This war-dialing safe-cracker opens combination safes

Originally published at: https://boingboing.net/2019/08/05/this-war-dialing-safe-cracker.html

…

First I need a safe, and then I need to forget the combo, what were we talking about…

Where was this when @beschizza needed it?

Also, a maximum 8 hours is pretty good if you know how to run a heist. Break through your tunnel into the jewellery store at 9PM and the worst that happens is you spend all night lounging around in your black mask and striped jersey before making good your escape well before opening time.

but how does it know when is has arrived at5 the right combination?

Thank you!! That was what i shouted at my screen the half dozen previous times this was presented. (“Where is the Dr Seuss glove on a scissors extension trying the handle after each combination trial!?”) …needless to say my screen never answered.

Things like this did exist when Rob was trying to open his safe as far as i recall. There’s even ones you can make out of legos

The reality is, Rob just didn’t have the passion that some of the rest of us did. He slept like a goddamn baby while others lay awake at night wondering, “What the fuck is in the safe!!???”

On most safes, you randomize the dial by spinning it a few revolutions, then dial the 3 (or 4) digits, then turn the opposite direction until the latch falls. Then you turn another 1/4 turn to retract the bolts, or turn a separate lever to open the door.

The problem with a war dialing is you need a database of the different configurations of the locks.

For general use, and knowledge of older safes made by companies no longer in existence, perhaps.

But, for anything that’s still sold today (or at least the company still exists), can’t you just look up the directions on the Internet direct from the manufacturer. Or, call them up and talk to someone about the user directions.

Even stuff where the company no longer exists, I bet you could find a large number of directions somewhere on the Internet with the correct steps. You can find a manual for just about anything from some niche repair or resale sight these days.

He feared what we might unleash.

And given how things have gone since. Our hubris may have damned us all.

Arduino and a stepper motor

Yep: https://www.youtube.com/watch?v=WnL8IEs-UqU

It took about 1.5 days for the home-made dialier in this video to find the combination. The software is optimized with a model of the lock’s internals. The dialer doesn’t need to repeatedly dial the three-number combination from the beginning. It just figures out the minimal amount of dial manipulation needed to get the three internal wheels aligned to the next combination, which most of the time is just bumping the third wheel one value higher.

Step 0. LLLL (reset lock)
Step 1. L (stop on 1st number)
(at this point, the first internal wheel is set to the 1st number)
Step 2. R (past 2nd number)
Step 3. R (past 2nd number again)
Step 4. R (stop at 2nd number)
(now the second internal wheel is set to the 2nd number)
Step 5. L (past 3rd number)
Step 6. L (stop at 3rd number)
(and the third internal wheel is set to the 3rd number–will the lock open?)
Step 7. R (if the dial stalls, the lock is open.)

Repeat Steps 6 and 7 with consecutively higher 3rd numbers until it’s time to move either the 2nd or 1st wheels, but then move the dial back only an amount sufficient to get the 2nd and/or 1st internal wheels aligned as needed. On this lock, dialing more distant 3rd numbers bumped the 2nd wheel, and that required resetting the 2nd wheel, too, slowing progress a bit.

The clockwise/counterclockwise dial oscillation that you see in the original video is the dialer trying a 3rd number and then trying to open the lock, checking if the dial stalls. Then dialing back to the 3rd number + 1 and trying to open the lock again.

The microswitch in this home-made mechanism helps detect when the dial stops turning and stepper motor just skips, meaning that the combination has been found.

Looking at my video again, it appears that it’s from the earlier version of the software which dialed the combination from the beginning every time. I forecast then that it would take too long to complete the task and bought a used lock mechanism to disassemble so that I understood how it worked. Version 2 of the software incorporated a model of the mechanism and worked as described above.

These are very handy with conventional 3-wheel combination locks. Devices like this and good old fashioned combination manipulation brought MP locks (Manipulation Proof) into being. Digital keypads take an auto-dialer completely out of the equation.
The low tech way to open a conventional lock like this is to hook up a high speed drill instead of a dialer and let it run for a day. The wheel pack spinning for thousands of revolutions eventually cuts through the fence, allowing the fence lever to fall and the lever nose falling into the cam gate, retracting the bolt.
I’d just take the time and manipulate the lock. It takes patience, calm and a good sense of feel.

Now they stood before the treasure
On the mountain dark and red
Turned the dial and looked inside it
Peace on earth, was all it said.

"Peace on earth was all it said!"

I think its all in the feel of the keys.

edit:

When the tumblers move, it sounds like Waterhouse is shooting the main bolt on the Gate of Hell. It takes him a little while, and a few more false starts, to get his bearings; he doesn’t know how many numbers are in the combination, or which way he should turn the dial to begin with. But with experimentation, some patterns begin to show through, and eventually he works out the following combination: 23 right—37 left—7 right—31 left—13 right and then there’s a really meaty click and he knows in his marrow that he can take off the headphones.

• Cryptonomicon

James Bond used a very similar device in one of the movies. Of course, back then it had red LEDs.

Cutting Edge Technology!

1969:

This topic was automatically closed after 5 days. New replies are no longer allowed.