Long, long ago we covered a method to crack a Master lock in about 30 minutes or less. Here’s a revival of the same method but now the instructions to retrieve the combination are in info-graphic format created by [Mark Edward Campos].
If you didn’t get to try this the first time around, here’s how it works: A combination of a physical vulnerability, math, and brute force is used. First, the final number of the code can be obtained by pulling up on the latch while the dial is rotated. Because of the way the lock is built the correct number can be extrapolated using this trick. Secondly, a table of all possible first and second number combinations has been calculated for you. Third, it’s your job to brute force the correct table of possibilities which includes only about one hundred combinations.
We’re not really into felony theft and hopefully you’re not either. But, we have a nasty habit of needing to use a combination lock that’s been in a drawer for a few years and having no idea of what the correct code might be.
Update: We’ve had a lot of comments about shimming as a better method. For your enjoyment we’ve embedded a video after the break that details how to shim a Master lock using a beer can. Just remember: friends don’t let friends drink and shim.
Continue reading “How to crack a Master lock”
[Ben] and his associates over at the University of California at San Diego came up with a way to duplicate keys using a picture of them. They developed an algorithm that uses measurements from known key blanks to extrapolate the bitting code. Because the software is measuring multiple points it can correct the perspective of the photo when the key is not photographed on a flat surface, but from an angle.
They went so far as to test with cell phone cameras and using a telephoto lens from 195 feet away. In most cases, correct keys were produced within four guesses. Don’t miss their wonderful writeup (PDF) detailing how key bitting works, traditional covert duplication methods, and all the details of their process. The lack of available code prevents us all from playing secret agent (or felon) with this idea but [Ben] did mention that if there is sufficient interest he might release it.
Lock bumping showed us how weak our security is, but this is a bit scary.
The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.
On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.
[photo: Rija 2.0]