Anyone can open a Master Lock padlock in under two minutes


#1

[Permalink]


#2

Try the sheet metal shim exploit which is quicker


#3

The Archimedes exploit works even faster than that…

Although, deniability becomes an issue.


#4

Why not just determine the lock’s harmonic frequency, then play that frequency at it until it vibrates open? Or dunk it in liquid nitrogen, then shatter it? Or incinerate/melt whatever it’s attached to, thereby defeating the lock without even opening it?


#5

I defeat the master by not attaching to the outcome.

Voila!


#6

Or approach the school’s janitor and say “If you can tell me the combination to this lock, I will give you this handsome barometer.”


#7

We used to pick locks in high school and steal 'em. Never opened the lockers, never took anything else. Just built a collection of probably 50-60 locks. Just to be assholes, pretty much. One particular type of lock, pretty sure it was the cheap MasterLocks, that we could easily pick with just a filed-down key.


#8

Also, the combo locks can be kicked off (used to take those, too).


#9

Similar to kicking off a master lock, I’ve used a scissor jack and a piece of pipe to span the gap to snap the lock off a hasp by just pushing on it really hard.

A jack that can lift a car can push a lock off a hasp pretty easily, if the geometry is amenable to that type of attack.


#10

Locks similar to this are used at my son’s school. There are some master keys around, to be used by teachers, but I am sure I could buy one on ebay.


#11

Here’s the javascript that generates the code (samy.pl/master is a redirect to a pretty heavy-duty adsite, and I wasn’t interested in sticking around). Note that l1 is lockpoint 1, l2 is lockpoint 2, and rl is resistant location. Also note that I didn’t write the code in question, and I had to resist the urge to clean it up as I pasted it. Crime against curly braces, that is.

Based on the code and a lock I own and was fiddling with, I can say that this process isn’t as simple as it sounds. My own lock had relatively a easy-to-find l1, an ambiguous l2 (there were two locations that both seemed to fit into the “discard this value” category as they were between two whole numbers), and an incorrect rl.

I say “incorrect”, because the code indicates that the resistant location value, plus five, mod 40 is the first digit of the combo. Even knowing that my resistant location would therefore be 30, I couldn’t find it. Twisting the lock all the way around with a constant pressure on the shackle that’s low enough so it can spin everywhere except the resistance point probably takes some deft hands and a good touch.

I don’t doubt the technique, but it also feels like this isn’t one of those “learn to open a lock in five minutes” approaches.

function combo(x)
{
  var second = [];
  var third = [];
  var l1 = parseInt($('input#l1').val());
  var l2 = parseInt($('input#l2').val());

  var first = (Math.ceil($('input#rl').val()) + 5) % 40;
  $('input#d1').val(first);

  var mod = first % 4;

  for (var i = 0; i < 4; i++)
  {
    if (((10 * i) + l1) % 4 == mod)
      third.push((10 * i) + l1);

    if (((10 * i) + l2) % 4 == mod)
      third.push((10 * i) + l2);
  }
  $('a#t1').text(third[0]);
  $('a#t2').text(third[1]);
  $('input#d3').val(x ? third[x-1] : third.join(', '));

  for (var i = 0; i < 10; i++) {
    var tmp = ((mod + 2) % 4) + (4 * i);
    if (!x || ( (third[x-1]+2)%40 != tmp && (third[x-1]-2)%40 != tmp))
      second.push(tmp);
  }
  $('input#d2').val(second.join(', '));

    console.log(first);
    console.log(second);
    console.log(third);
}

#12

We had a slightly more labor-intensive variant of this method in the 80s.

http://phrack.org/issues/1/6.html

Master changed the design in the early or mid 90s but the basic principle still works since you can still detect resistance at key parts of the dial.


#13

Exactly. I was shown this in jail in 1990, on my own locker by a roommate to show me it was useless.


#14

Alexandrian exploit? Gordian exploit?


#15

Any magic user can simply use the Knock spell.


#16

This trick also used to work on phone boxes.


#17

Don’t you just whistle at 2600 hertz?

Anyhoo, on a more serious note, while I find these exploits mentally satisfying (in a similar way to crosswords, algorithms, blacksmith puzzles, and cooking) ultimately it is just a game.

If you have a target, an objective, and a window, you don’t boot up a laptop to solve a lock. You break the lock and plant the evidence on someone else who may have a motive as well. Never take the hard road, always use misdirection, and if you even think you need an alibi your plan sucks and should be revisited.

…

Wait, do kids read these forums?

NEVER TAKE ADVICE FROM UNCLE JAPHPROIAG, HE IS A LIAR AND WILL GET YOU IN TROUBLE.


#18

This topic was automatically closed after 5 days. New replies are no longer allowed.