Picking Computer Case Locks

Recently, I found the (legitimate) need to pick a computer case lock on a PC tower in a situation where the hard drive resided in a hot swap bay, but the key was not included. Computer keys are most commonly found as a short, tube-shape piece with a stubby handle and a small bump to put torque on the lock. Upon initial inspection, nothing looks to be unique about case lock keys. I actually tried two “homeless” keys, but with no avail. Shortly thereafter, I noticed that there were four small cuts in the outer edge of the key tube, sliced at different heights. Comparing one key to another, I found that they were indeed different, and were quite similar to the bumps on a household key. The locks work the same way, but the pins are simply in a circular arrangement instead of linear. With every pin exposed instead of hidden deeper and deeper into the lock, it should be far easier to pick than a household lock. I just had to try.

With a pair of thin needlenose pliers clamped on to apply tension to the lock’s center tumbler, I pressed a straightened paperclip into each pin location. After a few gentle presses, the lock turned just slightly. The first set of pins was then picked. Without removing pressure with the pliers, I moved on to the next three sets of pins, doing the same procedure to each. Upon pressing in the fourth pin, the lock tumbler turned completely, and the drive was freed. Not terribly secure, but I’m guessing they’re not meant to be.

Advertisements
Picking Computer Case Locks

7 thoughts on “Picking Computer Case Locks

  1. Brian Meade says:

    I know this is a computing website, but there is a much easier way to disable those locks: use a bic pen. About two years ago there was a big uproar among bike owners because someone discovered, and posted a video to his website, that this was possible.

    All you need to do is get a bic pen, the solid white ones, not the clear ones, and remove everything but the tubing. You then just jam it into the lock (they are very, very close to the same diameter) and work it in a bit so the plastic conforms to the pins, and turn. WARNING: you can ruin the lock (I did).

    I tried it on my lock, and to my dismay it worked, and I needed to buy a new lock.

    http://www.bikebiz.co.uk/daily-news/article.php?id=4637

    Like

  2. Nothing is easier to open than the ‘locks’ on Apple’s server hardware. The Xserve and Xserve RAID use a hex-shaped lock and key to ‘secure’ the machine, and prevent the drives from being ejected, the case from being opened, or local USB keyboard access. In a recent situation at my office, our Xserves and RAIDs were locked (for some reason), and nobody knew where the original keys were. A simple trip to my toolkit found the right size hex bit, and presto! No more lock. Granted, a day later I found the originals.

    I’m not so sure how secure Apple ever intended the locks to be, or whether they’re designed to just look nicer than the type of lock Collin described. Whatever the case, the physical security is laughable. And, as I’ve witnessed countless times, an accidental ‘bump’ against the drive enclosures (when unlocked) will dismount and eject them, generally bringing the server down with it.

    Like

  3. Ralph says:

    Thanks for this idea. It worked for me but I needed to use the pen’s tip instead of the shaft. It was so easy I couldn’t believe it worked!

    Like

  4. – I think it’s essential in this day and age to lock up any computer case no matter if it’s for personal or business use. Yet again, from what you described is a bit horrific if the culprit were to open a workstation or home computer with sensitive information contained inside. I suppose one would have to purchase a heavy-duty lock, but with the amount of experienced lock-pickers out there, I’m sure they can figure out even a heavy-duty lock after tinkering with it coupled with their extensive knowledge about every type of lock out there. Perhaps putting funds into making the finger recognition software more secure since currently there’s even minor flaws in that.

    Like

  5. @Data Storage: My thinking is, if someone malicious has physical access to your machine, you’re already toast. They could likely just as easily walk off with the entire device and crack it at their leisure.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s