Lock Bypass Techniques — The Complete Hub

Bypass is the part of physical security that locksport forums don't talk about enough. Picking a lock requires skill, practice, and time. Bypass often requires none of those things — just the right tool and the knowledge that the vulnerability exists. A $3 shim can open most padlocks in under five seconds. A credit card works on millions of doors right now. An under-door tool lets you open a handle-locked door from the outside in under a minute, without touching the lock at all.

This hub covers the bypass categories we've found so far. Each one has its own guide — if any of these interest you, follow the link to go deeper.

Bypass knowledge is security knowledge. Understanding how these attacks work is the single best way to make an informed decision about what hardware actually protects you — and what's just theater.

Bypass Technique 01

Shimming

Attacking the shackle, not the keyway. Works on the majority of padlocks sold today.

Bypass 01 · Shimming

Easy

A thin piece of metal and five seconds is all it takes

Shims exploit a fundamental design weakness in spring-loaded locking pawls — the mechanism most padlocks use to secure the shackle. A thin aluminium shim (often cut from a soda can) is inserted into the shackle gap and rides down the shackle to depress the pawl, releasing the lock entirely. No picking. No noise. The lock opens without any sign of interference. Most budget padlocks — and many mid-range ones — fall to this in under ten seconds.

Target

Padlocks

Tools

Aluminum shim / soda can

Effectiveness

Very High

Spring Pawl No Skills Required Padlocks

Read the Full Guide →

🛡

What stops it

Ball bearing locking mechanisms defeat shimming by geometry — a shim can't depress a steel ball bearing seated in the shackle notch. True double-locking designs work differently: the key releases a secondary element that physically blocks the pawl from moving, so the shim pushes against a pawl that can't budge. Look for padlocks explicitly marked "double-locking" or "anti-shim," or higher-end hardware from ABUS, Mul-T-Lock, and Abloy where ball bearing locking is standard.

Bypass Technique 02

Loiding & Carding

The original bypass. Spring latches have never been secure — they just look like they are.

Credit card loiding a door latch diagram

Bypass 02 · Loiding

Easy

A credit card opens more doors than a master key

Loiding — sometimes called carding — is the technique of using a flexible shim to push back a spring latch bolt while simultaneously pulling the door open. The spring latch is beveled by design so that it retracts on contact with the door frame when closing. That same bevel is exactly what makes it vulnerable: anything flexible enough to slide between door and frame can replicate the effect. Expired cards, plastic shims, and dedicated loid tools all work. It's fast, silent, and leaves the door in the same state it was found.

Target

Spring Latches

Tools

Card / loid strip

Effectiveness

Extremely High

Door Latches No Skills Required Interior Doors Exterior Doors

Coming Soon

🛡

What stops it

Deadbolts. A deadbolt is specifically a non-spring bolt — it can only be moved by the key or thumb-turn, not by pressure on the bevel. A door secured with a deadbolt is immune to loiding. Anti-loid plates on the door frame also physically block access to the latch face. Never rely on a spring latch alone for a door you care about securing.

Bypass Technique 03

Under-Door Tools

Bypasses the lock entirely by attacking the inside handle. The lock doesn't matter at all.

Bypass 03 · UDT

Moderate

The lock on the outside is irrelevant when you can reach the inside handle

Under-door tools (UDTs) exploit a vulnerability in lever-handle doors where the inside handle can be depressed to retract the latch without a key. A thin probe is slid under the door gap, a loop is lassoed around the inside lever handle, and tension is applied to depress it — opening the door from the outside. The key cylinder is completely bypassed. No picks, no impressioning, no bump key — just a wire reaching around the obstacle entirely. Standard lever-handle door sets on most commercial buildings are vulnerable.

Target

Lever Handles

Tools

UDT probe + loop

Effectiveness

High

Commercial Doors Lever Handles Requires Door Gap Tool Required

Coming Soon

🛡

What stops it

Door frame brushes or threshold seals that physically block access under the door. Door knobs (rather than lever handles) are inherently resistant — there's nothing to lasso. Some facilities use "lever locks" — lever handles that are locked from both sides — which still don't help if the inside is free-turning. The easiest fix is a door bottom sweep combined with a door frame contact sensor.

Bypass Technique 04

Magnet Attacks

Rare hardware, dramatic vulnerability. When it works, it looks like the lock is cooperating.

Bypass 04 · Magnet

Moderate

A rare-earth magnet in the right place and the lock simply opens

Certain lock designs use magnetic actuators or spring-loaded components sensitive to magnetic fields. The most documented example is the Kwikset SmartKey cylinder — originally designed for easy rekeying, the internal actuator bar can be manipulated with a strong rare-earth magnet into unlocking the mechanism. Other vulnerable designs include certain cam locks and trigger-actuated padlocks. The attack requires knowing which specific hardware is vulnerable and positioning the magnet precisely — but when it works, the lock opens smoothly with no force and no marks whatsoever.

Target

Specific Models

Tools

Rare-earth magnet

Effectiveness

Model-Dependent

SmartKey Cylinders Cam Locks Trigger Padlocks Model-Specific

Coming Soon

🛡

What stops it

Simply not installing vulnerable hardware. Kwikset SmartKey has issued revisions addressing the magnetic vulnerability — but older hardware remains in millions of doors. Traditional pin tumbler designs with no magnetic components are immune. If you have SmartKey hardware, verify the version or replace it.

Bypass Technique 05

Decoding

The combination is already stored in the lock. These methods read it back out.

Bypass 05 · Decoding

Easy–Advanced

The combination is written in the lock — you just need to know how to read it

Decoding extracts the combination from a lock without destructive entry — the result is the actual combination itself, not a forced open. Two main methods. Master Lock rotary padlocks have well-documented algorithms that reduce a three-number combination from 64,000 possibilities to around 100 candidates in minutes, purely through math. Independent-dial combination locks — the style with individually spinning stacked wheels — are decoded more directly: anything thin enough to fit between two adjacent dials works as a probe. Slide it in, rotate that wheel slowly, and when the probe physically drops into the gate notch you have that digit. Move to the next gap, repeat. No tension at any point. A piece of paper, a feeler gauge, a business card corner — or a dedicated decoder tool like the Sparrows Ultra Decoder. Each wheel gives up its number in seconds. When all dials are done, you have the full combination.

Target

Combo Padlocks

Tools

Anything thin / math

Effectiveness

Lock-Dependent

Independent-Dial Locks Rotary Combo Locks No Tension Required No Special Tools

Coming Soon

🛡

What stops it

Tighter manufacturing tolerances, false gates, and security pins all make decoding significantly harder. High-security combination locks (Sargent & Greenleaf, Medeco) use randomized false gates that make feel-based decoding nearly impossible. The best defense is simply using a lock whose tolerance stack doesn't allow the decoding technique to work — which means buying quality hardware from the start.

Bypass Technique 06

Warded Bypass & Skeleton Keys

The oldest bypass attack in existence. Still works on a surprising amount of hardware.

Bypass 06 · Warded

Easy

Skeleton keys aren't a myth — warded locks are still everywhere

Warded locks use obstructions inside the keyway that the key must navigate around. The "security" is purely the shape of those obstructions — which means any key stripped down to clear the wards will work on every lock in the set. Skeleton keys are simply keys filed down until they bypass all the warding. Warded locks are still installed on cabinets, storage units, luggage, cheap padlocks, and interior doors in enormous numbers. A basic skeleton key set opens the majority of them. The mechanism has been understood for centuries and has never been fixed — the design is simply not capable of being made secure.

Target

Warded Locks

Tools

Skeleton key

Effectiveness

Near-Total

Cabinet Locks Luggage Locks Cheap Padlocks No Skills Required

Coming Soon

🛡

What stops it

Don't use warded locks for anything you actually want secured. Simply installing a pin tumbler, disc detainer, or lever lock eliminates this attack entirely. Warded locks are appropriate for low-security applications where their sole purpose is to prevent accidental access — not to deter anyone with intent. If you see a "key" that looks like a simple blank with a bow and single bit, assume the lock is warded.

Bypass Technique 07

Adams Rite Bypass

The most common commercial door hardware in North America. Bypassed with a strip of metal in seconds.

Bypass 07 · Adams Rite

Easy

The actuator arm is right there — you don't need to touch the lock at all

Adams Rite mortise deadlatches are installed on the vast majority of aluminum-frame storefront doors — offices, retail units, schools, medical buildings. The mechanism uses a protruding actuator arm on the door face that, when depressed, retracts the latch. The problem: that actuator is accessible through the gap between the door and the aluminum frame. A thin strip of metal — a knife blade, a stiff piece of plastic, even a specific Adams Rite bypass tool — slid into that gap and rocked into the actuator will retract the latch without any interaction with the key cylinder. The lock is completely bypassed. No picking, no drilling, no force. This isn't a fringe attack — it's documented by physical security professionals and used in real intrusions. The hardware is on tens of millions of doors.

Target

Storefront Doors

Tools

Thin strip / blade

Effectiveness

Very High

Commercial Doors Aluminum Frames Storefront Hardware No Skills Required Leaves No Marks

Coming Soon

🛡

What stops it

A latch guard or astragal that covers the actuator face and closes the gap between door and frame. Adams Rite makes dedicated latch guards for their own hardware. A secondary deadbolt (rim or mortise) that isn't actuator-based also adds a layer the thin strip can't address. The gap is the vulnerability — eliminate the gap, eliminate the attack.

Bypass Technique 08

Internal Locking Bar Bypass

Every padlock has something physically holding the shackle down. If you can reach it directly — through any opening — the lock is open.

Bypass 08 · Locking Bar

Easy

Ignore the security interface entirely — go straight to what's holding the shackle

Every padlock has an internal locking bar or locking dogs that physically hold the shackle in place. The security of the lock — whether it's a combination, a key, or anything else — is just a mechanism that controls that bar. If you can reach the bar directly through any opening in the lock body, the security interface becomes irrelevant. The opening doesn't matter; the principle is the same regardless of how you get in. On multi-dial combination padlocks, the gaps between the stacked dial wheels run straight through to the locking bar. A thin probe inserted between the dials contacts it directly and pulls or lifts it free — no combination needed, not even close. On keyed padlocks, the keyway itself is the opening. The American Lock bypass tool travels through the keyway to the rear of the plug and rotates it directly without touching a single pin. The shank takes a different approach through the same hole — a blade-like tool digs into the locking dog on the inside of the lock body and pulls it inward, away from the shackle heel. Most padlocks have a dog on each side, so both need to be worked before the shackle releases. Different locks, different tools, different entry points — the same attack.

Target

Padlocks

Tools

Probe / shank / bypass tool

Effectiveness

Model-Dependent

Dial Combo Locks American Lock Series Shank Attacks Pins & Combo Irrelevant Inter-Dial Gap Keyway Access

Coming Soon

🛡

What stops it

Internal geometry that makes the locking bar or dogs unreachable from any external opening. On combo locks: an enclosed chassis where inter-dial gaps don't reach the internals — a longer combination or more dials does nothing if the bar is still accessible. On keyed locks: rear plug geometry with no rotatable groove, and locking dogs fully enclosed within the lock body. Higher-security padlocks (Abloy, Medeco, Mul-T-Lock) are built with this in mind from the start.

Bypass Technique 09

Comb Picks

Not picking. Not shimming. A comb lifts every pin at once and the plug just rotates — no individual pin ever set.

Comb pick lifting all pins above shear line diagram

Bypass 09 · Comb Pick

Easy

No setting, no feel, no skill — everything goes up and the plug goes round

A comb pick is a comb-shaped tool that, when inserted into the keyway, pushes all the pins — both driver and key pins — above the shear line simultaneously. With everything cleared above the shear line at once, there's nothing blocking rotation and the plug turns. No tensioning, no setting individual pins, no feel required. It works on a number of padlocks where the keyway and pin chambers have enough space to allow the full lift. Whether it works on cylinders in doors is less clear-cut — padlocks are where it's most reliably documented. The attack takes seconds, requires no skill, and a comb pick costs a few dollars.

Target

Pin Tumbler Locks

Tools

Comb pick

Effectiveness

Moderate

Pin Tumbler Cylinders Budget Padlocks Deadbolts No Skill Required Seconds to Execute

Coming Soon

🛡

What stops it

Tight bible space — if there isn't enough room in the pin chambers above the shear line for all the pins to travel up simultaneously, the comb physically can't clear them and the attack fails. Security pins make no difference here because you're not relying on pins sitting at the shear line at all — you're pushing everything past it. The bible space is the hard limit.

The Other Side

What Stops
Each Attack

No lock defeats everything — destructive entry is always an option with enough time and tools. What good hardware does is defeat specific covert attacks. Here's the design feature that kills each technique, and why.

Stops Shimming

Ball bearing locking. Many padlocks seat steel ball bearings into a notch on the shackle heel — a shim physically cannot depress a ball bearing, the geometry doesn't work. True double-locking designs use a secondary element that blocks the pawl from moving at all, so the shim pushes against something immovable. Either design kills the attack.

Stops Loiding

A deadbolt. Deadbolts are non-spring bolts — they can only move when driven by the key or thumb-turn. There's no bevel to push back, so a card or loid strip does nothing. This is the entire reason deadbolts exist. A door with only a spring latch is not meaningfully secured.

Stops Under-Door Tools

Door bottom seals + round knobs. A threshold seal or door bottom brush physically blocks tool insertion. Round knobs have no lever geometry for a loop to grip. Neither fix addresses other vulnerabilities — they solve this specific one.

Stops Magnet Attacks

No magnetic actuators in the mechanism. Traditional pin tumbler, disc detainer, and lever lock designs have no components that respond to magnetic fields. The attack only works on specific designs that use a magnetic actuator — if the internals aren't there, neither is the vulnerability.

Stops Decoding

Tight tolerances + false gates. Decoding by feel requires the mechanism to telegraph feedback. High-tolerance manufacturing tightens that feedback to nothing. False gates add misleading resistance points. Neither makes the lock indestructible — it makes the covert read impractical, which is what matters.

Stops Warded Bypass

Not using a warded lock. There's no engineering fix for warded locks — the design is fundamentally insecure. Any pin tumbler, disc detainer, or lever mechanism replaces ward-based security with something that actually requires the correct key to operate.

Stops Adams Rite Bypass

Latch guards & astragals. A latch guard or frame astragal covers the actuator face and closes the gap between the door and aluminum frame — the thin strip has nowhere to reach. A secondary surface-mounted deadbolt adds a layer the actuator attack cannot address on its own.

Stops Locking Bar Bypass

Internal geometry that makes the locking bar unreachable. On combo locks: an enclosed chassis where inter-dial gaps don't reach the internals — a longer combination does nothing if the bar is still accessible. On keyed locks: rear plug with no rotatable groove, locking dogs fully enclosed within the body. High-security padlocks (Abloy, Medeco, Mul-T-Lock) are built with this in mind.

Stops Comb Picks

Tight bible space. If there isn't enough room in the pin chambers above the shear line, the pins can't all travel up simultaneously and the attack physically can't work. Security pins are irrelevant here — you're pushing everything past the shear line, not relying on it. Bible space is the hard limit.

A note on destructive entry

Every lock above can be defeated with enough force, the right drill, or an angle grinder. That's not bypass — that's destructive entry, and it's a different threat model. Bypass is covert and leaves no evidence. Destruction is loud, visible, and forensically obvious. A lock that defeats all covert bypass has done its job even if it can eventually be cut off.

Browse Padlock Reviews →

Lock BypassTechniques

Lock Bypass
Techniques