The popular security expert Samy Kamkar illustrated a method to easily crack many Master padlock combinations in eight tries or less.
Have you ever gone in the Gym and after a long and tiring workout forget your padlock numbers? I sure did, but next time I will not call the janitor, I will try to hack into it and find my combination because now there is an easy way to do it.
This can be done with Master PadLock branded padlocks (due a vulnerability) and allows you to learn the combination in around eight tries.
To accomplish this, you need to follow the instructions provided by Samy Kamkar (@SamyKamkar) and use the calculator created by him, and all this involves, you lift up the lock shackle with your index finger and turning the dial starting from zero, clockwise, like you can see in the following image.
![](data:image/svg+xml;charset=utf-8,<svg height="284px" width="396px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
“Master Lock combination padlocks have been known to be vulnerable to an attack that reduces their 64,000 possible combinations down to 100. I’ve devised a new attack for cracking any Master combo lock that simplifies the process and reduces the amount of work down to only 8 combinations. Use this calculator in conjunction with the instructions below to find the 8 possible combinations for your Master combo lock.” wrote Samy Kamkar.
Samy Kamkar published a video PoS that explain the steps to do:
Find the “First Locked Position”
- Set the dial to 0.
- Apply full pressure upward on the shackle as if trying to open it.
- Rotate dial to the left (towards 10) hard until the dial gets locked.
- Notice how the dial is locked into a small groove. If you’re directly between two digits such as 3 and 4, release the shackle and turn the dial left further until you’re into the next locked groove. However, if the dial is between two half digits (e.g., 2.5 and 3.5), then enter the digit in-between (e.g., 3) into First Locked Position in the calculator below.
Find the “Second Locked Position”
- Do all of the above again until you find the second digit below 11 that is between two half digits (e.g., 5.5 and 6.5), and enter the whole number (e.g., 7) into Second Locked Position in the calculator below.
Find the “Resistant Location”
- Apply half as much pressure to the shackle so that you can turn the dial.
- Rotate dial to the right until you feel resistance. Rotate the dial to the right several more times to ensure you’re feeling resistance at the same exact location.
- Enter this number into Resistant Location. If the resistance begins at a half number, such as 14.5, enter 14.5.
Input the Numbers into My Calculator
- Make sure all three numbers are entered into the calculator at the top of this page, then click Find Combos. We now have 20 possible combos, but we’ll reduce this further. Keep reading!
![](data:image/svg+xml;charset=utf-8,<svg height="438px" width="480px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Find the Right “Third Digit”
- Set the dial to the first possibility for the Third Digit.
- Apply full pressure upward on the shackle as if trying to open it.
- Turn the dial and note how much give there is.
- Loosen the shackle and set the dial to the second possibility for the Third Digit.
- Apply full pressure upward on the shackle as if trying to open it.
- If there is more give on the second digit, click the second digit in the calculator above. Otherwise, click the first digit.
Test Out the 8 Combinations on Your Lock
- You are left with 8 possible combinations. Test them all until one works with the standard instructions below.
Standard Instructions for Opening a Combination Lock
- Turn right three times. Stop at First Digit.
- Turn left one full turn passing 1st number and stop at Second Digit.
- Turn right and stop at Third Digit. Pull shackle. Profit.
Just for curiosity, Samy Kamkar is notorious hackers that proposed numerous interesting topics:
- KeySweeper, a cheap USB charger can record keystrokes wirelessly (January 2015)
- USBdriveby. a device designed to quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB (December 2014).
- SkyJack software designed to allow an attacker to gain the control over a drone while it’s still flying.
About the Author
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog
http://high54security.blogspot.com/ Pierluigi Paganini
(Security Affairs – Master padlock, @SamyKamkar)
Pierluigi Paganini Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.
