposed. After learning about this tool, we wouldn’t be surprised if some in the audience start rethinking how they carry and store their physical keys from now on.

If you want to see some more hacks to duplicate keys, checkout Copying High Security Keys With OpenSCAD And Light and Methods Of Copying High Security Keys.

A robotic machine turning the wheel of a safe

Adventures In Robotic Safe Cracking

January 10, 2023 by 19 Comments

When [Zach Hipps] was faced with a locked safe and no combination, it seemed like calling a locksmith was the only non-destructive option. Well, that or doing something crazy like building a safe-opening robot. Since you’re reading this on Hackaday, we bet you can guess which path he took.

So far, [Zach] has managed to assemble the custom chuck and spindle for the safe cracker. This construction is then mated with an appropriately precise Trinamic controller for the motor, which is perfect for this heist project. After some early consternation around the motor’s stall detection capabilities, the project was able to move forward with extra microcontroller code to ensure that the motor disengages when sensing a ‘hard stop’ during cracking.

Precision is absolutely essential in a project like this. When dealing with a million potential combinations, any potential misconfiguration of the robot could cause it to lose its place and become out-of-sync with the software. This was encountered during testing — while the half-assembled robot was (spoilers) able to open a safe with a known combination, it was only able to do so at slow speed. For a safe with an unknown combination, this slow pace would be impractical.

While the robot isn’t quite ready yet, the Part 1 video below is a great introduction to this particular caper. While we wait for the final results, make sure to check out our previous coverage of another auto dialing robot cracking the code in less than a minute.

Continue reading “Adventures In Robotic Safe Cracking”

This Week In Security: Rackspace Falls Over, Poison Ping, And The WordPress Race

December 9, 2022 by 17 Comments

In what’s being described as a Humpty-Dumpty incident, Rackspace customers have lost access to their hosted Exchange service, and by extension, lots of archived emails. The first official word of trouble came on December 2nd, and it quickly became clear that this was more than the typical intern-tripped-over-the-cable incident. Nearly a week later, Rackspace confirmed what observers were beginning to suspect, it was a ransomware attack. There’s not a lot of other answers yet, and the incident FAQ answers are all variations on a theme.

Our investigation into the incident is ongoing and will take time to complete. To ensure the integrity of the ongoing investigation, we do not have additional details to share at this time.

Knowing the security issues that have plagued Microsoft Exchange over the last couple of months, one has to wonder if Rackspace was breached as a result of the PowerShell problems. What’s staggering is that a week after the incident, Rackspace still has no timeline for service restoration.

Rackspace isn’t the only major ransomware attack this week, as a hospital in Versailles has partially shut down due to another ransomware attack. Operations were canceled, and work has to be done the old fashioned way, without the network to support.

Continue reading “This Week In Security: Rackspace Falls Over, Poison Ping, And The WordPress Race”

A machine that holds a combination padlock and turns its dial, with two padlocks next to it

Robot Opens Master Combination Locks In Less Than A Minute

September 18, 2022 by 28 Comments

A common trope in bank heist B-movies is someone effortlessly bypassing a safe’s combination lock. Typically, the hero or villain will turn the dial while listening to the internal machinery, then deduce the combination based on sounds made by the lock. In real life, high-quality combination locks are not vulnerable to such simple attacks, but cheap ones can often be bypassed with a minimum of effort. Some are so simple that this process can even be automated, as [Mew463] has shown by building a machine that can open a Master combination lock in less than a minute.

A machine that holds a combination padlock and turns its dialThe operating principle is based on research by Samy Kamkar from a couple of years ago. For certain types of Master locks, the combination can be found by applying a small amount of pressure on the shackle and searching for locations on the dial where its movement becomes heavier. A simple algorithm can then be used to completely determine the first and third numbers, and find a list of just eight candidates for the second number.

[Mew463]’s machine automates this process by turning the dial with a stepper motor and pulling on the shackle using a servo and a rack-and-pinion system. A magnetic encoder is mounted on the stepper motor to determine when the motor stalls, while the servo has its internal position encoder brought out as a means of detecting how far the shackle has moved. All of this is controlled by an Arduino Nano mounted on a custom PCB together with a TMC2208 stepper driver.

The machine does its job smoothly and quickly, as you can see in the (silent) video embedded below. All design files are available on the project’s GitHub page, so if you’ve got a drawer full of these locks without combinations, here’s your chance to make them sort-of-useful again. After all, these locks’ vulnerabilities have a long history, and we’ve even seen automated crackers before.

Continue reading “Robot Opens Master Combination Locks In Less Than A Minute”