I have to try 1 Million combinations? Safe Cracking Robot - Part 2
Vložit
- čas přidán 22. 06. 2024
- My brother-in-law forgot the combination to his safe, so he asked me to build him a robotic safe cracking device. These safe combinations usually have 3 numbers with 100 possible numbers to choose from. That means that there are 1 Million total possible combinations that I'll have to try! Even if I could test 1 combination per second it would still take 11.57 days to try all combinations! Luckily I have a few ideas that will make this task much quicker.
Digi-Key blog post: www.digikey.lt/en/maker/proje...
Visit bit.ly/DigiKeyByteSized for the best selection of electronic components.
For 15% off your Send Cut Send order visit bit.ly/SendCutSendByteSized
Github Project: github.com/bytesizedengineeri...
New videos are uploaded as soon as I finish them!
Chapters:
00:00 - This is my robotic safecracker
00:22 - Building a mock-up door safe
02:05 - Yeah Mr. White! Yeah science!
04:59 - Building a frame for the robot
08:16 - Upgrading the electronics
10:44 - Magnets, magnets, magnets!
11:45 - I need an algorithm
13:48 - It's time to test this robot!
14:27 - Telegram bot
14:55 - Auto dialing session
16:25 - It works!
If you're like me you have creative ideas and sometimes they get trapped inside your mind. Here on Byte Sized Engineering I make project videos that get you excited about unleashing your inner maker and making those creative ideas a reality!
You shouldn’t need an engineering degree to make your ideas a reality. I suffered through years of engineering school so you don’t have to. I know how it feels to want to make something I’m excited and passionate about, but also feel overwhelmed by not knowing where to start. I’ve unlocked the secret to getting past this feeling of being stuck. In my videos I show you how to take complex problems and break them down into smaller, more manageable “byte sized” pieces.
If you want my recommendation on what you should watch, I put together this playlist for you. • New Here? Watch My 10 ...
You should also subscribe to byte sized, and consider become a supporting member through Patreon or CZcams memberships. Supporting members get access to behind the scenes content, free project build guides, discord community server, early release videos, and monthly hangouts. Thanks for taking the time to watch this video, I look forward to seeing you next time!
Subscribe: czcams.com/users/bytesized?sub...
Instagram: / bytesizedzach
CZcams Memberships: / @bytesizedengineering
Patreon: / bytesized
Byte sized merchandise: www.bytesizedengineering.com/...
If you're interested in what tools I use for byte sized projects, please visit:
www.bytesizedengineering.com/... - Zábava
Man, there's honestly no better time to be an engineer, or just generally a curious person. Not only do we get interesting content, we get people like you who share their source code. It's incredible.
Thanks Ryan
Agreed! Have we all read “the way things work” when we were kids too? That was the gold standard for me. What a long way!
@@H0mework I recently picked up a copy from a garage sale so I can read it with my future child :)
Lol, can you really call yourself an engineer?
@@Handlebrake2 yes
Pro tip.....screw a nut all the way onto your bolt before you cut it then you can just take the nut off and it will straighten out and mostly debur the threads where you cut them.
Yup, one of the first things my gramps ever taught me about working in a shop!
also: use two nuts and tighten them right above where you want to cut and use a grinding wheel to flatten the end perfectly.
I like your funny words magic man
Or grab a file and do it properly.
I love how you show us the engineering process, for example when you choose to use one massive magnet but then decided to do it differently.
It teaches so much more that if you just show the result
From what i can tell about commercial auto dialers, they get most of their extreme cost from the special features they have. the last one i looked at had different algorithms for different locks, and could work from a crib sheet to go even faster. you would type in the information about the lock, and the machine would adjust accordingly. there isn't much market competition for auto dialers though, so the prices are still pretty extreme (10k range).
there are a lot of niche markets that are waiting to be blown open by 3d printing and a bored engineer lol
6:16 That editing was perfect. That attention to detail loved it. Kind of an easter egg.
The number of possible combinations can be reduced on some Sargent and Greeleaf safe dials: "Do not set the third number of the combination between 5 and 11 on a lock with a dial splined at 50. The “forbidden zone” can shift slightly due to installation and tolerances, but will always be between 4 and 12. Do not set adjacent numbers of the combination within five numbers of each other."
This doesn't even need a fancy algorithm for every such rule. Simply filtering out combinations that violate something should be plenty fast.
It can be really clean code if done using streams | lazy lists. Very roughly it would be:
for it in product([[0..100], [0..100], [0..100]])
.filter(rule_a_predicate)
.filter(rule_b_predicate):
try_combination(it)
Or, if you want some combinations to be fused together, then you just translate the stream of combinations into a stream of moves the machine needs to do, after filtering.
Yes, thank you. I was aware of those exclusion zones from the user manual.
Most combination locks can do with a tolerance of 2.5 instead aswell leaving less combinations too
@@iWhacko The S&G 6730 lever determines dialing tolerance. Brass lever allows +or- 1/2 number. Zinc lever allows +or- 1 whole number.
I thought the forbidden zone of a standard install was between 0 and 25 for the last number on s and g?
For the magnet, get a magnetic switch, just like those used for attaching dial indicators to machines
Mad props top you for making this whole thing open source.
If he ever uploads the files for this project?
Really awesome work!! Small suggestion, since it can do so many combinations so quickly, why not have it find the exact combination after it finds the 0.5 stepped one too, to give you the satisfaction since its only 8 possible combinations to check?
Today I learned that the "debounce" function name comes from the world of hardware. I always thought that was a weird name, but now it makes total sense.
Could also add some psychology to make finding the combination quicker.
If you ask people to choose a number between 0 and 100, it'll nearly always be something between 30 and 70. People tend not to choose near the extremes of the scale. In an old job, people would set combination locks on their lockers and forget the codes, and I'd nearly always have to open it for them. Doing it sequentially on a 4 digit lock, I always started with 4000-6000, then 6001-8000, 2000-3999 then 8001-1999. Prioritising the mid range, then either side of it and finishing off with the extremes. If people do choose an extreme combination, it would usually be the higher extreme.
90% of the time, it would be in the first 4000-6000 range.
Works for mandatory customer service surveys as well. If rating 1-10, the only people rating 1 or 10 will either of had a fantastic or awful service, but the bulk will be 4/5/6. It's also why product reviews on places like amazon are usually polarising. Most people only leave a review if they had a really good or really bad experience with the product or seller.
Which is all a long-winded way to say to optimise brute-forcing a combination, start just short of the midrange.
Nice. I also opened a combination lock, it took about an hour, the important thing is to listen to the noise of the trigger . Big like
You could set up the safe cracker to go and check those other combinations after it manages to unlock the safe, to find the exact set combination. Using a dial with 100 notches and a stepper with 200 steps per revolution is just about perfect, if you can get the steps to match up properly, that way you wouldn’t need any or much microstepping and would probably mean the motor can spin faster.
Right, it works pretty well. I have microstepping set to 1/16 so there are 3200 pulses per revolution. So that divides each tick mark into 32 pulses.
@@bytesizedengineering that Trinamic board is perfectly capable to do more than 1/16 ;) Great choice, by the way, other type of driver would have caused so much whining sound from the stepper motor that would drive your entire family crazy
@@AB-pb8oo you probably don’t even need 1/16 so why increase the microstepping?
@@bytesizedengineering would you be able to get the motor to run faster by reducing the microstepping? You may also have to switch off stealthchop to get any speed difference though since it interpolates to 1/256 anyway. That way you could maybe speed up the dialling process.
It's always so satisfying when the project finally runs and works as planned. Good luck on the final run!
Have a look at the paper “Safecracking for the computer scientist” by Matt Blaze there are a bunch of other tricks you can use to reduce the key space.
This is great! Love following along on your progress.
Really solid build! And great video too!
Super cool that you programmed the bot to try 0.5s to dramatically reduce the number of combinations. I had no idea combo locks worked like this. So I guess all the mentions of the number of possible combinations are actually way overstated..
Sorta like the difference between a GB on a RAM chip vs. a storage device? Manufacturer: see? 100 indents, x3 gives one million possible combinations! User: yeah, but I can get in with a maximum brute force of 1/8th of those so isn't it really 125,000 combos? Manufacturer: no, see, there are 100 indents!
Very Cool Zach ! not only the content but the way you inserted cool stuff. Great video all in all
wooot so hyped for part 3 and future projects
That is amazing mate, you just bust a reliable 100 year old technology. Well done Sir.
Your software debounce is actually a throttle, not a debounce. In the software world, debouncing waits until inputs haven't been received for a certain span before processing the most recent one, whereas throttling is what you did, ignoring all inputs for some time after an input is received and processed.
More straining at gnats. It is a debounce. That is what it does; that is its purpose. it is also what the capacitor does; charges on the first contact and successive contacts do little.
Super ingenious. May this not fall into the wrong hands though. Excellent work and project! 😊
So amazing what you can do with mostly off the shelf stuff these days. And what's available semi-custom now... so cool. Awesome project!
On the magnets side, Old hard drive magnets are very strong if you can find them.
That's very interesting. How old are we talking?
@@ryandury spinning metal disks. You can still get them, but they're not as popular anymore as everyone wants ssds, and modern spinning disks have more efficient designs with smaller magnets. If you can find some old 20gb - 100gb drives on eBay, or in a dumpster, you can get some very powerful magnets for cheap.
Yes indeed. The strongest I have encountered are from SAN disks, 3.5 inch 15k rpm server disks. Hitachi I think. Scary strong. It would probably crush your fingers if caught between two of them.
I would talk to a safecracker when you are done here. There are some optimizations to get that number down even further actually that you don't really know without knowing safe locks well
One right here looking !! like you mentioned, there is still i way to get the total numbers smaller but this comment won"t be seen by the creator so i can help him unfortunately.
I think the optimizations he put in are the easy ones that LPL covered on his channel.
@Blogapult for sure, but the way the lock works has a factor in some more reductions on total count, there are some do's and don'ts when setting a code for example
What makes you think I won't see your comment?
@@bytesizedengineering 🤣 had to check. thanx for the email. hope it helps. i actually checked, its in the operators manual!
Great work, amazing project.
That’s absolutely awesome great work.
An easy way to prevent switch bouncing is soldering a small ceramic disc capacitor in parallel with the switch. The capacitance value determines how long the switch requires to be on to activate.
11 days isn't too bad when it takes 1-2 months+ to build the thing :D But yeah, get that number down if you can!
This is soo cool, your project couldn't have come at a more perfect time! I'm working in parallel with you on the same project for a built in safe at my new house and it's incredibly interesting to spot the similarities and deviations in the problem solving processes. I've also posted this problem to all the Mechanical, EE and software engineers I work with and everyone really loves this challenge! Note: the MEs go traight to dismantling the door or destroying the com (First question is can we cut the door?), the EEs go to steper motors almost imediately and the Software guys are coming up with solutions that make my head hurt with crazy sensitive sensors that may or may not exist. Love your videos!
So cool! Love it!
Cool video, nice work!!
this is honestly amazing
This is a mission impossible level gadget! Love it!
BRILLIANT! Love it.
Awesome job! It would be cool if once it found the '.5' solution, it then locked the safe and tried all the possible 'non .5' solutions, then gave you the EXACT answer.
@@MrHardzio4Fun if a number is .5 off it will work, if it's a full digit off it won't. He used this exact method with a pen and paper and manually testing each possible combination until he got the exact solution. He could just add that last manual part to the program and have it automated.
Good job 👍 your a very talented engineer.
You have just given the locksmith industry a new set of keys! Locksmiths around the world owe you a debt of gratitude, if not a royalty check!!!
Looks like they could build this for a few hundred dollars, vs. 6 digits...
this isnt anything new, saw someone build one a dew years back
czcams.com/video/vkk-2QEUvuk/video.html
Safe Autodialers are several thousand bucks.
@@lazerusmfh Safe Autodialers were, several thousand bucks.
Not only locksmiths, but every really motivated teenager whose parent own a gun safe with this type of lock. Well done.
@@bartowl many dial locks have a keyed dial lock, sure it could be picked, but its another layer.
Really nice video thank you. Entertaining and interesting good pacing and editing.
The flute part at 7:53 cracked me up!
It's funny, as awesome as the project is I also deeply appreciate the totally not Pink Panther themed music. Perfect choice
Wow amazing, a whiteboard that actually wipes clean!😊
100% with you on using caps and resistors in parallel with software.
The ESP32 has a pulse counter module that includes a glitch filter which is just another way to debounce the encoder and it means the encoder isn’t being handled by interrupts or stuff like that, it is handled by hardware designed for counting pulses.
@@conorstewart2214 Oh nice one. I brought one only half an hour ago, so I'll have a play when it turns up.
Oh that's cool! I didn't know it had a hardware pulse counter. I'll definitely look into that
@@1992jamo the ESP32 is a great microcontroller and has a lot more features than anyone will probably use. Which did you buy? Was it just a normal ESP32 or a S2 or S3 or a C3? Most things are common amongst them but they do have some differences in peripherals and processors, the S3 has a more powerful processor and the C3 only has a single core risc-v processor. As for the peripherals, definitely look at the documentation and see exactly what it has and how they can be used, the names of the peripherals aren’t always the most helpful, like the RMT peripheral by its name is meant for IR remote controls but really it can just send or receive any kind of pulsed input at a huge range of frequencies, so is a lot more useful than just for remote controls. There are also multiple peripherals for PWM as well, there is the led one and the MCPWM (motor) one, they both work slightly differently and the motor one includes hardware for encoders and fault detection and sync signals, etc, and is capable of driving lots of different motors (with mosfets), like normal brushed DC ones and BLDC ones. The documentation is worth a good look over before deciding how you will write your program.
I would recommend not using the arduino or platformio ESP32 ports, espressif provide an eclipse IDE or a platformio based VScode extension. The arduino port hides a lot of the features of the ESP32.
Love this :-) a true maker, designs and spends money on having custom plates built and tapped, doesn't spend the penny on buying the correct length screws! 🤣🤣
in today's economic climate it's hard to find secure employment and I've been looking for work in a bank a nice Safe job. Thanks To your cracking video I now have all the technical info to do it.
This is so cool!!! It might even be possible to adjust the "tolerance level" to be specific for each safe, altough I don't know how easy would it be to make the script calculate that tolerance
The biggest problem is: know do you learn the tolerance without opening the safe?
An optimization could be to go through in a modified order, so if the tolerance is e.g. 1 your only had to check a third of the numbers, but otherwise you still check other combinations. Something like:
0
3
6
…
1
2
4
5
7
…
Yeah, having profiles for different safe brands would be awesome
subbed. this is well done!
I've noticed something that may or may not speed things up. Rotating the dial quickly causes the mechanism to bounce around inside. If you were to pick up the vibrations, and map them to position, then maybe things could be quicker for that particular lock. A vibration sensor (microphone?) could possibly be way more sensitive than a human listening. Looks like the best place for one could be on the dial as less damping from the heavy safe door.
Is this the most optimal search path? Could you speed it up by hunting for numbers that take less travel time even if they require resetting to the start?
What about bias-weighting towards statistically more likely numbers for people to pick as well?
I think this is the optimal path. Doing no movements on the 1st and 2nd wheel while you try all numbers on the 3rd seems pretty much optimal. And then doing no movements on the 1st while you go to a new number on the 2nd - while contributing only 1/50 to the movement distance - still sounds like it can't be beat.
While this does restrict the order in which you go through the 2nd and 3rd gear positions, rotating the 1st gear won't keep the other two gears in their positions anyways. So the only thing you gain from going in order on the 1st gear is that you're always doing 1/50 of a rotation. And furthermore you're only moving that gear 50 times total, so you'll loose at most 50 seconds even if you went downwards and did 49/50th of a rotation every time.
So you COULD very much go by probability for the 1st gear. Then again, low numbers ARE probably the numbers that are picked most frequently.
One independently possible optimization is to hope that the tolerance is 1.5 instead of 0.5 numbers. That would allow you to try only 1/8th of all combinations (25*25*25 in total), cutting the time from 32hrs to 4hrs - but if the assumption is wrong, you'll still have to do the remaining 7/8ths.
But it comes at the cost that in that first 1/8th of combinations, you'd spend 1/25th of the time turning the 2nd gear, while going through the numbers consecutively has you spending only 1/50th of the time rotating the 2nd gear (and 1/625th vs 1/2500th for the 1st gear). As a result, that 1/8th would be 2% slower.
Super glad you implemented the debouncing in hardware. Though, usually we just use a single cap across the inputs, instead of a whole low pass filter... also never thought of it as an lpf, that's neat.
Btw, one improvement you could make is, once you have the half numbers, you could have it try the 8 combinations of whole numbers (e.g. 2x2x2) to find the exact whole number combination.
@@MrHardzio4Fun they won't all work. He has them in half increments. i.e. if he has "2.5", then to enter that combination he has to place the dial half way between 2 and 3 to work because he is not sure if it is really 2 or 3.
e.g. if the combination is 3, and you go to input 2.5, but you're off by a half in the wrong direction, and you enter 2 instead, then it will not open.
The whole point is that you have about 1.8 degrees of tolerance on either side of the digit you are trying to enter (thus you can be off by about half a digit).
But in this case, you can be off by 0 degrees in one direction and 3.6 degrees in the other! -- And you don't know which is which!
Meaning you will fail to enter the combination more often unless you are very precise when entering it.
This is why it's better to know the full combination. -- Because you will have more of an even amount of tolerance on both sides of the target digit.
For your front plate you could have it tapped to threaded rod size. Use a jam nut on the back to lock it, and then you can use it on various length dials.
Laser-cut steel with the white gloss powder coat looks good.
Great video. I would recommend MagSwitch magnet as they can switched and come in various strengths.
I thought about that, maybe on a future version?
Now you can automate the Stargate dialing computer to check the Ancient database for matches 😁
Of all the microcontroller based safe cracking videos on CZcams (surprising #?)... this is well... one of them.
Amazing, subscribed immediately 👏
Welcome aboard!
Great video and project. Also ESP should have capacitive touch sensor GPIO pins built in. Can just make touch pad buttons if you like.
That would be cool!
A simple wire and an aluminium foil works too on the gpio.
I am a locksmith and this is awesome. I would love to be able to build my own as well. As you know the commercial units cost a few grand. Imagine leaving that at a customers house for 16 hours. I will be looking forward to the github information!
Instant like for open source
Awesome project. For reference, a commercial device (I own one) that does this is very expensive. And Safe technicians will charge an arm and a leg to auto dial your safe.
well done!
You gained a subscriber with this video 👍
That was an amazing feat of engineering to get multiple notes out of 4 tubes of the same length.
Harmonics
@Bite sized engineering - Many rotary mechanical combination locks have a limitation of usable numbers on the dial. For example the last (3rd) disc should never be set between 90~20, as it can inadvertently interfere with the normal cam opening operation. So it's fairly safe to assume this range of numbers can be omitted from mechanical manipulations. Incorporating noise detection into the manipulation process can dramatically shorten the overall process. The older the combination lock, the more audible it's 'tells' become to the trained ear.
I'm aware of that third number limitation.
@@bytesizedengineering That's good to know, I've always been interested in creating an auto-dialler, having only ever manually manipulated combination dials thus far. I'm impressed with your technique and it's testament to why I continue to watch your videos with great interest. 👍🏻
8:16 you could also have expanded your I/O Ports by using e.g. an I/O Expansion chip, super useful thing 🙂
Amazing…..subbed 👍
That was very cool 😎
Brilliant!
Plan on building one of these for work man cant wait for the github upload
thank you
Wow, this is a cool gift to scoundrels and scalawags!
Could you do a video breaking down the code session/elements you used?
I’ve been wanting to make an auto dialed with my LEGO NXT
Thanks
Great video
Thanks!
Awesome video Zach! Very clever use of multiple electronics, CAD and software techniques. What's the brand and model of that bench stereo microscope you're using?
AmScope SM 6TX. I wanted one with an articulated arm as well as a port to put my camera.
amzn.to/3I0chkm
@@bytesizedengineering Thanks! We use sliding post type Amscopes at work but they’re really clumsy. The articulating arm seems way more useful!
That was awesome
You should automate finding what the exact combination is as well!
very cool!
What a great build, nicely done! Life gets busy and things happen, but noticed you haven't posted in a few months, and hope all is ok. Were you able to get to your brothers to use the safe auto dialer? Would love to see that video.
This project has turned out to be way harder than I planned. I'm working on it but I'm waiting for some parts. I'm also working on other projects that will hopefully be posted soon
Incredible.
A good combination lock will detect constant turning. After a few hours, the lock overheats and self-destructs.
I would love to test that out. Please send me a link where I can get such a device.
Love the development process etc, but are you sure releasing something like this opensource is a good idea?
@@MrHardzio4Fun well, by that logic an Apache is just a pinning motor.
Unfortunately there are people that wouldn't be able to make a spinning motor by them self, but cannot really be trusted with a "spoon-fed" one.
Add to your program a final step to figure out the exact number. Well done
I wonder if you put a sensitive microphone against the safe and spin each wheel separately and find click sounds? And then just try out +-5 numbers for each dial where it clicked.
The only thing you would hear is the driver pins picking up the next wheel.
Which is meaningless since the gates can be at any random place in relation to the pin.
Nice animusic remix!
To increase(concentrate) magnet power, cover their back with a 3mm steel disc or plate
I have this similar safe specifically you can change the code you just have to take the ring pin out and change the discs around
"dad, I heard someone's footsteps and robotic sound in your bedroom"
Tomorrows Headline: bank robber built all his tools on his youtube channel
Heres hoping that the lock at your brother-in-law isn't a type that requires the handle to be turned to check the combination
Since you’re so close to getting the actual numbers, why not add the extra step and have it try nearby numbers to determine the range of numbers that work and get the best guess for the actual numbers from there…it would only add a max of 8 more tries total
Is there a standard for rotation distance on the 3rd number you can use. Like the 3rd number cant be 20 if the 2nd is 25 because that is too close?
Most safe manufacturers will list exclusion zones for the third number. In my case the third number can't be 90-99 or 0-10
Imagine having this robot 100 years ago. :)
Have you considered using a de Bruijn sequence to reduce the number of combinations to try? :) Or does this not work with these kinds of locks?
Now can you do a video on how to get into Fort Knox past security? Preferably on a Friday night? 😂😂
What if you recorded the sounds of a safe being opened correctly with the right combo, then train an ai to know the sounds as it cracks it?
What I want to know is if rather than having a robot just trying combination after combination... can you make one that can feel the points where the slots are for the combination like an actual master locksmith that has the feel and can pick ridiculous safes in a couple of minutes by feel alone? I'd think you could use a sensor for the feel and with modern controls make any dial safe easy to crack.
11:19 maybe make a bracket for a bunch of circular magnets side by side, instead of those bar magnets,
In other words instead of stacking those circular neodymium magnets on top of each other put them side by side.
Possible to put a microphone to diagnose the sound of the lock trigger? Just like the movie
Question:
Wouldn't it be possible to speed up the decoding by using a mic to pickup the *click* sound ?
Great project and awesome realization ^^
There is no "click" sound as such, there are some very small detectable differences that manual crackers can feel but there are usually false gates so with a machine it doesn't really help much. The whole stethoscope thing in movies is a myth, it's a feel thing not a sound thing.