I'm very curious about how some auto-dialers (devices which automatically bruteforce the safe's rotary code entering mechanism) make use of audio, to apparently look for specific sounds relating to the locking mechanism.
The device shown isn't quite a brute-force attack; it exploits a side channel. Back in the 1980s there was a device called the ITL-1000 that took a couple of days to dial combinations in sequence, with the only feedback it received being whether the lock opened.
Refer to the picture at http://www.sargentandgreenleaf.com/MC-6730.php , which shows a typical combination lock with the combination dialed (as you can tell by the position of the lever; if the correct combination weren't dialed, the lever would be held up by one or more of the aluminum wheels). When the lever is held up, the drive cam (brass thing closest to the camera that's normally attached to the dial) can rotate freely, with the nose of the lever dipping just slightly into the notch in the edge of the drive cam.
When the lever is so held up, one of the wheels does the holding because manufactured things are never quite straight. If that wheel gets set to the correct position, another wheel holds the lever up slightly less, and the nose of the lever hits the sloping edge of the notch in the brass drive cam at a slightly different position. One can graph the location of the "contact point" as each wheel is turned and work out the combination.
Don't the wheels spin in a sequence, from the outermost to the innermost? In that case, couldn't you vary their widths, so the lever is only held up by the widest (and last) wheel?
For instance:
http://blockyourid.com/~gbpprorg/mil/lock/softdrill/
http://blockyourid.com/~gbpprorg/mil/lock/softdrill/SOFTCAP1...
You can apparently get microphones specifically designed for safe cracking too:
http://www.keyprint.co.uk/store_detail.asp?stkcode=LS-LKM103...