Lockpicking Forensics - RSS 2.0 Feed
Lockpicking Forensics - ATOM 1.0 Feed



Bypass is a form of covert entry that attempts to circumvent the security of the lock by attacking the cam, bolt, or locking knobs directly. While lockpicking focuses on defeating the security of the lock through manipulation of components, bypass goes directly to retracting the bolt without affecting the integrity of the components. Certain bypass techniques are also forms of destructive entry, but bypass generally refers to non-destructive methods.

Bypass Principles

Attacks against the cam or actuator are a class of bypass that is surprisingly effective. In this attack, a poorly designed cam or actuator may be manipulated without affecting components. This vulnerability is somewhat uncommon, but extremely effective and easy to do when present. Because tools must generate a mild amount of torque as well as travel through the plug, they leave distinct tool marks.

Spring loaded bolts or latches are subject to an attack known as shimming. In shimming, a wedge is used to separate the bolt from the spring, or the bolt from the recess (such as in a door). The classic credit card trick to open doors is a popular example of this technique. Low-security padlocks are also commonly susceptible to shimming of the shackle. Shimming against doors is also known as loiding.

Locks that use a thumb-turn or lever handle on the inside of the door may be vulnerable to bypass. In this attack a tool is slipped under the door and attempts to swing and catch onto the thumb-turn or lever. The tool is used to turn or pull until the door is opened. This may or may not have forensic evidence, depending on the material of the tool, handle, and how many attempts are necessary to gain entry.

In automobiles, the door frame may be attacked with what is known as a air wedge. First, a wedge (usually plastic) is used to lightly separate the door from the frame of the automobile, then a deflated air wedge is placed in the opening. The air wedge is filled with air, causing it to expand, and the door is held open to allow a tool to be inserted to manipulate the inner unlocking mechanisms inside the vehicle. This technique is commonly used by locksmiths during automobile lock-outs.

Forensic Evidence

The American 700 (old models) have a vulnerability that allows bypass via manipulation of the cam. Essentially, the cylinder is not required to move in order to actuate the cam. Tool marks left on the cam and back plate indicate that bypass was used as the method of entry.

The American series 700 lock showing signs of a well known bypass technique.

In response to the above attack American Lock (now owned by Master Lock) issued a hardware patch to prevent the bypass method. It is just a small metal disc, and in the photo we can see tool marks from where bypass was attempted. The 700 has since been redesigned because another attack against this component makes bypass again possible.

The American series 700 lock with hardware 'patch' showing attempted bypass.
Trace evidence from the bypass of the CodeLock 4000.

The Code Lock (4000 series) electromechanical lock is subject to a bypass attack that manipulates the bolt actuator. In the photo, material has been removed from both the actuator and the tool (a thin piece of metal) and scattered around the inside of the lock.

Marks on the actuator are the main source of distinct tool marks in this attack.

In most forms of bypass that target the actuator, tool marks on the actuator are distinct. In this photo, we see tool marks on the actuator of a Code Lock (4000 series). Notice tool marks are at a variety of angles and depths, all of which are inconsistent with normal use or wear.

If you would like to help this site by donating any bypass tools, please contact me.