Safe Opener
Paul Midgette
Posts: 2
Hello,
A friend of mine forgot the combination to his safe...So, I was
wondering if anyone here has ever successfully constructed a safe
dialer....something that would try all possible combinations of a safe.
Best Regards,
PM
A friend of mine forgot the combination to his safe...So, I was
wondering if anyone here has ever successfully constructed a safe
dialer....something that would try all possible combinations of a safe.
Best Regards,
PM
Comments
There are other strategies for opening safes whose combinations are not handy.
PAR
Anyway, I wrote a program to generate random number combinations and spin the dial and a motorized arm would put some tension on the shackle to see if it moved. It was a fun project but impractical. To start with, it was difficult to calibrate the robot to the dial position acurrately enough. After a while, the alignment would drift and the number ordered would not match up to what was dialed. Second, number of combination possibilies are staggering, with that slow thing it would have taken me years to get it right. Since I was merely generating random numbers and not storing and checking against numbers I had already tried, I might never have gotten the right number.
My point is, it would be fun to build a Stamp powered device to do it, but don't expect any results beyone the satisfaction of having built the device.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Roger Pierson
Senior Electronics Technicain
DTI Assoicates
http://web.mit.edu/kvogt/www/safecracker.html seems worth a read.
Like most anything, it's a matter of time and money.
It appears as though you may have deleted your latest post, but as an amateur safe hobbiest, let me add the following. At least the way I read your (now unseen) latest post, you seem to imply that the safe tumblers have been already been "cleared" to start, but don't say so implicitly. If not, a "death trap" may lie therein for the unsuspecting or unknoing, using a random approach. Without the tumblers being set to a given starting location (usually the "clear" position) it isn't even a "game of mathematices" at least the way I understand it, it's a mission of probable futility.
Moreover, one may be able to determine (say) all 3-4 interim tumbler locations randomly with relative ease, but what about the intervening "locating spins". For those not familiar with that concept, here is a combination set that Roger may understand, but many others will not:
R5 - CL, L4-11, R3-44, L2-85 (this is a real combination to a very secure safe that I own)
and those are _ALL_ the necessary numbers needed to open the safe, YET that given combination alone CAN NOT and WILL NOT open the safe as is. Roger probably knows why, and CAN probably open the safe fron that given above, but I choose not to divulge the reason why.
Rather than having people begging for more hints, investigate the topic of "drop numbers" if you can find it on the Internet, or in the library.
Rather than using a purely random approach. presuming there is no "anti-bump" apparatus internal to the safe, a "hearing or sound" approach with a microcontroller might be a lot more effective, and a good deal faster.
OTOH, I know of no ordinary "home safe" that can't be opened, relatively unharmed, by a safe professional (trained lock and/or safe-smith) in a good deal less than 2 hours. Even at $ 50.00 to 75.00 an hour, that's moeny well spent!
A PBASIC Stamp and the associated ancillary equipment costs a bit more than that, but agreed it's a whole lot more FUN!
Regards,
Bruce Bates
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
<!--StartFragment -->
1) Someone has done it.
2) Google is arguably easier to use and faster than posting to the forums.
Strictly speaking Roger's post was more appropriate than mine as the original poster asked if anyone HERE had done it.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chris Savage
Parallax Tech Support
This is standard proceedure amongst professional·locksmiths. Later the hole is plugged and the safe is refinished to hide the tampering.· Once the safe is open, the safe's combination may be changed from the inside of the door.
Of course, where to drill in jealously guarded by the manufacturers and a wrong location[noparse][[/noparse]s] may actually seize up the safe from further tappering.·Quite often the location is behind the dial [noparse][[/noparse]which requires the dial be removed first].· So, one must approach the manufacturer and·pay a handsome sum to get training after having a background check. Most criminal safecrakers specialize according to knowledge they have acquired about certain makes and models of safes.· You give them something else, they give up.
Movies have always made lock picks, safecraking, and opening locked doors with a plastic card look far easier than it is in many cases.· And of course in movies, the bad guy always drops dead from one shot.·
Try taking a mail order locksmithing course or using the public library about this topic.· Generally, it is mechanical stuff - not electronics.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
"If you want more fiber, eat the package.· Not enough?· Eat the manual."········
Jeff T.
I used a stepping motor to dial the lock, an optical sensor to check rotational position, a big solenoid to yank the hasp, and another optical sensor to detect when the hasp opened. I also initially had rotational positioning problems until I adjusted the stepper current and motor start, ramp and top speed, and even then added the rotational sensor to detect for and then correct any driftage.
My old Tandy 286 running Mark Williams C ran the thing via the parallel port.
Sure, it wasn't really practical, especially as you can buy one of those locks for just a few dollars, but it was fun to make, and debug, and was a great thrill when it successfully opened a lock that I' d forgotten the combination of.
With 3 numbers having values 0-39, there weren't too many combinations to try - what, 40 * 40 * 40 = 64,000? I don't know whether repeated values are allowed in those simple Master locks. At one number per second, that's less than a day even if every number needs to be tried. And it is true that those locks are so sloppy that it probably would open if you restricted your attempts to even or odd numbers only, reducing the possibilities to like 20 * 20 * 20 = 8000, or about 2 hours at one try per second.
I have an old Mosler safe having 4 numbers with values from 0-99; that could take longer - 100,000,000 possibilities? I do know that repeated values are allowed in the Mosler because the combination is user-setteable. So, maybe 3 years at one attempt per second?
David
First number MOD 4 = Third number MOD 4
Second number MOD 4 = (First number MOD 4) + 2 (in the range 0-3, of course)
Mike
I read some Richard Feynman books, he was really good at cracking safes, but his method was based on the user not properly clearing the dial after closing. He would go in an office an ask people if they minded him tryin to pick it, most would be glad to see him try as they had expensive government type safes. He cracked many and caused many people to have to bring out a locksmith to change their combinations. Certainly a great read hearing about the crazy stuff he did including studying safes.
Human nature is definitely involved. While anything worth cracking is likely to be a challange, the fact that people are sloppy and don't clear the tumblers is a bit significant.
During the Manhattan Project, all the file cabinets apparently had 3 digit combiniation tumbler locks on them for security. After the project was shut down, they found most were set to '235' representing the Uranium isotope 235 which is what the bomb was made of. People would just tell each other that the combination was 'top secret' and mean '2-3-5'.
Master locks are 'trash'. One can easily open many of the cheaper key locks with a bent nail and the 3 combination locks can be opened by feel. Additionally, many high schools have the 'code book' on hand so that teachers may open student locks. Automotive keys are similarly coded to their chassis numbers and used by the IRS and repossesion companies. Very few homes are really secure from being quickly entered with a battery-powered electric drill or a plain old hand drill.
But once you get beyond the general consumer, it really begins to get hard. You are not going to find an answer on the net and people are going to want to know 'who wants to know' and 'why'.
Of course, it has been said many times, 'The locks are there to keep the honest people honest.'
I do have a set up using CANbus that could make an electronic safe.
You would have to plug in to provide both power to the interior mechanism [noparse][[/noparse]a CAN node driving selenoid latches] and to provide a link to an outside CANbus terminal. You could have about one-half billion combinations available due to the address width on CANbus and you could add another 8 bytes of identity in the data fields. Also, you could have the bus tuned to an unknown non-standard crystal frequency to further confound hackers and you could have the supply voltage set to an unknown range that would shut out highs and lows.
Without any power inside the device, the hacker would just have a too many unknowns. Only the person with the properly built and programmed interface could power up the selenoids to open the device. Digital searches would first have to identify operating voltage and frequency. Because it is a bus configuration, in case of tampering or destruction of the obvious interface, a second hidden interface could be provided somewhere in the housing.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
"If you want more fiber, eat the package.· Not enough?· Eat the manual."········
·
I am building something that will, in effect, attempt to listen and feel its way to finding the combination.· If that fails, it will also have the option to try all possible combinations (which might require about 30 hours for a 3-wheel group-2 lock, worst case.· I'll keep you all posted....
·
This sure is a great forum.··· Thanks again!
·
Paul Midgette
From the same era, I guess, we have the DEFCON 14 safe cracking video http:/F/www.youtube.com/watch?v=4_lkYQ88kv0
I wonder if Paul Midgette's gadget is still trying to open his "friend's" safe after all these years?
Or perhaps he is in jail ?
He accidentally locked himself inside an 1948 model Franz J
I would offer a line of direction, where permissible. Every combination safe is
manufacturered in different positions, different combinatorial mechanisims. Hense,
their original patents. To "crack" a safe, you would need the manufacturer, and
possible model number. If you were, to happen, maybe, enroll in a online course
for locksmithing, this would open up a window to the info I am trying to portray.
Once you have manufacturer and model, the combination possibilities may
fall from infinity. This may simplify your endeavours for problem resolution.
This thread is quite old and the OP is long gone.
@ Heater. Thanks for that video link. Quite informative.