Hello everyone!! This is my first instructable and I hope you like it.( please comment) In this instructable I will share how to crack a masterlock padlock in 100 tries or less.( Helpful if you lost your combination)FACT: most master\lock padlocks have around 64,000 possible combinations.ANOTHER FACT: this instructable ( if done properly) will turn 64,000 into 100.so go to step 1 and let's get started.
How To Crack A 4 Dial Combination 13
To find your third number reset the lock by turning the dial around a few times. Then start at 0 and turn to 3. after that pull the clamp up as hard as you can and move the dial left and right very little. Find a spot after zero and between 5 or 10 that the dial seems to be stuck. take the 2 numbers they stop on and get the middle number. For example the dial stops on 2 and 3. your number would be 2.5 or if you numbers were 2.5 and 3.5 your number would be 3. write these down. Not the ones I gave you but the ones you get. Repeat this around the dial until you get 12 different numbers. You have to get twelve or it wont work. example list2.569.5131619.522.52622.52629.532.53649.5now that you have 14 numbers take away the ones that have decimal points.and according to this listnow you should only have 6, 13, 16, 26, 36.If you did it right you should have noticed that those 5 numbers have 4 numbers that have the same last digit take those away. with this list I am left with 13.that is my third number.
you just do the same thing but you need to change the starting number.you do this by changing your remainder.if your remainder is 0 change it to 2 1=3 2=0 3=1in my example though you would change it to three since the remainder is 1.so here are the possible numbers using my example 3,7,11,15,19,23,27,31,35,and 39next step will tell you how to find the combinations.
now make a list1st number= 1,5,9,13,17,21,25,29,33,or 372nd number=3,7,11,15,19,23,27,31,35,or 393rd number= 13 NOW MAKE THE DIFFERENT COMBINATIONSi will give two example combinations per 1st number,1,3,13; 1,7,13;5,3,13; 5,7,13;9,3,13; 9,7,13;13,3,13; 13,7,13;17,3,13; 17,7,13;21,3,13; 21,7,13;25,3,13; 25,7,13;29,3,13; 29,7,13;33,3,13; 33,7,13;37,3,13; 37,7,13; Congratulations if you made this far then you just took 64,000 combination possibilities and reduced it to 100. Try all possible combinations crossing them off if they are wrong until you get the right right combination.
If you don't know the combination to a Master Lock[1]XResearch source combination lock, you have a few options. If your lock is attached to something, you can break the lock, call a locksmith or use a shim. However, these options could put a dent in your wallet. Sometimes, your cheapest option is to figure out the combination.
I have a strong feeling that there is no functional difference between the two, but I am encouraged to set a best practice. So, assuming that the lock has a random combination and is practically unbreakable without entering the correct combination, which approach is more secure?
It is also conceivable that if you were able to check the state of the dials when locked on enough different occasions then you could narrow down the likely combination if it is being reset in a similar manner each time.
In practice this is probably a bit far fetched and anything with a combination lock probably has larger concerns eg the combination being known by too many people or the fact that any number between 1950 and 2018 plus the birth years of moderately famous people is probably a fairly good guess.
Having said that there may be operational advantages in having combinations set to zero as it gives a clear unambiguous guideline and it is easy to visually check that the lock is secure without the person doing the checking needing to know the combination, especially if actually physically checking that the lock is closed is problematic eg opening it sets off an alarm. You could also argue that adding the extra step of zeroing creates more of a routine and so makes it less likely that people will forget to set the lock at all, although this is admittedly debatable.
You should also be aware that some types of combination dial lock are very trivial to pick as you can often feel when each dial engages by quickly cycling through each dial or by probing from the outside. Equally a 4 dial lock only has 10,000 (10^4) possible combinations and you can often systematically go through combinations very quickly.
"Mashing around the dials" is a little vague, but I would guess based on my own behavior that people would tend to move most or all of the dials at once, which would create a strong correlation between the current combination and the lock combination. For instance, if the lock combination is 1234, someone might change it to 5678 (probably not exactly, but close enough that an attacker could prioritize the combinations they try).
Humans also have a tendency to think some things seem more secure when they actually weaken security. Someone may try to set it to a combination that seems "further" from the lock combination, such as changing 1234 to 6578 instead of 2142 because 2142 is too "close" to the lock combination. This could allow an attacker to prioritize the order they attempt combinations. Specifying a constant value to set it to avoids such issues.
What the dial sits on thus has nearly zero relevance to its defensive capabilities. As a result, you'll need other defensive mechanisms to achieve your security goals if they include anything beyond the psychological influence. Surveillance (video or in person) would give you tamper evidence much more reliably if that's what you need; if that's not viable, there are other means of achieving it. Other means of protection are required if your intention is to protect it from determined attackers.
Zero it out. Maybe more work, but you don't run the risks of rotating too little or rotating the same amount for multiple dials. An attacker would have very little to go on in either case, though... Most people wouldn't consider this. Actual real-world security between the two is probably about equal. They would just have nothing extra to go on if you zero it out, and it's good to form a habit like that.
If you are looking for a statistical answer, then "spinning" the dials a specific number of times randomly forward and backward. (I don't have the count as that would be a calculation I don't have with me. It's like a required number of shuffles in Vegas to be considered random.)
If you're looking at this from a security perspective, then set it to a specific number is the better answer (where 0000 could be that specific number). The reason its a better answer has been touched on in other posts, but in summary, it requires the person locking the lock to "think" to ensure it's been dialed. It provides no statistical information over time to guess movements. It allows for periodic "discovery" of tampering (if even to move the numbers around). If the number you set is 0000, the tampering part will have a potentially lower effectiveness as someone playing with it will probably remember to turn it back to 0000.
Unfortunately all of this overall is somewhat moot if the person trying to open the lock knows what they are doing. These 4 digit combo locks like the one pictured typically can be opened in under 30 seconds by someone who has experience with them. If they have a thin shim, even faster... Just a typical example video of how this is done (with more exposed dials albeit) =ABKsUNitXqw or =jmhSSuCIdPI. Having worked at DefCon for several years, it's pretty amazing to sit for a few minutes in the lockpicking village and watch young adults pop these things quickly after less than 15 minutes of training.
To add an extra level of security, either use both directions equally for zeroing or always rotate all to a single direction, to leave equal amount of fingerprints. People tend to pick a number once and memorize it. The path from zero to (or near) the correct combination might get revealed in UV light.
I think that's even easier than guessing whether a non-zero combination shown is from blind spinning or hand picked: memorizing what has been already tried might take similar amount of time and effort than going through 0000-9999 in order. And once it's stolen, time and combination gets irrelevant: I'd concentrate on threats that could actualize while you turn your back, without knowing the secrets were compromized.
Assuming an attacker knows how you reset the lock by either zeroing, setting to any fixed value, or scrambling the digits, they should still keep zero knowledge of the correct combination and thus equal odds of matching a random combination.
Suppose you and the attacker share a set of locks of which both know the combination. Normally one would for example swipe the fingers "randomly" on the reels to make them point to a different number. Or move the reels in an order that the brain wants to keep.
This will result in a known plaintext attack of an increasing number of attempts (again, this is a theoretical answer) and will give additional information on the combination that the attacker should not have.
In a practical sense it really doesn't matter, trying to undo your blind scrambling is going to be harder than just wiggling the dials around and getting a feel for the lock. It's fairly easy to open a combination lock just from turning the dials and feeling how it reacts. Combination locks like these are only mild deterrent.
In theory, they are equally (in)secure.Were one of them more secure (e.g. blindly spinning the dials), then the attacker would know it as well and set the lock to "0000" to reduce the complexity, and vice versa. 2ff7e9595c