Master lock auto-cracker built as coursework at University

master-lock-auto-cracker

We love the beginning of May because the final projects for college coursework start rolling into our tips line. Here’s one of the latest, it’s an automatic Master lock combination cracker which was built by [Ross Aiken] and his classmates as part of their ECE453 Embedded Microprocessor System Design class at the University of Wisconsin – Madison.

We’ve talked about the ease with which these locks can be cracked. But [Ross] points out that the resources we linked to before are flawed. To get the combination as quickly as possible the team has implemented an algorithm discussed here. Their machine uses a stepper motor to turn the dial with a big solenoid to pull on the shackle. The system is sensitive enough to detect the “sticky” spots of the lock, which are then used to narrow the number of possible combinations before brute forcing the combination. As you can see in the video after the break, the shackle moves slightly when pulled after an incorrect combination. The long vertical pin near the solenoid will pass through an optical sensor when the correct combination is found.

Do you have your own final project to show off? What are you waiting for, send us a tip about it!

[Read more...]

Brute force a password protected PDF using the BeagleBone

The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board.

We recently saw how easy it is to perform basic I/O using the BeagleBone. Those techniques are in play here, used to drive a character LCD and sample a button input from the breadboard circuit. [Nuno] even published separate posts for each of these peripheral features.

The password protected PDF file is passed to the device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second.  This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware. You can see his video demo of the device after the break.

[Read more...]

Automatic lock cracker makes breaking and entering a breeze

automatic_lockcracker

For most people, forgetting the combination on a lock means breaking out the bolt cutters and chopping off the lock. Some students at the [Olin College of Engineering] decided there was a far more elegant way to do the job, so they built an automated lock-cracking machine.

The machine consists of a clamp to hold the lock, a solenoid to pull the lock open, and a stepper motor to run through the combinations. Most of the processing is done on the attached computer, using software they created. The application will brute-force all of the possible combinations if you request it, but it also allows you to enter the first, second, or third numbers of the combination if you happen to remember them.

Once the machine is started, the motor begins spinning the lock and the solenoid yanks on the latch until the combination is discovered, which takes a maximum of about two hours to complete. The opening of the latch trips a limit switch and causes the mechanism to stop. A simple button press then returns the lock’s combination to the user.

Be sure to check out the video embedded below of the lock cracker in action.

[via Wired]

[Read more...]

Google as a password cracker


Usually we’re into hardware hacks, but once in a while I run across something that’s just too good. [Steven]‘s blog was cracked a while back, and while he was doing forensics, he was trying to crack the md5 hashed password for the unauthorized account. Eventually he slapped the hash into Google, and guess that it was ‘Anthony’ based on the results that came up. Thanks to [gr] for pointing it out.
(Yes, I know it was on Slashdot a few days ago, but I don’t care.)

Follow

Get every new post delivered to your Inbox.

Join 94,499 other followers