Lockpicking Forensics - RSS 2.0 Feed
Lockpicking Forensics - ATOM 1.0 Feed



Decoding is a general term for a class of covert and surreptitious entry methods, all of which have the expressed purpose of decoding the proper position of components in a lock through an examination of the key or internal components. Decoding is probably the most ambiguous of all the compromise methods, with a wide variety of tools and techniques used. There are a few general categories of decoding: key analysis, invasive/manipulative, disassembly, visual/optical, thermal, and radiological. Key analysis, manipulative, and visual decoding are the most common, with visual decoding probably being the one most exploited in actual use.

Decoding does not necessarily create a key for the lock, like impressioning would, nor does it always open the lock, as is the case with lockpicking. The power of decoding lies in the ability to gather information that allows the production of working keys for the lock. Decoding is also powerful because many forms are surreptitious, thus leave no discernible forensic evidence. See the Anti-Forensics page for more information.

Decoding Principles

Keys can be directly examined and decoded. Key decoding focuses on identifying the pattern of bitting cuts on the key. These can be determined by looking at the code numbers stamped on the key, or through direct measurement of each cut with a ruler, micrometer, or caliper. These measurements are used to determine the manufacturer's bitting code so that a key may be easily made. Sophisticated locksmithing tools are available that will automatically identify the bitting code based on the cuts and keyway profile of the key. This is the most basic of decoding methods, and may be problematic with high-security keys that have advanced features like sidebars, angled bitting cuts, moving parts, or magnetic/electronic components.

Components inside the lock can also be decoded through invasive, manipulative tools. These tools have radically different designs, and are generally specific to particular brand or model of lock. Most manipulative tools focus on measuring each component to determine: weight, range of movement, shape, spacing, and alignment. Many manipulative decoding tools resemble traditional lockpicking tools with the addition of a measurement device. Opening the lock via lockpicking is sometimes a pre-requisite to decoding the components. Many tools also decode the lock as they pick it. The standard tubular lockpick and the Sputnik tool are the most popular examples. Manipulation of combination locks requires no invasive tools and is discussed more thoroughly on the Anti-Forensics page.

Disassembly of the lock can also be done to directly measure all internal components. This can be a complicated procedure depending on what type of lock it is and how it is installed. This process usually requires the lock be compromised first so that the door can be opened. Facilities with lax security measures may leave doors unlocked and unguarded, allowing someone to quickly remove, disassemble, and decode a lock. Reassembly and reinstallation of the lock is equally important, and if done incorrectly can cause the lock or proper key to no longer function.

Visual/optical decoding focuses on observation or surveillance of the key or internal components without needing to invasively manipulate them. A photograph of a standard key's bitting is enough to decode the bitting code. Surveillance may be used against combination locks to observe the correct combination being entered by an authorized user. Optical decoding uses tools like borescopes or otoscopes to look inside the lock at the internal components. Optics can be used to look at the size, shape, color, alignment, and spacing of internal components.

Radiological imaging is a form of surreptitious decoding that uses penetrating radiation (X, beta, and gamma rays) to "see" inside the lock or safe, revealing the proper positions of components. This is most often used against rotary combination locks to determine the position of each gate in the wheel pack. While very effective against many combination locks, it is expensive and only used by medium-high skill attackers.

Thermal imaging is another form of surreptitious decoding that uses special devices to look at thermal residue left on keypad or pushbutton combination locks. This reveals buttons recently pushed, but may not directly reveal the combination sequence. Like radiological imaging, this is generally not used by low skill attackers.

As you can see, decoding is a vast array of techniques with forensic evidence equally varied. Manipulation-based decoding tools provide forensic evidence that is similar to lockpicking, but may vary depending on the specific techniques. Examination of keys may leave forensic evidence depending on the type of tools used. Visual, optical, radiological, and thermal decoding are all considered surreptitious and leave no lock related forensic evidence. Again, see the Anti-Forensics page for more information on surreptitious entry.

Forensic Evidence

Colored components are a red flag that optical decoding may be possible. The colors signify the size of components, and can be viewed with a borescope or otoscope to decode the lock. Colored pins are rare in factory-original locks, but are popular in many do-it-yourself lock repinning kits.

Various colored pin-tumbler pins, common in do-it-yourself repinning kits.

Low security wafer locks can be visually or optically decoded simply by looking at the size of the wafers. Unlike pin-tumbler locks, wafers block at the same position outside above the plug. Keying is made possible by varying the amount of material in the middle of the wafer, causing it to be raised high or lower by a key.

A low security wafer lock with decodable wafers.

Keypad-based combination locks can often be visually decoded based on wear. In the photo, the worn down numbers help to reduce the search space to only a few combinations of numbers. It is possible that the combination is meaningful to the owner, such as their birthday year or lucky number.

Keypad combination locks may wear down to expose the correct sequence of numbers.

More to come, stay tuned!

If you would like to help this site by donating any decoding tools, please contact me.