14 DAY TRIAL // The correct combination for padlocks from Master Lock can be determined in just a few minutes due to a vulnerability in the locking system that has been picked up by a hacker.
The algorithm for keeping the hinge shut in lack of the right combination is not an easy one to break and does require some computation that is easily done via a special calculator that processes particular input from the user.
Both the cracking technique and the program are the creation of Samy Kamkar, a hacker best known for releasing in 2005 a worm on MySpace social networking site that racked up friend requests for the author. In 20 hours, Kamkar had more than 1 million requests.
He is also known for different other hacking projects, such as the wall charger that records keystrokes from Microsoft keyboards in its vicinity, or the $20 / €18 micro-controller that can hijack a computer in seconds.
Find the strong resistance points
The method discovered by Kamkar to open a Master Lock involves turning the combination dial and observing resistance points at certain numbers. These are then introduced in the calculator he developed, which gives a total of 8 possible correct combinations.
Finding the resistance points is not difficult. First, the attacker has to determine two numbers the dial gets stuck on before reaching 10 or 11, by lifting the locked shackle as hard as possible.
The initial position of the dial has to be zero, and the resistant points have to be between half numbers, such as 5.5 and 6.5 (the important thing is that the dial crosses over a full number).
Lower resistance point needs to be determined
In the next stage, the shackle also has to be lifted, but with less force, so that it allows moving the combination dial freely, while still being able to detect if there is any resistance at one point.
Kamkar says that at this step, the slight resistance should be at the same spot, and it does not matter if it is a full number or half a number.
All three numbers determined this way are then entered in the calculator, which provides the first digit of the combination and possible variants for the second one.
In the end, there can be only 8
A couple of variants are also offered for the third digit, which has to be accurately determined by repeating the first step and observing the distance the dial is allowed to travel for each of them. The one with the greater distance is the correct third digit.
At this time, the second number in the combination is still not accurately established, but the variants should be reduced to just 8. Trying each of them leads to unlocking Master Lock.
The hacker published a video with thorough explanations for each step of the cracking process. He also says that he created a tool that can carry out the entire process automatically.
