Master Lock combination padlocks have never really lived up to their name. For years, tinkerers have known about a trick that reduces the number of possible combinations from 64,000 down to just 100. With a bit of persistence, you could easily crack the code and open the lock in an hour or two — but now there’s an even quicker exploit.
Serial hacker and white-hat troublemaker Samy Kamkar has devised a new method that allows anyone to learn the lock’s combination in eight tries or less — and thanks to a handy online calculator, the entire process only takes about two minutes to carry out.
We won’t give you the full list of steps (for that, go here), but broadly speaking, the exploit involves pulling on the lock’s shackle and spinning the combination dial until you feel resistance. Every lock will have three resistance points between the numbers 0 and 11, which will cause the dial to lock up and stop spinning freely. With a little bit of math, these numbers can reveal the numbers in the lock’s combination. Check out the video to get the full explanation:
So how’d Kamkar figure this out? Well according to an interview with Ars Technica, he started with the well known vulnerability that allows Master Lock combo locks to be cracked in 100 or fewer tries. Then, to learn more, he physically broke open a lock and observed its innards. With the locking mechanism exposed, he noticed that the resistance he felt was caused by two lock parts that touched in a way that revealed important clues about the combination. Kamkar also discovered that the first and third digits of the combination, when divided by four, always return the same remainder. With these insights, he was able to build a program that crunches the numbers for you and spits out eight possible combinations.
Apparently the exploit works for a wide range of different Master Lock brand combination locks, so you should probably rethink your gym locker situation sometime soon.
- Destructive hacking group REvil could be back from the dead
- Researchers say your GPU could expose private info online
- Apple paid a student $100,000 for successfully hacking a Mac
- This all-in-one smart door boasts built-in Ring and Yale gadgets
- Samsung’s Odyssey Neo G8 monitor has highest refresh rate of any 4K display