KellyKeeton dot Com v3.0 reverse engineering life

13Jul/060

master lock pick

Note that there are 64,000 possible combinations on a master lock (0-39 makes 40 possiblevalues on each digit, there are 3 digits).  This is a little inaccurate sincethere is a little tolerance in entering a number (38 or 36 usually works for 37, forinstance), but it works for showing how much we'll narrow it down.

Firstly, note that the only tumbler that you actually move when you turn the dialis the one that controls the last digit.  You will be finding the last digitfirst.  This is the most crucial step.  Do not mess up.  Position thelock at zero.  Pull up on the shackle (the U-shaped thing).  Turn untilit clicks.

http://www.howstuffworks.com/inside-lock.htm -see the last two pictures for exactly why it clicks like this, it should be prettyclear.

Now, when it "clicks" (you will feel it), it will lock in between two numbers. While maintaining tension on the shackle, turn the dial around.  Note where thedial stops.  Let's say that I can rotate the dial between 4 and 5.  Thismeans that the number I want to write down is 4.5.  If it rotates between 4.5and 5.5, the number that I want to write down is 5.  This varies widely fromlock to lock - some don't have any tolerance for movement when tension is maintained,some have quite a bit.  Use your best judgment, and if you screw up, you willnotice in just a second.

Do this around the entire lock.  You will hopefully get 12 numbers.  Ifyou didn't, you screwed up and you need to do it again (you did make sure your lockwas a Master lock, didn't you?).

Okay, so what are these numbers?  One of them is the last digit to your lock. The other 11 are decoys.  How do we know which is the correct one?

Let's take this series of possible last digits (these were the ones I used with mylock):  38.5, 35.5, 32, 28.5, 25.5 22, 19, 15.5, 12, 8.5, 5.5, 2

Sometimes it is very difficult to tell if something falls on the digit or between,so there should be 7 that have a .5 and 5 that don't.

First, take away all of the ones that have a .5 after them.  They are all decoys.

So, you have 32, 22, 19, 12, and 2 left.  You will note that they all have thesame digit on the one's place except one of them.  You are left with 19. That is the last digit.

I would recommend trying this with a lock that you know the combination to first,because if you get the wrong one this time, you'll probably get it wrong later too,and you may need to try up to 100 combinations later, and it will be pretty frustratingwhen none of them work.

Enter modulus.  Modulus is a lesser-known mathematical operator that just means"remainder."  The magic number with Master locks is four.  You need to findthe modulus of the last digit of your lock and four.  For my lock, the last digitis 19.  Let's do some long division!  4 into 19=4, and 4 times 4 is 16,and 19-16=3, so we have 4 remainder 3.  So, 19 Mod 4 (sometimes stated 19%4)is 3.  Now, you must list all 10 of the numbers with a modulus that is equalto [LastDigit Mod 4].  That means that I am left with 3, 7, 11, 15, 19, 23, 27,31, 35, and 39.

One of those is the first digit.

The second digits are the easiest.  Just add two to the possible first digits. That gives us 5,9,13,17,21,25,29,33,37,1 (39+2=41, but there is no 41, so begin atzero [NOT ONE] from 39).

Now, enumerate all the possible combinations:

3-1-19
3-5-19
3-9-19
3-13-19
...
7-1-19
7-9-19 <--This is the actual combination, by the way
7-13-19
... etc., etc., etc.

So now, we have narrowed down the 64,000 combinations to a mere one hundred (10*10*1). This shouldn't take you more than 15 or 20 minutes to try all of the combinations. On average, it takes me 10 minutes from start to finish.  Remember to mark downwhich combinations you've tried!

orginal site here http://www.fusor.us/lockpick.html

Filed under: Hardware, Security No Comments