Having a robot that can quickly and unsupervised pick any lock with the skills of a professional human lockpicker has been a dream for many years. A major issue with lockpicking robots is however the lack of any sensing of the pins – or equivalent – as the pick works its magic inside. One approach to try and solve this was attempted by the [Sparks and Code] channel on YouTube, who built a robot that uses thin wires in a hollow key, load cells and servos to imitate the experience of a human lockpicker working their way through a pin-tumbler style lock.
Although the experience was mostly a frustrating series of setbacks and failures, it does show an interesting approach to sensing the resistance from the pin stack in each channel. The goal with picking a pin-tumbler lock is to determine when the pin is bound where it can rotate, and to sense any false gates from security pins that may also be in the pin stack. This is not an easy puzzle to solve, and is probably why most lockpicking robots end up just brute-forcing all possible combinations.
Perhaps that using a more traditional turner and pick style approach here – with one or more loadcells on the pick and turner- or a design inspired by the very effective Lishi decoding tools would be more effective here. Regardless, the idea of making lockpicking robots more sensitive is a good one, albeit a tough nut to crack. The jobs of YouTube-based lockpicking enthusiasts are still safe from the robots, for now.
Thanks to [Numbnuts] for the tip.
That’s exactly what we need. Robots getting easier access to locked rooms. Very good idea.
I’d suggest that security research, be it white hat hacking or LockPickingLawyer roasting badly designed locks on Youtube, is valuable as it informs the public and hopefully encourages suppliers to do better.
I certainly think anyone watching more than 1 LPL video would be unlikely to make the mistake of buying a Masterlock product ever again for example.
Exposing companies producing crappy products is good. Massively lowering a skill level needed to access a locked home is not good.
I hereby declare “easy-pickable lock fallacy”. It’s half-hearted version of broken window fallacy. “I will make your lock so easy pickable and irrelevant, that you have to buy better lock for more money”. And a robot able to pick locks will make ALL locks a little less secure. First version will be able to pick easy locks. Next version will be able to pick better locks until a lock will cost as much as rest of the door.
I’ve also picked one lock in my life, it was a decent looking “three digit code lock” on a bike. Bike was chained to a barrier, we needed access to it but owner was non-contactable, so I rechained the bike nearby. Friend was surprised how fast I picked it :D.
Hate to be the bearer of bad news but the lock-picking robot is already here. That cat is already out of the bag.
Fallacy. If you want to break in, break a window. It´s way faster. Or just concentrated nitric acid, squirt it in the lock, come back a couple of hours after, force turn it open.
Destructive methods have the advantage, how much percent of burglaries result of a picked lock honestly ??? Even if such a tool exist, it won´t be cheap. Probably more expensive than a pneumatic cutter than can easily cut 1 inch thick steel bar without a sweat or noise.
I applaud the creator for his creativity and persistence. This is the third iteration of this robot, and another creator build a similar device after the first build as well. The use of a tool where wires are feed through holes in the key which align with the pin stacks is called a Sputnik. This was original a tool designed by a criminal in the 80’s, and through reverse engineering the forensic marks the tool was reinvented by the security industry.
In the second robot, the creator used it to brute force the locks instead of implementing the Sputnik algorithm. The Sputnik abuses the fact that the first pin on many Euro cylinders was a standard pin, with the rest spool pins. After the first pin is lifted to the shearline, you wobble the tool left and right. When pushing up any of the spool pins, the wobble decreases and then sharply increases. This pin is now set. This process is repeated until the lock is open. Just don’t forget to retract the wires before removing the tool from the lock.
In this latest iteration, the author got quite close in determining the length of the pin by measuring the force on the pin. I’ve worked on this problem as well, and found it to be rather difficult due to the limited space and inconsistent friction within the lock. However, finding the binding pin is the basis of lockpicking. Simply by applying torque to the lock and finding a binding pin, you’ve now learned which pin was not at the correct height. After setting this pin higher, you are one step closer to a picked lock. Rinse and repeat until the lock is open. This process should open his lock within ten minutes with his current setup.
The projects are quite close, yet so far. I see there is little interest in actually learning the subject before attempting the project, and the creators give up too easily. This is quite similar to how people approach all the so called ‘unpickable locks’. There are people who have spent decades on the subject If you have a design and want expert opinion, just send the Open Organisation of Lockpickers an email.
Fabulous video and effort.
“Thanks to [Numbnuts] for the tip.”
LOL.
I’m guessing that the biggest problem is with the servo’s. These cheap blue servo’s are quite horrible, and with the big pinion on it, you also use a small proportion of the servo movement, which makes it worse. Changing the big pinion and rack for an excenter, that just has enough (about 3mm?) of movement over 180 degrees of rotation is probably already a lot better.
Or go back to stepper motors :) You can buy small stepper motors with built in all thread for linear motion quite cheaply.
Yet another option for improvement is to make better guides for the wire. The less these boden wires can move sideways, the better. Also, any kink in the wire (especially in bends) greatly influences the force transmission from the motor to the lock pin. I have not seen measurements of how well the measured force with the loadcell translates to force on the pins and springs. And if these have a bad correlation, then it will be difficult to make it work. You can measure / estimate it by using very long and heavy pins, and move the wires slowly. That way, the pin force will be constant, and changes you measure in the loadcell force will be due to other causes.
I find myself wondering about high frequency vibration and “listening” to (and feeling feedback) the changes of the pins sounds as you move them. Could you feed the push wire with an ultrasonic driver. Something somewhat like a sonic knife setup? What went with those “hummingbird” gadgets from a while back?
I guess that you would likely need some sort of noise filtering in the software to improve the reading of the pin in play. Run a baseline buzz sound of the lock while not pushing pins and then use that to filter the sounds as you move a pin. Perhaps run a noise sample while moving a couple of the pins also.
The moving pin sample could help with sorting out the noise from the push wires themselves as they change extension and loading.
A bit like you do with the de-hissers~de-noisers in PC music kit.
Seems like the top pin portion noise would change notably when it moves out of the rotating cylinder.
I expect that it would affect the spring noise also.
Just some 5 am musings.
P.S. I expect that you could find other uses for this sound/sonic probe setup. finding cracked parts or voids in castings. Comparisons of rollers or balls in a bearing. How near to failure point of seal materials (maybe the spring in them) Tappet valves in engines.
Anyone got access to an ultrasound listening unit for checking cardio and veins? Who knows what a good/golden ear might glean from just taping a lock as you use the medical kit to listen.
Maybe you could acoustically measure the length of the pins directly, essentially doing time-domain reflectometry (https://en.wikipedia.org/wiki/Time-domain_reflectometer).
Or you might be able to measure the resonance frequency of a pin and infer it’s size from that.
This starts with the assumption that all springs have the same K value. If I had been investigating that solution, my first experiment would have been to create a very simple jig just to test this hypothesis on the 5 springs of the lock, and if the results suggested that K value varied, that would have told you right away the solution wasn’t viable.
In order to prevent lock bumping, at least one of the springs is much stiffer in propper locks.
Also driver pins can be choosed such all pairs of pins have the same length or close.