Super great, somewhat related episode of 99% Invisible about "Perfect Security".
posted by lattiboy at 8:35 PM on April 28, 2015 [9 favorites]

My hapless seventh grade self begs to differ.
posted by bleep at 8:35 PM on April 28, 2015 [19 favorites]

Handy if you don't have any shims on you.
posted by ryanrs at 8:36 PM on April 28, 2015 [2 favorites]

Richard Feynman would be proud
posted by chiefjoe at 8:37 PM on April 28, 2015 [9 favorites]

We were doing this with an app on the TI-83 calculator literally 15 years ago. Is there something new here?

Citation please? How did you get the app? What did you do with it?
posted by OwlBoy at 8:43 PM on April 28, 2015 [4 favorites]

What, this is news? I was doing this to get into my chemistry classmates' lockers back in '93. It is not hard to figure out.
posted by Mars Saxman at 8:47 PM on April 28, 2015 [3 favorites]

Yeah we did this in highschool too. I graduated in 1988.
posted by sauril at 8:48 PM on April 28, 2015 [1 favorite]

Phrack Volume One, Issue One, Phile 6 of 8: How to Pick Master Locks by Gin Fizz & Ninja NYC. Published online November 17, 1985.

Phrack Volume One, Issue Five, Phile #10 of 12: Phrack World News Issue 4 Part 1 by Knight Lightning. Published online April 18, 1986.

Dear Mr. King,

This law firm is counsel to Master Lock Company. Our client has recently
been alerted to the dissemination through a Bulletin Board Computer Service
located at your address of information potentially damaging to its commercial
interests and business relationships. More particularly, we refer to the
publication by such computer service of instructions for picking combination
locks manufactured by Master Lock Company.

We write to notify you of Master Lock Company's concern about the computer
service's actions and the seriousness with which it regards those actions.
Master Lock Company has every intention of preserving and protecting the
reputation and goodwill associated with its products and, if necessary, will
take every legal recourse available to it to do so.

Under the present circumstances, however, our client would first like to
give you the opportunity to take measures to prevent activities that it can
only view as malicious both toward itself and toward its customers. We
therefore request that you see to the immediate and permanent cessation of the
actions described above. Your compliance with this request is all that is
required for an amicable resolution of this matter.

Your cooperation will be much appreciated.

Very truly yours,

Terrence J. Farrell

posted by scalefree at 8:48 PM on April 28, 2015 [19 favorites]

This is news? I built a difference engine specifically to calculate this, back in 1873.
posted by TheWhiteSkull at 8:48 PM on April 28, 2015 [117 favorites]

Yep. Knew this in junior high, c. '93-95
posted by Sys Rq at 8:49 PM on April 28, 2015

The method to reduce the solution space down into 100 combinations was well known in my crowd in the early 90's.
posted by peeedro at 8:49 PM on April 28, 2015

Ug break lock year of sky fire. Where Ug parade.
posted by the uncomplicated soups of my childhood at 8:52 PM on April 28, 2015 [127 favorites]

TFA does indeed note that the method to reduce the combination down to 100 possibilities has long been known.

Perhaps the only new thing on display here is narrowing the last combination down to further reduce the possibilities.


Yes. This is the point. Many people would consider reducing the number of combinations to try by 92% to be fairly significant. That this is accomplished with a grunt simple web app is also noteworthy.
posted by DirtyOldTown at 8:56 PM on April 28, 2015 [10 favorites]

Master fixed the problem that the 80s-era Phrack method exploited, so that one doesn't work any more (I tried every lock I could find in the early 90s with that method to no avail).

Here's a quote from Samy on the Ars comment board on how this improves over the 90s-era 100 combination method:

There are several reductions at play that combine together here -- in the original 100 method, you must prep by producing 12 numbers, where in this attack you only produce 3, and the original attack provides the 3rd number reducing the 1st to 10 possibilities, while this attack *gives* you the 1st number *and* reduces the last to two digits instead of 10, while also reducing the middle digit even further (the original attack reduces middle to 10, while this reduces middle to 8).

posted by zsazsa at 8:59 PM on April 28, 2015 [4 favorites]

Just tried it with a Sphero lock (a Master brand, but not the classic silver-with-black-dial type). Didn't work.
posted by Halloween Jack at 9:04 PM on April 28, 2015

All your dirty gym socks will soon be mine. All MINE! Bwahahahahaha!!!
posted by sexyrobot at 9:14 PM on April 28, 2015 [10 favorites]

No comment.
posted by clavdivs at 9:21 PM on April 28, 2015 [3 favorites]

I just searched around on TICalc.org and there are a ton of Master Lock cracking programs. They all seem to use the 100 combinations method (find last number, get 10 possibilities for 1st and 2nd number). A few of the readme files say they only work with locks made after 1990, which is probably when they fixed the Phrack exploit.
posted by zsazsa at 9:21 PM on April 28, 2015

Sphero has a plastic...no comment
posted by clavdivs at 9:22 PM on April 28, 2015

Agh, that's annoying.
"In the next video I'll drill open a combo lock..."
[inset of not-a-drill not-drilling]
posted by ctmf at 9:24 PM on April 28, 2015

You can also crack a masterlock by hitting it with a hammer or perhaps some sort of other heavy object that you have on you. They are not that strong.
posted by Ferreous at 9:27 PM on April 28, 2015 [5 favorites]

I remember the old master locks with the zig-zag keyhole. When I was a kid a friend's shop-geek older brother showed us how to easily create a universal key that opened all of them, simply by taking the key from any one and filing it down in a particular way. We both carried our own Master "master" keys after that just for the hell of it. We never stole anything but if we encountered anything secured by one we would occasionally unlock it, do some mysterious rearranging and then lock it up again just to fuck with them.
posted by George_Spiggott at 9:35 PM on April 28, 2015 [5 favorites]

In my school kids would just kick the locks till they popped open. Low tech and fast.
posted by I-baLL at 9:36 PM on April 28, 2015

Master lock opened with a cat food can lid. (u-toob)

Master lock with a moisture drainage hole (AKA pilot-hole) aligned with critical internal part. (u-toob)

"A key that can open many locks is a master key. A lock that can be opened by many keys is a Master lock."
posted by Jack Karaoke at 9:38 PM on April 28, 2015 [23 favorites]

[Incoming slime mold pheromone packet]
[Olfactory decoding]
MASTER LOCK CRAWLED INTO AFTER 8 GYRATIONS NO GLUCOSE FOUND
[Olfactory circuit shutdown]
posted by benzenedream at 9:39 PM on April 28, 2015 [13 favorites]

I was cracking locks when the earth was without form, and void; and darkness was upon the face of the deep. And my hacks moved upon the face of the waters.
posted by turbid dahlia at 9:46 PM on April 28, 2015 [41 favorites]

Elder Ye told me once of the Before Times, when men flew on wings of steel and the stone towers of Ka-Go and Nor-Yor were alive with magical fire that never burned. It has been many centuries since man tilled his fields with servants of rubber and iron, countless generations of suffering and remembrance. Our people are few now, but we are proud. We are the last upholders of the greatest tradition of the Before Times. Where others have slid into cannibalism and barbary, we alone continue to pick the locks of mastery. You are a man now. Here is your calculator. The burden is heavy, but it is a burden of ancient pride.
posted by No-sword at 10:00 PM on April 28, 2015 [40 favorites]

What a bunch of posers. Wait until you see what locks I cracked in the past six years from now.
posted by maxwelton at 10:48 PM on April 28, 2015 [3 favorites]

What's with the calculators? I could open any Masterlock simply by feel. Given this was high school, in the late 80s.
posted by MarvinTheCat at 10:53 PM on April 28, 2015 [3 favorites]

Achievement, unlocked!
posted by From Bklyn at 10:53 PM on April 28, 2015 [4 favorites]

man all of you guys think you're smart and not one of you thought to just buy bolt cutters.
posted by kagredon at 11:49 PM on April 28, 2015 [18 favorites]

So many daring teen heists being fondly remembered.
posted by colie at 12:01 AM on April 29, 2015 [1 favorite]

We used these in middle school. There were a couple of lazy kids who wouldn't spin the combination after using them. I could get into those easy.
posted by Ray Walston, Luck Dragon at 12:14 AM on April 29, 2015

I just bought two Master combination locks (I need to secure a small trailer full of equipment but give access to a dozen people). Fortunately (I hope) I went for a different type. Does anyone know whether these are similarly easy to solve?
posted by pipeski at 12:41 AM on April 29, 2015

Some nifty espionage equipment from the same dude. Can be made from as little as 5-10 bux worth of little 'Maker' electronics boards.
posted by mcrandello at 12:56 AM on April 29, 2015

I use one of these at the gym. If somebody wants the keys to my super sweet '99 Escort ZX2, they are welcome to them but please take video when you drive the car off a cliff.
posted by fluffy battle kitten at 12:58 AM on April 29, 2015 [11 favorites]

Here is a nice presentation on types of locks, how they work, and with some recommendations.
posted by DreamerFi at 2:04 AM on April 29, 2015 [4 favorites]

This is what is going to make Master locks relevant again.
posted by thelonius at 2:34 AM on April 29, 2015 [2 favorites]

Achievement, unlocked!

Unlock Achieved!
posted by EndsOfInvention at 3:00 AM on April 29, 2015 [4 favorites]

The Feynman reference is apt. Old-school hacking, in the sense of wanting to pull stuff apart and make it do really neat stuff, has been drawn to lock-picking since forever, and it's the ur-greyhattery of the tradition. It was certainly well-documented on the very early Internet; I can remember demonstrating this to someone where I worked in 1991, pulling up some Gopherage on a keyless lock and then using the information to break into a secure part of the workplace. (The effect was almost as gratifying as when someone asked me a few years later to "go on then, show me something really filthy on the Internet.". Well, they did ask...

I think it's not that this is old knowledge, but more that any knowledge is now everyone's knowledge.
posted by Devonian at 3:36 AM on April 29, 2015 [3 favorites]

My cousin Harry Soref is either very amused or rolling in his grave, take your pick.
posted by thomas j wise at 4:26 AM on April 29, 2015

Gym bags are a good size for a pair of bolt-cutters....

Just sayin'
posted by mikelieman at 4:31 AM on April 29, 2015

I had a Master Lock back in high school with a combination of 10-20-30. I loved it for ease of use. For some reason, the serial number on the back was "1234567".
posted by dobi at 4:37 AM on April 29, 2015 [2 favorites]

My Dad has a saying. "A lock can't stop a determined criminal from stealing something. It just keeps honest people honest."
posted by double block and bleed at 5:04 AM on April 29, 2015 [2 favorites]

I didn't know this trick; thanks! It will help immensely in my dreams where I'm back in high school and don't know where anything is. If I can just figure out hacks to make clothes materialize on my body and keep all my teeth in their sockets, I'll be all set.
posted by Metroid Baby at 5:06 AM on April 29, 2015 [4 favorites]

My daughter moves up to middle school next year and one of her anxieties is that she won't be adept at opening her locker. Nothing major, but I have been tasked with buying a combination lock she can practice on over the summer. I think I will show her this as well, just for redundancy.
posted by TedW at 5:08 AM on April 29, 2015 [1 favorite]

> go on then, show me something really filthy on the Internet.

I guess this was before the era when you could hardly go out there without getting goatse'd or tubgirl'd?
posted by jfuller at 5:12 AM on April 29, 2015

My daughter moves up to middle school next year and one of her anxieties is that she won't be adept at opening her locker. Nothing major, but I have been tasked with buying a combination lock she can practice on over the summer. I think I will show her this as well, just for redundancy.

My mother made me practice before I started sixth grade. She started law school never having used a combination lock and, I think, is still a bit upset at not having known how to work one, thirty odd years later. (Who knew law schools have lockers?)
posted by hoyland at 5:23 AM on April 29, 2015

Old news is old.
posted by Splunge at 5:54 AM on April 29, 2015

We were doing this with an app on the TI-83 calculator literally 15 years ago.
  I was doing this to get into my chemistry classmates' lockers back in '93.
    Yeah we did this in highschool too. I graduated in 1988.
      I built a difference engine specifically to calculate this, back in 1873.
        Ug break lock year of sky fire. Where Ug parade.
          I was cracking locks when the earth was without form, and void . . .
            Elder Ye told me once of the Before Times . . .


I taught Galan of Taa how to do this. You may know him as Galactus.

And where did I get the idea? Ironically, from a hapless fly. For you see, in the pre-Big-Bang Universe, the Hapless Fly (Musca Misellus) were sentient miserable little creatures. And so it came to pass that one day --one fateful day -- one buzzed into my ear -- mine and mine alone -- the secret that if you take a . . .
 
posted by Herodios at 6:08 AM on April 29, 2015 [1 favorite]

The Master Lock company was formed in 1921. Some of you are claiming to have opened Master Lock devices as long ago as (A) early human civilization, (B) primordial earth, or (C) prior to the formation of existence.

I'm not saying y'all are lying, but pics or it didn't happen.
posted by etc. at 6:28 AM on April 29, 2015 [3 favorites]

Achievement, unlocked!

I guess you are the Master of Master-Unlocking.
posted by The Bellman at 6:39 AM on April 29, 2015

"A lock can't stop a determined criminal from stealing something. It just keeps honest people honest."

I hate this saying, it suggests a bizarre world where the "honest" people are walking around all day thinking about stealing cars and bikes and hopping over subway transoms but each time, at the last minute, they're stopped by moderate security measures.

More accurate saying:

"A lock can stop a lazy criminal. Most criminals are lazy. Nothing can stop the non-lazy criminals."
posted by mmoncur at 6:41 AM on April 29, 2015 [7 favorites]

My dad used to say, "A lock can stop an honest person. But no math problem can stop a neckbeard with a CS degree and too much free time. Luckily, all they want is imaginary online reputation currency, and you don't have any of that behind your Master lock."

Of course, halfway through that Dragnet came on the radio and we stopped listening.
posted by stupidsexyFlanders at 7:10 AM on April 29, 2015 [9 favorites]

Good, this is much faster than following the proper procedures to receive a copy of your combination via official channels, where they won't help you if the lock is attached to anything. Pfft, like I care what my combination is if it's not attached to anything.

I remember seeing a Master Lock "keygen" floating around warez sites in the late 1990s, with two variations, one that was a single solution based on the first resistance point, and the then-newer locks had three options based on resistance points. Unfortunately, searching for such lore is harder as recent Ars Technica article and variations on the story are on the top of search results.
posted by filthy light thief at 7:26 AM on April 29, 2015

I hate this saying, it suggests a bizarre world where the "honest" people are walking around all day thinking about stealing cars and bikes and hopping over subway transoms but each time, at the last minute, they're stopped by moderate security measures.

There's no such thing as an honest person. There are people who have premeditated criminal acts, and there are others that do it as a crime of opportunity and impulse. The lock is to prevent the latter.

Think of it this way: a lot of folks wouldn't pickpocket, but they'd pocket a $20 bill that they just saw on the ground. There are a lot of people who'd never think of taking someone's wallet, but if they found a wallet, they might return it, minus the cash, justifying to themselves that it's their reward for doing a good thing, and the owner would have no way of knowing if the cash had been taken before the wallet was found.

Opportunity and temptation do occur every day. Putting even a minor barrier to make a crime require effort greater than zero goes quite far in removing that temptation.
posted by explosion at 7:55 AM on April 29, 2015 [3 favorites]

Good, this is much faster than following the proper procedures to receive a copy of your combination via official channels

What a pain; it seems as if they want to say they will give you the combination but don't really want to. Especially since most of their locks are less than $10 to replace and that can be done a lot quicker than 4-6 weeks.
posted by TedW at 8:26 AM on April 29, 2015

Have your Lost Combination Form notarized by a Notary Public to prove you are the owner of the lock. You can include up to 6 combinations on one notarized form.

Note for inmates at a correctional facility: In addition to the Lost Combination Form, you must submit your request on official prison facility letterhead. In lieu of notarization, the Lost Combination Form must be signed by a prison facility official.

Although I guess those guys have plenty of time to wait for their combination.
posted by TedW at 8:28 AM on April 29, 2015 [1 favorite]

Turns out!
posted by entropicamericana at 9:00 AM on April 29, 2015

These sorts of locks are total junk. You don't need to crack them or even bolt cutters. Usually you just need to whack them hard enough with the right blunt object and they pop right open on the first try. I could open most with my shoe in High School. A railroad spike also works quite nicely. Probably a hammer would work too.

If you really want to keep your socks safe, a key lock of this sort is the best tradeoff.
posted by jeffamaphone at 11:32 AM on April 29, 2015

Have your Lost Combination Form notarized by a Notary Public to prove you are the owner of the lock.

Um, what? That proves no such thing. The only thing the Notary Public does is to verify that the person signing the statement is who they say they are, right? That's completely orthogonal to whether the signed statement is truthful.
posted by DevilsAdvocate at 11:33 AM on April 29, 2015 [1 favorite]

"A lock can stop a lazy criminal. Most criminals are lazy. Nothing can stop the non-lazy criminals."

Or: you don't have to be unbreakable, just harder to break into than the next locker over.

This is kind of like an extension of that old two-guys-see-a-bear joke. One tightens his sneakers, the other says "you can't outrun a bear." and the first says "I just have to outrun you."

You just need to have something harder to crack than a master lock.
posted by ghostiger at 12:50 PM on April 29, 2015 [3 favorites]

of course, now that I've read this, I'll need to get a new lock for when I lock up my work laptop at the gym. Following that old axiom that security weaknesses don't exist until you've heard of them.
posted by ghostiger at 12:52 PM on April 29, 2015

I am about to disrupt locker rooms with Lockr. Features:

* Complete log of all openings and closings
* Optional sensors can reveal abuse and help administrators spot problems before they happen:
+ Metal detector can reveal hidden weapons
+ Force meter on door reveals slams (might we suggest our LockrFee software add-on to automatically send warnings and fines to students who abuse their Lockr?)
+ Atmospheric samplers with detectors available for decaying foodstuffs, drugs and other administration headaches
* Remote unlocking
* Optional LCD message display inside door for student notifications and interesting information from our partners
* Available in various modular sizes--mix-and-match to fill your needs. Up-sell your student clients to larger, more-feature-equipped Lockrs to maximize revenue

LockerRm is our management app which allows complete control of when lockers can be accessed and by whom. Remote reporting and a REST API allow integration with our other SchlManagr apps.

UrLockr is our student app, for android and iphones, which is required for students to unlock their iLockr. Includes optional monitoring of student movements within geolocations defined by the school admin.

Now in beta!
posted by maxwelton at 1:01 PM on April 29, 2015 [8 favorites]

Max- thought we discussed terminology - mktg really wants to push "clidents" bc as new jargon we can own it - cf recent blasts, webinars - let's discuss at optional afterwork drinks tonight (u r coming right?)
posted by No-sword at 8:35 PM on April 29, 2015 [8 favorites]

Max - client is asking if we are 100% hack proof can u respond yes we are hack proof
posted by benzenedream at 1:32 AM on April 30, 2015 [8 favorites]

"A lock can stop a lazy criminal. Most criminals are lazy. Nothing can stop the non-lazy criminals."

Or: you don't have to be unbreakable, just harder to break into than the next locker over.


This is about right. The gym is full of people who don't use a lock at all, so compared to them, I'm secure!
posted by mikelieman at 3:24 AM on April 30, 2015 [1 favorite]

max - legal says need hidden functionality to silently override school admin geofence limits for law enforcement reqs. must have. need to confirm this feat. available before COB. keep it quiet. thx.
posted by double block and bleed at 11:20 AM on April 30, 2015 [5 favorites]

Team, a progress report:

* Turns out some of the sensors we were going to use are not available, despite what we learned at that TED talk. We should probably get a couple of STEM student interns to handle this. I've pushed back the schedule four three weeks to cover the research/design/engineering. This seems like a dangerously long time but we need to get this right.

* We have not yet found a manufacturing partner willing to build the units to our specifications within our budget. We need to abandon trying to use one of these old-school places in China (it's always "the materials cost more than three times your budget!" which I know is not true, according to the excel sheet Steve put together from his web research). As a fallback, please send back to me which sheet-metal fabricating class you wish to attend. Note, while we'll cover 50% of tuition, this is considered your own time and hence your normal work is still due per the schedule.
posted by maxwelton at 1:00 PM on April 30, 2015 [8 favorites]

max - change of plan. partners decided on lockers that already have master locks built into the handles. no computers. 100% hack proof. need u to flesh it out over the weekend. thx.
posted by double block and bleed at 2:05 PM on April 30, 2015 [4 favorites]

dbb - excited to hear our Round A guys were getting more involved, and in such a complete 360 since they only do SV solutions to antiquated tech like (sorry) Master Locks. Sometimes old stuff is the best stuff, right?

Called up KP to thank them (know you're the point guy on venture, but couldn't help myself). Didn't realize the partners you mentioned must be new, KP hadn't heard. They must be excited, too, as CEO just emailed me after they called him on what seemed like a lengthy call. CEO says it's news to him and he'll be very interested to learn more. I made sure CEO understands this is entirely, solely, your gig, so you'll get all the credit--you deserve it! (With so many people claiming to not know this was going down, I can't wait to see which 2/3rds majority of the board needed for approval of outside investment you arranged!)

Just FYI, you're headlining an all-senior-staff meeting Monday at 7AM, round A & B dudes are going to be there, too, with counsel for whatever reason, so you can introduce the new partners and your exciting-sounding plan. I don't want to steal your thunder, so I'm going to regretfully decline your offer to help flesh the idea out, I can't imagine I'd do it justice. If you need help, you can use the new STEM interns, they'll be sharing your office anyway (sorry, we really need to lease another floor, your funding will help!).

You must be excited, this is getting a lot of buzz down this end of the building. I can hear maybe joyful shouting and lots of people rushing from one closed-door office meeting to another, happy sounds for sure after the relentless quiet of people down here working hard to realize the original Lockr vision.
posted by maxwelton at 3:54 AM on May 1, 2015 [13 favorites]

slow clap building to thunderous applause
posted by double block and bleed at 4:36 AM on May 1, 2015 [5 favorites]

I am going to laugh at "Where Ug parade" for the rest of my life.
posted by Rock Steady at 4:51 AM on May 1, 2015 [1 favorite]

So this is what it feels like to hate-favorite.
posted by No-sword at 2:17 PM on May 1, 2015 [1 favorite]