The number of comments in here slandering the developer’s morality for picking locks is actually pretty surprising for a site literally called Hacker News. Every day there’s a story on the front page of some grey/white-hat showing off an exploit they found to infiltrate a site we all use. It’s an odd double standard.

It’s the same principle of a safe-cracking robot, but for regular keys. Smart!

But… does it do commentary like “one is binding”, and does it try twice to see if it was a fluke? :)

There is also a Safe Cracking Robot

[0] Blog about it: https://joeleb.com/safe-cracking-robot-defcon/

[1] Defcon video: https://www.youtube.com/watch?v=v9vIcfLrmiA

Be sure to also check out some of the MP4 files in the images directory:

https://github.com/etinaude/Lock-Picking-Robot/tree/main/ima...

I was surprised that those thin copper wires can actually push the pins up, I thought they would slide off to the side or compress themselves against the more solid/rigid pins.

I'm a strong supporter of the "I did it because I wanted to see if I could do it" ethos. So this isn't a criticism of the project itself, but I'm pretty sure a snap gun will beat this almost every time.

What a fun project! The use of wires to get around the corner is such a clever idea, although I see that goes back to the 90s. I'm surprised the idea isn't older.

I wonder what makes it take a minimum of 0.7s per combo, it seems like it could be sped up substantially.

I feel like developing something that could actually pick locks including detecting binding pins, etc. is in the category of "not actually that hard if you devote the resources to it."

On the mechanical side there would certainly be some challenges (having to work within a key that's all the deepest cuts, using something that could push up to "shallowest cut" level without deforming, general structural strength problems) but once you had a viable insertable key portion built you might be able to read a lock based just on the amount of spring resistance at each pin. You could also provide tension while probing for pins under tension. If covert agencies don't already have pretty portable devices like that it's because they don't care enough to create them not because of some true technical problem with doing so.

So robots will replace lawyers.

Robotic sputnik tool, it is very slick. Something that's not obvious is that these work best on ABUS or other locks that have one solid driver pin and spools in every remaining pin stack. This way, when you locate and lift the solid driver pin, you gain a ton of "back and forth slack" in the plug. As you lift each successive spool driver the slack reduces until the shear line is hit on that pin stack and suddenly full slack again; repeat the process until the lock is open.

The devil is in the details though, there are some subtle features that need to be incorporated into the mechanics for the sputnik to work right. I have built a sputnik from scratch before, only after talking to Oli Diederichsen at a LockCon did I get some additional clues.

Also, I think there are plenty of other interesting things one could do besides brute forcing the lock with a simpler tool. Falle Safe has a single-wire variant on this for decoding locks. Again, the devil is in the details, just ramming wire up a pin stack doesn't get the job done.

If your lock is one of the most common 90% of consumer pin tumbler locks, you can just avoid all this complexity and bump key them instead.

[0] Lock bumping (Wikipedia): https://en.wikipedia.org/wiki/Lock_bumping

I reread Neuromancer last month and there was a line about how the AI had to recruit a human for its plan b/c the final step had a mechanical lock that needed to be picked by feel. I’m glad to see this is a brute force approach and that us humans still have some use for a while more (not sure if my comment is /s or not).

> it will be able to open difficult-to-lick locks

Those darn electrocutor locks! Best laugh this week :D

This is the lock picking robot and what I have for you today is a github repo.

undefined

There is a link to AliExpress in the README that is broken. Another comment though suggests something like the "Sputnik Pickling Tool".

Maybe like this wild machine: https://youtu.be/CLcOZhq2GjQ?si=LJktKRzeHPRyXcXR&t=155

This is the Lock-Picking Robot and today we are unlocking a macbook password with a drinking-bird only pressing space bar.

I've seen too many Lock-Picking Lawyer videos.

Good reason to switch to digital locks that could stop this kind of attack but increases the unlocking in other ways

I'm surprised this doesn't use the lishi tools

Woah! That's me!

Tones of fun to work on

For my other projects check here: https://etinaude.dev/

> brute force

rather inelegant, similar to an autodialer for safes.

i was hoping to see something that worked like a human lockpicker!

This is the one of the hacker news article(s) I come here to read. Something different, intellectually creative and original.

Great work by the author.

Are there commercial versions of an automatic lock picker? Cursory googling seems to only have brute force electronic vibrators, nothing specific. Otherwise it seems like relying on force feedback and mechanically replicating lock picking techniques as a first step might be a great project that seems very technically feasible.

> brute force all possible combinations

Somewhat less impressive than I was expecting. The wire idea is neat though.

With so much infuriating nonsense in this thread I feel fucking compelled:

    Access to computers - and anything which might teach you something about the way the world really works - should be unlimited and total. Always yield to the Hands-On Imperative!
    All information should be free.
    Mistrust authority - promote decentralization.
    Hackers should be judged by their acting, not bogus criteria such as degrees, age, race, or position.
    You can create art and beauty on a computer.
    Computers can change your life for the better.
    Don't litter other people's data.
    Make public data available, protect private data.

https://www.ccc.de/en/hackerethics

Cause the world needs more tech to erode common people’s privacy.

Cool idea but I'm not buying the justification. There are many cases where the correct response to "but law enforcement needs a way in" is "we have a system for that, it's called a warrant."

Further, while standing somewhere for five minutes may be obvious in some situations, there are many cases in which it wouldn't be obvious at all, or the response time would be great enough that this could still be quite useful to bad guys.

Finally, "security through counting on slow hardware" is probably even worse than security through obscurity.