12.28.2011
12.17.2011
Use Google as a Calculator
How to use the Google calculator:
Google’s calculator tries to understand the problem you are attempting to solve without requiring you to use special syntax. However, it may be helpful to know the most direct way to pose a question to get the best results. Listed below are a few suggestions for the most common type of expressions (and a few more esoteric ones).
Most operators come between the two numbers they combine, such as the plus sign in the expression 1+1.
Operator Function Example
+ addition 3+44
- subtraction 13-5
* multiplication 7*8
/ division 12/3
^ exponentiation (raise to a power of) 8^2
% modulo (finds the remainder after division) 8%7
choose X choose Y determines the number of ways of choosing a set of Y elements from a set of X elements 18 choose 4
th root of calculates the nth root of a number 5th root of 32
% of X % of Y computes X percent of Y 20% of 150
Some operators work on only one number and should come before that number. In these cases, it often helps to put the number in parentheses.
Operator Function Example
sqrt square root sqrt(9)
sin, cos, etc. trigonometric functions (numbers are assumed to be radians) sin(pi/3)
tan(45 degrees)
ln logarithm base e ln(17)
log logarithm base 10 log(1,000)
A few operators come after the number.
Operator Function Example
! factorial 5!
Other good things to know
You can force the calculator to try and evaluate an expression by putting an equals sign (=) after it. This only works if the expression is mathematically resolvable. For example, 1-800-555-1234= will return a result, but 1/0= will not.
Parentheses can be used to enclose the parts of your expression that you want evaluated first. For example, (1+2)*3 causes the addition to happen before the multiplication.
The in operator is used to specify what units you want used to express the answer. Put the word in followed by the name of a unit at the end of your expression. This works well for unit conversions such as: 5 kilometers in miles.
You can use hexadecimal, octal and binary numbers. Prefix hexadecimal numbers with 0x, octal numbers with 0o and binary numbers with 0b. For example: 0x7f + 0b10010101.
The calculator understands many different units, as well as many physical and mathematical constants. These can be used in your expression. Many of these constants and units have both long and short names. You can use either name in most cases. For example, km and kilometer both work, as do c and the speed of light.
Feel free to experiment with the calculator as not all of its capabilities are listed here. To get you started, we’ve included a few expressions linked to their results.
1 a.u./c
56*78
1.21 GW / 88 mph
e^(i pi)+1
100 miles in kilometers
sine(30 degrees)
G*(6e24 kg)/(4000 miles)^2
0x7d3 in roman numerals
0b1100101*0b1001
More info on:
http://www.google.co.in/help/calculator.html
Google’s calculator tries to understand the problem you are attempting to solve without requiring you to use special syntax. However, it may be helpful to know the most direct way to pose a question to get the best results. Listed below are a few suggestions for the most common type of expressions (and a few more esoteric ones).
Most operators come between the two numbers they combine, such as the plus sign in the expression 1+1.
Operator Function Example
+ addition 3+44
- subtraction 13-5
* multiplication 7*8
/ division 12/3
^ exponentiation (raise to a power of) 8^2
% modulo (finds the remainder after division) 8%7
choose X choose Y determines the number of ways of choosing a set of Y elements from a set of X elements 18 choose 4
th root of calculates the nth root of a number 5th root of 32
% of X % of Y computes X percent of Y 20% of 150
Some operators work on only one number and should come before that number. In these cases, it often helps to put the number in parentheses.
Operator Function Example
sqrt square root sqrt(9)
sin, cos, etc. trigonometric functions (numbers are assumed to be radians) sin(pi/3)
tan(45 degrees)
ln logarithm base e ln(17)
log logarithm base 10 log(1,000)
A few operators come after the number.
Operator Function Example
! factorial 5!
Other good things to know
You can force the calculator to try and evaluate an expression by putting an equals sign (=) after it. This only works if the expression is mathematically resolvable. For example, 1-800-555-1234= will return a result, but 1/0= will not.
Parentheses can be used to enclose the parts of your expression that you want evaluated first. For example, (1+2)*3 causes the addition to happen before the multiplication.
The in operator is used to specify what units you want used to express the answer. Put the word in followed by the name of a unit at the end of your expression. This works well for unit conversions such as: 5 kilometers in miles.
You can use hexadecimal, octal and binary numbers. Prefix hexadecimal numbers with 0x, octal numbers with 0o and binary numbers with 0b. For example: 0x7f + 0b10010101.
The calculator understands many different units, as well as many physical and mathematical constants. These can be used in your expression. Many of these constants and units have both long and short names. You can use either name in most cases. For example, km and kilometer both work, as do c and the speed of light.
Feel free to experiment with the calculator as not all of its capabilities are listed here. To get you started, we’ve included a few expressions linked to their results.
1 a.u./c
56*78
1.21 GW / 88 mph
e^(i pi)+1
100 miles in kilometers
sine(30 degrees)
G*(6e24 kg)/(4000 miles)^2
0x7d3 in roman numerals
0b1100101*0b1001
More info on:
http://www.google.co.in/help/calculator.html
Untold Secret Windows Tips
As found in the internet, written by Ankit Fadia
Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system
****************
Exiting Windows the Cool and Quick Way
Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)
'C:windowsrundll.exe user.exe,exitwindowsexec'
This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:
'c:windowsrundll.exe user.exe,exitwindows'
This Shortcut on clicking will shut down Windows immediately without any Warning.
Ban Shutdowns : A trick to Play on Lamers
This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.
Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoClose"="1"
Disabling Display of Drives in My Computer
This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDrives"=dword:03ffffff
Take Over the Screen Saver
To activate and deactivate the screen saver whenever you want, goto the following registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionScreenSavers
Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.
Pop a banner each time Windows Boots
To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinlogon]
"LegalNoticeCaption"="Caption here."
Delete the Tips of the Day to save 5KB
Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.
To save 5K go to the following key in Regedit:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerTips
Now simply delete these tricks by selecting and pressing the DEL key.
Change the Default Locations
To change the default drive or path where Windows will look for it's installation files, go to the key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionSetupSourcePath
Now you can edit as you wish.
Secure your Desktop Icons and Settings
You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.
CLSID Folders Explained
Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.
Before we go on, you need to understand what CLSID values are. These folders, like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are system folders. Each system folder has a unique CLSID key or the Class ID which is a 16-byte value which identifies an individual object that points to a corresponding key in the registry.
To delete these system Folders from the desktop simply go to the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerDesktopNamespace
{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The following are the CLSID values of the most commonly used icons:
My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}
Desktop: {00021400-0000-0000-C000-0000000000046}
Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}
Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}
Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}
Inbox :{00020D76-0000-0000-C000-000000000046}
My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}
Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}
Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}
The Microsoft Network:{00028B00-0000-0000-C000-000000000046}
History: {FF393560-C2A7-11CF-BFF4-444553540000}
Winzip :{E0D79300-84BE-11CE-9641-444553540000}
For example, to delete the Recycle Bin, first note down it's CLSID value, which is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the registry and delete the corresponding key.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerDesktopNameSpace
{645FF040-5081-101B-9F08-00AA002F954E}
Similarly to delete the History folder, delete the following key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerDesktopNameSpace
{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Sometimes, you may need to play a trick on your brother or friend, well this one teaches you how to hide all icons from the Desktop. Go to the following registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane create a new DWORD value by the name: NoDesktop and set its value to: 1. Reboot and you will find no icons on the desktop.
Till now you simply learnt how to delete the special system folders by deleting a registry key, but the hack would have been better if there was a way of adding the DELETE and RENAME option to the right click context menus of these special folders. You can actually change the right click context menu of any system folder and add any of the following options: RENAME, DELETE, CUT, COPY, PASTE and lots more.
This hack too requires you to know the CLSID value of the system folder whose menu you want to customize. In this section, I have taken up Recycle Bin as the folder whose context menu I am going to edit.
Firstly launch the registry editor and open the following registry key:
HKEY_CLASSES_ROOTCLSID{645FF040-5081-101B-9F08-00AA002F954E}ShellFolder.
In Case you want to edit some other folder like say the FONTS folder, then you will open the following key:
HKEY_CLASSES_ROOTCLSID{CLSID VALUE HERE}ShellFolder.
In the right pane there will be a DWORD value names attributes. Now consider the following options:
To add the Rename option to the menu, change the value of Attributes to
50 01 00 20
To add the Delete option to the menu, change the value of Attributes to
60 01 00 20
3. To add both the Rename & Delete options to the menu, change the value of Attributes to 70,01,00,20
4. Add Copy to the menu, change Attributes to 41 01 00 20
5. Add Cut to the menu, change Attributes to 42 01 00 20
6. Add Copy & Cut to the menu, change Attributes to 43 01 00 20
7. Add Paste to the menu, change Attributes to 44 01 00 20
8. Add Copy & Paste to the menu, change Attributes to 45 01 00 20
9. Add Cut & Paste to the menu, change Attributes to 46 01 00 20
10.Add all Cut, Copy & Paste to the menu, change Attributes to 47 01 00 20
We want to add only the Rename option to the right click context menu of the Recycle Bin, so change the value of attributes to: 50 01 00 20. Press F5 to refresh and then after rebooting you will find that when you right click on the Recycle Bin a RENAME option pops up too.
To reset the default Windows options change the value of Attributes back to
40 01 00 20
The Registry File which one can create for the above process would be something like the below:
REGEDIT4
[HKEY_CLASSES_ROOTCLSID{645FF040-5081-101B-9F08-00AA002F954E}Shell-Folder]
"Attributes"=hex:50,01,00,20
To access say the Modem Properties in the Control Panel Folder, the normal procedure is: Click on Start, Click on Settings> Control Panel and then wait for the Control Panel window to pop up and then ultimately click on the Modems icon.
Wouldn't it be lovely if you could shorten the process to: Click on Start> Control Panel>Modems. Yes you can add the Control Panel and also all other Special System Folders directly to the first level Start Menu. Firstly collect the CLSID value of the folder you want to add to the start menu. I want to add Control Panel hence the CLSID value is: 21EC2020-3AEA-1069-A2DD-08002B30309D
Now right click on the Start Button and select Open. Now create a new folder and name it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
NOTE: Do not forget the period after the 'l' in Panel. Similarly all system folders can be added to the Start Menu.(accept My Briefcase, I think)
Deleting System Options from the Start menu
You can actually remove the Find and Run options from the start menu by performing a simple registry hack. Again like always Launch the registry editor and scroll down to the below key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Right-click on the right pane and select New, DWORD Value. Name it NoFind.(To remove the RUN option name it NoRun). Double-click the newly create DWORD to edit it's value and enter 1 as its value. This will disable the FIND option of the Start Menu and will also disable the default Shortcut key(F3 for Find.)
To restore the Run or find command modify the value of the DWORD to 0 or simply Delete the DWORD value.
Fed Up of the boring Old Yellow Folder Icons?[Drive Icons Included]
NOTE: This trick hasn't been tried on Win98.
You can easily change the boring yellow folder icons to your own personalized icons. Simply create a text file and copy the following lines into it:
[.ShellClassInfo]
ICONFILE=Drive:PathIcon_name.extension
Save this text file by the name, desktop.ini in the folder, whose icon you want to change. Now to prevent this file from getting deleted change it's attributes to Hidden and Read Only by using the ATTRIB command.
To change the icon of a drive, create a text file containing the following lines:
[Autorun]
ICON=Drive:PathIcon_name.extension
Save this file in the root of the drive whose icon you want to change and name it autorun.inf For Example, if you want to change the icon of a floppy, SAVE THE icon in a:icon_name.ico One can also create a kewl icon for the Hard Disk and create a text file [autorun.inf] and store it in "c:".
Securing NT
By default, NT 4.0 displays the last person who logged onto the system. This can be considered to be a security threat, especially in the case of those who choose their password to be same as their Username. To disable this bug which actually is a feature, go to the following key in the registry editor:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon
Click and select the ReportBookOK item and create a new string value called DontDisplayLastUserName. Modify it and set it's value to 1.
As a system administrator, you can ensure that the passwords chosen by the users are not too lame or too easy to guess. NT has this lovely utility called the User Manager which allows the administrator to set the age limit of the password which forces the users to change the password after a certain number of days. You can also set the minimum length of passwords and prevent users to use passwords which already have been used earlier and also enable account lockouts which will deactivate an account after a specified number of failed login attempts.
When you log on to Win NT, you should disable Password Caching, this ensures Single NT Domain login and also prevents secondary Windows Logon screen.
Simply copy the following lines to a plain text ASCII editor like: Notepad and save it with an extension, .reg
----------------DISABLE.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesNetwork]
"DisablePwdCaching"=dword:00000001
----------------DISABLE.reg-----------------
To Enable Password Caching use the following .reg file:
--------------Enable.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesNetwork]
"DisablePwdCaching"=dword:00000000
--------------Enable.reg-----------------
Cleaning Recent Docs Menu and the RUN MRU
The Recent Docs menu can be easily disabled by editing the Registry. To do this go to the following Key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu and set it's value to 1. Restart Explorer to save the changes.
You can also clear the RUN MRU history. All the listings are stored in the key:
HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU
You can delete individual listings or the entire listing. To delete History of Find listings go to:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerDoc Find Spec MRU
and delete.
Customizing the Right Click Context Menu of the Start Menu
When you right click on the start menu, only 3 options pop up: Open, Explore, and Find. You can add your own programs to this pop up menu( which comes up when we right click on it.) Open Regedit and go to the following registry key:
HKEY_CLASSES_ROOTDirectoryShell
Right click on the shell and create a new Sub Key (You can create a new SubKey by right clicking on the Shell Key and selecting New > Key.). Type in the name of the application you want to add to the start menu. I want to add Notepad to the Start Menu and hence I name this new sub key, Notepad. Now right click on the new registry key that you just created and create yet another new key named Command. Enter the full path of the application, in this case Notepad in the default value of Command in the right
pane. So I Modify the value of the default string value and enter the full pathname of Notepad:
c:wndowsnotepad.exe.
Now press F5 to refresh. Now if you right click on the Start Button you will find a new addition to the Pop Up Menu called Notepad. Clicking on it will launch Notepad.
We can not only add but also remove the existing options in this pop up box.
To delete the Find option, go to the following registry key:
HKEY_CLASSES_ROOTDirectoryShellFind
Delete Find. DO NOT delete Open else you will not be able to open any folders in the Start Menu like Programs, Accessories etc.
BMP Thumbnail As Icon
You can actually change the default BMP icon to a thumbnail version of the actual BMP file. To do this simply go to HKCUPaint.PictureDefault. In the right pane change the value of default to %1. Please note however that this will slow down the display rate in explorer if there are too many BMP thumbnails to display. You can use other icons too, simply enter the pathname.To restore back to the normal change the vale of default back to: C:Progra~1Access~1MSPAINT.EXE,1.
Customizing The Shortcut Arrow
All shortcuts have a tiny black arrow attached to it's icon to distinguish from normal files. This arrow can sometimes be pretty annoying and as a Hacker should know how to change each and everything, here goes another trick. Launch the Registry Editor and go to:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerShell Icons.
Now, on the right pane is a list of icons ( we found out that on some systems, Windows 98 especially, the right pane is blank. Don't worry, just add the value as required ). Find the value 29. If it isn't there, just add it. The value of this string should be C:Windowssystemshell32.dll, 29 ( which means the 30th icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to do this. Just create one with white as the whole icon. Go here to learn how to create an icon. Once done just change the value to C:xxx.ico, 0 where "xxx" is the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will find that under shell32.dll there is a gear icon, a shared folder ( the hand ) and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT system
--------------script.pl-----------------
#!c:perbinperl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',%services);
foreach $key (sort keys %services) {
print "Print Namet: $key, $services{$key}n";
Win32::Service::GetStatus( ' ',$services{$key};
%status);
foreach $part (keys %status) {
print "t$part : $status{$part}n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------
Internet Explorer Tricks and Tips
Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more enjoyable but sometimes we need the Toolbar but also need to have extra viewing area. Now this hack teaches you how to change the size of the Internet Explorer toolbar. This registry hack is a bit complicated as it involves Binary values, so to make it simple, I have included the following registry file which will enable the resizable option of the Internet Explorer toolbar which was present in the beta version of IE.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,
00,03,00,00,00,08,00,00,00,00,00,00,00
*******************
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors like NOT FOUND etc . They are aimed at making things easier for newbies. If you would rather prefer to see the proper error pages for the web server you're using, go to Tools, Internet Options and select the Advanced tab. Then scroll down and uncheck the Show friendly http errors box.
*******************
Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USERSOFTWAREMicrosoft Internet ExplorerToolbar.
Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.
Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain.
In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place.
Now let's move on to some Outlook Express Tricks.
Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch the Windows Registry Editor and scroll down to the
HKEY_CURRENT_USERSoftwareMicrosoftInternet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now change the value to 1. Close and restart. Now, launch Outlook Express and whenever you open up a New Message, hold down ctrl-shift and tap the z key to scroll to change the background color. Repeat the keystroke to cycle through the colors.
Internet Explorer 5 Hidden Features
Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.
Hacking Secrets
Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.
Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.
Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.
The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.
You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.
Launch Regedit and go to the following Registry Key:
HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:
NoDeletePrinter: Disables Deletion of already installed Printers
NoAddPrinter: Disables Addition of new Printers
NoRun : Disables or hides the Run Command
NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)
NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu
NoFind: Removes the Find Tool (Start >Find)
NoDrives: Hides and does not display any Drives in My Computer
NoNetHood: Hides or removes the Network Neighborhood icon from the desktop
NoDesktop: Hides all items including, file, folders and system folders from the Desktop
NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.
NoSaveSettings: Means to say, 'Don't save settings on exit'
DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too
will not work.)
NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)
ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.
Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop
Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):
NODispCPL: Hides Control Panel
NoDispBackgroundPage: Hides Background page.
NoDispScrsavPage: Hides Screen Saver Page
NoDispAppearancePage: Hides Appearance Page
NoDispSettingsPage: Hides Settings Page
NoSecCPL: Disables Password Control Panel
NoPwdPage: Hides Password Change Page
NoAdminPaqe: Hides Remote Administration Page
NoProfilePage: Hides User Profiles Page
NoDevMgrPage: Hides Device Manager Page
NoConfigPage: Hides Hardware Profiles Page
NoFileSysPage: Hides File System Button
NoVirtMemPage: Hides Virtual Memory Button
Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
NoNetSetupSecurityPage: Hides Network Security Page
NoNelSetup: Hides or disables the Network option in the Control Panel
NoNetSetupIDPage: Hides the Identification Page
NoNetSetupSecurityPage: Hides the Access Control Page
NoFileSharingControl: Disables File Sharing Controls
NoPrintSharing: Disables Print Sharing Controls
Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
Disabled: Disable MS-DOS Prompt
NoRealMode: Disable Single-Mode MS-DOS.
So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.
The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.
Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)
It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:windowssystem folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:windowssystem. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.
****************
HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows displays an error message saying that the file is protected. This simply means that the file is write protected, or in other words the R option is +. Get it? Anyway, you can stop Windows from displaying this error message and straightaway delete this file by changing its attributes to Non Read Only. This can be done by Right Clicking on the file, selecting Properties and then
unselecting the Read Only Option.
***************
There is yet another way of accessing restricted folders. Use see, DOS has a lovely command known as START. Its general syntax is:
START application_path
It does do what it seems to do, start applications. So in you have access to DOS then you can type in the START command to get access to the restricted folder. Now mostly access to DOS too would be blocked. So again you can use the shortcut trick to launch, c:command.com or c:windowscommand.com. (Command.com is the file which launches MS DOS).
Accessing Restricted Drives.
The problem with most system administrators is that they think that the users or Hackers too are stupid. Almost all system administrators use the Registry Trick (Explained Earlier) to hide all drives in My Computer. So in order to unhide or display all drives, simply delete that particular key.(Refer to beginning of Untold Secrets Section.)
Some systems have the floppy disk disabled through the BIOS. On those systems if the BIOS is protected, you may need to crack the BIOS password. (For that Refer to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +) and then creating Shortcuts to them also helps us to get access to them.
Further Changing your Operating System's Looks by editing .htt files
If you have installed Windows Desktop Update and have the view as Web Page option enabled, you can customise the way the folder looks by selecting View > Customise this folder. Here you can change the background and other things about that particular folder. Well that is pretty lame, right? We hackers already know things as lame as that. Read on for some kewl stuff.
Well, you could also change the default that is stored in a Hidden HTML Template file (I think so..) which is nothing but a HTML document with a .htt extension. This .htt file is found at: %systemroot%webfolder.htt.
The %systemroot% stands for the drive in which Windows is Installed, which is normally C:
You can edit these .htt files almost just like you edit normal .HTM or .HTML files. Simply open them in an ASCII editor like Notepad. The following is a list of .htt files on your system which control various folders and which can be edited to customise the way various folders look.
controlp.htt Control Panel
printers.htt Printers
mycomp.htt My Computer
safemode.htt Safe Mode
All these files are found in the web folder in %systemfolder%. The folder.htt file has a line:
'Here's a good place to add a few lines of your own"
which is the place where you can add your own A HREF links. These links would then appear in the folder whose folder.htt file you edited. All this might sound really easy and simple, but you see these .htt files do not contain normal HTML code, instead they contain a mixture of HTML and web bots. Hence they can be difficult for newbies to understand.
Wow long txt, and yes it has been copied from other sites, you think I have time to write all this myself, I wish enjoy
User is offlineProfile CardPM
Report PostGo to the top of the page
+Quote Post
Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system
****************
Exiting Windows the Cool and Quick Way
Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)
'C:windowsrundll.exe user.exe,exitwindowsexec'
This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:
'c:windowsrundll.exe user.exe,exitwindows'
This Shortcut on clicking will shut down Windows immediately without any Warning.
Ban Shutdowns : A trick to Play on Lamers
This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.
Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoClose"="1"
Disabling Display of Drives in My Computer
This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDrives"=dword:03ffffff
Take Over the Screen Saver
To activate and deactivate the screen saver whenever you want, goto the following registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionScreenSavers
Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.
Pop a banner each time Windows Boots
To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinlogon]
"LegalNoticeCaption"="Caption here."
Delete the Tips of the Day to save 5KB
Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.
To save 5K go to the following key in Regedit:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerTips
Now simply delete these tricks by selecting and pressing the DEL key.
Change the Default Locations
To change the default drive or path where Windows will look for it's installation files, go to the key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionSetupSourcePath
Now you can edit as you wish.
Secure your Desktop Icons and Settings
You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.
CLSID Folders Explained
Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.
Before we go on, you need to understand what CLSID values are. These folders, like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are system folders. Each system folder has a unique CLSID key or the Class ID which is a 16-byte value which identifies an individual object that points to a corresponding key in the registry.
To delete these system Folders from the desktop simply go to the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerDesktopNamespace
{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The following are the CLSID values of the most commonly used icons:
My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}
Desktop: {00021400-0000-0000-C000-0000000000046}
Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}
Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}
Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}
Inbox :{00020D76-0000-0000-C000-000000000046}
My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}
Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}
Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}
The Microsoft Network:{00028B00-0000-0000-C000-000000000046}
History: {FF393560-C2A7-11CF-BFF4-444553540000}
Winzip :{E0D79300-84BE-11CE-9641-444553540000}
For example, to delete the Recycle Bin, first note down it's CLSID value, which is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the registry and delete the corresponding key.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerDesktopNameSpace
{645FF040-5081-101B-9F08-00AA002F954E}
Similarly to delete the History folder, delete the following key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerDesktopNameSpace
{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Sometimes, you may need to play a trick on your brother or friend, well this one teaches you how to hide all icons from the Desktop. Go to the following registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
In the right pane create a new DWORD value by the name: NoDesktop and set its value to: 1. Reboot and you will find no icons on the desktop.
Till now you simply learnt how to delete the special system folders by deleting a registry key, but the hack would have been better if there was a way of adding the DELETE and RENAME option to the right click context menus of these special folders. You can actually change the right click context menu of any system folder and add any of the following options: RENAME, DELETE, CUT, COPY, PASTE and lots more.
This hack too requires you to know the CLSID value of the system folder whose menu you want to customize. In this section, I have taken up Recycle Bin as the folder whose context menu I am going to edit.
Firstly launch the registry editor and open the following registry key:
HKEY_CLASSES_ROOTCLSID{645FF040-5081-101B-9F08-00AA002F954E}ShellFolder.
In Case you want to edit some other folder like say the FONTS folder, then you will open the following key:
HKEY_CLASSES_ROOTCLSID{CLSID VALUE HERE}ShellFolder.
In the right pane there will be a DWORD value names attributes. Now consider the following options:
To add the Rename option to the menu, change the value of Attributes to
50 01 00 20
To add the Delete option to the menu, change the value of Attributes to
60 01 00 20
3. To add both the Rename & Delete options to the menu, change the value of Attributes to 70,01,00,20
4. Add Copy to the menu, change Attributes to 41 01 00 20
5. Add Cut to the menu, change Attributes to 42 01 00 20
6. Add Copy & Cut to the menu, change Attributes to 43 01 00 20
7. Add Paste to the menu, change Attributes to 44 01 00 20
8. Add Copy & Paste to the menu, change Attributes to 45 01 00 20
9. Add Cut & Paste to the menu, change Attributes to 46 01 00 20
10.Add all Cut, Copy & Paste to the menu, change Attributes to 47 01 00 20
We want to add only the Rename option to the right click context menu of the Recycle Bin, so change the value of attributes to: 50 01 00 20. Press F5 to refresh and then after rebooting you will find that when you right click on the Recycle Bin a RENAME option pops up too.
To reset the default Windows options change the value of Attributes back to
40 01 00 20
The Registry File which one can create for the above process would be something like the below:
REGEDIT4
[HKEY_CLASSES_ROOTCLSID{645FF040-5081-101B-9F08-00AA002F954E}Shell-Folder]
"Attributes"=hex:50,01,00,20
To access say the Modem Properties in the Control Panel Folder, the normal procedure is: Click on Start, Click on Settings> Control Panel and then wait for the Control Panel window to pop up and then ultimately click on the Modems icon.
Wouldn't it be lovely if you could shorten the process to: Click on Start> Control Panel>Modems. Yes you can add the Control Panel and also all other Special System Folders directly to the first level Start Menu. Firstly collect the CLSID value of the folder you want to add to the start menu. I want to add Control Panel hence the CLSID value is: 21EC2020-3AEA-1069-A2DD-08002B30309D
Now right click on the Start Button and select Open. Now create a new folder and name it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
NOTE: Do not forget the period after the 'l' in Panel. Similarly all system folders can be added to the Start Menu.(accept My Briefcase, I think)
Deleting System Options from the Start menu
You can actually remove the Find and Run options from the start menu by performing a simple registry hack. Again like always Launch the registry editor and scroll down to the below key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Right-click on the right pane and select New, DWORD Value. Name it NoFind.(To remove the RUN option name it NoRun). Double-click the newly create DWORD to edit it's value and enter 1 as its value. This will disable the FIND option of the Start Menu and will also disable the default Shortcut key(F3 for Find.)
To restore the Run or find command modify the value of the DWORD to 0 or simply Delete the DWORD value.
Fed Up of the boring Old Yellow Folder Icons?[Drive Icons Included]
NOTE: This trick hasn't been tried on Win98.
You can easily change the boring yellow folder icons to your own personalized icons. Simply create a text file and copy the following lines into it:
[.ShellClassInfo]
ICONFILE=Drive:PathIcon_name.extension
Save this text file by the name, desktop.ini in the folder, whose icon you want to change. Now to prevent this file from getting deleted change it's attributes to Hidden and Read Only by using the ATTRIB command.
To change the icon of a drive, create a text file containing the following lines:
[Autorun]
ICON=Drive:PathIcon_name.extension
Save this file in the root of the drive whose icon you want to change and name it autorun.inf For Example, if you want to change the icon of a floppy, SAVE THE icon in a:icon_name.ico One can also create a kewl icon for the Hard Disk and create a text file [autorun.inf] and store it in "c:".
Securing NT
By default, NT 4.0 displays the last person who logged onto the system. This can be considered to be a security threat, especially in the case of those who choose their password to be same as their Username. To disable this bug which actually is a feature, go to the following key in the registry editor:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon
Click and select the ReportBookOK item and create a new string value called DontDisplayLastUserName. Modify it and set it's value to 1.
As a system administrator, you can ensure that the passwords chosen by the users are not too lame or too easy to guess. NT has this lovely utility called the User Manager which allows the administrator to set the age limit of the password which forces the users to change the password after a certain number of days. You can also set the minimum length of passwords and prevent users to use passwords which already have been used earlier and also enable account lockouts which will deactivate an account after a specified number of failed login attempts.
When you log on to Win NT, you should disable Password Caching, this ensures Single NT Domain login and also prevents secondary Windows Logon screen.
Simply copy the following lines to a plain text ASCII editor like: Notepad and save it with an extension, .reg
----------------DISABLE.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesNetwork]
"DisablePwdCaching"=dword:00000001
----------------DISABLE.reg-----------------
To Enable Password Caching use the following .reg file:
--------------Enable.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesNetwork]
"DisablePwdCaching"=dword:00000000
--------------Enable.reg-----------------
Cleaning Recent Docs Menu and the RUN MRU
The Recent Docs menu can be easily disabled by editing the Registry. To do this go to the following Key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu and set it's value to 1. Restart Explorer to save the changes.
You can also clear the RUN MRU history. All the listings are stored in the key:
HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU
You can delete individual listings or the entire listing. To delete History of Find listings go to:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerDoc Find Spec MRU
and delete.
Customizing the Right Click Context Menu of the Start Menu
When you right click on the start menu, only 3 options pop up: Open, Explore, and Find. You can add your own programs to this pop up menu( which comes up when we right click on it.) Open Regedit and go to the following registry key:
HKEY_CLASSES_ROOTDirectoryShell
Right click on the shell and create a new Sub Key (You can create a new SubKey by right clicking on the Shell Key and selecting New > Key.). Type in the name of the application you want to add to the start menu. I want to add Notepad to the Start Menu and hence I name this new sub key, Notepad. Now right click on the new registry key that you just created and create yet another new key named Command. Enter the full path of the application, in this case Notepad in the default value of Command in the right
pane. So I Modify the value of the default string value and enter the full pathname of Notepad:
c:wndowsnotepad.exe.
Now press F5 to refresh. Now if you right click on the Start Button you will find a new addition to the Pop Up Menu called Notepad. Clicking on it will launch Notepad.
We can not only add but also remove the existing options in this pop up box.
To delete the Find option, go to the following registry key:
HKEY_CLASSES_ROOTDirectoryShellFind
Delete Find. DO NOT delete Open else you will not be able to open any folders in the Start Menu like Programs, Accessories etc.
BMP Thumbnail As Icon
You can actually change the default BMP icon to a thumbnail version of the actual BMP file. To do this simply go to HKCUPaint.PictureDefault. In the right pane change the value of default to %1. Please note however that this will slow down the display rate in explorer if there are too many BMP thumbnails to display. You can use other icons too, simply enter the pathname.To restore back to the normal change the vale of default back to: C:Progra~1Access~1MSPAINT.EXE,1.
Customizing The Shortcut Arrow
All shortcuts have a tiny black arrow attached to it's icon to distinguish from normal files. This arrow can sometimes be pretty annoying and as a Hacker should know how to change each and everything, here goes another trick. Launch the Registry Editor and go to:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerShell Icons.
Now, on the right pane is a list of icons ( we found out that on some systems, Windows 98 especially, the right pane is blank. Don't worry, just add the value as required ). Find the value 29. If it isn't there, just add it. The value of this string should be C:Windowssystemshell32.dll, 29 ( which means the 30th icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to do this. Just create one with white as the whole icon. Go here to learn how to create an icon. Once done just change the value to C:xxx.ico, 0 where "xxx" is the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will find that under shell32.dll there is a gear icon, a shared folder ( the hand ) and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT system
--------------script.pl-----------------
#!c:perbinperl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',%services);
foreach $key (sort keys %services) {
print "Print Namet: $key, $services{$key}n";
Win32::Service::GetStatus( ' ',$services{$key};
%status);
foreach $part (keys %status) {
print "t$part : $status{$part}n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------
Internet Explorer Tricks and Tips
Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more enjoyable but sometimes we need the Toolbar but also need to have extra viewing area. Now this hack teaches you how to change the size of the Internet Explorer toolbar. This registry hack is a bit complicated as it involves Binary values, so to make it simple, I have included the following registry file which will enable the resizable option of the Internet Explorer toolbar which was present in the beta version of IE.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,
00,03,00,00,00,08,00,00,00,00,00,00,00
*******************
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors like NOT FOUND etc . They are aimed at making things easier for newbies. If you would rather prefer to see the proper error pages for the web server you're using, go to Tools, Internet Options and select the Advanced tab. Then scroll down and uncheck the Show friendly http errors box.
*******************
Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USERSOFTWAREMicrosoft Internet ExplorerToolbar.
Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.
Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain.
In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place.
Now let's move on to some Outlook Express Tricks.
Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch the Windows Registry Editor and scroll down to the
HKEY_CURRENT_USERSoftwareMicrosoftInternet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now change the value to 1. Close and restart. Now, launch Outlook Express and whenever you open up a New Message, hold down ctrl-shift and tap the z key to scroll to change the background color. Repeat the keystroke to cycle through the colors.
Internet Explorer 5 Hidden Features
Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.
Hacking Secrets
Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.
Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.
Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.
The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.
You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.
Launch Regedit and go to the following Registry Key:
HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:
NoDeletePrinter: Disables Deletion of already installed Printers
NoAddPrinter: Disables Addition of new Printers
NoRun : Disables or hides the Run Command
NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)
NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu
NoFind: Removes the Find Tool (Start >Find)
NoDrives: Hides and does not display any Drives in My Computer
NoNetHood: Hides or removes the Network Neighborhood icon from the desktop
NoDesktop: Hides all items including, file, folders and system folders from the Desktop
NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.
NoSaveSettings: Means to say, 'Don't save settings on exit'
DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too
will not work.)
NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)
ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.
Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop
Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):
NODispCPL: Hides Control Panel
NoDispBackgroundPage: Hides Background page.
NoDispScrsavPage: Hides Screen Saver Page
NoDispAppearancePage: Hides Appearance Page
NoDispSettingsPage: Hides Settings Page
NoSecCPL: Disables Password Control Panel
NoPwdPage: Hides Password Change Page
NoAdminPaqe: Hides Remote Administration Page
NoProfilePage: Hides User Profiles Page
NoDevMgrPage: Hides Device Manager Page
NoConfigPage: Hides Hardware Profiles Page
NoFileSysPage: Hides File System Button
NoVirtMemPage: Hides Virtual Memory Button
Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
NoNetSetupSecurityPage: Hides Network Security Page
NoNelSetup: Hides or disables the Network option in the Control Panel
NoNetSetupIDPage: Hides the Identification Page
NoNetSetupSecurityPage: Hides the Access Control Page
NoFileSharingControl: Disables File Sharing Controls
NoPrintSharing: Disables Print Sharing Controls
Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
Disabled: Disable MS-DOS Prompt
NoRealMode: Disable Single-Mode MS-DOS.
So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.
The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.
Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)
It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:windowssystem folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:windowssystem. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.
****************
HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows displays an error message saying that the file is protected. This simply means that the file is write protected, or in other words the R option is +. Get it? Anyway, you can stop Windows from displaying this error message and straightaway delete this file by changing its attributes to Non Read Only. This can be done by Right Clicking on the file, selecting Properties and then
unselecting the Read Only Option.
***************
There is yet another way of accessing restricted folders. Use see, DOS has a lovely command known as START. Its general syntax is:
START application_path
It does do what it seems to do, start applications. So in you have access to DOS then you can type in the START command to get access to the restricted folder. Now mostly access to DOS too would be blocked. So again you can use the shortcut trick to launch, c:command.com or c:windowscommand.com. (Command.com is the file which launches MS DOS).
Accessing Restricted Drives.
The problem with most system administrators is that they think that the users or Hackers too are stupid. Almost all system administrators use the Registry Trick (Explained Earlier) to hide all drives in My Computer. So in order to unhide or display all drives, simply delete that particular key.(Refer to beginning of Untold Secrets Section.)
Some systems have the floppy disk disabled through the BIOS. On those systems if the BIOS is protected, you may need to crack the BIOS password. (For that Refer to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +) and then creating Shortcuts to them also helps us to get access to them.
Further Changing your Operating System's Looks by editing .htt files
If you have installed Windows Desktop Update and have the view as Web Page option enabled, you can customise the way the folder looks by selecting View > Customise this folder. Here you can change the background and other things about that particular folder. Well that is pretty lame, right? We hackers already know things as lame as that. Read on for some kewl stuff.
Well, you could also change the default that is stored in a Hidden HTML Template file (I think so..) which is nothing but a HTML document with a .htt extension. This .htt file is found at: %systemroot%webfolder.htt.
The %systemroot% stands for the drive in which Windows is Installed, which is normally C:
You can edit these .htt files almost just like you edit normal .HTM or .HTML files. Simply open them in an ASCII editor like Notepad. The following is a list of .htt files on your system which control various folders and which can be edited to customise the way various folders look.
controlp.htt Control Panel
printers.htt Printers
mycomp.htt My Computer
safemode.htt Safe Mode
All these files are found in the web folder in %systemfolder%. The folder.htt file has a line:
'Here's a good place to add a few lines of your own"
which is the place where you can add your own A HREF links. These links would then appear in the folder whose folder.htt file you edited. All this might sound really easy and simple, but you see these .htt files do not contain normal HTML code, instead they contain a mixture of HTML and web bots. Hence they can be difficult for newbies to understand.
Wow long txt, and yes it has been copied from other sites, you think I have time to write all this myself, I wish enjoy
User is offlineProfile CardPM
Report PostGo to the top of the page
+Quote Post
Unlimited Rapidshare Downloads Free
Unlimited Rapidshare Downloads
Its very easy to fool Rapid Share server if your IP address is assigned by your ISP. Just follow these simple steps:
clean up IE or netscape cookie( In this case the one that belong to rapidshare website)
On Command prompt
type -----> ipconfig /flushdns <---Enter
type -----> ipconfig /release <---Enter
type -----> ipconfig /renew <---Enter
type -----> exit <--------Enter
Or save these commands in a bat file and run it everytime you need to fool Rapidshare server.Remember to clean up rapidshare cookie in your temp Internet files folder.
Now you should be ready to download as many files as you want from their server.
And there is this cool link: paste it in the browser and see
CODE
http://www.google.com/search?lr=&as_qdr=all&q=+.rar+OR+.zip+OR+.pdf+OR+.exe+site%3Arapidshare.de
Its very easy to fool Rapid Share server if your IP address is assigned by your ISP. Just follow these simple steps:
clean up IE or netscape cookie( In this case the one that belong to rapidshare website)
On Command prompt
type -----> ipconfig /flushdns <---Enter
type -----> ipconfig /release <---Enter
type -----> ipconfig /renew <---Enter
type -----> exit <--------Enter
Or save these commands in a bat file and run it everytime you need to fool Rapidshare server.Remember to clean up rapidshare cookie in your temp Internet files folder.
Now you should be ready to download as many files as you want from their server.
And there is this cool link: paste it in the browser and see
CODE
http://www.google.com/search?lr=&as_qdr=all&q=+.rar+OR+.zip+OR+.pdf+OR+.exe+site%3Arapidshare.de
Trojan PORTS
TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100
PayPhone Phreaking Guide
The Modern Phreakers Guide To Payphones
The Modern Phreakers Guide To Payphones
by: datachild
*Note: This tutorial is for semi experienced phreakers... if you dont
understand something then go read other tutorials because this one isnt
for you. I made it so you'd have a little more up to date information on
payphones... not my best work but informative
Table Of Contents
I. Introduction
II. Types Of Payphones
III. Boxes you’ll Need
IV. Tools You’ll need
V. Methods of Payphone Exploitation
VI. Other Ideas
VII. Greets
Introduction://
Well whats every phreaks dream? Free payphone calls! But getting
free payphone calls isn’t that easy or that stealthy. I will go through
the ways to get around them but be warned this can get you jail time and
or a big ass fine. Also this is for people who have certain boxes made.
I don’t tell you how to make any of these boxes in this tutorial.
Types of Payphones://
There are 2 types, COCOTS and Mah Bell phones. COCOTS are owned by
local business owners and aren’t run by the phone company. Bell/Verizon
phones are… They are easy to tell the difference because Mah Bell phones
will have the word “Bell” or “Verizon”. Holly shit that was hard!
Boxes You’ll Need://
Hehe the boxes. Ok well contrary to what most people believe, redboxes
still work today… omg yes they do! Heh, but only on certain types of phones.
You’ll need a beige box too.
Tools You’ll Need://
Welp, you’ll just need the usual tools and a new addition. Ya need
Wire Cutters, Wire Skinner, screw driver, and a Hacksaw (These come in
pocket knives so I suggest you get one bish)
Methods of Payphone Exploitation://
Here we go; I will break this up into two categories
MahBell and COCOTs.
-COCOT-
Ok well here is were im not too experienced, so I’ll go from what
I told still works, if it doesn’t then oh fuck I’m so sorry ;). COCOTS
are payphones set up by the simple people. They run off of regular phone
wires and 90% of the time the wires don’t run underground…. So hey guess
what… if it’s a regular phone wire… then we can beige box it right? RIGHT!
So there are 2 ways of doing this. The obvious and the not so obvious. The
obvious is to cut the wire that runs from the handset to the actual phone
and clip in your beige box,, the not so obvious is to follow the wires that
run down the payphone up to the wall of the building, you should see a little
medal box that you can unscrew, you can expose the wires here and clip in.
Another way of doing this is to use a redbox. But redboxes don’t work on a
COCOT without having to socially engineer the operator. So here’s what ya
do; call “0” and tell the operator that someone put gum all over the keys
and you need her to place a call for you. When she asks for money play the
tones on your redbox, it works beautifully were I live, people
in Mississippi don’t know shit ;).
-Mah Bell-
Mah bell phones? EASY SHIT! These can be redboxed!!! Atleast they
can were I live. Go find a tutorial on how to make a redbox somewere and
use it! If the phones have some type of protection against them, use the
operator trick I told you about earlier.
Other Ideas://
I had some ideas for COCOTS. What if you set up a modified portable
phone at a COCOT… so you could pick up your handset and fuck around with
the person?! Wouldn’t that be great!? You’d get calling card numbers and
you could harass people!. I was inspired from a story on www.phonelosers.org.
Hah well yeah ok that’s my 2 cents.
Greets://
I don’t love anyone
The Modern Phreakers Guide To Payphones
by: datachild
*Note: This tutorial is for semi experienced phreakers... if you dont
understand something then go read other tutorials because this one isnt
for you. I made it so you'd have a little more up to date information on
payphones... not my best work but informative
Table Of Contents
I. Introduction
II. Types Of Payphones
III. Boxes you’ll Need
IV. Tools You’ll need
V. Methods of Payphone Exploitation
VI. Other Ideas
VII. Greets
Introduction://
Well whats every phreaks dream? Free payphone calls! But getting
free payphone calls isn’t that easy or that stealthy. I will go through
the ways to get around them but be warned this can get you jail time and
or a big ass fine. Also this is for people who have certain boxes made.
I don’t tell you how to make any of these boxes in this tutorial.
Types of Payphones://
There are 2 types, COCOTS and Mah Bell phones. COCOTS are owned by
local business owners and aren’t run by the phone company. Bell/Verizon
phones are… They are easy to tell the difference because Mah Bell phones
will have the word “Bell” or “Verizon”. Holly shit that was hard!
Boxes You’ll Need://
Hehe the boxes. Ok well contrary to what most people believe, redboxes
still work today… omg yes they do! Heh, but only on certain types of phones.
You’ll need a beige box too.
Tools You’ll Need://
Welp, you’ll just need the usual tools and a new addition. Ya need
Wire Cutters, Wire Skinner, screw driver, and a Hacksaw (These come in
pocket knives so I suggest you get one bish)
Methods of Payphone Exploitation://
Here we go; I will break this up into two categories
MahBell and COCOTs.
-COCOT-
Ok well here is were im not too experienced, so I’ll go from what
I told still works, if it doesn’t then oh fuck I’m so sorry ;). COCOTS
are payphones set up by the simple people. They run off of regular phone
wires and 90% of the time the wires don’t run underground…. So hey guess
what… if it’s a regular phone wire… then we can beige box it right? RIGHT!
So there are 2 ways of doing this. The obvious and the not so obvious. The
obvious is to cut the wire that runs from the handset to the actual phone
and clip in your beige box,, the not so obvious is to follow the wires that
run down the payphone up to the wall of the building, you should see a little
medal box that you can unscrew, you can expose the wires here and clip in.
Another way of doing this is to use a redbox. But redboxes don’t work on a
COCOT without having to socially engineer the operator. So here’s what ya
do; call “0” and tell the operator that someone put gum all over the keys
and you need her to place a call for you. When she asks for money play the
tones on your redbox, it works beautifully were I live, people
in Mississippi don’t know shit ;).
-Mah Bell-
Mah bell phones? EASY SHIT! These can be redboxed!!! Atleast they
can were I live. Go find a tutorial on how to make a redbox somewere and
use it! If the phones have some type of protection against them, use the
operator trick I told you about earlier.
Other Ideas://
I had some ideas for COCOTS. What if you set up a modified portable
phone at a COCOT… so you could pick up your handset and fuck around with
the person?! Wouldn’t that be great!? You’d get calling card numbers and
you could harass people!. I was inspired from a story on www.phonelosers.org.
Hah well yeah ok that’s my 2 cents.
Greets://
I don’t love anyone
Speed UP Internet !
Speed Up Internet
Windows 2k/XP
1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
2. Note the following lines (all hex dwords):
Class = 008 ( biggrin.gif - indicates that TCP/IP is a name service provider, don't change
LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
4. Change the "Priority" lines to:
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 ( biggrin.gif - NetBT name-resolution, including WINS
5. Reboot for changes to take effect
2. Windows 9x/ME
1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
2. Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
3. You should see the following settings:
Class=hex:08,00,00,00
LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00
4. The "priority" lines should be changed to:
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00
5. Reboot for changes to take effect
3. System.ini IRQ Tweak - Windows 9x/ME ONLY
1. Find your Network Card's IRQ
1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter
2. Adding the entry to System.ini
1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect
3. Additional Thoughts
1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
2. This tweak may or may not work for you. It is not a documented tweak by Windows
3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card
RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.
Windows 2k/XP
1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
2. Note the following lines (all hex dwords):
Class = 008 ( biggrin.gif - indicates that TCP/IP is a name service provider, don't change
LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
4. Change the "Priority" lines to:
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 ( biggrin.gif - NetBT name-resolution, including WINS
5. Reboot for changes to take effect
2. Windows 9x/ME
1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
2. Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
3. You should see the following settings:
Class=hex:08,00,00,00
LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00
4. The "priority" lines should be changed to:
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00
5. Reboot for changes to take effect
3. System.ini IRQ Tweak - Windows 9x/ME ONLY
1. Find your Network Card's IRQ
1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter
2. Adding the entry to System.ini
1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect
3. Additional Thoughts
1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
2. This tweak may or may not work for you. It is not a documented tweak by Windows
3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card
RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.
Secrets of Lock Picking
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
SECRETS OF LOCK PICKING
By Steven Hampton
originally published by Paladin Press (c) 1987
(don't let the date fool you. This is good stuff)
brought to you by
Dr. Bloodmoney
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Well, I'm bringing you this file because I have a scanner and an
OCR package and I like to pick locks. This file is a complete transcription
of the book, Secrets of Lock Picking by Steven Hampton, minus the chapter
on warded locks (These locks are cheap. Use a hammer and a screwdriver).
Before getting on to the subject, I would just like to use this opportunity
to say that you can not just read this file and know how to pick locks. It
does take practice. The good news is that by practicing you will learn how
to open locks. And fast, too. I have heard many people say "It's not like
the movies...it takes time to pick a lock." Well, sometimes thats true, but
I have picked a Sargeant six-pin, high-security tumbler lock in three seconds.
And other similar locks in the the same time frame as well. So I know that
it can be done. But don't worry. Practicing is not boring. There is a
certain thrill present when you pick a lock for the very first time.
Imagine the sensation of knowing that you can get into almost anywhere you
want. Believe me when I tell you that it is very cool.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Contents
Introduction
Tools
Lock Identification
Pin Tumbler Locks
Wafer Tumbler Locks
Double Wafer Locks
Pin and Wafer Tumbler Padlocks
Tubular Cylinder Locks
Mushroom and Spool Pin Tumbler Locks
Magnetic Locks
Disk Tumbler Locks
Tips for Success
INTRODUCTION
The ancient Egyptians were the first to come up with
a complicated security device. This was the pin tumbler
lock. We use the same security principle today on millions
of applications.
The most commonly used lock today is the pin tumbler
lock. A series of pins that are divided at certain points
must be raised to these dividing points in relationship to
the separation between the cylinder wall and the shell of
the lock by a key cut for that particular series of pin divi-
sions. Thus the cylinder can be turned, and the mechanism
or lock is unlocked.
Lock picking means to open a lock by use of a flat piece
of steel called a pick. Actually, the process requires two
pieces of flat steel to open cylinder locks. It amuses me
to watch spies and thieves on TV picking locks using only
one tool. But it is for the better in a sense. If everyone
learned how to pick locks by watching TV, we would all
be at the mercy of anyone who wanted to steal from us,
and the cylinder lock for the most part would be outdated.
The actual definition of lock picking should be: "The
manipulation and opening of any restrictive mechanical
or electronic device by usage of tools other than the
implied instrument (key or code) used solely for that
device." A little lengthy, but more accurate description.
With cylinder locks, it requires a pick and a tension
wrench.
By picking the lock, you simply replace the function
of a key with a pick that raises the pins to their "break-
ing point," and using a tension wrench one rotates the
cylinder to operate the cam at the rear of the lock's cylinder
to unlock the mechanism.
(See Fig-01.GIF)
The tension wrench is used to apply tension to the
cylinder of the lock to cause a slight binding action on
the pins as well as to turn the cylinder after the pins have
been aligned by the pick; this opens the lock. The slight
binding action on the pins caused by the tension wrench
allows one to hear and feel each pin as it "breaks" or
reaches alignment with the separation of cylinder and
shell. The vibration is felt in the knuckles and joints of
the fingers, and the sound is similar to that of a cricket
in an arm wrestling match-a subtle yet distinct click.
Usually you need very little tension with the wrench
while picking the lock. In fact, it takes somewhat of a
delicate, yet firm touch. This is the secret to picking locks
successfully-a firm and yet gentle touch on the tension
wrench. You should be able to feel the pins click into place
with the right amount of tension; experience will be your
true guide.
Half of your success will be based on your ability to
use or improvise various objects to use as tools for your
purpose. The other half will depend on practice. I once
picked a pin tumbler lock using a borrowed roach clip
and a hairpin. A dangerous fire was prevented and prob-
ably several lives were saved. The world is full of useful
objects for the purpose, so never hesitate to experiment.
TOOLS
I started picking locks using a small screwdriver and
a safety pin. The screwdriver can be used as a tension
wrench, and the safety pin is used like a "hook" pick.
The last half inch of the screwdriver's tip was bent at a
45 degree angle so as to allow easy entry for the pick (bent
safety pin). Do not heat the screwdriver tip to bend it,
as this will destroy its temper. Use a vise and hammer to
do the job. Bend slowly by using firm and short taps of
the hammer, otherwise you may break and weaken the
shaft. The safety pin should be about one and a half inches
long and bent in the same way.
With the small screwdriver as a tension wrench, you can
use more of a turning or twisting movement than with
a regular tension wrench so you will generally need less
direct force when using it. As I mentioned earlier, with
practice you will develop the feeling for the right amount
of tension on a cylinder. If the safety pin bends after a
short time, use the keyway of the lock you are picking
to bend it back into shape. Even after several times of
bending, it should still be useful. Keep a few spares handy,
though. File the tip of the safety pin flat in relationship
to the bottom of the pins in the lock. Smooth any sharp
edges so that you won't impale yourself. Also, if the tip
is smooth, the pick will not get hung up on the pins while
picking the lock.
Granted these are not the best tools for the job, but
they do work. If you learn to use your junk box as a rich
source of equipment, then with your experience real lock
picks will give you magic fingers. Also, you'll have the
advantage of being able to improvise should you be
without the real things (which are illegal to carry on your
person in most parts of the country).
Lock picks are difficult to get. I received my first set
when I became a locksmith apprentice. All of my subse-
quent sets I made from stainless steel steak knives with
a grinder and cut-off wheel. They are much more durable
than the commercial picks. If you do make your own,
make certain that the steel is quenched after every 3
seconds of grinding-do not allow the pick to get hot to
the point of blue discoloration.
A diamond pick is the standard pick I use on most all
pin and wafer locks. A small diamond pick is used for
small pin tumbler locks such as small Master padlocks,
cabinet file locks, etc. The tubular cylinder lock pick, we
will discuss later. The double-ended, single-pronged ten-
sion wrench is used with the diamond pick. It features
double usage; a small end for small cylinders and a large
end for the larger cylinders. A special tension wrench is
used for double-wafer cylinder locks with an end with two
prongs on one end and tubular cylinder locks with the
single prong on the other end. We will discuss tubular
cylinder and double-wafer locks later as well. The steel
should be .030 inches to .035 inches thick for the picks
and .045 inches to .050 inches thick for the first tension
wrench mentioned above. The second tension wrench
should be .062 inches square (.062 inches x .062 inches)
on the tubular cylinder side (one pronged end), and .045
inches thick on the double-wafer end (two-pronged end).
You can accomplish this by starting out with .045 inches
in thickness. The two-pronged end should be bent carefully
in a vise at a 30 degree angle. This allows easy entry for
the pick on double-wafer locks.
(See fig-02.GIF)
Among the more common tools used by professionals
around the world is the rake pick. The rake pick is used
to "rake" the tumblers into place by sliding it in and out
across the tumblers. I seldom use the rake pick because
it is not highly effective and I consider it a sloppy excuse
for a lock pick. I've seen the rake pick work on some dif-
ficult locks, but you can rake with a diamond pick and
get the same results. I prefer the diamond pick for most
tumbler locks simply because it is easier to get in and out
of locks-it slides across the tumblers with little or no
trouble.
A ball pick is used for picking double-wafer cylinder
locks, though I never carry one; I use a large diamond
pick and reverse it when picking these locks. This means
I have one less pick to carry and lose.
(See fig-03.GIF)
A double-ball pick is used like a rake on double-wafer
locks in conjunction with a tension wrench (two-pronged
end).
A hook pick is used to open lever tumbler locks, though
again, I use a diamond pick with a hooking action when
possible. There are various sizes of hooks but they all have
the same basic job-to catch the movable levers that
unlock lever locks.
There are also various sizes of tension wrenches. They
are usually made from spring steel. The standard tension
wrench is used for pin and wafer locks. A special tension
wrench is called a Feather Touch, and it is used for high-
security mushroom and spool pin tumbler locks. Its
delicate spring-loaded action allows the pick to bypass the
tendencies of these pins to stick. A homemade version of
the Feather Touch can be made from a medium-light duty
steel spring.
As to getting lock picks for your own use, you cannot
go down to your local hardware store and buy them. I
could supply you with some sources or wholesalers, but
I do believe it is illegal for them to sell to individuals. Your
best bet would be to find a machine shop that will
fabricate them for you. It would be less expensive and
arouse less suspicion if you purchase a small grinder with
a cut-off wheel and make your own. With a little prac-
tice, you can make a whole set in an afternoon. Use a copy
of the illustrations in this book as templates and carefully
cut them out with an X-ACTO knife. Cut down the middle
of the lines. Acquire some stainless steel (many steak
knives approach proper thickness).
With a glue stick, lightly coat one side of the paper
template and apply it to the cleaned stainless surface, and
allow it to dry. You'll need a can of black wrinkle finish
spray paint. This kind of paint has a high carbon con-
tent and can stand high temperature of grinding. Spray
the stainless (or knives) with the patterns glued on and
dry in a warm oven or direct sunlight for one hour. Set
aside for twenty-four more hours. Peel off the paper
template and you are ready to cut and grind. Please use
caution when cutting and grinding. The piece should be
quenched every three seconds in cold water. Smooth up
sharp edges with a small file or burnishing wheel.
Tools made from stainless steel will outlast the pur-
chased ones. The tools purchased from most suppliers are
made from spring steel and wear out after about 100 uses.
The stainless steel ones, if properly made, should last over
2,000 uses.
LOCK IDENTIFICATION
There are many types of locks, the most common being:
1. The pin tumbler lock. Used for house and garage doors,
padlocks, mail boxes, and Ford automobiles.
2. The wafer tumbler lock. Used for garage and trailer
doors, desks, padlocks, cabinets, most autos, window
locks, and older vending machines.
3. The double-wafer lock. Used for higher security wafer
tumbler applications.
4. The warded locks. Used for light security padlocks and
old-fashioned door locks.
5. Lever locks Used for light security and older padlocks,
sophisticated safe-deposit boxes, some desks, jewelry
boxes, and small cash boxes.
6. Tubular cylinder locks. Used for alarm control systems,
newer vending machines, car-wash control boxes and
wherever higher security problems might exist.
These locks are the more common locks used yet there
are variations and combinations of these principal types
that usually pick open in the manner that will be discussed.
Some of them just require practice of the basic types,
others luck, and most of the rest of them knowledge of
how that particular lock works and is keyed. This comes
from experience.
(See fig-04.GIF)
PIN TUMBLER LOCKS
Pin tumbler locks offer the most security for their price.
They have close machine tolerances and approximately
1,000,000 different key combinations for a five-pin lock.
Considering the thousands of different companies mak-
ing pin tumblers (different shaped keyways for each com-
pany or design line), the chances of someone having a key
that will work in your front door lock are one in many
billions.
Pin tumbler locks can easily be identified by peering
down the keyway and locating the first round pin.
Sometimes you can see the pin's dividing point, where it
breaks with the cylinder wall (shear point).
To successfully pick a pin tumbler lock, your sense of
touch sould be honed so that both hands feel the tools.
Once the hand holding the pick has located a slight relief
in tension while picking a particular tumbler, the other
hand holding the tension wrench will feel a relief or break-
ing point. Both hands should be involved with the sense
of touch, the sensing of the inner workings of the lock.
We are now ready to begin the first lesson. First open
your front door and check for a pin tumbler lock on it.
It should have one on it. If there is one, leave the door
open to decrease suspicion. Do not lock yourself out of
your apartment or house by being overconfident; not only
will you raise suspicion, but window glass is not cheap.
HOW TO PICK A TUMBLER LOCK
STEP ONE
Without using the tension wrench, slip the pick into
the lock. The "hook" of the pick should be toward the
tumblers (up in most cases, depending on whether or not
the lock was mounted upside down-you can tell by look-
ing down the keyway and locating the first pin with your
pick). Try to feel the last tumbler of the lock. It should
be 7/8 inches into the lock for a five-pin tumbler lock
(most common pin tumbler lock used).
Make certain that you have no tension on the wrench
when inserting the pick as this will encumber the frontal
tumblers. When you feel the back tumbler, slowly raise
it with a slight prying motion of the pick. Release it, but
keep the pick in the lock on the rear tumbler.
Now insert the tension wrench, allowing room for the
pick to manipulate all of the pins. It should be placed at
the bottom of the cylinder if the lock was mounted
upright, tumblers toward the top of the cylinder. Apply
firm and yet gentle clockwise pressure to the tension
wrench.
Slowly raise the back tumbler with a slight prying mo-
tion of the pick. A minute click will be felt and heard when
it breaks. It will lose its springiness when this occurs, so
do not go any further with it. Any further movement with
the pick will cause binding by going past the pins' shear
line. Continue an even pressure with the tension wrench.
Keeping an even tension pressure, proceed to Step Two.
STEP TWO
The fourth tumbler should be easily felt since it is the
next one in line. Raise it until it breaks, keeping the ten-
sion wrench steady. It too will give a sound and sensa-
tion when it breaks or aligns.
STEP THREE
The third or middle tumbler is next. Again, it too will
click. Maintain a constant, even pressure on the wrench-
about the same pressure that you would use to replace
a cap on a catsup bottle. You may feel the "clicks" in your
tension wrench as well as hear them.
(See fig-05.GIF)
STEPS FOUR AND FIVE
Continue on to the next tumbler out, working toward
you. When it breaks, raise the last (front) tumbler to its
braking point and the cylinder should be free to rotate
and unlock the door. Sometimes you may have to play
with the wrench to open the lock because you may have
raised a tumbler too high, past its breaking point. If this
is the case, very slowly and gradually release the tension
wrench pressure and the overly extended tumbler will drop
into its breaking point before the other tumblers have a
chance to fall. The cylinder should pop open at that point.
I have found that this technique is responsible for over
30 percent of my successes in opening all tumbler locks.
If the lock still refuses to open after all that treatment,
release the tension wrench pressure, allowing all of the
tumblers to drop and start over. You may have more than
one tumbler too high and would be better off to repeat
the picking process.
WAFER TUMBLER LOCKS
Wafer tumbler locks make up over one-fourth of the
locks in use in the world. Since they are generally easier
to pick than most pin tumbler locks, you will be 75 per-
cent master after fooling around with these mechanisms.
That is why I wrote about pin tumbler locks first-they
are more difficult and make up over one-half of the locks
used today.
(See fig-06.GIF)
The term wafer refers to the general shape of the
tumblers. The wafers are flat, spring-loaded tumblers that
are much thinner than pins and the distance between them
is less. Wafer locks are picked in the same way as pin
tumbler locks, but you must compensate for the smaller
dimensions. You can identify wafer locks simply by look-
ing down the keyway and locating the first flat tumbler.
The last tumbler on most wafer locks is located about one-
half inch into the lock.
Wafer locks are used on filing cabinets, lockers, most
cars, garage doors, desks, and wherever medium security
is required. The only wafer tumbler lock in common use
that is difficult to pick is the side-bar wafer lock. It is the
most popular type of auto lock. This lock is of different
design than most other locks and offers much more secur-
ity than a regular wafer tumbler lock, or even a pin
tumbler lock.
The side bar lock is used mostly on General Motors
cars and trucks since 1935. It is used on ignitions, door,
and trunk locks. Side bar locks are hard to pick because
you cannot feel or hear the tumblers align with the
cylinders breaking point. A spring-loaded bar falls into
place to allow the cylinder to turn when all of the tumblers
are aligned. There is no way to tell when that happens.
One learns to sense the bar while picking so that it seems
to fall into place by itself. But for beginners, I recommend
this technique for emergency openings: Peer down the
keyway and locate the side groove of any of the tumblers
using a pick as a searching tool. Drill a small hole in the
shell of the lock above the bar which is above the grooves
on the tumblers. Since side bar locks have off-centered
keyways, the usual place to drill is opposite of the keyway.
Using an L-shaped steel wire, put pressure on the sidebar
and rake the tumblers using a tension wrench for cylinder
rotation and the lock will open.
Fortunately, most GMC autos have inferior window
seals; with a coat hanger, one can lasso the locking door
knob to open the door. If you are going to be successful
at opening side bars, you will do it within two minutes;
otherwise, you are causing unnecessary wear on your picks
not to mention wasting your time.
Ford auto locks are relatively simple to pick. They have
pin tumblers and you have to remember that the door
locks turn counterclockwise. Most other auto locks turn
clockwise. If you are not sure, remember this: If the
tumblers will not catch at their breaking points, you are
going in the wrong direction with the tension wrench.
Wafer locks are a cinch to pick if you have learned how
to pick pin tumblers. Just remember that wafers are thin-
ner than pins and there is less distance between them.
Generally you need less tension-wrench pressure with these
locks, yet car locks can be quite stubborn and require a
great deal of tension. Any heavily spring-loaded cylinder
needs a substantial amount of tension.
As a rule, though, wafer locks need less play with the
tension wrench than with pin tumbler locks. But if you
find yourself having difficulty in opening these, you may
try a little tension-wrench play. Usually they won't pop
open like pin tumbler locks, they just slide open; you don't
get the warning that a pin tumbler gives before it opens
because there is less contact area on the wafer's edge than
on a pin, so the sense of climax is reduced with these types
of locks. Still, they open quite easily.
DOUBLE WAFER LOCKS
Double-wafer locks are picked in the same way as single-
wafer locks, but there are two sides to the story. Not only
do you have to align the top wafers, but you have ones
in the bottom of the cylinder to align as well.
The Chicago Lock Company was the first to come up
with this type of lock. It is a classic example of the race
toward better security. Certain tension wrenches allow
uninterrupted picking using ball picks. You can also use
a standard tension wrench or small screwdriver and place
it at the center of the keyway. To eliminate unnecessary
baggage, use a diamond pick, reversing it to encounter
both top and bottom wafers.
(See Fig-07.GIF)
The last tumbler in this type of lock is located less than
one-half of an inch in. The picking procedure may have
to be repeated more than one time-top wafers, then bot-
tom wafers, top, bottom-back and forth. Yet these locks
are easier to pick than most pin tumblers.
Locate the last wafer on the top side and move it to
its breaking point. Do the same with the other top wafers.
Keep the tension wrench firm, remove the pick, turn it
upside down (if you are using a diamond or homemade
pick), and reinsert it to work the bottom wafers. You may
have to repeat this process a few times, but double-wafer
locks can and will open with such treatment. Schlage has
a doorknob lock that opens this way, but the last tumbler
is about one and one-half inches in.
Double-wafer locks are easy to master if you have
learned to pick pin and wafer tumbler locks. Since double-
wafer locks are more compact, you have to compensate
for the fact-slightly closer tolerances. These type of locks
are used on old pop and candy machines, gas caps,
cabinets, etc.
PIN AND WAFER TUMBLER PADLOCKS
Cylinder padlocks require a technique of holding them
with the same hand with which you are using the tension
wrench. This technique allows one to pick the padlock
without going into contortions over a dangling padlock.
Assuming that you are right-handed, hold the padlock
in your left hand by gripping the body of the padlock with
your thumb and forefinger. Insert the tension wrench at
the bottom of the keyway and hold it in a clockwise turn
with your ring and little finger, causing a slight binding
pressure on the cylinder. Now your right hand is free to
pick, and your left hand does the job of holding both the
lock and tension wrench. The overhand method works
well, too, but the thumb controls the tension wrench
instead. Switch around to find which is most comfortable
for you.
When tumbler padlocks pop open, it is quite a sensa-
tion because the shackle is spring-loaded and gives one
quite a jolt. It's a feeling of accomplishment. You may
need a little more tension on padlocks than on door locks
because the cylinder cam has to operate a spring-loaded
bolt. Overall, padlocks are the most fun to open. Prac-
tice using old or discarded padlocks that you have found.
I've worn out hundreds of them.
TUBULAR CYLINDER LOCKS
(Note: Diagrams of tubular lock were omitted due to the fact that picking
them with conventional methods is a complete waste of time. There are picks
available that are specifically designed to pick this kind of lock in a
matter of seconds)
We will gradually proceed to more sophisticated locks
from here. I would like to remind you that success is not
based on personality. If one is arrogant about one's lock-
picking skills, one could easily be made a fool of by a
lock. And no matter how many times you bash a cylinder,
you will still be locked out. The only thing you accomplish
is attracting an audience-so be cool.
If at this point you have had much difficulty under-
standing the principles of pin and wafer locks, please
restudy this book from the beginning. Read it several times
so as to absorb it. The information that you now have
has taken me almost two decades to gather, so please be
mindful of that.
Now you are about to learn how to open the more dif-
ficult locking mechanisms-some of the other 25 percent
of the locks used today. You should feel confident with
pin, wafer and double-wafer tumbler locks before you
attempt rim cylinder locks.
Tubular cylinder locks stand out as the most generally
accepted lock in all important industries using high-quality
locks for protection of property, merchandise, and cash.
They are recognized as giving the maximum amount of
security for their price range.
Tubular cylinder locks are pin tumbler locks arranged
on a circular plane. Unlike conventional pin tumbler locks,
all of the pins are exposed to the eye. The central section
of the lock rotates to operate the cam when all of the seven
pins have reached their breaking points. When the pro-
per key is entered into the lock, the tumblers are pressed
into position so that the central section (plug) can be
turned. This manual operation of inserting the key places
the tumblers in position so that the lock can be operated
and ensures that frost, dust, salt, or unfavorable climatic
conditions will not affect the smooth operation of the
lock.
The Chicago Ace lock is a product of the Chicago Lock
Company of Chicago, Illinois. It is an effective security
device and is used on vending machines, coin boxes, and
burglar alarms. A larger, more complex version of it is
used on bank doors and electronic teller machines. The
key is of tubular shape with the cuts arranged in a circle
around the key.
The pick used for this lock is the tubular cylinder pick,
or you may use a straight pin or your homemade safety
pin pick. The one-pronged end of the tension wrench is
a little more specialized and is used for rim cylinder locks.
It must be .062 inches square for best results. Any square
steel stock is acceptable, as long as it fits snugly into the
groove of the tubular cylinder plug.
This type of lock is a burglar's nightmare because it
takes so long to pick. You have to pick it three or four
times to accomplish the unlocking radius of 120 to 180
degrees. And the cylinder locks after each time you pick
it-every one-seventh of a turn.
If you leave the lock only partly picked, the key will
not be able to open it, so you must pick it back into the
locked position after opening it-another three or four
picking sessions. In all, to unlock and lock the cylinder,
you have to pick it up to eight times-quite a chore if you
don't have the right tools or time.
These locks almost always pick in the clockwise direc-
tion. Make certain that the tension wrench fits snugly into
the groove on the cylinder. Very slowly push the first pin
down until it clicks, maintaining a definite clockwise
pressure on the tension wrench. Once the tumbler has
broken, do not push any further and proceed to the next
one, and so on. As you reach the last tumbler, the ten-
sion wrench will feel more slack and give way if the lock
were properly picked.
There are special keyhole saws for these locks in which
you drill out the tumblers and turn the cylinder. Also there
is a special tool used by locksmiths to open rim cylinder
locks.
MUSHROOM AND SPOOL PIN TUMBLER LOCKS
High-security pin tumbler locks may contain specially
made pins to make picking them more challenging. The
pins are machined so as to make picking them quite dif-
ficult. When picking these locks, the pins give the impres-
sion that they have broken, when in fact they could be
a long way from breaking. You can tell whether or not
you are picking a pin tumbler lock that has these pins by
the fact that the pins seem to align so easily with a louder
than normal click. The cylinder seems eager to open but
to no avail.
The picking procedure relies on a well-yielding tension
wrench. The tension wrench has to be lightly spring-loaded
so that the pins can bypass their false breaking points.
You also have to "rake" (seesaw in and out) the pins with
your pick. The feather-touch tension wrench is ideal for
the job. Use light pressure with it, and it will let you in.
(Note: A feather-touch tension wrench is not necessarily required. A normal
tension wrench will work fine with an extremely light tension on it. The
weight of just your index finger alone should be enough in most cases.)
The mushroom and spool pins are used in locks for
high-security purposes such as bank doors. The American
Lock Company uses them in some of their padlocks.
MAGNETIC LOCKS
Magnetic locks are fascinating. I almost hate to open
them because I feel that I have breached their uniqueness.
In reality, you do not pick them, but "confuse" them. They
generally work on the principle that like magnetic
polarities repel each other. The key is a set of small
magnets arranged in a certain order to repel other magnets
in the lock, thereby allowing the spring-loaded bolt or cam
to open the lock.
By using a pulsating electromagnetic field, you can
cause the magnets in the lock to vibrate violently at thirty
vibrations per second, thereby allowing it to be opened
by intermittent tugging of the bolt or turning of the door
knob.
This method may also ruin the small magnets in the
lock by changing their magnetic status or properties. So,
if you have to perform an emergency break-in with these
locks, do not relock the door. The card or key will not
operate the lock.
The magnetic pick can be used on padlocks by strok-
ing it across the place where the key is placed. It is also
designed to fit into the doorknob and is used by stroking
one pole in and out or by using the other pole the same
way.
If you have had little or no training and experience
building something like this, please have a friend who is
familiar with basic electronics do it for you. Do not take
the chance of electrocuting yourself. Make sure that the
coil is also completely covered with electrician's tape after
you have wound the 34 gauge wire. Also make sure that
the steel core has at least three layers of tape over it. Do
not leave the unit plugged in for more than two to three
minutes at any one time as this may cause overheating
which could cause it to burn out or start a fire. It is safe
to use if constructed properly and not left plugged in
unattended. Opening magnetic locks requires only 30 to
60 seconds anyway, so don't leave the unit plugged in for
longer.
For magnetic padlocks, use a back-and-forth stroking
action along the length of the keyway. For magnetic door
locks, use a stroking in-and-out action in the slot of the
knob alternating from one side (pole) of the pick to the
other.
The "key" for a magnetic door lock is a metal or plastic
card containing an array of magnetic domains or regions
coded in a specific order to allow entry. The magnetic pick
bypasses that.
(See fig-08.GIF)
DISK TUMBLER LOCKS
Combination or "puzzle" locks were invented to fur-
ther improve security and the protection of valuables. The
older safes and lockboxes were good security devices when
they came into the market, but some people became
curious and realized that these safe locks had inherent
weaknesses. One of the main problems was that the disk
tumblers were not mechanically isolated from the bolt that
unlocks the safe door. In other words, you could feel and
hear the tumblers while turning the dial by applying
pressure on the handle of the bolt.
When that problem was recognized and solved, thieves
started drilling through strategic places in the lock itself
to open it. Knocking off hinges was an all-time favorite
tactic as well. Then came punching out the dial shaft,
blowtorching, and just plain blowing the door with ex-
plosives. Greed can breed great creativity.
The first problem, that of manipulating the tumblers
open, was rectified by making use of the dial to operate
the bolt upon completion of the dialing of the correct com-
bination. This made it nearly impossible to feel or hear
the tumblers. Drilling was deterred by laminating the safe
door with hard steel and beryllium-copper plates. The
beryllium-copper plates pull heat away from the drill tip
quickly, and the bit just spins without effect; drilling can-
not take place without the generation of heat at the bit's
cutting edges. Knocking off hinges was discouraged by
using three or more bolts operated by a main linkage net-
work. Punching out the dial shaft to let the tumblers fall
out of the way of the bolt was corrected by beveling the
shaft into the wall of the safe door.
Presently, safe locks are quite sophisticated. Picking
them would require supernatural power. The older safes,
however, are much easier and even fun to pick. Picking
combination padlocks is a good way to start learning how
to open safes, and we will get to them shortly. But first,
let us discuss some basic prmciples of disk tumbler locks.
Disk tumbler locks work by the use of flat, round disks
of metal or plastic with a notch and a peg on each disk.
The notch is called the tumbler gate. The gate of each
tumbler has to be lined up with the pawl of the bolt
mechanism by usage of the linking capabilities of the pegs.
The first tumbler of the disk tumbler lock (also the last
combination number dialed) is mechanically connected
to the dial through the safe door. When the dial is turned,
the first tumbler picks up the middle tumbler when their
pegs connect. The middle tumbler in turn picks up the
last tumbler for one more complete turn and the tumblers
have been "cleared"-you are ready to dial the first com-
bination number by aligning the last tumbler's gate to the
pawl. After you have reached this number or position,
rotate the dial in the opposite direction one complete turn
(for three tumbler locks; two turns for four tumbler locks)
to engage the middle tumbler and drive it to the second
combination mlmber. By rotating the dial back into the
opposite direction to the last combination number, the
bolt can be operated to open the lock, or as in the case
of newer safes, the dial will operate the bolt by turning
it once again in the opposite direction.
One of the innovations that developed to deter sensual
manipulation of combination locks was the use of ser-
rated front tumblers (last combination number dialed).
These were designed to foil listening and feeling of the
tumblers' gates by burglars.
When the bolt encountered any one of these shallow
gates, the safecracker could never be sure whether or not
a tumbler was actually aligned with the pawl-bolt
mechanism. Some burglars solved this problem by attach-
ing high-speed drills to the dial knob to rotate and wear
down the first tumbler's shallow false gates against the
bolt, thereby eliminating them altogether, or at least
minimizing their effects. Still, today the serrated tumbler
is used as an effective deterrent to manipulation in com-
bination padlocks where space is a factor.
Let us move on to combination padlocks. The most
common and difficult to open of these small disk tumbler
locks are the Master combination padlocks, and they are
quite popular. I have had good luck in opening these locks
with a wooden mallet or soft-faced hammer. The manip-
ulation of Master combination padlocks is quite easy-I
have done it thousands of times, and you can learn it, too.
The newer the lock is, though, the more difficult it will
be to open at first. If the lock has had a lot of use, such
as that on a locker-room door where the shackle gets
pulled down and encounters the tumblers while the com-
bination is being dialed, the serrated front tumblers will
become smoothed down, allowing easier sensing of the
tumblers. So, until you have become good at opening these
locks, practice extensively on an old one. Let's try to open
one:
OPENING A COMBINATION PADLOCK
STEP ONE
First, clear the tumblers by engaging all of them. This
is done by turning the dial clockwise (sometimes these
locks open more easily starting in the opposite direction)
three to four times. Now bring your ear close to the lock
and gently press the bottom back edge to the bony area
just forward of your ear canal opening so that vibrations
can be heard and felt. Slowly turn the dial in the opposite
direction. As you turn, you will hear a very light click as
each tumbler is picked up by the previous tumbler. This
is the sound of the pickup pegs on each disk as they engage
each other. Clear the tumblers again in a clockwise man-
ner and proceed to step two.
STEP TWO
After you have cleared the tumblers, apply an upward
pressure on the shackle of the padlock. Keeping your ear
on the lock, try to hear the tumblers as they rub across
the pawl; keep the dial rotating in a clockwise direction.
You will hear two types of clicks, each with a subtle
difference in pitch. The shallow, higher pitched clicks are
the sound of the false gates on the first disk tumbler. Do
not let them fool you-the real gates sound hollow and
empty, almost nonexistent.
When you feel a greater than normal relief in the shackle
once every full turn, this is the gate of the first tumbler
(last number dialed). This tumbler is connected directly
to the dial as mentioned earlier. Ignore that sound for now.
When you have aligned the other two tumblers, the last
tumbler's sound will be drowned out by the sound of the
shackle popping open.
STEP THREE
While continuing in a clockwise direction with the dial,
listen carefully for the slight hollow sound of either one
of the first two tumblers. Note on the dial face where these
sounds are by either memorizing them or writing them
down. Make certain that you do not take note of the driv-
ing tumbler (last number dialed). If you hear and feel only
one hollow click (sounds like "dumpf"), chances are that
the first number could be the same as the last one.
You should have two numbers now. Let us say one of
them is 12 and the other is 26. Clear the tumblers again
just to be safe and stop at the number 12. Go
counterclockwise one complete turn from 12. Continue
until there is another "dumpf" sound. After the complete
turn pass 12, if you feel and hear a louder than normal
sound of a tumbler rubbing on the pawl, the first tumbler
is properly aligned and the second tumbler is taking the
brunt of the force from the shackle-you are on the right
track. When the second tumbler has aligned in this case,
you will feel a definite resistance with the last turn of the
dial going clockwise. The final turn will automatically
open the shackle of the lock. If none of these symptoms
are evident, try starting with the number of the combina-
tion, 26, in the same way.
STEP FOUR
If the lock still does not open, don't give up. Try search-
ing for a different first number. Give it a good thirty- or
forty-minute try. If you play with it long enough, it will
eventually open. The more practice you have under your
belt, the quicker you will be able to open these padlocks
in the future.
Using a stethoscope to increase audibility of the clicks
is not out of the question when working on disk tumbler
locks, though I never use them for padlocks. A miniature
wide-audio-range electronic stethoscope with a magnetic
base for coupling a piezoelectric-type microphone is ideal
for getting to know the tumblers better.
Filing your fingertips to increase sensitivity might not
be such a good idea for beginners since their fingertips
will not be accustomed to operating dials for a long period
of time. With practice, you may develop calluses and need
to file your fingertips. But I don't recommend it at first.
After some time you may find that in some cases you
can whiz right through the combination of an unknown
lock without looking at it and pop it open in seconds.
It becomes second nature. I've done this on many occa-
sions-something beyond my conscious control seems to
line up the tumblers without my thinking about it.
Another type of disk tumbler padlock is the Sesame
lock made by the Corbin Lock Co. Its unique design
makes it more difficult to open than Master padlocks, but
it can be opened. Let's take one of the three or four wheel
mechanisms, look at a cross section, and see how it works.
The wheel has numbers from zero to nine. Attached to
the wheel is a small cam. Both the wheel and cam turn
on the shaft. Each wheel in this lock operates indepen-
dently with its own cam and shaft. The locking dog is
locked to the shackle. In this position the shackle cannot
be opened. The locking dog operates with all three or four
wheels. The locking dog is riding on the round edge of
the cam. The spring is pushing up on the cam. The lock-
ing dog cannot move up because it is resting on the round
part of the cam. When the wheel is turned to the proper
combination number, the locking dog rests on the flat of
the cam. The spring can then raise the locking dog to
release the shackle, and this opens the lock.
TIPS FOR SUCCESS
You will undoubtedly encounter a pin tumbler lock in
which there will be a pin or two that is keyed too low
(the shear line of the pin is too high). In this case the lock
is difficult to open because the breaking point of a long
bottom pin doesn't allow room in the keyway for the pick
to manipulate the other pins. Your success in opening
"tight" locks will depend on the skill you have developed
with your tension wrench. Sometimes it helps to play with
the tension wrench. Try bouncing it left and right slightly
while picking, allowing some of the tumblers to drop occa-
sionally. You may also try picking the front tumblers first
or picking at random on these locks. You can tell if you
have a lock that is keyed like this because your pick may
get jammed during the picking process.
After you have opened a cylinder and unlocked a lock,
be sure to return it to the locked position. You will hear
the tumblers click into place when this happens. Other-
wise it may be difficult to unlock it with its key because
the bottom pins cannot "float" like they normally would.
To tell whether or not the cylinder should go clockwise
or counterclockwise when picking a tumbler lock, there
is an easy rule to follow. If the tumblers (pin or wafer)
will not break, or stay broken, you are going in the wrong
direction with the tension wrench. There will be little or
no progress with the cylinder, and few, if any, "clicks."
Some keyways are cut at an angle (Yale, Dexter, and
Schlage, for example) so you want to be sure that you tilt
your pick to follow that angle while picking or your pick
will get hung up. A slight twist of the wrist will compen-
sate for this problem.
Should your fingers become tired while picking a lock,
lay down your tools and shake your hands and fingers
to relieve any tension. After some time the muscles in your
hands will become accustomed to such activity. Practice
and persistence will tone your hands and senses to the
point where you will be able to pop open a cylinder in
three to five seconds (that's seconds) in total darkness. The
combination of touch and sound lets you know almost
a split second before you open the lock that you have
succeeded.
If the lock is a well-machined one, the cylinder will feel
tight and you will need a little firmer hand on the ten-
sion wrench. While picking, if any one of the pins at any
time feels firm or difficult to move, chances are it's aligned.
If it feels springy, it is not.
Use the shaft of the pick if you have to when working
the frontal pin of a pin tumbler lock. This may save you
the trouble of aligning the tip of the pick on the front
pin where there is little or no support for the pick. All
of the other pins allow the pick to be supported by the
inside wall of the keyway.
Master keyed pin tumbler locks are generally easier to
pick open because they have more than one shear line or
breaking point in the pins. Master keying allows a group
of locks to be controlled by a master key holder while the
individual locks in that group are controlled by individual
keys. Hotels and apartment complexes are usually master
keyed.
There is a simple technique to open pin and wafer
tumbler locks. Simply drill through the shear lines of the
tumblers. This point is located just above the center of
the keyway on the face of the cylinder. By doing this,
though, you obviously ruin the lock and make a lot of
racket. If the lock is a Medeco or some other high-security -
lock, you risk damage of one hundred dollars or more,
so be sure you know the value of the situation before you
decide to rape the lock. Use a center punch to start a
reliable hole on the cylinder face and use a one-quarter
inch drill bit with a variable speed drill. With a large
screwdriver, turn it to unlock. The cylinder will be dif-
ficult to turn because you may be shearing the tumbler
springs that have fallen down past the cylinder's shear line.
Dead bolt locks are those mounted on a door above
the knob. All dead bolt locks unlock counterclockwise
with left-hand doors and clockwise with righthand doors.
If you have trouble remembering this, just remember that
the bolt of the lock has to go in the opposite direction
of the doorjam.
Dead bolt locks are just as easy to pick open as knob
locks are. They both have cylinders that can be picked
open. The main difference is that dead bolts cannot be
opened by sliding a plastic or metal card through to the
bolt so as to work it back. In other words, they are not
spring loaded. That's why they are called dead bolts. Most
knob locks now have guards in front of the bolts to deter
opening with cards.
Kwik-sets, Weisers, and some of the less-expensive knob
locks may open in either direction. Schlage and Corbin,
along with more sophisticated locks, can open only in one
direction. Auto locks will open either way. Another
method of picking pin tumbler locks is with a pick gun.
As the pick snaps up, it hits the bottom pin. This bounces
the top pin out of the cylinder and into the shell. As you
apply light turning pressure with the tension wrench, the
top pins are caught in the shell, the cylinder will turn. I've
never used a pick gun, but they do work well for lock-
smiths who use them. They are cumbersome and expen-
sive, and show some lack of professionalism.
(Note: If you don't care about professionalism and want to open 95% of all
pin tumbler locks out there - and fast- buy this device. It is very awesome.
I even recommend it over a Cobra Electronic lockpick. Trust me, I have both,
and I feel the $60 Lockaid pick gun blows away the $350 Cobra)
SOME PRECAUTIONS
If you bought this book to learn how to pick locks in
order to become a more efficient burglar, then there is
not a whole lot I can say or do to stop you. But I must
say this: the locks used in prisons are nearly impossible
to pick even if you get or make the right tools. They are
usually electrically controlled from an external station.
Do not carry lock picks on your person. If you get
caught with them, you could get nailed for most any pro-
fessional job in town for the last seven years. If you must
carry them, as in the case of rescue workers, etc., please
consult your local authorities about details and ask about
registering with them. As a former locksmith, I do not
have that problem.
I advise that you do not teach your friends how to pick
locks. The choice is yours, of course. You paid the price
of this book and the knowledge is yours-be selfish with
it. It is for your own protection as well. The fewer people
who know you have this skill, the better. Getting blamed
for something you didn't do is unfair and a hassle.
When you become proficient at picking locks, you may
decide to get a job as a locksmith. But believe me, there
is more to being a locksmith than being able to pick locks.
You have to be a good carpenter as well as a fair mechanic.
But you may want to approach the owner of a lock shop
and ask if you could get on as an apprentice.
NOBODY'S PERFECT
There isn't a locking device on earth that cannot be
opened with means other than its key or code. It's just
that some are easier to open than others. Anything with
a keyhole, dial, or access port is subject to being opened
with alternate means, though some of the newer electronic
and computer-controlled security devices would be a
nightmare even if you had extensive knowledge of elec-
tronics and electromagnetics. Some devices also use palm
prints as a readout to allow entry.
On the mechanical side, there are locks that have nor-
mal pin tumblers, but they are situated in various places
360 degrees around the cylinder. Some locks use pin
tumblers that not only have to be aligned vertically within
the cylinder, but also have to "twist" or turn a certain
number of degrees to allow the cylinder to open. This is
because the pins' shear line is cut at an angle. These locks
are made by Medeco.
I have witnessed only one Medeco lock being picked-
by a fellow locksmith. We both spent hours trying to pick
it again, but it was futile. We estimated the chances of
opening it again to be one out of 10,000. They are excellent
security devices, but their price keeps them limited to areas
prone to security problems such as isolated vending
machines and for government use. The only one I have
been successful at opening (after an hour of picking) was
one I drilled. By the way, they are easy to drill because
the brass that's used is soft.
LEARNING TO TOUCH AND FEEL
Most of us know how to touch. We touch objects every
day, and yet we do not truly feel them. It seems so
commonplace that we forget that we are actually feeling
while we touch.
Here is an exercise that will develop a delicate touch.
Gently rub and massage your hands and fingers-
preferably with hand lotion. Do this for five minutes. Once
the lotion has evaporated, shake your hands and fingers
so that they flop loosely. Gently pull each finger to relax
each joint.
Now with a piece of fine sandpaper, gently draw the
tips of your fingers across it. Try to feel the texture of
the grains on its surface. Relax your fingers, hands, fore-
arms, shoulders, and chest. Take your time. Do this for
several minutes.
After a few weeks of practice, you will be able to feel
each individual grain of sand on the sandpaper. This
allows you to feel the slightest sensation vibrate through
your bones.
Try to remember to practice touching and feeling dur-
ing your everyday experiences. Practice feeling wood,
metal, and various other objects. Play with the feel of
mechanical vibrations, even your television set. Try to sense
the world around you as a source of information. This
could and will open a whole new horizon of experience.
After a while, you will be able to feel or sense the move-
ment of the tumblers of a Sargeant and Greenleaf safe.
My first safe opened in three minutes because of that
technique that took me years to discover.
VISUALIZATION
If you respect the security of the lock and do not
become overconfident, you will never become disappointed
if you fail to open it. You also increase your chances of
opening the lock because you personally have nothing to
gain or lose by opening it. Give up trying to be an expert
and just pick the lock.
With such an attitude, you may find the lock will usually
pop right open. I never received a trophy for being the
best lock picker in the state. My satisfaction is in know-
ing that I am never helpless in a lockout situation. The
quality of your success is almost romantic; it involves sen-
sitivity and compassion in the face of curiosity as a means
to help others.
Visualization and imagination are important to the lock
picker. I've noticed that people who have the ability to
visualize the internal parts of the lock that they are pick-
ing seldom fail to open it in moments. Anyone can learn
to do this by simply remembering to do it while picking
a lock. Since sight, sound, and touch are involved with
the process, visualization is very easy to do. Try to keep
all of your attention on the lock during the picking pro-
cess. This will help you to learn how to use heightened
sensitivity for picking locks.
So in that respect, an unopened lock is like a new and
unexplored lover. You imagine all of the qualities of an
attractive person whom you've just met and apply that
feeling to the lock that you are picking. Use visualization.
It will help immensely.
(Note: All this Zen stuff may sound like a load of shit, but it's not. I
myself cannot pick a lock unless I am comfortable. If I am craving a
cigarette or I am hungry or something else like that, I have a difficult time
opening a lock. Also, attitude is important. Don't show off.)
Have fun
Any question or comments
can be left to me at Ripco
(leave mail to BLOODMONEY)
SECRETS OF LOCK PICKING
By Steven Hampton
originally published by Paladin Press (c) 1987
(don't let the date fool you. This is good stuff)
brought to you by
Dr. Bloodmoney
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Well, I'm bringing you this file because I have a scanner and an
OCR package and I like to pick locks. This file is a complete transcription
of the book, Secrets of Lock Picking by Steven Hampton, minus the chapter
on warded locks (These locks are cheap. Use a hammer and a screwdriver).
Before getting on to the subject, I would just like to use this opportunity
to say that you can not just read this file and know how to pick locks. It
does take practice. The good news is that by practicing you will learn how
to open locks. And fast, too. I have heard many people say "It's not like
the movies...it takes time to pick a lock." Well, sometimes thats true, but
I have picked a Sargeant six-pin, high-security tumbler lock in three seconds.
And other similar locks in the the same time frame as well. So I know that
it can be done. But don't worry. Practicing is not boring. There is a
certain thrill present when you pick a lock for the very first time.
Imagine the sensation of knowing that you can get into almost anywhere you
want. Believe me when I tell you that it is very cool.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Contents
Introduction
Tools
Lock Identification
Pin Tumbler Locks
Wafer Tumbler Locks
Double Wafer Locks
Pin and Wafer Tumbler Padlocks
Tubular Cylinder Locks
Mushroom and Spool Pin Tumbler Locks
Magnetic Locks
Disk Tumbler Locks
Tips for Success
INTRODUCTION
The ancient Egyptians were the first to come up with
a complicated security device. This was the pin tumbler
lock. We use the same security principle today on millions
of applications.
The most commonly used lock today is the pin tumbler
lock. A series of pins that are divided at certain points
must be raised to these dividing points in relationship to
the separation between the cylinder wall and the shell of
the lock by a key cut for that particular series of pin divi-
sions. Thus the cylinder can be turned, and the mechanism
or lock is unlocked.
Lock picking means to open a lock by use of a flat piece
of steel called a pick. Actually, the process requires two
pieces of flat steel to open cylinder locks. It amuses me
to watch spies and thieves on TV picking locks using only
one tool. But it is for the better in a sense. If everyone
learned how to pick locks by watching TV, we would all
be at the mercy of anyone who wanted to steal from us,
and the cylinder lock for the most part would be outdated.
The actual definition of lock picking should be: "The
manipulation and opening of any restrictive mechanical
or electronic device by usage of tools other than the
implied instrument (key or code) used solely for that
device." A little lengthy, but more accurate description.
With cylinder locks, it requires a pick and a tension
wrench.
By picking the lock, you simply replace the function
of a key with a pick that raises the pins to their "break-
ing point," and using a tension wrench one rotates the
cylinder to operate the cam at the rear of the lock's cylinder
to unlock the mechanism.
(See Fig-01.GIF)
The tension wrench is used to apply tension to the
cylinder of the lock to cause a slight binding action on
the pins as well as to turn the cylinder after the pins have
been aligned by the pick; this opens the lock. The slight
binding action on the pins caused by the tension wrench
allows one to hear and feel each pin as it "breaks" or
reaches alignment with the separation of cylinder and
shell. The vibration is felt in the knuckles and joints of
the fingers, and the sound is similar to that of a cricket
in an arm wrestling match-a subtle yet distinct click.
Usually you need very little tension with the wrench
while picking the lock. In fact, it takes somewhat of a
delicate, yet firm touch. This is the secret to picking locks
successfully-a firm and yet gentle touch on the tension
wrench. You should be able to feel the pins click into place
with the right amount of tension; experience will be your
true guide.
Half of your success will be based on your ability to
use or improvise various objects to use as tools for your
purpose. The other half will depend on practice. I once
picked a pin tumbler lock using a borrowed roach clip
and a hairpin. A dangerous fire was prevented and prob-
ably several lives were saved. The world is full of useful
objects for the purpose, so never hesitate to experiment.
TOOLS
I started picking locks using a small screwdriver and
a safety pin. The screwdriver can be used as a tension
wrench, and the safety pin is used like a "hook" pick.
The last half inch of the screwdriver's tip was bent at a
45 degree angle so as to allow easy entry for the pick (bent
safety pin). Do not heat the screwdriver tip to bend it,
as this will destroy its temper. Use a vise and hammer to
do the job. Bend slowly by using firm and short taps of
the hammer, otherwise you may break and weaken the
shaft. The safety pin should be about one and a half inches
long and bent in the same way.
With the small screwdriver as a tension wrench, you can
use more of a turning or twisting movement than with
a regular tension wrench so you will generally need less
direct force when using it. As I mentioned earlier, with
practice you will develop the feeling for the right amount
of tension on a cylinder. If the safety pin bends after a
short time, use the keyway of the lock you are picking
to bend it back into shape. Even after several times of
bending, it should still be useful. Keep a few spares handy,
though. File the tip of the safety pin flat in relationship
to the bottom of the pins in the lock. Smooth any sharp
edges so that you won't impale yourself. Also, if the tip
is smooth, the pick will not get hung up on the pins while
picking the lock.
Granted these are not the best tools for the job, but
they do work. If you learn to use your junk box as a rich
source of equipment, then with your experience real lock
picks will give you magic fingers. Also, you'll have the
advantage of being able to improvise should you be
without the real things (which are illegal to carry on your
person in most parts of the country).
Lock picks are difficult to get. I received my first set
when I became a locksmith apprentice. All of my subse-
quent sets I made from stainless steel steak knives with
a grinder and cut-off wheel. They are much more durable
than the commercial picks. If you do make your own,
make certain that the steel is quenched after every 3
seconds of grinding-do not allow the pick to get hot to
the point of blue discoloration.
A diamond pick is the standard pick I use on most all
pin and wafer locks. A small diamond pick is used for
small pin tumbler locks such as small Master padlocks,
cabinet file locks, etc. The tubular cylinder lock pick, we
will discuss later. The double-ended, single-pronged ten-
sion wrench is used with the diamond pick. It features
double usage; a small end for small cylinders and a large
end for the larger cylinders. A special tension wrench is
used for double-wafer cylinder locks with an end with two
prongs on one end and tubular cylinder locks with the
single prong on the other end. We will discuss tubular
cylinder and double-wafer locks later as well. The steel
should be .030 inches to .035 inches thick for the picks
and .045 inches to .050 inches thick for the first tension
wrench mentioned above. The second tension wrench
should be .062 inches square (.062 inches x .062 inches)
on the tubular cylinder side (one pronged end), and .045
inches thick on the double-wafer end (two-pronged end).
You can accomplish this by starting out with .045 inches
in thickness. The two-pronged end should be bent carefully
in a vise at a 30 degree angle. This allows easy entry for
the pick on double-wafer locks.
(See fig-02.GIF)
Among the more common tools used by professionals
around the world is the rake pick. The rake pick is used
to "rake" the tumblers into place by sliding it in and out
across the tumblers. I seldom use the rake pick because
it is not highly effective and I consider it a sloppy excuse
for a lock pick. I've seen the rake pick work on some dif-
ficult locks, but you can rake with a diamond pick and
get the same results. I prefer the diamond pick for most
tumbler locks simply because it is easier to get in and out
of locks-it slides across the tumblers with little or no
trouble.
A ball pick is used for picking double-wafer cylinder
locks, though I never carry one; I use a large diamond
pick and reverse it when picking these locks. This means
I have one less pick to carry and lose.
(See fig-03.GIF)
A double-ball pick is used like a rake on double-wafer
locks in conjunction with a tension wrench (two-pronged
end).
A hook pick is used to open lever tumbler locks, though
again, I use a diamond pick with a hooking action when
possible. There are various sizes of hooks but they all have
the same basic job-to catch the movable levers that
unlock lever locks.
There are also various sizes of tension wrenches. They
are usually made from spring steel. The standard tension
wrench is used for pin and wafer locks. A special tension
wrench is called a Feather Touch, and it is used for high-
security mushroom and spool pin tumbler locks. Its
delicate spring-loaded action allows the pick to bypass the
tendencies of these pins to stick. A homemade version of
the Feather Touch can be made from a medium-light duty
steel spring.
As to getting lock picks for your own use, you cannot
go down to your local hardware store and buy them. I
could supply you with some sources or wholesalers, but
I do believe it is illegal for them to sell to individuals. Your
best bet would be to find a machine shop that will
fabricate them for you. It would be less expensive and
arouse less suspicion if you purchase a small grinder with
a cut-off wheel and make your own. With a little prac-
tice, you can make a whole set in an afternoon. Use a copy
of the illustrations in this book as templates and carefully
cut them out with an X-ACTO knife. Cut down the middle
of the lines. Acquire some stainless steel (many steak
knives approach proper thickness).
With a glue stick, lightly coat one side of the paper
template and apply it to the cleaned stainless surface, and
allow it to dry. You'll need a can of black wrinkle finish
spray paint. This kind of paint has a high carbon con-
tent and can stand high temperature of grinding. Spray
the stainless (or knives) with the patterns glued on and
dry in a warm oven or direct sunlight for one hour. Set
aside for twenty-four more hours. Peel off the paper
template and you are ready to cut and grind. Please use
caution when cutting and grinding. The piece should be
quenched every three seconds in cold water. Smooth up
sharp edges with a small file or burnishing wheel.
Tools made from stainless steel will outlast the pur-
chased ones. The tools purchased from most suppliers are
made from spring steel and wear out after about 100 uses.
The stainless steel ones, if properly made, should last over
2,000 uses.
LOCK IDENTIFICATION
There are many types of locks, the most common being:
1. The pin tumbler lock. Used for house and garage doors,
padlocks, mail boxes, and Ford automobiles.
2. The wafer tumbler lock. Used for garage and trailer
doors, desks, padlocks, cabinets, most autos, window
locks, and older vending machines.
3. The double-wafer lock. Used for higher security wafer
tumbler applications.
4. The warded locks. Used for light security padlocks and
old-fashioned door locks.
5. Lever locks Used for light security and older padlocks,
sophisticated safe-deposit boxes, some desks, jewelry
boxes, and small cash boxes.
6. Tubular cylinder locks. Used for alarm control systems,
newer vending machines, car-wash control boxes and
wherever higher security problems might exist.
These locks are the more common locks used yet there
are variations and combinations of these principal types
that usually pick open in the manner that will be discussed.
Some of them just require practice of the basic types,
others luck, and most of the rest of them knowledge of
how that particular lock works and is keyed. This comes
from experience.
(See fig-04.GIF)
PIN TUMBLER LOCKS
Pin tumbler locks offer the most security for their price.
They have close machine tolerances and approximately
1,000,000 different key combinations for a five-pin lock.
Considering the thousands of different companies mak-
ing pin tumblers (different shaped keyways for each com-
pany or design line), the chances of someone having a key
that will work in your front door lock are one in many
billions.
Pin tumbler locks can easily be identified by peering
down the keyway and locating the first round pin.
Sometimes you can see the pin's dividing point, where it
breaks with the cylinder wall (shear point).
To successfully pick a pin tumbler lock, your sense of
touch sould be honed so that both hands feel the tools.
Once the hand holding the pick has located a slight relief
in tension while picking a particular tumbler, the other
hand holding the tension wrench will feel a relief or break-
ing point. Both hands should be involved with the sense
of touch, the sensing of the inner workings of the lock.
We are now ready to begin the first lesson. First open
your front door and check for a pin tumbler lock on it.
It should have one on it. If there is one, leave the door
open to decrease suspicion. Do not lock yourself out of
your apartment or house by being overconfident; not only
will you raise suspicion, but window glass is not cheap.
HOW TO PICK A TUMBLER LOCK
STEP ONE
Without using the tension wrench, slip the pick into
the lock. The "hook" of the pick should be toward the
tumblers (up in most cases, depending on whether or not
the lock was mounted upside down-you can tell by look-
ing down the keyway and locating the first pin with your
pick). Try to feel the last tumbler of the lock. It should
be 7/8 inches into the lock for a five-pin tumbler lock
(most common pin tumbler lock used).
Make certain that you have no tension on the wrench
when inserting the pick as this will encumber the frontal
tumblers. When you feel the back tumbler, slowly raise
it with a slight prying motion of the pick. Release it, but
keep the pick in the lock on the rear tumbler.
Now insert the tension wrench, allowing room for the
pick to manipulate all of the pins. It should be placed at
the bottom of the cylinder if the lock was mounted
upright, tumblers toward the top of the cylinder. Apply
firm and yet gentle clockwise pressure to the tension
wrench.
Slowly raise the back tumbler with a slight prying mo-
tion of the pick. A minute click will be felt and heard when
it breaks. It will lose its springiness when this occurs, so
do not go any further with it. Any further movement with
the pick will cause binding by going past the pins' shear
line. Continue an even pressure with the tension wrench.
Keeping an even tension pressure, proceed to Step Two.
STEP TWO
The fourth tumbler should be easily felt since it is the
next one in line. Raise it until it breaks, keeping the ten-
sion wrench steady. It too will give a sound and sensa-
tion when it breaks or aligns.
STEP THREE
The third or middle tumbler is next. Again, it too will
click. Maintain a constant, even pressure on the wrench-
about the same pressure that you would use to replace
a cap on a catsup bottle. You may feel the "clicks" in your
tension wrench as well as hear them.
(See fig-05.GIF)
STEPS FOUR AND FIVE
Continue on to the next tumbler out, working toward
you. When it breaks, raise the last (front) tumbler to its
braking point and the cylinder should be free to rotate
and unlock the door. Sometimes you may have to play
with the wrench to open the lock because you may have
raised a tumbler too high, past its breaking point. If this
is the case, very slowly and gradually release the tension
wrench pressure and the overly extended tumbler will drop
into its breaking point before the other tumblers have a
chance to fall. The cylinder should pop open at that point.
I have found that this technique is responsible for over
30 percent of my successes in opening all tumbler locks.
If the lock still refuses to open after all that treatment,
release the tension wrench pressure, allowing all of the
tumblers to drop and start over. You may have more than
one tumbler too high and would be better off to repeat
the picking process.
WAFER TUMBLER LOCKS
Wafer tumbler locks make up over one-fourth of the
locks in use in the world. Since they are generally easier
to pick than most pin tumbler locks, you will be 75 per-
cent master after fooling around with these mechanisms.
That is why I wrote about pin tumbler locks first-they
are more difficult and make up over one-half of the locks
used today.
(See fig-06.GIF)
The term wafer refers to the general shape of the
tumblers. The wafers are flat, spring-loaded tumblers that
are much thinner than pins and the distance between them
is less. Wafer locks are picked in the same way as pin
tumbler locks, but you must compensate for the smaller
dimensions. You can identify wafer locks simply by look-
ing down the keyway and locating the first flat tumbler.
The last tumbler on most wafer locks is located about one-
half inch into the lock.
Wafer locks are used on filing cabinets, lockers, most
cars, garage doors, desks, and wherever medium security
is required. The only wafer tumbler lock in common use
that is difficult to pick is the side-bar wafer lock. It is the
most popular type of auto lock. This lock is of different
design than most other locks and offers much more secur-
ity than a regular wafer tumbler lock, or even a pin
tumbler lock.
The side bar lock is used mostly on General Motors
cars and trucks since 1935. It is used on ignitions, door,
and trunk locks. Side bar locks are hard to pick because
you cannot feel or hear the tumblers align with the
cylinders breaking point. A spring-loaded bar falls into
place to allow the cylinder to turn when all of the tumblers
are aligned. There is no way to tell when that happens.
One learns to sense the bar while picking so that it seems
to fall into place by itself. But for beginners, I recommend
this technique for emergency openings: Peer down the
keyway and locate the side groove of any of the tumblers
using a pick as a searching tool. Drill a small hole in the
shell of the lock above the bar which is above the grooves
on the tumblers. Since side bar locks have off-centered
keyways, the usual place to drill is opposite of the keyway.
Using an L-shaped steel wire, put pressure on the sidebar
and rake the tumblers using a tension wrench for cylinder
rotation and the lock will open.
Fortunately, most GMC autos have inferior window
seals; with a coat hanger, one can lasso the locking door
knob to open the door. If you are going to be successful
at opening side bars, you will do it within two minutes;
otherwise, you are causing unnecessary wear on your picks
not to mention wasting your time.
Ford auto locks are relatively simple to pick. They have
pin tumblers and you have to remember that the door
locks turn counterclockwise. Most other auto locks turn
clockwise. If you are not sure, remember this: If the
tumblers will not catch at their breaking points, you are
going in the wrong direction with the tension wrench.
Wafer locks are a cinch to pick if you have learned how
to pick pin tumblers. Just remember that wafers are thin-
ner than pins and there is less distance between them.
Generally you need less tension-wrench pressure with these
locks, yet car locks can be quite stubborn and require a
great deal of tension. Any heavily spring-loaded cylinder
needs a substantial amount of tension.
As a rule, though, wafer locks need less play with the
tension wrench than with pin tumbler locks. But if you
find yourself having difficulty in opening these, you may
try a little tension-wrench play. Usually they won't pop
open like pin tumbler locks, they just slide open; you don't
get the warning that a pin tumbler gives before it opens
because there is less contact area on the wafer's edge than
on a pin, so the sense of climax is reduced with these types
of locks. Still, they open quite easily.
DOUBLE WAFER LOCKS
Double-wafer locks are picked in the same way as single-
wafer locks, but there are two sides to the story. Not only
do you have to align the top wafers, but you have ones
in the bottom of the cylinder to align as well.
The Chicago Lock Company was the first to come up
with this type of lock. It is a classic example of the race
toward better security. Certain tension wrenches allow
uninterrupted picking using ball picks. You can also use
a standard tension wrench or small screwdriver and place
it at the center of the keyway. To eliminate unnecessary
baggage, use a diamond pick, reversing it to encounter
both top and bottom wafers.
(See Fig-07.GIF)
The last tumbler in this type of lock is located less than
one-half of an inch in. The picking procedure may have
to be repeated more than one time-top wafers, then bot-
tom wafers, top, bottom-back and forth. Yet these locks
are easier to pick than most pin tumblers.
Locate the last wafer on the top side and move it to
its breaking point. Do the same with the other top wafers.
Keep the tension wrench firm, remove the pick, turn it
upside down (if you are using a diamond or homemade
pick), and reinsert it to work the bottom wafers. You may
have to repeat this process a few times, but double-wafer
locks can and will open with such treatment. Schlage has
a doorknob lock that opens this way, but the last tumbler
is about one and one-half inches in.
Double-wafer locks are easy to master if you have
learned to pick pin and wafer tumbler locks. Since double-
wafer locks are more compact, you have to compensate
for the fact-slightly closer tolerances. These type of locks
are used on old pop and candy machines, gas caps,
cabinets, etc.
PIN AND WAFER TUMBLER PADLOCKS
Cylinder padlocks require a technique of holding them
with the same hand with which you are using the tension
wrench. This technique allows one to pick the padlock
without going into contortions over a dangling padlock.
Assuming that you are right-handed, hold the padlock
in your left hand by gripping the body of the padlock with
your thumb and forefinger. Insert the tension wrench at
the bottom of the keyway and hold it in a clockwise turn
with your ring and little finger, causing a slight binding
pressure on the cylinder. Now your right hand is free to
pick, and your left hand does the job of holding both the
lock and tension wrench. The overhand method works
well, too, but the thumb controls the tension wrench
instead. Switch around to find which is most comfortable
for you.
When tumbler padlocks pop open, it is quite a sensa-
tion because the shackle is spring-loaded and gives one
quite a jolt. It's a feeling of accomplishment. You may
need a little more tension on padlocks than on door locks
because the cylinder cam has to operate a spring-loaded
bolt. Overall, padlocks are the most fun to open. Prac-
tice using old or discarded padlocks that you have found.
I've worn out hundreds of them.
TUBULAR CYLINDER LOCKS
(Note: Diagrams of tubular lock were omitted due to the fact that picking
them with conventional methods is a complete waste of time. There are picks
available that are specifically designed to pick this kind of lock in a
matter of seconds)
We will gradually proceed to more sophisticated locks
from here. I would like to remind you that success is not
based on personality. If one is arrogant about one's lock-
picking skills, one could easily be made a fool of by a
lock. And no matter how many times you bash a cylinder,
you will still be locked out. The only thing you accomplish
is attracting an audience-so be cool.
If at this point you have had much difficulty under-
standing the principles of pin and wafer locks, please
restudy this book from the beginning. Read it several times
so as to absorb it. The information that you now have
has taken me almost two decades to gather, so please be
mindful of that.
Now you are about to learn how to open the more dif-
ficult locking mechanisms-some of the other 25 percent
of the locks used today. You should feel confident with
pin, wafer and double-wafer tumbler locks before you
attempt rim cylinder locks.
Tubular cylinder locks stand out as the most generally
accepted lock in all important industries using high-quality
locks for protection of property, merchandise, and cash.
They are recognized as giving the maximum amount of
security for their price range.
Tubular cylinder locks are pin tumbler locks arranged
on a circular plane. Unlike conventional pin tumbler locks,
all of the pins are exposed to the eye. The central section
of the lock rotates to operate the cam when all of the seven
pins have reached their breaking points. When the pro-
per key is entered into the lock, the tumblers are pressed
into position so that the central section (plug) can be
turned. This manual operation of inserting the key places
the tumblers in position so that the lock can be operated
and ensures that frost, dust, salt, or unfavorable climatic
conditions will not affect the smooth operation of the
lock.
The Chicago Ace lock is a product of the Chicago Lock
Company of Chicago, Illinois. It is an effective security
device and is used on vending machines, coin boxes, and
burglar alarms. A larger, more complex version of it is
used on bank doors and electronic teller machines. The
key is of tubular shape with the cuts arranged in a circle
around the key.
The pick used for this lock is the tubular cylinder pick,
or you may use a straight pin or your homemade safety
pin pick. The one-pronged end of the tension wrench is
a little more specialized and is used for rim cylinder locks.
It must be .062 inches square for best results. Any square
steel stock is acceptable, as long as it fits snugly into the
groove of the tubular cylinder plug.
This type of lock is a burglar's nightmare because it
takes so long to pick. You have to pick it three or four
times to accomplish the unlocking radius of 120 to 180
degrees. And the cylinder locks after each time you pick
it-every one-seventh of a turn.
If you leave the lock only partly picked, the key will
not be able to open it, so you must pick it back into the
locked position after opening it-another three or four
picking sessions. In all, to unlock and lock the cylinder,
you have to pick it up to eight times-quite a chore if you
don't have the right tools or time.
These locks almost always pick in the clockwise direc-
tion. Make certain that the tension wrench fits snugly into
the groove on the cylinder. Very slowly push the first pin
down until it clicks, maintaining a definite clockwise
pressure on the tension wrench. Once the tumbler has
broken, do not push any further and proceed to the next
one, and so on. As you reach the last tumbler, the ten-
sion wrench will feel more slack and give way if the lock
were properly picked.
There are special keyhole saws for these locks in which
you drill out the tumblers and turn the cylinder. Also there
is a special tool used by locksmiths to open rim cylinder
locks.
MUSHROOM AND SPOOL PIN TUMBLER LOCKS
High-security pin tumbler locks may contain specially
made pins to make picking them more challenging. The
pins are machined so as to make picking them quite dif-
ficult. When picking these locks, the pins give the impres-
sion that they have broken, when in fact they could be
a long way from breaking. You can tell whether or not
you are picking a pin tumbler lock that has these pins by
the fact that the pins seem to align so easily with a louder
than normal click. The cylinder seems eager to open but
to no avail.
The picking procedure relies on a well-yielding tension
wrench. The tension wrench has to be lightly spring-loaded
so that the pins can bypass their false breaking points.
You also have to "rake" (seesaw in and out) the pins with
your pick. The feather-touch tension wrench is ideal for
the job. Use light pressure with it, and it will let you in.
(Note: A feather-touch tension wrench is not necessarily required. A normal
tension wrench will work fine with an extremely light tension on it. The
weight of just your index finger alone should be enough in most cases.)
The mushroom and spool pins are used in locks for
high-security purposes such as bank doors. The American
Lock Company uses them in some of their padlocks.
MAGNETIC LOCKS
Magnetic locks are fascinating. I almost hate to open
them because I feel that I have breached their uniqueness.
In reality, you do not pick them, but "confuse" them. They
generally work on the principle that like magnetic
polarities repel each other. The key is a set of small
magnets arranged in a certain order to repel other magnets
in the lock, thereby allowing the spring-loaded bolt or cam
to open the lock.
By using a pulsating electromagnetic field, you can
cause the magnets in the lock to vibrate violently at thirty
vibrations per second, thereby allowing it to be opened
by intermittent tugging of the bolt or turning of the door
knob.
This method may also ruin the small magnets in the
lock by changing their magnetic status or properties. So,
if you have to perform an emergency break-in with these
locks, do not relock the door. The card or key will not
operate the lock.
The magnetic pick can be used on padlocks by strok-
ing it across the place where the key is placed. It is also
designed to fit into the doorknob and is used by stroking
one pole in and out or by using the other pole the same
way.
If you have had little or no training and experience
building something like this, please have a friend who is
familiar with basic electronics do it for you. Do not take
the chance of electrocuting yourself. Make sure that the
coil is also completely covered with electrician's tape after
you have wound the 34 gauge wire. Also make sure that
the steel core has at least three layers of tape over it. Do
not leave the unit plugged in for more than two to three
minutes at any one time as this may cause overheating
which could cause it to burn out or start a fire. It is safe
to use if constructed properly and not left plugged in
unattended. Opening magnetic locks requires only 30 to
60 seconds anyway, so don't leave the unit plugged in for
longer.
For magnetic padlocks, use a back-and-forth stroking
action along the length of the keyway. For magnetic door
locks, use a stroking in-and-out action in the slot of the
knob alternating from one side (pole) of the pick to the
other.
The "key" for a magnetic door lock is a metal or plastic
card containing an array of magnetic domains or regions
coded in a specific order to allow entry. The magnetic pick
bypasses that.
(See fig-08.GIF)
DISK TUMBLER LOCKS
Combination or "puzzle" locks were invented to fur-
ther improve security and the protection of valuables. The
older safes and lockboxes were good security devices when
they came into the market, but some people became
curious and realized that these safe locks had inherent
weaknesses. One of the main problems was that the disk
tumblers were not mechanically isolated from the bolt that
unlocks the safe door. In other words, you could feel and
hear the tumblers while turning the dial by applying
pressure on the handle of the bolt.
When that problem was recognized and solved, thieves
started drilling through strategic places in the lock itself
to open it. Knocking off hinges was an all-time favorite
tactic as well. Then came punching out the dial shaft,
blowtorching, and just plain blowing the door with ex-
plosives. Greed can breed great creativity.
The first problem, that of manipulating the tumblers
open, was rectified by making use of the dial to operate
the bolt upon completion of the dialing of the correct com-
bination. This made it nearly impossible to feel or hear
the tumblers. Drilling was deterred by laminating the safe
door with hard steel and beryllium-copper plates. The
beryllium-copper plates pull heat away from the drill tip
quickly, and the bit just spins without effect; drilling can-
not take place without the generation of heat at the bit's
cutting edges. Knocking off hinges was discouraged by
using three or more bolts operated by a main linkage net-
work. Punching out the dial shaft to let the tumblers fall
out of the way of the bolt was corrected by beveling the
shaft into the wall of the safe door.
Presently, safe locks are quite sophisticated. Picking
them would require supernatural power. The older safes,
however, are much easier and even fun to pick. Picking
combination padlocks is a good way to start learning how
to open safes, and we will get to them shortly. But first,
let us discuss some basic prmciples of disk tumbler locks.
Disk tumbler locks work by the use of flat, round disks
of metal or plastic with a notch and a peg on each disk.
The notch is called the tumbler gate. The gate of each
tumbler has to be lined up with the pawl of the bolt
mechanism by usage of the linking capabilities of the pegs.
The first tumbler of the disk tumbler lock (also the last
combination number dialed) is mechanically connected
to the dial through the safe door. When the dial is turned,
the first tumbler picks up the middle tumbler when their
pegs connect. The middle tumbler in turn picks up the
last tumbler for one more complete turn and the tumblers
have been "cleared"-you are ready to dial the first com-
bination number by aligning the last tumbler's gate to the
pawl. After you have reached this number or position,
rotate the dial in the opposite direction one complete turn
(for three tumbler locks; two turns for four tumbler locks)
to engage the middle tumbler and drive it to the second
combination mlmber. By rotating the dial back into the
opposite direction to the last combination number, the
bolt can be operated to open the lock, or as in the case
of newer safes, the dial will operate the bolt by turning
it once again in the opposite direction.
One of the innovations that developed to deter sensual
manipulation of combination locks was the use of ser-
rated front tumblers (last combination number dialed).
These were designed to foil listening and feeling of the
tumblers' gates by burglars.
When the bolt encountered any one of these shallow
gates, the safecracker could never be sure whether or not
a tumbler was actually aligned with the pawl-bolt
mechanism. Some burglars solved this problem by attach-
ing high-speed drills to the dial knob to rotate and wear
down the first tumbler's shallow false gates against the
bolt, thereby eliminating them altogether, or at least
minimizing their effects. Still, today the serrated tumbler
is used as an effective deterrent to manipulation in com-
bination padlocks where space is a factor.
Let us move on to combination padlocks. The most
common and difficult to open of these small disk tumbler
locks are the Master combination padlocks, and they are
quite popular. I have had good luck in opening these locks
with a wooden mallet or soft-faced hammer. The manip-
ulation of Master combination padlocks is quite easy-I
have done it thousands of times, and you can learn it, too.
The newer the lock is, though, the more difficult it will
be to open at first. If the lock has had a lot of use, such
as that on a locker-room door where the shackle gets
pulled down and encounters the tumblers while the com-
bination is being dialed, the serrated front tumblers will
become smoothed down, allowing easier sensing of the
tumblers. So, until you have become good at opening these
locks, practice extensively on an old one. Let's try to open
one:
OPENING A COMBINATION PADLOCK
STEP ONE
First, clear the tumblers by engaging all of them. This
is done by turning the dial clockwise (sometimes these
locks open more easily starting in the opposite direction)
three to four times. Now bring your ear close to the lock
and gently press the bottom back edge to the bony area
just forward of your ear canal opening so that vibrations
can be heard and felt. Slowly turn the dial in the opposite
direction. As you turn, you will hear a very light click as
each tumbler is picked up by the previous tumbler. This
is the sound of the pickup pegs on each disk as they engage
each other. Clear the tumblers again in a clockwise man-
ner and proceed to step two.
STEP TWO
After you have cleared the tumblers, apply an upward
pressure on the shackle of the padlock. Keeping your ear
on the lock, try to hear the tumblers as they rub across
the pawl; keep the dial rotating in a clockwise direction.
You will hear two types of clicks, each with a subtle
difference in pitch. The shallow, higher pitched clicks are
the sound of the false gates on the first disk tumbler. Do
not let them fool you-the real gates sound hollow and
empty, almost nonexistent.
When you feel a greater than normal relief in the shackle
once every full turn, this is the gate of the first tumbler
(last number dialed). This tumbler is connected directly
to the dial as mentioned earlier. Ignore that sound for now.
When you have aligned the other two tumblers, the last
tumbler's sound will be drowned out by the sound of the
shackle popping open.
STEP THREE
While continuing in a clockwise direction with the dial,
listen carefully for the slight hollow sound of either one
of the first two tumblers. Note on the dial face where these
sounds are by either memorizing them or writing them
down. Make certain that you do not take note of the driv-
ing tumbler (last number dialed). If you hear and feel only
one hollow click (sounds like "dumpf"), chances are that
the first number could be the same as the last one.
You should have two numbers now. Let us say one of
them is 12 and the other is 26. Clear the tumblers again
just to be safe and stop at the number 12. Go
counterclockwise one complete turn from 12. Continue
until there is another "dumpf" sound. After the complete
turn pass 12, if you feel and hear a louder than normal
sound of a tumbler rubbing on the pawl, the first tumbler
is properly aligned and the second tumbler is taking the
brunt of the force from the shackle-you are on the right
track. When the second tumbler has aligned in this case,
you will feel a definite resistance with the last turn of the
dial going clockwise. The final turn will automatically
open the shackle of the lock. If none of these symptoms
are evident, try starting with the number of the combina-
tion, 26, in the same way.
STEP FOUR
If the lock still does not open, don't give up. Try search-
ing for a different first number. Give it a good thirty- or
forty-minute try. If you play with it long enough, it will
eventually open. The more practice you have under your
belt, the quicker you will be able to open these padlocks
in the future.
Using a stethoscope to increase audibility of the clicks
is not out of the question when working on disk tumbler
locks, though I never use them for padlocks. A miniature
wide-audio-range electronic stethoscope with a magnetic
base for coupling a piezoelectric-type microphone is ideal
for getting to know the tumblers better.
Filing your fingertips to increase sensitivity might not
be such a good idea for beginners since their fingertips
will not be accustomed to operating dials for a long period
of time. With practice, you may develop calluses and need
to file your fingertips. But I don't recommend it at first.
After some time you may find that in some cases you
can whiz right through the combination of an unknown
lock without looking at it and pop it open in seconds.
It becomes second nature. I've done this on many occa-
sions-something beyond my conscious control seems to
line up the tumblers without my thinking about it.
Another type of disk tumbler padlock is the Sesame
lock made by the Corbin Lock Co. Its unique design
makes it more difficult to open than Master padlocks, but
it can be opened. Let's take one of the three or four wheel
mechanisms, look at a cross section, and see how it works.
The wheel has numbers from zero to nine. Attached to
the wheel is a small cam. Both the wheel and cam turn
on the shaft. Each wheel in this lock operates indepen-
dently with its own cam and shaft. The locking dog is
locked to the shackle. In this position the shackle cannot
be opened. The locking dog operates with all three or four
wheels. The locking dog is riding on the round edge of
the cam. The spring is pushing up on the cam. The lock-
ing dog cannot move up because it is resting on the round
part of the cam. When the wheel is turned to the proper
combination number, the locking dog rests on the flat of
the cam. The spring can then raise the locking dog to
release the shackle, and this opens the lock.
TIPS FOR SUCCESS
You will undoubtedly encounter a pin tumbler lock in
which there will be a pin or two that is keyed too low
(the shear line of the pin is too high). In this case the lock
is difficult to open because the breaking point of a long
bottom pin doesn't allow room in the keyway for the pick
to manipulate the other pins. Your success in opening
"tight" locks will depend on the skill you have developed
with your tension wrench. Sometimes it helps to play with
the tension wrench. Try bouncing it left and right slightly
while picking, allowing some of the tumblers to drop occa-
sionally. You may also try picking the front tumblers first
or picking at random on these locks. You can tell if you
have a lock that is keyed like this because your pick may
get jammed during the picking process.
After you have opened a cylinder and unlocked a lock,
be sure to return it to the locked position. You will hear
the tumblers click into place when this happens. Other-
wise it may be difficult to unlock it with its key because
the bottom pins cannot "float" like they normally would.
To tell whether or not the cylinder should go clockwise
or counterclockwise when picking a tumbler lock, there
is an easy rule to follow. If the tumblers (pin or wafer)
will not break, or stay broken, you are going in the wrong
direction with the tension wrench. There will be little or
no progress with the cylinder, and few, if any, "clicks."
Some keyways are cut at an angle (Yale, Dexter, and
Schlage, for example) so you want to be sure that you tilt
your pick to follow that angle while picking or your pick
will get hung up. A slight twist of the wrist will compen-
sate for this problem.
Should your fingers become tired while picking a lock,
lay down your tools and shake your hands and fingers
to relieve any tension. After some time the muscles in your
hands will become accustomed to such activity. Practice
and persistence will tone your hands and senses to the
point where you will be able to pop open a cylinder in
three to five seconds (that's seconds) in total darkness. The
combination of touch and sound lets you know almost
a split second before you open the lock that you have
succeeded.
If the lock is a well-machined one, the cylinder will feel
tight and you will need a little firmer hand on the ten-
sion wrench. While picking, if any one of the pins at any
time feels firm or difficult to move, chances are it's aligned.
If it feels springy, it is not.
Use the shaft of the pick if you have to when working
the frontal pin of a pin tumbler lock. This may save you
the trouble of aligning the tip of the pick on the front
pin where there is little or no support for the pick. All
of the other pins allow the pick to be supported by the
inside wall of the keyway.
Master keyed pin tumbler locks are generally easier to
pick open because they have more than one shear line or
breaking point in the pins. Master keying allows a group
of locks to be controlled by a master key holder while the
individual locks in that group are controlled by individual
keys. Hotels and apartment complexes are usually master
keyed.
There is a simple technique to open pin and wafer
tumbler locks. Simply drill through the shear lines of the
tumblers. This point is located just above the center of
the keyway on the face of the cylinder. By doing this,
though, you obviously ruin the lock and make a lot of
racket. If the lock is a Medeco or some other high-security -
lock, you risk damage of one hundred dollars or more,
so be sure you know the value of the situation before you
decide to rape the lock. Use a center punch to start a
reliable hole on the cylinder face and use a one-quarter
inch drill bit with a variable speed drill. With a large
screwdriver, turn it to unlock. The cylinder will be dif-
ficult to turn because you may be shearing the tumbler
springs that have fallen down past the cylinder's shear line.
Dead bolt locks are those mounted on a door above
the knob. All dead bolt locks unlock counterclockwise
with left-hand doors and clockwise with righthand doors.
If you have trouble remembering this, just remember that
the bolt of the lock has to go in the opposite direction
of the doorjam.
Dead bolt locks are just as easy to pick open as knob
locks are. They both have cylinders that can be picked
open. The main difference is that dead bolts cannot be
opened by sliding a plastic or metal card through to the
bolt so as to work it back. In other words, they are not
spring loaded. That's why they are called dead bolts. Most
knob locks now have guards in front of the bolts to deter
opening with cards.
Kwik-sets, Weisers, and some of the less-expensive knob
locks may open in either direction. Schlage and Corbin,
along with more sophisticated locks, can open only in one
direction. Auto locks will open either way. Another
method of picking pin tumbler locks is with a pick gun.
As the pick snaps up, it hits the bottom pin. This bounces
the top pin out of the cylinder and into the shell. As you
apply light turning pressure with the tension wrench, the
top pins are caught in the shell, the cylinder will turn. I've
never used a pick gun, but they do work well for lock-
smiths who use them. They are cumbersome and expen-
sive, and show some lack of professionalism.
(Note: If you don't care about professionalism and want to open 95% of all
pin tumbler locks out there - and fast- buy this device. It is very awesome.
I even recommend it over a Cobra Electronic lockpick. Trust me, I have both,
and I feel the $60 Lockaid pick gun blows away the $350 Cobra)
SOME PRECAUTIONS
If you bought this book to learn how to pick locks in
order to become a more efficient burglar, then there is
not a whole lot I can say or do to stop you. But I must
say this: the locks used in prisons are nearly impossible
to pick even if you get or make the right tools. They are
usually electrically controlled from an external station.
Do not carry lock picks on your person. If you get
caught with them, you could get nailed for most any pro-
fessional job in town for the last seven years. If you must
carry them, as in the case of rescue workers, etc., please
consult your local authorities about details and ask about
registering with them. As a former locksmith, I do not
have that problem.
I advise that you do not teach your friends how to pick
locks. The choice is yours, of course. You paid the price
of this book and the knowledge is yours-be selfish with
it. It is for your own protection as well. The fewer people
who know you have this skill, the better. Getting blamed
for something you didn't do is unfair and a hassle.
When you become proficient at picking locks, you may
decide to get a job as a locksmith. But believe me, there
is more to being a locksmith than being able to pick locks.
You have to be a good carpenter as well as a fair mechanic.
But you may want to approach the owner of a lock shop
and ask if you could get on as an apprentice.
NOBODY'S PERFECT
There isn't a locking device on earth that cannot be
opened with means other than its key or code. It's just
that some are easier to open than others. Anything with
a keyhole, dial, or access port is subject to being opened
with alternate means, though some of the newer electronic
and computer-controlled security devices would be a
nightmare even if you had extensive knowledge of elec-
tronics and electromagnetics. Some devices also use palm
prints as a readout to allow entry.
On the mechanical side, there are locks that have nor-
mal pin tumblers, but they are situated in various places
360 degrees around the cylinder. Some locks use pin
tumblers that not only have to be aligned vertically within
the cylinder, but also have to "twist" or turn a certain
number of degrees to allow the cylinder to open. This is
because the pins' shear line is cut at an angle. These locks
are made by Medeco.
I have witnessed only one Medeco lock being picked-
by a fellow locksmith. We both spent hours trying to pick
it again, but it was futile. We estimated the chances of
opening it again to be one out of 10,000. They are excellent
security devices, but their price keeps them limited to areas
prone to security problems such as isolated vending
machines and for government use. The only one I have
been successful at opening (after an hour of picking) was
one I drilled. By the way, they are easy to drill because
the brass that's used is soft.
LEARNING TO TOUCH AND FEEL
Most of us know how to touch. We touch objects every
day, and yet we do not truly feel them. It seems so
commonplace that we forget that we are actually feeling
while we touch.
Here is an exercise that will develop a delicate touch.
Gently rub and massage your hands and fingers-
preferably with hand lotion. Do this for five minutes. Once
the lotion has evaporated, shake your hands and fingers
so that they flop loosely. Gently pull each finger to relax
each joint.
Now with a piece of fine sandpaper, gently draw the
tips of your fingers across it. Try to feel the texture of
the grains on its surface. Relax your fingers, hands, fore-
arms, shoulders, and chest. Take your time. Do this for
several minutes.
After a few weeks of practice, you will be able to feel
each individual grain of sand on the sandpaper. This
allows you to feel the slightest sensation vibrate through
your bones.
Try to remember to practice touching and feeling dur-
ing your everyday experiences. Practice feeling wood,
metal, and various other objects. Play with the feel of
mechanical vibrations, even your television set. Try to sense
the world around you as a source of information. This
could and will open a whole new horizon of experience.
After a while, you will be able to feel or sense the move-
ment of the tumblers of a Sargeant and Greenleaf safe.
My first safe opened in three minutes because of that
technique that took me years to discover.
VISUALIZATION
If you respect the security of the lock and do not
become overconfident, you will never become disappointed
if you fail to open it. You also increase your chances of
opening the lock because you personally have nothing to
gain or lose by opening it. Give up trying to be an expert
and just pick the lock.
With such an attitude, you may find the lock will usually
pop right open. I never received a trophy for being the
best lock picker in the state. My satisfaction is in know-
ing that I am never helpless in a lockout situation. The
quality of your success is almost romantic; it involves sen-
sitivity and compassion in the face of curiosity as a means
to help others.
Visualization and imagination are important to the lock
picker. I've noticed that people who have the ability to
visualize the internal parts of the lock that they are pick-
ing seldom fail to open it in moments. Anyone can learn
to do this by simply remembering to do it while picking
a lock. Since sight, sound, and touch are involved with
the process, visualization is very easy to do. Try to keep
all of your attention on the lock during the picking pro-
cess. This will help you to learn how to use heightened
sensitivity for picking locks.
So in that respect, an unopened lock is like a new and
unexplored lover. You imagine all of the qualities of an
attractive person whom you've just met and apply that
feeling to the lock that you are picking. Use visualization.
It will help immensely.
(Note: All this Zen stuff may sound like a load of shit, but it's not. I
myself cannot pick a lock unless I am comfortable. If I am craving a
cigarette or I am hungry or something else like that, I have a difficult time
opening a lock. Also, attitude is important. Don't show off.)
Have fun
Any question or comments
can be left to me at Ripco
(leave mail to BLOODMONEY)
Subscribe to:
Posts (Atom)