Safe Cracking With Signal Analysis

[Dave Jones] over at EEVblog got his hands on a small safe with an electronic lock and decided to try his hand at safe cracking. But rather than breaking out the thermal drill or shaped charge, he hooked up his Rigol scope and attempted a safe cracking via signal analysis (YouTube link).

We have to say that safes Down Under seem much stouter than most of the inexpensive lock boxes we’ve seen in the US, at least in terms of the quality (and quantity) of the steel in the body of the safe. Even though [Dave] was looking for a way in through the electronics, he still needed to deal with all that steel to get himself out of a face-palm moment that resulted in a lockout. Once that was out of the way, he proceeded to capture usable signals from the internal microcontroller using the only two available contacts – the 9 volt battery connections. While he did get signals, he couldn’t find any signatures that would help determine the six digits in the PIN, and as he points out, even if he did, brute-forcing through the one million permutations to find the right code would take too long, given the wrong-code lockout feature of the lock.

Even though he failed to hack into this particular safe, there’s still plenty to be learned from his methods. And who’s to say that other similar locks aren’t a little more chatty about their internals? Maybe you could even manage to EMP your way past the lock.

Cracking a manipulation-proof, million combination safe

So you spent the big bucks and got that fancy safe but if these guys can build a robot to brute-force the combination you can bet there are thieves out there who can pull it off too. [Kyle Vogt] mentioned that we featured the first iteration of his build back in 2006 but we can’t find that article. So read through his build log linked above and then check out the video of the new version after the break. It’s cracking the combination on a Sargent and Greenleaf 8500 lock. There’s an interesting set of motions necessary to open the safe. Turn the dial four revolutions to the first number, three revolutions to the second, two revolutions to the final number, then one revolution to zero the dial. After that you need to press the dial inward to activate the lever assembly. Finally, rotate the dial to 85 to retract the bolt which unlocks the safe.

The propaganda on this lock says it stood up to 20-hours of manual manipulation. But [Kyle] thinks his hardware can get it open in a few hours. His hardware looks extremely well-engineered and we’d bet some creative math can narrow down the time it takes to brute force the combo by not going in sequence.

Continue reading “Cracking a manipulation-proof, million combination safe”

Cheap(er) biometric gun safe

[Greg] sent in his biometric pistol safe lock. He keeps his guide light on details so not every Joe can crack the system (there is a thread to sift through if you really wanted to), but the idea runs fairly simple anyway. [Greg] took an old garage door opening fingerprint scanner and wired it into a half broken keypad based pistol safe. While he did have some issues finding a signal that only fired when the correct fingerprint is scanned, a little magic with a CMOS HEX inverter fixed that problem quick.

This does bring one question to our minds, are fingerprint scanners as easy to crack as fingerprint readers?

Ask HackADay: Organization?!

Several people have been asking a similar question to,

“How do you at Hackaday keep track of and organize all your equipment?”
-[Jeff Allen] and others.

We have a variety of resources to help you keep track of your tools, equipment, parts, and supplies! Follow us after the jump for some tips for keeping your workspace clean and tidy. Continue reading “Ask HackADay: Organization?!”