Last month I had the disappointing surprise of finding a lock on my bike. I forgot I put it (it's been years since I last used it). And it's not a key lock.. so I'm screwed. Not willing to cut the cable.. I decided to brute force it. 999 space is fun. Luckily you quickly find similar tips than the alignment one to speed up the process. And since it's not a full rotary lock, I could also "DDR" the tests by testing when going from 0 to 9 then from 9 to 0. 5 minutes later and 800 attempts I was lifting my bike like a king. Until I realize the rear tire was dead. TL;DR; do not succomb to the seductive power of cryptanalysis.. check rubber first !
It probably would have been faster to apply tension to the lock, and then rotate the rows of digits until you find the "binder" (the one that the lock is resting on under tension).
Once you have found the binder, rotate it until you feel the lock open slightly and the digit ring falls into the gate. The digit ring will move freely for about 1.5 digits until it starts to seize again.
Repeat until you've found all the digits. I've done this one a number of occasions to help friends unlock their bikes, or to troll them by changing the combination on their bike.
tl;dr: combination locks suck. Don't use them, ever.
you're never sure you isolated the empty slot, so you assume so, go deeper, then backtrack when you reached the leaf of that exploration tree. Also, the double scan thing made it quick enough to avoid trying to probe too long for the right slot, hence the hybrid solution.
On average it would take around 500 guesses. One would have expected that with your "method" you could have reduced this by an order of magnitude (i.e. not 800) at least. Otherwise you're really just wasting time with additional steps for each trial.
When I was 10, I found a rotary bicycle lock + connected chain, locked alone to a post in a park. Having read up on locks even then (god knows how), I tried the method of "pull on it and spin the dials".
About 30 seconds later, it was unlocked.
I used that lock for about 10 years, until I went to University, where the thieves were a bit smarter.
Just a note that the lock you found may have not been abandoned.
Many bike posts in my university's undercover bike shed often had several locks without a bike in sight. It turned out many people leaving bike locks on posts they often use (it doesn't take up much space or prevent someone from using the post).
It saves those cyclists the hassle of carrying the the lock with them (only the key), which is particularly an issue with those very heavy bike U-locks and D-locks.
Agreed. I have a lock on the work bike lockers I use. Everyone seems to do this. Means you can have a very hefty lock but not carry it. Speaking of we moved buildings I need to snag it.
At university, I had someone accidentally lock their bike to mine with one of those. So I just unlocked and relocked it, using a similar process. (There was a lot of play in the wheels - it was a fairly cheap one.)
My cherished (and uber low grade) bike was stolen in Paris. The robber didn't bother to find the code, they ripped that tiny cable apart. They were nice enough to leave the bits in a McDonald's bag where the bike was attached (and of course, the McDonald's was just in front of me). Anyway I know have a 2kg keylock chain on my new bike.
After taking assembler my freshman year (1970's) i wrote the combination lock code in the octal representation of 1-9. I wrote it on the bottom if the storage unit rented to?store furniture between terms..
When i returned to unlock it, the numbers were faded and unreadbale.
lol. Funny someone suggested to engrave similar encoding into the frame.
And since I was eyeing on CNC milling machines .. that might be a nice project. I am thinking about stealing the correction scheme used on CD to be scratch resistant.
For 1000 possible combinations, wouldn't you expect to have to try ~500 combinations on average to find solutions? Since you found it in 800 attempts, this suggests that whatever method you used may have actually made your odds of success worst.
You can "expect" but if you only have one lock to unlock, it can be anything from 1 to 1000 attempts.
If you had 1000 locks, you can expect that the average would be 500 (if the numbers were truly random), but it still means that you might need one try for some locks, and 999 tries for some other lock.
It's a cool robot, but auto-dialers are a known tool in safecracking.
Additionally, the safe in question seems to be a SentrySafe SF082CS, which caries NO security rating from UL. The lowest test rating, RSC, only requires the safe survive a 5 minute attack with hand tools.
there's a little more to this than autodialing; dialing the entire keyspace would have taken several days. presenter used some manufacturing defects to narrow the keyspace into something that could be cracked in 45 minutes.
Depends on where you are. UL ratings are used in north america. There are similar EU ratings that I dont recall of hand. TL ratings are for theft/entry resistance. There are other modifiers for fire, water, chemical, etc resistance. Unrated "safes", and even some that are said to be rated, are junk. In NA you want to get in touch with a local safe dealer/specialist. Most of their business is commercial, and they are not the same as a locks ith or "security" company. Moving and installing a safe is a specialist job by itself.
As a sibling commented RSCs are the lowest level and appropriate for home use of low level valuables. Expect $500-1000 and up. TL rated products are almoat always geared towards commercial use. When I was looking a local safe company had a korean made TL-15 with 1 hr fire resistance for about $2500. This was a very bare bones commercial demo/returned unit about 2'x3'x5' interior.
All safes and RSCs must be anchored to the structure on 2 or more sides to be effective. RSCs or "gun safes" will simply be pulled/cut out of the structure if not anchored. TL safes will be knocked over and attacked at the door or floor.
That video was much dirtier and louder than I expected. Lots of brute force still involved. Not quite the domain of out of shape hackers. But I guess that's why we build robots.
A group of Italians went to Belgium's diamond district and bypassed an very expensive vault door. The best part was using an aerosol can of hair spray attached to a broom to defeat the top of the line motion sensors.
Edit: Can anyone explain why it's a 30 minute test for UL 30x6?
30x6 means 30 min on all 6 sides. Normally safes are installed bolted to concrete and sometimes positioned in a building so only the front or possibly sides are easily accessible to attack, so often the door is far more attack resistant than the rest of the safe. This saves money and mass.
Not at all! If you're renting in a high-rise building, the floors will be concrete below the laminate or hardwood. A good safe will have either 4 holes or 1 center hole in the base to allow you to anchor it to the floor. Use a concrete drill bit to drill a hole in your apartment floor in a discreet area, like in a closet or laundry room. If you can borrow a hammer drill it'll be faster, but even an ordinary drill will work, though slower. Make sure you buy a concrete drill bit.
Then attach the safe using concrete screws and anchors. You can use either a self-tapping concrete screw or, better, put the correct size expanding sleeve into the hole first[1]. Even with a single concrete anchor/screw, the safe will be 100 times more difficult to steal. I've seen expensive TL-15 safes ($5000+) with only one center hole in the base, so I assume the manufacturer thought that was sufficient (if properly anchored).
Before you place the safe, put down a sheet of plastic or a very thin patch of carpet to protect the laminate or hardwood floor. Cut holes in the plastic sheet or carpet for the concrete screws.
When you move out of your rented apartment, fill the holes with putty matching the color of the laminate or hardwood floor. If you make a small effort at patching up, the holes will be invisible.
One more piece of advice: The drilling won't take long, but it'll be very loud. If you have a nosy landlord or superintendent, do the drilling when he's not around. A superintendent, for example, is unlikely to work on a Saturday or Sunday.
Also, cover the safe with a sheet or blanket, so if someone casually looks in your closet or laundry room, the safe won't be noticed.
As sibling point out all is not lost. In a wood framed structure put lag bolts in to studs or beams. It doesnt have to be perfect. Your primary goal is to prevent a strong man, or someone with straps/handtruck, from literally walking off with the goods. The goal of a safe is to simply delay the attacker until an active response arrives.
Edit: in an appartment building check your floor loading. A little jewelry/document safe is probably fine. Big get very heavy very quick on a relatively small surface area.
I have a friend who had a 40+ inch rear projection TV(not a modern LCD/plasma but one of those much larger ones), a couple of very large wood cabinet speakers(probably at least 3.5-4x1x1 feet) and a small mini fridge(still filled with food) all stolen, during daytime hours, from a 20-25 unit multi-story apartment.
Anecdotal I know, but I wouldn't assume most people are terribly attentive.
Funny you say that since it turned out from surveillance footage from another building that the burglars where dressed as movers and loaded all the items into a small moving van that was double parked.
Forget about stealing safes from apartments, I wouldn't be shocked if you could rob an actual bank vault by dressing as a construction crew.
University I went to had this happen in the summer. Showed up in coveralls and had a paper for the RA to sign. Cleared out all the furniture and appliances. Told the RA that the new stuff was a bit late but would be there in an hour. They were not caught but I question the target’s value.
Would fast and heavy internal gyros be a feasible alternative to bolting? I'm thinking that if the safe cannot be reoriented across all three axis, it'll be very hard to move.
Serious safes are in the neighborhood of $5-10,000 and weigh 2-4,000+ lbs. proper concrete anchors are maybe $100 and another 1-2hrs of installation time. Thats a hard roi to beat.
It depends on the type of safe. I'm not a locksmith, but I have researched this, and this is how I understand it.
There are "security" safes (aka "burglar" safes), and "fireproof" safes. A security safe should be bolted to the floor, to stop the bad guys ripping it out. It comes with pre-drilled holes for that purpose. However, a fireproof safe should not have any thru-wall holes, since a fireproof safe must protect against the deluge of water that will occur when the fire is put out. Thus, fireproof safes are often glued instead of bolted.
Some time ago, a relative showed me his new safe. It didn't have any pre-drilled holes, so he drilled some in, so he could bolt it to the floor. I chose not to tell him the following: (1) The fact that he could drill any holes in the safe, using his trusty Black & Decker drill, showed that it was a fireproof safe - not a security safe; and (2), drilling those holes destroyed its value as a fireproof safe!
In summary, you need to decide what's most important - theft protection, or fire protection. Those are different types of safes. The problem is they look identical to the untrained eye.
But for his own sake wouldn't it be better you told him so that he can either get a burglar proof safe if that's what he wants or get a new fireproof safe that he then doesn't destroy by drilling through it?
I know that a lot of people don't appreciate advice though, but still if this relative respects you they should listen.
> wouldn't it be better you told [your relative] so that he can either get a burglar proof safe if that's what he wants or get a new fireproof safe that he then doesn't destroy by drilling through it?
Fair comment. But I guessed that all he wanted was something that would stop a burglar from bashing it open in 5 minutes. It's probably fine for that purpose. But I might say something to him next time.
I'm far from an expert, but the common ratings to look for are UL RSC, TL-15, or TL-30 depending on what level of protection you want. The ratings are expensive, so generally vendors show them off prominently.
Not bolting it down does make it much easier to steal. A small safe like this can be carried off pretty easily. Even with a large safe, being able to move it can make it easier to use a pry-bar or to cut through a side-panel.
I have a friend who cleans up around the Bay. It's fairly common for him to find a safe that's been opened and then discarded as trash. (You'd be surprised at what floats).
So yeah, if your safe isn't bolted down, a burglar will probably just take it with them.
I have seen safes which you put a number of weights in the bottom, then you move the safe and door separate which both weigh a lot each. The hope is that once assembled and weighted it can't be moved easily. But...clever fools and all...so nothing is perfect and more layers of protection cost more money.
> The hope is that once assembled and weighted it can't be moved easily.
It's amazing how heavy a burglar safe is - even a small one. I have one just big enough to store some documents, spare phone, keys, and some cash. But it took two guys and a trolley to get it up the stairs to my apartment. Even if a burglar could rip it out of the floor, and push it down the stairs, I doubt that they could lift it up into their car or whatever.
I love this frank response from the safe manufacturer:
'... speaking to Wired magazine earlier this month, when the team demonstrated its method on a smaller safe, a spokeswoman for the safe maker said: "In this environment, the product accomplished what it was designed to do."'
It is designed to trick people into building robots to open it? :-)
More seriously though, I consulted a friend and neighbor when buying a safe for my home. This person who owns a locksmith shop and is a registered locksmith (and has been for > 20 years) asked me to look up the median response time of the police to my address. Since I live near the police station it was fairly small. He said you only need a safe that can last 15 - 20 minutes and you will need to anchor it so that it can't be easily yanked out of your house. Any professional thief will skip it and it may keep an amateur working on it long enough for the police to arrive and arrest them in the act.
You bought a TL-15 safe for your home? Where did you place it? Even the smaller TL-15 safes weigh hundreds of pounds and require some logistics to place. They are very impractical for most apartment dweller types, or even some high-density, old-construction flats because of their weight.
> Even the smaller TL-15 safes weigh hundreds of pounds
I've seen a TL-15 safe that came as 6 separate modular pieces (i.e., 5 walls and the door each weighing about 100-150 pounds) that you bolted together, internally, with about 50-60 heavy bolts. It was specifically intended for condos, high rise offices, etc., so you could easily transport each piece on a hand cart or dolly, then assemble in place. It was a beautiful design, but no longer manufactured as far as I can tell.
Yes I did. It did not weigh hundreds of pounds. Its location was constrained a bit by where it could be secured to the structure but not unreasonably so. And it wasn't like I've got paintings or something in it, just stuff that if the house burned down I'd want to have survive and a few things I'd rather other folks not have (like passports).
That is correct, and something to specify when buying a safe. In our case I was actually replacing a fire safe that my wife had bought at CostCo so fire resistance was a 'must have' feature. It has has our critical documents in it and a key to the safe deposit box where actually valuable but not something you might need to get out at home stuff is kept.
This seems to be an exhaustive-search combination lock solver. Someone else has built one that not only manipulates the lock, but uses a contact microphone to listen to it. But I can't find the reference.
A key element of this is it's ability to limit the amount of possible combinations from 1 million to about 1000 due to small flaws in the dials. A contact microphone might be able to even further reduce this search space in combination with the existing exploits.
There are Sergeant and Greenleaf locks with a half-digit tolerance, so you have to get the number exactly right. They're not popular, because they're such a pain to use.
There is a big difference between 0.55digit tolerance (might be able to try two numbers at once with enough mechanical precision to the solver) and 0.45digit tolerance.
Aren't there a whole bunch of videos on YouTube of kids opening these with not much more than a length of steel wire and primitive hand tools? You decidedly do not want a safe that's not UL listed.
Think of this as version 1.0 of the robot, though.
Unlike hand tools, the improvement curve of such robots will be interesting to watch over time. [Edit: especially to the extent that the improvement is partly in the innovative hands of the hacker / maker community as opposed to just a few commercial companies as with existing "speed dialers."]
The point is that this approach is general and scales to tougher safes, since they too must open to the correct combination, whereas the hand tools and steel wire approach doesn't scale up.
A typical front door lock is considerably easier to defeat than the mechanism on one of these safes. Many can be opened in seconds with a bump key or other pick tools.
No kidding! I recently picked up lock picking as a hobby, and it really makes me realize just how insecure most locks really are. I'm a total beginner and I'm able to pick some locks in seconds.
Most regular houses I've lived in (in Australia) could be trivially and discretely broken in to with a jemmy bar (crowbar).
My neighbour had his two jet skis stolen from his carport on a weekday, they were chained to a post.
The auto shop across from my work had their delivery ute stolen from inside the building while six staff were an open door way away.
I caught someone sitting in my car trying to start it with a screwdriver. I nearly asked him if he wanted me to show him how it's done.
I keep telling my partner not to leave her laptops and cashbox visible from the windows and to lock the front door when she's in the bathroom or backyard.
People I thought were my friends have stolen from me.
Unless you have something worth protecting and the budget to protect it... Security is a hopeless mess.
That encouraged me to take a peek, turns out Launceston was the the worst place in Tasmania for home burglary in 2014/15[1], but still not as bad as other areas around the country.
The people that presented this on stage are from SparkFun, you can likely buy all the bit from them. Most of the robot parts look like it is from the Acrobatics line that they cary:
Gotta love this attitude, which is widely shared by Bay Area media and law enforcement.
- "You shouldn't have parked there. "
- "You shouldn't have left anything visible in your vehicle."
- "You shouldn't have left anything invisible in the trunk, either."
As for "key right next to house" how else do you propose letting agents show your property to prospective buyers or tenants?
In SF, property crimes don't matter. I once had a road rager shoot at me and blow a window out in my car. SFPD response? "We can't find the round (bullet), so we'll just give you a case number (and no further investigation)."
> As for "key right next to house" how else do you propose letting agents show your property to prospective buyers or tenants?
Give the letting agent a key to hold on to? Use an electronic keypad lock? Perhaps in your specific situation those are not feasible, but it’s not like there aren’t alternatives.
Bear in mind that local governments view property crime as a form of economic stimulus.
You'll be spending money to replace the stolen items, presumably some of that locally, and on repairs, presumably all locally. Meanwhile, whatever money the criminals get back in selling the stolen items (and subsequent profits by their fences) will also presumably be spent locally.
I mildly subscribe to this believe too, however it's more likely the police in (highly populated?) areas don't have the time / budget to thoroughly investigate everything.
Properly crime + little evidence = contact you're insurer thanks have a nice day.
I bet pretty much every thief leaves fingerprints now; police haven't taken prints for pure property crimes in years. (In contrast, SJPD did take prints for a car break-in in 1986).
Every week, you hear of a neighborhood getting hit by a gang, with 30+ vehicles affected -- total losses well into the felony range.
A gang could be shut down in a month if bait cars with GPS-tracked bags were used. Same with front-porch package thefts (always rampant).
It is the policy of San Francisco to annoy and harass car owners into switching to bicycling and public transit. Why would the city undermine its own policy goals by going after people who help deter driving and car ownership? It would make more sense to pay the people who smash car windows than it would to lock them up.
What do you expect them to do? It wasn't someone you know, it wasn't someone who has a personal motive to kill you, and they don't have any way of determining the owner of the gun.
Would you want to bother investing the case where someone in SF shot at a car and no-one was injured.
Also, give the agent a key and/or get a key box with a pass code and give that to the agent. There really is no excuse to hide a key on the property these days.
