I worked for a large safe manufacture back in the day. They made large walk in bank vaults. Sometimes banks would lose their combinations and we would call this man in from Ohio. He had his own plane and would be there in hours. Sometimes he would use a machine like this often he would just drill it. He would put one small hole in the vault. He had records on every vault and he knew the drilling location. He also had the best tools money could buy. He was a legend. He charged 10,000 per opening. One year we used him three times.
@@ClutterLustRott i think the bank combinations change very often and there’s no way one person would be able to remember it again and again. Source: my opinion
@@Mikasks This answer makes a lot of sense. My source: working in an office where our passwords had to be changed 4 times a year so over half the staff and their password on a post it somewhere on their desk.
@@ashakydd1 People think changing password every 3 months, or even force to reinsert the same password every 2 weeks is a way to improve security. On the contrary, it forces a user to use different password he will forger, and to do what you described. Also, forcing a user to reinsert the password every two weeks, make him an easy target for phishing. In conclusion, a password should never expire, and a session neither.
Skips over the assembly of the machine because “that’s the boring part”. Proceeds to show video of the machine spinning the knob for 2 minutes straight.
@@catfish552 But it doesn't figure out the digits progressively, does it? It did recognize the giant click when the lock opened, yes, but does it detect the faint clicks if one of the wheels is in a gate? Manufacturers surely try to make these clicks as hard to detect a possible, while the giant "I'm now open" click doesn't realy need to be disguised.
I assumed there'd be some sort of super sensitive electronic feedback sensor from the motor that would allow it to automate some of the techniques used by humans to unlock them quicker prior to brute force. I suppose though unless you're using this for some time constrained (and thus maybe nefarious use) a day or so of running doesn't matter much so the (probably substantial) extra expense and complication doesn't make sense.
This is the mathematical kind of brute force, not the mechanical kind of brute force. It's the same brute force method that is about the only approach to breaking many kinds of encryption where you know the algorithm but it doesn't matter, hammers don't help, so you have to guess the key. So you start going through every possible key and hope and pray you are really, really lucky and find the key in your lifetime. Or use thousands of computers to try thousands of keys at the same time.
I seem to remember a James Bond movie where 007 attaches something like this to a safe, gets it going, and then sits down with a magazine....fade out...fade in...clickety clack! So at least they tried to indicate Q's toy wasn't out right magic.
It was around 2:05 when I became aware that I was staring at a machine turning a knob for a decent amount of time and realized I can be entertained with anything. Kept watching because it's LPL, it's always good. I could probably have watched the 8h video.
@@dylanisaac1017 the secret is to start a locksmith business with zero skill, and charge people to essentially rent the machine. ROI is approx 12 customers
Years ago my sister found a combination lock, the type used on school lockers, and over the course of days we went through each combination sequentially. We finally got it open. It had 01-99 numbers, and a 3 number combination.
@@xoniq-vr In lock world there is this old legend about a faceless creature who will crack every lock be it large and heavy or tiny and light. All that remains are open, gutted lock bodies. Luckily it's just a fairy tale though
It's not even his safe. He found it just sitting in the back of someone's locked closet in a locked room in a house with two locked front doors. Just begging to be taken
A Nema17 motor could do the same job and it could be driven from a TMC2209 silent stepstick which makes virtually no noise. Put a flexible coupling on the shaft and some rubber dampeners on the motor mounting bracket and the only thing you'll hear is the lock mechanism clicking. Additionally, these tiny motors produce very sick amount of torque when running 1.4 Amps RMS, and at 24 Volts they can sustain this torque up to 1000 RPM. This thing could literally work 25x faster and be 10x cheaper if they had optimized anything. Source: I'm a 3d printing enthusiast I deal with stepper motors a lot. Dude trust me™.
@@toahero5925 A standard stepper is 200 full steps per revolution and 400 half-steps, up to 51 200 microsteps (driver chip feature). It has plenty of accuracy. The limiting factor would be the speed at which the lock internals can operate.
@@michaelbuckers I would kinda worry whether a nema 17 (at least 3D printer size) would have the torque for a stiff dial, especially using smoothened steps (source - trying to use one to make a fourth axis for my cnc)
@@robbiejames1540 How stiff a dial we're talking about? Nema17 motors provide enough torque for your fingers to slip off the knob unless you really hold tight. Also check your RMS current setting. As a rule of thumb, if the motor isn't hot to touch, it's not running enough current. Also of course longer motors provide more power, puck motors are pretty weak so don't use them for anything that requires nontrivial thrust.
@@XenoTravis It doesn't need to. Since it isn't designed for clandestine safe cracking. Rather it is designed for lock smiths who get the rather nasty customer call of "We have a really high end safe and forgot the combination". A) high end safes usually have drill lockups (the the glass plates), so no using the standard option..... Just easily drill it with locksmiths drill gear. B) Brute force cutting and drill would take time C) it might destroy the contents and contents is what customer wants D) high end safes are expensive so if you can avoid destructive entry, customer would be really really happy to get to continue to use the expensive asset. So dialer it is. Locksmith shows up with the dialer, sets it up, asks if there is any idea even on part of the code, tells those tips as starting point for the machine and then leaves the dialer to work and says to customer "This might take a day. Call me when that box goes DING and says dialing complete, code is...... I will come pack up my gear, set a new combination and you have again a working safe". Hence it being slow doesn't mean anything. Since most likely the dialer is working in front of the customer and could be working days on end anyway.
Well, it is a brute force approach, so you're dealing with "worse case scenario" for cracking a code. But it's also automated so you can set it and leave it to do its thing for a while.
Funny how this attack is called "brute-forcing" in cryptography, but in the case of an actual safe it's a very soft approach to opening it compared to other, way more brutal ways.
If you understand "brute-force method" as "a method to go through something no matter how long it takes" then it's pretty accurate in all cases. Brute forcing a message, a hash, a key, etc is just going through all possible combinations until you find the right one. Same thing for locks. If you brute force your way through a door, you're most likely using a ram (that's where the expression "ramming through" comes from btw, although the origin is actually medieval rams). If you brute force your way through enemy defenses, you're doing it literally, etc.
Non-volatile memory isn't the solution to power failures. That's what a UPS is for. If you are doing this professionally and can afford this kind of tool, then you should also be able to get a UPS.
My crime partner : **whispering** How long is it gonna take? Me :* *also whispering** Give me 8 hours **machine dialing noises** * *awkwardly stare at each other for 8 hours**
@@LancasterResponding 3 hours later... "So... are we there yet, you know we broke in the store with no alarm triggered but it's 7am in the morning now and they open at 8..."
This would have made sense in the movie Die Hard where supposedly it took about 8 hours to drill into a safe, would make more sense that it took about that long to use an auto-dialler like this.
When I was a young kid I remember opening an old lock combination lock just buy feel.... I close my eyes and turned it till I instinctively knew to stop and then turn it back in and turned it back again all based on feel and instinct. And it opened. It’s amazing how good your hearing And your sense of touch become with your eyes closed...
@@DeadlyDanDaMan So says the Highlighted ”King of Pussies” !!! Gee thumb wrestling. Wish I was you. You look about as deadly as a bad case of athletes foot! LOL !
I've used one of these many times. It usually doesn't take long on a safe that has the combination changed for different people because they love to use dates like birthdays. Start it and come back the next morning and open the safe.
When I was in the military I use to set the safe codes. I was told by the master locksmith that it is best to set the numbers low/high/low because it is easier to mess up the sequence when dialing the numbers when trying to hack the safe.
I remember several years ago when we got a gun safe and the combination we had for the safe didn’t work. We called the locksmith and he put a rig like this on the dial to try and find the combination, and the rig he had was noisy as hell. What really sucked was it took the machine 3 days running nonstop to find the combination, so it was pure hell trying to sleep with that thing running. This ones quiet as can be compared to that one.
Mike Bartley and what sucked even beyond that, I forgot to put this in my original comment, is that the combination it wound up finding didn’t work either. Locksmith had to put a whole new dial on it.
@@ccall48 magic sense of touch on the guy, could have made a mint opening safes but honest as they come. Ime tempted to say 'dumb" as they come but you cant knock a guy for having integrity[personally i dont think enough of banks and their practices to NOT be willing to take their money if i had those skills and nobody was getting hurt]:/
Thank you for always ending your outro with "and have a nice day.", because that can sometimes be all it takes for me to think positive thoughts before I go on to doing something else worthwhile. Also thank you for your calm and soothing voice, it usually makes me feel relaxed when I would otherwise feel stressed or uneasy.
I can totally expect this. My safe you can feel the bearings catch and sometimes release when you spin in the dial so if you’re sensitive enough you can easily feel things drop in place
Others in the comments have mentioned that a device like this could be improved by using sound or the resistive force of the lock as feedback, but I always thought it would be cool to use magnetic induction sensors of some sort to sense the position of the notches on the disks. If a notch passes under the sensor, the magnetic field would slightly change, with some software magic, you could use that to decode the lock. It would likely need highly sensitive sensors and complicated software but it could theoretically take down locks made with high tolerances that would be difficult to feel out with tactile feedback
You're going to have an incredibly difficult time sensing discrepancies in magnetic fields of brass wheels, inside of an aluminum lock, through 12+ inches of steel, my guy.
@@MichaelPohoreski No its not We call this brute force in the IT world, where you hack a server over a network. Obviously brute force comes from using brutal physical force.... as in taking a sledgehammer or something to the device. Since this is a safe, not a far away server, brute force would be exactly that; brute force. Not trying all possibilities.
@@MichaelPohoreski No, its not. I just explained it ffs. BRUTE FORCE comes from FORCING a device/door/etc, instead of using normal method (key for instance) to gain entry to a device. The term crossed over to networking as forcing a login/pass by trying all possibillities. Since its not really an option to physically go there and open a server. You cant friggin cross over back to where it came from and change the original meaning!!!!! Its not rocket science...
I had one of these and used it a few times and it led me to learn manipulation. Once I learned how to manipulate, the only time I used the dialer again was when I was on a late call and could set it up to dial over night and then return the next day to find the container open. Set up is the key; the drop point and opening direction must be known; there are tricks to find these , as you know.
A moviemaker was having a tiff with the UK censor's office. He submitted a 10 hour movie of paint drying. A fee is only payable if the movie is classified adult only or similar. Wonder what the censor would think of a 8 hour safecracking movie with this device.
We had to get someone to use one of these the other day in work (Manifoil Mk8), I wasn't around to see it in use but it's a lot simpler than I thought!
Timmy Davie The problem with the Mk8 is there are over 2.5 billion combinations. You'd have to have an idea what the combination is for a machine to ever break into one. The internals fail before the lock will be cracked. A Mk4 lasts about 10 days on a lock dialler before it fails, which is well before all combos are dialled, I would assume a mk8 fails after the same amount of time, so it would never get close to all the combinations because there are x100 more of them. I service these locks daily, so have a lot of experience of them, and especially using brute force to try and get into them.
This type of lock is actually the first I learned to open by listening. It does take some skill, but I have to thank masterlock for making those small dial locks for me to practice on. Might actually try to find or buy one. Much easier than picking, though I can do both at a novice level (paperclip)
Well, so is a jackhammer, or a diamond-studded circular saw, or a case of dynamite. But the advantage of the dialing machine is, the safe can still be used afterward. :-)
Gotta think about the application this is used in. It's almost certainly used exclusively by people who need to crack a safe they either forget the combination to, or acquired it locked to begin with. As such the times it's needed are very rarely, therefore speed isn't really much of a concern as you just set it to run then go on with your day, and come back when it's finished.
@@kendarr this isn't brute force by any means. When you review safes and their ratings (including the locks used on them) they are rated against surreptitious entry (entry without leaving physical evidence) and forced entry (clear evidence of entry). In this case no "force" is used and if you were to have performed this "surreptitiously" no one would be the wiser once you walked away. (Edit: post-midnight comments and autocorrect don't mix...)
It would be fun to consider a lock designed to defy this type of attack, maybe with torque limiting clutches to defy the fast changes of direction. Perhaps a centrifugal device to resist fast rotation.
Nah the issue is if it was a heist it is just impractical to use It takes a good bit of time to set up and it takes quite awhile to use And it's kinda klunky And it's expensive It's just not very practical for a criminal to use Hence the main use case for this is probably if the owner of the safe forgot their passcode and wanted a non destructive way to enter the safe So it doesn't make sense to design the safe to impede the device imo
And no one would buy that lock, because this device isn't spinning any faster than a bank teller spins a lock, and there would be repeat calls to the bank's vault technicians over a lock "not working" simply because they were going too fast. Congrats, you just designed the worst lock ever.
@@the-dullahan I wrote that 3 years ago, a practical bank vault lock does not really have to resist an attack like this. At most I would guess that a vault will be unattended for a maximum of maybe 5 days so there is a limit to how many stepper motor driven combinations could be tried in that time. Sadly the quickest way into it is to kidnap those that do have access, but that falls outside the challenge of lock picking...
Your observation is correct. It is possible to manufacture this kind of lock with tighter tolerances (which would also makes it less forgiving when you are legit, know the combination and just try to dial it in with clumsy hands). I presume that for most dial locks, you just need to try 50 of the 100 positions. So just 125,000 possible combination for a three disc lock (instead of the 1,000,000 one might expect). I guess the usual fix is not to apply tighter tolerances but to add another disc. 50^4 gives you 6,250,000 possible combinations. Oh, well, my bad. Of course one number must be outside the 0-30 or 0-35 region. so the number of possible combinations is actually only two thirds of the numbers given above.
There is a major vulnerability point with the S&G safes. It was my first safe that I cracked. I drilled a hole in the back of the safe and inserted a camera with a magnetic head on it and put it on the key hole that resets the combination. This reset is 5 numbers off and you are able to get the combo from the last number to the first when looking through the hole by rotating it through the cycle. Then compensate for the 5 number off set and you have the combination. If you have ever reset you will know what I mean by the 5 number off set. It's what that other white notch is for on top of the dial.
But considering most vaults have an exterior and interior door plate, and are also not something you're ever going to be able to drill from behind, that's not really that major of a flaw, since you would never be able to get the camera in from the rear that way, and even if you could, you'd never be able to see the lock anyhow.
I made one of these a while ago and It works. I used a stepper motor, Arduino, and 3d printed enclosure with a 16x2 lcd screen. The only problem is getting the magnets to stick to the safe and keeping the Arduino turned on
Boyhood dream come true. I did indeed assume this was only ever seen in my movies and fictitious until recently. By the time someone got a Arduino to tune a guitar... then again the hours this machine takes does match the reality of not having your cake and eating it too.
This was the idea behind my engineering college project. Safe was heavy enough to resist being moved, even at a small size. Sandwiched an extreme abrasion and heat resistant ceramic tile between mild and hardend steel. Thickness was such that an average sized grinder could not penetrate deep enough. You absolutely could get in, but the goal was to make it either not worth it or risk having the contents destroyed in the process. If the person was not aware of the design of the safe they faced it would prove to be very difficult. It was actually built and tested. The tester had a reason to get in. His Christmas present was inside. He failed after two hours with power tools.
I know you americans also allowed to have shitty safes. But in other countries this may not work, because there are regulations, that you can pull out a safe with a truck.
@@VI-pp4jo You might be able to break the combination lock that way. Unfortunately, it would also break the mechanism which keeps some spring loaded arms in position (heat and deformation will break it as well). The arms will then move from the ordinary position into a position which will keep the door shut. Really shut. Shut in the sense that even the locks are overruled and cannot be used to open the door any more. You will then need to cut the door (or the walls) into pieces (which might take days, and is noisy).
I'd love to see this guy at work on a safe a work colleage had. It had four lock barrels arranged in a square on the front door, a,b,c,d, it came with 2 keys, 1 and 2. Each key had 2 sets of 6 fingers? on opposite sides of the shaft. To open the safe you had to put 1 of the keys into the correct barrel and turn 180 degrees in the correct direction and leave it in. Then the next key went into a second barrel and turn 180 degrees in the correct direction. The door could then be opened with the handle. Even if you had both keys, if you put the wrong key in the wrong lock first or turned it in the wrong direction, the door wouldn't open. Even if you guessed correct with the first key, get something wrong with the second and the door would not open. Then the first key was retained within the lock and could only be released by the owner taking the second key, (which was never trapped), placing it in one of the 3 now available barrels, and turning in the correct direction. I watched this safe being opened just once and it was done so quickly, I could never have remembered the sequence. There was the option to change the unlocking sequence, but it being a solely mechanical device, I imagine it was a complicated business.
How about a video on which safe locks are better than others? The pandemic had many new gun buyers, and the sales of bigger safes are up. Liberty, Cannon, Ft. Knox, etc. Both dial and electronic.... maybe a several part series? Thanks for demonstrating the good, the bad and the ugly of locks!
AW MAN! This brings back memory's of math class and learning algorithms. the lock machine was going through every odd number first then every even number. Now I'm trying to remember what that process was called.
![[1001] The ITL Robotic Safe Cracker! (ITL-2000)](/img/logo.svg){kind=logo}
