My Octopress Blog

A blogging framework for hackers.

Bump Key

Bump KeyIt is not unlikely that you’ve run across this technique on the internet (http://www.metacafe.com/tags/bump+key/). It involves taking a key that fits a given set of locks, and then for each pin, filing down to the lowest pin setting. Relatively simple, and the process on the whole is something that supposedly any mildly adroit beginner should be able to complete successfully.

Interviews of lock-picking hobby groups are filled with comments about the absurd ease and dull simplicity of this method. Admittedly, to a certain extent, I was skeptical.

I went to Lowe’s and bought a set of files (~$5) (the one I was after was axially triangular), and made a copy of key (~$1.50) I had laying around and to whose corresponding lock I had access. As per a suggestion in one video, I marked with a permanent marker the placement of the pins along the key, and then filed down to the lowest setting at those points, leaving a sawtoothed edge.

Cautiously, I inserted it to the first pin in the lock and tried to remove it. Down the fourth pin I was able to remove it. Upon inserting it completely, however, I was stuck. Opened the lock, removed the pins and slid it out. I filed down more so that the peaks between the pins were no more than approximately 45º. Thereafter, I was able to easily slide the key in and out. While removing the pin, I noticed that on top of the driver pins, there were springs, making me even more incredulous. (http://en.wikipedia.org/wiki/Pin_tumbler_lock)

The first dozen attempts or so on one lock proved unsuccessful, but it was kind of an awkward setup - in order to unlock, the key had to turn counter-clockwise, and holding the key in my left hand was more conducive to turning it clockwise. I tried instead to lock the lock with the same method, and it worked! A second time! After those successes, it was harder to duplicate, but this lead me to believe that it was simply a matter of improving technique at this point. I moved onto another lock that they fit, and it was able to unlock it repeatedly.

From what I’ve read, and now from experience, the biggest difficulty is simply applying the proper amount of torque in the key when bumping it. On all attempts, however, when I released the torque in order to withdraw the key, I could very clearly hear pins being sprung back into position.

It amazes me that these kinds of locks are so vulnerable to so simple an attack. All in all, it was a fun and revealing experiment, and I encourage people to try it out themselves.