I'm Jamie, also known as JamBot! This is just where I'll document various impulsive ideas and projects of mine. I like computers and some other stuff :)
Lockpicking adventures
In the beginning
I started picking locks for fun around Year 7- only because my dad did really. We’d buy, or somehow acquire locks and see how fast we could open them, try out different techniques etc..
I really enjoyed spending time picking actual locks, it made me feel like a spy in a movie or something, and it was a real practical skill- my interest only grew when a teacher paid me in our school’s weird point system to open a cabinet with his XBOX in? I think he ran homebrew on it and used it for physics simulations or something idk
In hindsight that was probably a bad idea as it could have been someone elses, but it was his cabinet and he gave me permission to open it so it was legal also got £20 worth of those points so yknow.
Anyways yea, it started out as occasional picking but then uh kinda grew into a mild obsession… 👀
Yea so slowly but surely it turned into whatever this is… (that’s not even half of the no name padlock collection) 😔
Before I knew it i was going to locksmiths, asking for their broken parts, miscelleneous keys, and just in general being a complete weirdo. But hey, I’m not afraid to look weird if I’m getting free locks out of it.
Getting started
I started out picking normal pin tumbler locks purely due to accessibility and price. In the begining I actually wouldn’t bother looking for locks with specific numbers of pins, and I wouldn’t care if they had security pins, weird bitting or anything. I just wanted as many locks as possible to get a realistic experience. But if I had to recommend some locks to beginners I’d definitely say any masterlock you can get your hands on.
Master locks due to their reputation and recognition are incredibly popular, but despite this, their security features are objectively minimal. They use the same/very similar core in the vast majority of their locks. This doesn’t mean they are all pinned the same, ofc not- but it does mean if you can pick one, you can probably pick a lot of them..
It can also just depend on your goal? If you want to learn lockpicking for pentesting purposes, then yea masterlocks and other padlocks are great due to how common they are- but also eurocyclinder locks (these are also normally pin tumbler), as these are the most common household lock in the UK
They’re also used a lot in building complexes and offices.
Tradtional wafer locks as seen on filing cabinets would also be good to practice on. I was lucky enough to be allowed to practice on my old school’s during science lessons. Most cheap filing cabinets (if they even have locks) are very bad security wise, and it’s not at all uncommon to see cabinets with 4 pin wafer locks. So if stealing confidential files is in scope on a physical red team op, then go nuts on those cabinets lol.
Anyways yea, there are lots of different types of locks, brands etc. But my advice for new pickers is just
-check out other pickers and their adventures. lockpicking lawyer and bosnianbill are particularly awesome and much better than me.
-get as many locks as you can legally.
-don’t splurge on insanely thin, expensive picks that you’ll only break as a newbie.
-don’t break the law.
Some lock-related adventures 🙂
Over the past 4 years I’ve had some funny, and not-so-funny stories, here are a few of em :)
Cool teachers
So I’ve went to a few schools, but my first secondary school was probably the best in terms of teachers who were cool about me picking locks in their classes lol.
Mr. E
I had an epic science teacher Mr.E, he was chill with us doing whatever so long as we done the work he’d set. Honestly learnt the most in his lessons, pay attention teachers watching lol. I’d normally pull out some locks and start picking in his lessons, he didn’t seem to mind, plus I was at the back of the class. But one day we had a new seating plan or something, and I was in a more visible spot- he still didn’t seem to care and just didn’t question it. But randomly one lesson he came over and asked me about what I was doing, and well I explained. He asked if I could pick his filing cabinet lock and I said idk maybe. It was a 4 pin(wafer) lock, and didn’t really take too long to pick. EVentually he actually asked me to recommend him a set of picks to buy because he wanted to get into it. I don’t go to that school anymore but he was an epic teacher. I found it so cool that a teacher was actually interested in something I do
Mr. B
So Mr.B was my engineering teacher, or electonics? I don’t remember. Anyways yea he would also let me pick locks in class- super chill.
He had a problem, he had a cabinet filled with old stuff, including for some reason an XBOX? I mentioned this before lol. Anyways yea one lunch time he pu,led me into the room and asked me to pick a thing. It took around a minute for me to get in, but I was super nervous. I know it was only a small thing but- this was the first time I ever helped someone with a problem, using a skill that I developed myself. My lockpicking journey up to this point was only a few months long but it’s such an independant thing. My dad taught me some basics but it’s quite a “getting the feel to it” type thing. To me this moment means a lot, I felt cool and was super happy about it. :)
So, after I got into the lock, he gave me a postcard? My school’s teachers at the times were given stickers and postcards to hand out to students for good behaviour etc. You could use the points to buy stuff, but what I wanted was to put it onto my lunch card. I was promised 200 merits for this- the eqvuivilent to £20. This was awesome because it meant I could buy 3 pancakes every break and still have enough for a nice lunch!. The point system was quite bad and in hindsight I could have definitely exploited it by generating a list of codes and automating the scoring of them- it had no authentication system if i recall correctly. Post cards were worth the most but used the uppercase alphabet and numbers.
Hmm. Ig if anyone reading this has a school with a mystickers system they could try. Could always use something like crunch to generate the wordlist- then copy the post request made when you enter a code. If anyone does that feel free to dm lol
sudo apt update && sudo apt install crunch;
crunch 6 6 1234567890QWERTYUIOPASDFGHJKLZXCVBNM| tee codelist.txt;
The second command should generate something like this:
Crunch will now generate the following amount of data: 15237476352 bytes
14531 MB
14 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 2176782336
111111
111112
111113
111114
111115
111116
etc..
After that ig you could just automate some post requests and bam free pancakes. That was a weird spontaneous rabbit hole lmao sorry. But yeah don’t do that, as the law exists and what not.
Huh, didn’t think I’d be delving into cyber security stuff in a lockpicking blogpost lmao. Christ I’m tired it’s 23:51 rn and I only got 3 hours sleep.
TL;DR, I picked a lock for my teacher then for the next to weeks I ate like a kid with £20 and an addiction to pancakes. (probably because that’s exactly what I was)
School “heist”
Lock goblinism
So uh, I’ve kind of gotten into a habit at this point of seeing a lock, and thinking 2 things:
- Can I pick it / Will I be allowed ?
- Can I have it (with their permission of course)
It’s super common for people to lose keys, and after people lose their keys they often don’t have a purpose for a lock. SO I find in these situations it’s always worth asking. Some may call me a greedy lock goblin, But I … don’t have a comeback to that.😔😔😔
One of these situations was in my computer science class a while ago. Now, computer science was boring, but I had a supply teacher who made it pretty good, much enthusiasm. This supply teacher owned a padlock, enthasis on the owned.
Rise of the goblin
Anyways yea, I joked about picking it for a while and I suppose he thought nothing of it. But one of those times he encouraged me to, so I pulled out a small set of picks from my wallet, and got up. I think he was suprised I wonder why
So yea I got shut down the first time, but later to the end of the lesson I pleaded my case and essentially gave a Tedtalk on why I should own that lock and how it is against my human rights to keep it out of my hands.
I don’t think he expected me to get it, the first time I picked it, it took me around 2 minutes, and he had already left the room. I still wanted to let him know I did so, uhh, I left a note.
Fall of the goblin
The next time I had a class with him, naturally I ask if I can keep it and he said if I can pick it then yea-
But! For whatever reason I wasn’t able to get it, I think I forgot and it was half term or something idk. And for a while I actually forgot about this lock, and the teacher had left.
Recently, the whole uh global pandemic thing happened, and we had to go home for a while. Towards the end, I remembered this lock. I had to have it. I needed it. I couldn’t bare the thought of it being outside of my lockbox.
(lol going back through some of these as I’m redesigning the blog this seemed kinda creepy but it was supposed to be a joke, what was I thinking lmao)
Goblin: rebirth
So, the teacher had left. This was established as my lock now. No one else had a key or purpose for it. The classroom it was in now belonged to my math teacher, and I figured it would look extremely sketch if I just picked a random lock in his room and took it home. So, I started planning the (legal) “heist”. Due to my timetable and restirctions on where we could go in the building, I had a limmited timeframe of a few minutes. Either I could get to lesson early, or I could try waiting for him to go out in the transition from lesson to break. But I remember it taking me a few minutes to initially pick this lock, so it seemed a bit risky.
I got to lesson on a monday, to see my teacher walking out of the class to go get something, so with my picks in my bag I rushed towards the door handle that the lock was on, rummaged through my bag to find my picks, and I initially panicked because I thought I wouldn’t be able to, so I decided not to be delicate and careful and SPP, but instead just rush, rake, and hope I get lucky. And…
It worked! After a year of waiting I finally got my lock. This lock had a wide open keyway, so any novice picker could probably get it open, not a lot of skill required for this, but IMO a cool-ish story nonetheless
End
I didn’t know what to do for my first blog, so I hope that was at least somewhat entertaining. I have tons of lock picking related stories, these were just a few. I just didn’t want this blog to become boring filled with just CTF stuff. I’m going to try doing one writeup and one like random research/adventures post each week. Also tags don’t work on github pages so if the url is https://jambot3000.github.io then uhh this site is different to the real one. If anyone knows how to get that working, please dm me. Thanks for reading!
Edit: I actually ended up getting tags working by having 1 repo for the whole jekyll project, and another for just the contents of _site(this is the one used by github pages). Because it’s all static content, just raw HTML and CSS, github doesn’t scream at you for trying to use a jekyll plugin, because you aren’t using one.