What do we do when we lose the combination for a closed safe? Even if you’re okay with ruining the safe, cutting it open is really difficult and especially hard to do without destroying the contents — otherwise, the safe wouldn’t be very useful. Charles McNall’s solution was to build this device that automatically brute-forces safe combinations and it looks like something from a Hollywood movie.
In the context of cracking, a “brute force” attack is the least sophisticated method. Instead of trying to find a password, for example, by exploiting some vulnerability in a system, you simply try every possible password until you get it right. If that password is absurdly simple, that can be fast — a single-digit numerical password would only require a maximum of 10 guesses. But that increases exponentially with each additional digit and each possible character. Even a basic eight-digit password with only alphanumeric characters will have hundreds of trillions of potential permutations.
Because there are so many combinations to try, brute-forcing requires a lot of time and the ability to check each option quickly. Meaning, it is usually only practical on a computer.
McNall, however, found that it is feasible for a combination lock, too.
A typical safe combination consists of three numbers, each between 0 and 100. So, in theory, there are a million possible combinations. If you could test one every 3 seconds, you could try every combination in just over a month.
But in practice, there are many tricks that can help to cut that down dramatically. Most of those tricks depend on knowledge about the safe model and its mechanisms. For example, a model may not use numbers in a specific portion of the 0-1000 range. You may also be able to find the first digit or two by feel.
McNall took advantage of those to speed things up, but the autodialer could do it all if it has enough time. The electronic hardware consists of an Arduino Uno R3 development board, a stepper motor, an OLED screen, and a few buttons. The sketch tells the stepper motor to rotate back and forth, trying all of the combinations within the set parameters.
The autodialer attaches to the safe with magnetic feet and it features a magnetic clutch, so it stops rotating the dial when it finds the right combination. With some tension on the handle, the lock will slip when the dial goes through the right combination. When that happens, the dial becomes hard to rotate and the magnetic clutch will fail to overcome the torque.
McNall demonstrated the process on an old safe, so be sure to watch that. He also plans to live stream a cracking attempt on a particularly interesting safe soon.