Lockpicking Forensics - RSS 2.0 Feed
Lockpicking Forensics - ATOM 1.0 Feed


Welcome to Lockpicking Forensics

An image of a pin-tumbler pin with marks left by lockpicking tools.

LockpickingForensics.com is dedicated to the science and study of forensic locksmithing. This site has information that will help:

  • Determine method of entry
  • Identify tool marks and techniques
  • Determine skill level of attacker(s)
  • Preserve, collect, and protect evidence
  • Maintain a clean forensic workspace
  • Organize and write investigative reports

Get started: Normal Wear | Lockpicking | Key Bumping | Forensic Investigation

Use the links on the left to familiarize yourself with the site. All images on the site can be clicked for an englarged, captioned version. For more information on locks, lockpicking, and physical security, visit LockWiki.com

Feel free to contact me if you have any questions about the site or its content.

Mul-T-Lock Article 2.0 Released

A new version of the Mul-T-Lock: Design and Security article is available on the articles page. Updates include many retouched or retaken photos, a greatly expanded MT5/MT5+ section (now includes keying specs), a number of additions to the Security Analysis section (including MT5+ vulnerabilities discovered from 2009-2012), a section on MT5+ key card attacks, and many minor corrections. An earlier version of the 2.0 article was published by the Society of Professional Locksmiths in their Security Sentinel e-zine.

I also did an interview on forensic locksmithing for The Forensic Examiner magazine. It should be published sometime in 2013; I'll try to get a copy on the site once it is available.

Posted by datagram, 10.12.12

Post-Defcon Update

It's been a while since my last update! I've been very busy with conferences and training events so far this year. At this year's Black Hat & Defcon conferences I gave two talks and a two day training on tamper-evident devices. At Defcon, my team once again won the Tamper-Evident Contest hosted by The Dark Tangent. For anyone interested in locks or forensic locksmithing I would recommend looking into tamper-evident devices. They're an interesting and often misunderstood area of physical security that rely heavily on the basic mechanical principles of locks and forensic inspection. Essentially, they're one-way locks that require dedicated inspection to do their job.

The next event I'm planning on being at is LockCon 2011 in October. I'll be a giving another talk this year; more details should be announced on Blackbag soon. As always, past and future conference info is available on the events page.

More articles for the site and a full site redesign are in the works, so stay tuned!

Posted by datagram, 08.10.11

Upcoming Events

Details for my next few events are up on the Events page. Of particular interest, I will be at AUSCert in a few weeks to talk about how lockpicking and forensic locksmithing are affected by the spread of information, particularly that of vulnerability information on locks that everyone relies on day to day. The theme for AUSCert 2011 is "overexposed"; "a reflection of the increasing exposure to information security risks that people, business and society face." After AUSCert I will be back at LayerOne running the Lockpicking Village and the Tamper Evident contest. LayerOne is a great conference in Southern California, I've spoken there four times and ran the LPV in 2009. I encourage everyone to attend if you're in the area or would like a nice vacation!

Posted by datagram, 04.28.11

BiLock Article Released

"Beating the BiLock" has (finally) been added to the articles section. This is the result of many months work with Jon King to look at the Australian lock and evaluate its strengths and weaknesses. The article covers the history of the BiLock series of locks and then looks at its defenses against a variety of attacks. There is not much information about the BiLock available online outside of marketting literature, so we hope this article is helpful for locksmiths, consumers, and security professionals. Please feel free to contact us if you have any comments or concerns.

In other news, I am working on planning out my 2011 events, most of which will be listed on the events page when the details get sorted out. So far, I'm looking forward to LayerOne and AUSCert to start this year's events.

Posted by datagram, 02.06.11

New article soon & Defcon 2010 wrap-up

Hello everyone! I got back from Defcon a few days ago and as always it was a blast. There was a very active lockpicking village, many contests, and lots of great talks. Marc Tobias, Tobias Bluzmanis, and Matt Fiddler presented their research on several vulnerabilities in mechanical and electromechanical locks. You can read more about how they defeated these locks on Marc Tobias' blog, In.Security.org. TOOOL USA gave a presentation on creating a universal handcuff key; a handcuff key that works in as many brand name handcuffs as possible. The current tally is up to around 15, with more to come. The basis of the key is a Smith & Wesson cuff key modified by changing the single flag into a double flag with a thin dremel wheel or hacksaw.

On top of all this my team won the first ever Tamper Evident contest. In this contest teams are given a box sealed with a variety of tamper evident technologies, such as tamper evident tape, stickers, mechanical seals, bags, and folders. Many of these seals are not meant to withstand force, only show evidence of being tampered with. Some were also marketed as "tamper proof", something many teams disproved, of course : ).

I've been working with Jon King on research related to the BiLock lock cylinders. We've made some progress in identifying and exploiting some vulnerabilties. BiLock was notified of some vulnerabilities with a stated release date of August 1st, but we found some additional vulnerabilities that we'd like to give them time to sort out before we release the paper. More information on this soon!

Some upcoming events that I'm presenting at are now listed on the Events page. I'm particularly excited about LockCon in The Netherlands in October.

Posted by datagram, 08.06.10

Upcoming events, articles & news

It's been a while since I've updated the site, but there is much news. First off, some new events have been added to the Events page. If you're coming to any of these events make sure to say hi.

Over at Renderman's site there is a great write up on a potentially massive slip up on the media's part. The jist: Is the key in the photograph really the MTA master key? If so, this will be a huge blunder which allows many people to decode the key bitting and have their own personal key. Now this might not seem like a big deal given that people are actively selling the key, anyways, but there are many other examples of key photographs being a big security problem.

Today's big news is a potential impressioning/decoding attack against Abloy Protec locks. At the moment it is unverified but there is an interesting Youtube video demonstrating the attack.

I've also been selected as the May 2010 Locksport Person of the Month over at Locksport International's website. There's a short interview about this website and Lockwiki for your reading pleasure. Much thanks to L.I for the honor!

The next article for the site is taking longer than expected because of a new product on the market that I am including in it. Originally I had just one type of lock I wanted to do the article on, but this new one is too similar to pass up. Expect to see the article within a month or two. It will detail attacks and forensic techniques for two new locks that are set to dominate the American residential market. You should be able to guess both of them, but I'll leave it as a surprise for now!

Posted by datagram, 05.07.10

New Anti-Forensics article & Updates!

A new article called "Anti-Forensics: The Keys to the Farm" has been added to the Articles section. It details a new type of lockpicking tool designed by a Lockpicking 101 member. It was an attempt to evade forensic detection, and a very creative one, at that! Start reading: Anti-Forensics: The Keys to the Farm.

The Mul-T-Lock article is also updated with information on the Mul-T-Lock CLIQ attacks discussed at Defcon 17 and Hacking at Random a few months ago. From what I understand, researchers also have attacks against the newest generation of Mul-T-Lock CLIQ; they'll be included in the paper if/when they're made publicly available.

It was also Lockwiki's 1 year birthday in November! I hope you all had a great Thanksgiving, Christmas, and New Years. Some new articles should be out in a few weeks, so stay tuned.

Posted by datagram, 01.15.10

Toorcon 11, Magazines, and updates

Hello! Sorry for the delay in updates, but I've been very busy working on a few projects, including Lockwiki.com. I'll be speaking on "Lockpicking Forensics" at Toorcon 11 in sunny San Diego, CA at the end of the October. This version of the talk will be somewhat different, as it is extended and includes material that I haven't had time to present in the past. I'll also be running the Lockpicking Village at the conference over the weekend, so feel free to stop in and say hi! I'm also working on getting a workshop together for the pre-con events. The workshop is titled "Applied Physical Security - Lockpicking and Safecracking" and will be an in-depth, hands-on course that covers attacks against locks and safes. For more information visit the Toorcon 11: Workshops page for more information. If you are interested, please contact me; I can likely get you a discount on the entry cost.

In other news, I've been contacted by a few different physical security and locksmithing magazines to write articles on forensic locksmithing. I'm not sure when these will be officially published, but as soon as they are I will post about it here. I'm working on getting scans or online versions of the articles to post when they are ready, too.

Aside from all that, I'm working on some updates to the site, particularly with non-pin lockpicking, sidebars, combination locks, and other odds and ends. The Mul-T-Lock paper will also be updated as soon as I finish organizing input from all you guys and add some new sections (of interest, the Mul-T-Lock CLIQ section will get a big update now that Tobias, Bluzmanis, and TOOOL NL have given out more attack information). For now, the Pick Guns page has been updated to show the plug walls of a lock picked with a vibrational pick gun. Some new articles are in the works, too, but are currently on hold until Toorcon and some private training events are completed.

Posted by datagram, 09.22.09

Defcon wrap-up, Mul-T-Lock, and Bypass updates

Another fine year of Black Hat and Defcon has passed. I spoke at both conferences, and the talk seemed to go over well even with people that were unfamiliar with locks and lockpicking. At Defcon I stopped in on Alek Amrani and Schyuler Towne's "Intro to Lockpicking" pre-con workshop. It was a great introduction for beginners, and most of the people in the room seemed glued to their seats. I worked in the Lockpicking Village over the weekend at Defcon, which was also lots of fun. The village was packed all weekend and we were constantly giving talks on lockpicking, combination locks, impressioning, and safecracking.

While at Black Hat I sat in on Deviant Ollam and Babak Javadi's excellent "Physical Security; from Beginner to Expert" workshop. While there Babak demonstrated a bypass technique for the Code Lock 4000 series electromechanical lock (originally discovered by Marc Tobias). I was lucky enough to have some time alone with the lock to do a basic analysis and get some great macro shots of the tool marks and material transfer. Both have been added to the Bypass page, including an updated American 700 tool mark photo.

I should also be getting a set of teflon coated picks (now standard on all TOOOL US picksets) to add to the site. These are not surreptitious, though many people think they are. This information will be added to the Lockpicking page under "Non-metal Lockpicks" once available.

Finally, Marc Tobias and Tobias Bluzmanis gave an excellent talk on electromechanical locks and attacks against them at Defcon. They demonstrated a variety of attacks against the CLIQ, Logic, and Nexgen platforms. Information on the CLIQ attack, specifically the Mul-T-Lock CLIQ, will be added to the Mul-T-Lock paper soon. A few corrections and additions to the paper will also be included, but if there is anything you feel could be added or improved, feel free to e-mail me!

Posted by datagram, 08.10.09

Mul-T-Lock: Design and Security

The first article for the site is available, titled "Mul-T-Lock: Design and Security". It is a comprehensive guide to Mul-T-Lock telescoping pin-tumblers over the company's nearly forty year history. It also includes analysis of the attacks against various Mul-T-Lock systems and references for keying, coding, and patent information. Much of the information is not available elsewhere, especially the information on the newer MT5/MT5+ models. Be sure to check it out! The paper is available on the Articles page. (or direct pdf link)

In the paper you'll see various notes where I could use more information or expertise. Please contact me if you can help with any of these! This paper is very much a community work; many people have helped to contribute, review, and proofread it. I'd like to keep it updated where possible, so feel free to contact me if you feel there is anything missing or incomplete.

Black Hat and Defcon are in about two weeks. See many of you there! Check the Events page for more information on upcoming events.

Posted by datagram, 07.17.09

Black Hat, Defcon & Articles

Well it's about that time of year again. I'll be speaking at both conferences on Lockpicking Forensics, but the Black Hat version is slightly longer (75 minutes). At Defcon I'll be working in the Lockpicking Village most of the weekend, manning the tables and giving mini-talks on various topics. If you'll be at either conference come introduce yourself! More info on upcoming events is available on the Events page.

In other news, I'm getting ready to publish the first two articles for this site. One is a whitepaper that I wrote for the Blackhat and Defcon talks; mostly a re-hash of the information on this site, though some people might find it easier to digest. The other is an article on a specific lock company and just about every lock they've produced over the last 40 years. It will cover design, function, and security. Similar to Han Fey's Abloy articles, but with more of an eye toward security than function. Who is it? That'll be left as a surprise! (Tip: they are a high-security lock manufacturer famous for a specific type of lock). Stay tuned!

Posted by datagram, 06.26.09