Explanation of cracking a combo lock in 8 attempts or less!

The indentation on the first dial that you use for the 1st number attack IS useful in the lock. When you pull up the shackle to open during a correct combination, it scrambles the wheel pack to keep the shackle locked the next time it's pushed closed. But great a video.

Another fine example of what happens when companies cut corners to save a little bit of money.

It is known that the second number is generally, approximately half a rotation from the first digit (from Carl Blacks book on combo locks). While this is not a set rule, I believe sorting the list of 8 options by distance from the first digit (farthest first) will enable you to open in fewer tries on average.

I took one apart long ago and found the combo that way, but I did not observe all the things your video shows. Thank you for a very easy to understand exposition of the works! I knew boys who could pick combo locks in the 1960's but they couldn't explain the reasons their method worked.

The 'metal bar' you point out around 3:11 is a return spring to force the latch to snap back to the closed position when the shackle is opened and closed. The 'Anti-Shim' modification Master made is the addition of deep serrations on the upper surface of the latch (the portion facing the opening of the hole that the toe of the shackle enters in the body.

This video should be shown to any kid who says, "I'll never need to know this type of math."
Lol, sure. They might not "need" to know how to do this, but how many wouldn't "want" to know. :)
Awesome video!!

Samy,
That "extra" bump on the first digit tumbler actually does serve a purpose. You stated in the video it was not needed. The shackle retainer clip is built the way it is with that little bent step to kick against that bump on the tumbler to spin it slightly once the shackle is opened. This provides the "relocking" of the lock so the shackle locks the next time is inserted. Without that feature the lock could be left in the unlocked position unless the dial was spun every time to scramble the tumblers. Excellent catch by the way on figuring out the resistance bump against the relocker. Long ago I had an offset table, that if you gave me an open lock, I could look in the shackle hole and see the tumbler notches and from there tell you the combination. Master locks are fun. :)

I got my lock open! I cant believe I was able to get it open. Your video and webpage is the only one that found my combo. Thanks for putting it all together. Keep up the good work!

at 12:00 you try to measure distance. Would have been much simpler to just turn the dial until the gap is lined up. Then note the the difference of the reading on the dial.

You are father of genius. Hats off

Thanks......I got my lock open and had a lot of fun learning why it opened. When I can see how something works I can understand it but when I see a video or read something I have no idea. This was one of the best videos I have ever seen. Incredibly entertaining. Thanks again.

Samy- for as many presentations you've given, you don't seem super confident on the spot. You deserve to be, you're doing an excellent job.

We need MORE VIDEOS from you.
Come onn, it isnt as hard as the work youre doing. Get it going!

I did it! I am so proud of myself. I watched your video and re-watched many sections to make sure I followed your instructions exactly. I watched some other videos before yours. They were close, but not as exact as your method. I wasn’t able to figure out the second number till I watched your video. Thank you! I’m so happy. 😊

Pedagogical genius! How brilliant and simple, actually to take apart the lock and show exactly how and why the "find the resistances" methods work. There are several videos showing how to do this but you'rs is the only one that goes inside the lock. True, there are shorter ways to calculate the math, as some have commented, you could streamline that, but this is really impressive. You're a great teacher.

I have a number of earlier vintage locks and I believe that the "collar" does not contact the "protrusion" when the lock is closed. Master Lock may have made some dimension changes which introduced the vulnerability. In any case, it would be difficult to tell the difference between that resistance and the resistance of the "lever" contacting the notched third wheel.
With an open lock, you can leave the shackle outside the latching hole and turn the dial left multiple times with the shackle at held loosely at different heights. The "latch" will stay clear of the third wheel during this test, so the only resistance is that noted by Samy. At certain heights, the "collar" will contact the "protrusion" and actually lift the shackle. Using this method, you can determine the minimum height where the "protrusion" contacts the "lever". Then close the lock and see if the shackle will lift high enough before the "latch" is pushed against the third wheel.
Note that this method will always allow someone to use Samy's method to find the combination for a lock that has been left around open, so never leave an open Master Lock unattended. A thief can determine the first number this way, then come back later and use Samy's method to open your locked padlock when no one is watching.

Thank you very much Samy!!! Your crack worked for me and I like the fact that you used math and computer programming to come up with the crack. I have been occasionally trying to open my Master lock for the last 6 months using the feel method described in many other videos and have had no success. I was able to open my lock using your method within 10 minutes. AWESOME!!! :^)

Thank you for this video. I watched a bunch on CZcams and this was the only one able to crack my gym lock. Haven't been to the gym due to covid lockdown so I forgot my combination.

I always wondered how combo locks work. Thanks.

Storage lockers everywhere just shuddered.

For the first time in my life, i finally understand why Math is so important =)
Great video Samy!

I managed to remove a lock using your method am amazed at how this worked.

I've a few locks I've done this on, but one is almost exact same lock, except I think the dial is 0.25 of a digit off. That really threw me off, & the combo label fell off. Had to go through it a few times, but it was so satisfying when I uncovered the lost secret!
One thing i've played with is trying to speed up dialing by just bumping the 2nd number & redialing the 3rd, & eliminating combos where dialing the 3rd messes up the 2nd. That's one reason I liked this video. Great to see how it all works inside.
Anyway, great job!

Thank you for telling me where the dial is on this lock. I never would have figured it out without you.

This method works really well! I had to try several different #s for the second combination because I couldn't tell if the first number was 10, 11, or 13. Finally clicked open!!

This is the explanation I've been looking for. I applaud your approach, your observations, your demonstrations and constructions. Bravo!

The indentation on the back of the rear dial is not "useless." The interaction of the shackle collar and that bump scrambles the dials when you open the lock. It's the reason you can't just close and open the lock again.
Also the metal "bar" at the top is a spring, it's not an anti-shim device. Try assembling the lock without it and see how it feels mushy when you pull on the shackle.

For the first digit, why not move the dial to point of resistance (as you did), and then in the next step move the dial to the first digit in while eyeballing the disk. Now you know the difference between the point of resistance and the first digit (in dial numbers).

Thanks for the video. I bought a new Master lock today and noticed that the feel of the knob turning was more like a scaping feel. I guess that's what happens when you buy a new lock for $3.23. I was having a difficult time getting the first number. I suppose that might be due to sloppy tolerances on Master's part. After I entered the first number, the rest of the numbers all fell into place and I successfully opened the lock. Great video.

Really liked your explanation and seeing the inner workings shed a lot of light. Reclaimed 2 old locks this weekend. Cheers!

Nice explanation Samy, thank you for showing the community the inner works and the logic behind Master-type lock. Amazing looking at the cheap way the third wheel is made to save money! Ciao, L

I like your videos, i have been a lock collector for a long time but haven't had the time to enjoy and explain the fascination i have for them. i wish i had a better education with math, your explanations make perfect sense to me but i seem to intuitively feel the logic and understand it but cant put it into words and document it the way you do. keep up the good work!

...and, subscribed. I started reading up on your exploits after I found your DEFCON lecture on PHP's LCG weakness and NAT pinning. Amazing! Looking forward to any new networking related exploits.

Kudos for the excellent explanation throughout the video!! You really did a great job there with how you worked out this method of cracking open these types of Master locks, and thoroughly pointing out most details and how observations led to clever ideas. Keep up the great work!!

Another Fantastic Video Dude. Keep up the great work. Nick.

too bad Masterlock will see this video and change the design. Thanks for the video. You actually know what your doing in your videos.

This three disc design is the traditional combination lock used in safes! Properly made, it's very secure.

You can also pop the dial off and use a thin wire like a paperclip to line up the discs and pop it open that way. However, due to the springs holding the discs, you can't just press it back on.

Though I am not yet been able to open up my master lock, I enjoyed the math you applied, my son at 4-5 years of age, was also very inquistive about how something works from inside, and your opening up the lock to look from inside reminded me of those days! :-D Very confusing to feel the frist number clicking...it will take time but I will keep trying! Thanks.

Thanks for this video, it really helped. Though, the calculator wasn't working out for me, so I ended up following this video by hand. The error came from the resistance location. On my lock it was pretty much 4.5-5.5, so 5. Based on the math from this video, 5 + 5.76 = 10.76, round to 11 [my real first digit]. However, your calculator says the first digit is 10, which throws off all the rest of the calculations. Putting in 5.5 gives an accurate combo set, but putting in the more real-world accurate 5 messes it up.
In any case, I'm glad I had this video to follow along with. This lock has been sitting on my desk (well, around it really) for 4 years.

From what i remember that spring loaded latch was also a major vulnerability, unless they fixed it. Master lock wise you used to be able to just tap the shackle with a blunt object wile lightly pulling on it to retract the locking paw.

Just wanted to say, you saved one of my newer forgotten-combo locks from the rubbish bin. However, my confidence was short-lived as I was tried it on a second Master lock (purchased c. 2010) on which I wasted half a day trying to open it! Fortunately, remembered where the combo was written down and sure enough, the last two digits were among those listed on your website, but the first number was completely off. So perhaps Master made some earlier versions with a major different 'resistance' point to gap distance. Even now, knowing how it works, I'm not sure how to explain the discrepancy because I even had someone else try to find the resistance point and came up with the same numbers I did. So apparently the 5-6 digit difference between the protrusion resistance ('indentation' in your video) and the lever gap is not always uniform in all locks. This lock is definitely a Master, but feels slightly better made than the cheaper version that I easily opened, but maybe that is just my imagination after struggling with it for several hours (nothing compared to what you put into making this video without which I never would have opened the first lock however, so thank you!)

5:30 wait a second the little sticky out bits that catch each other are at set distances from the notch cut into the disc that lets the lock open meaning that if you figured out the point when the two discs meet (it would be quite easy if you were feeling for it) you can count a certain amount of numbers over and find out the numbers and what order they are in!

Great video! Can't wait to see next video

Excellent work buddy! Keep it up :)

I realy like what you are doing and your way of thinking. Keep up the good work!

Brilliant analysis! I very much enjoyed this video!

Love your work and your videos! Very well-made and informative.

I have to say that only certain Master Locks will follow this mathematical model, maybe locks form the same batch. I have a Master Lock with resistance point at 15 and the 1st digit is 22, offset by 7, not 5.5, maybe the disc size is different. And my 3rd digit is 25, MOD(22,4) is not equal to MOD(25,4) as in your case. And my 2nd digit is 3 which will not work with the formula MOD(3,4)+2 equals to MOD(22,4) or MOD(25,4) as you said. But the basic design and mechanic of the lock is still the same.

Samy! You have been my hero ever since I heard about your MySpace virus. Please make a guide or tutorial teaching us the basics of coding and what softwares to use etc. :)

Great stuff. Was able to open a drawer full of locks I've lost combos to.

Another great video Samy.

Wow I swear it actually worked I was so excited when the lock popped open I did not believe it would work at first but it really does
i subbed

It would take only a small modification to the shackle collar by the manufacturer to avoid that rubbing that gives away the first number. The number of possible combinations would go up by a factor of 40. It would still be a manageable number for the Combo Breaker but take a little longer to crack the combination.

Damn Samy, you're smart. I really enjoyed watching you work. Thanks for posting the video.

The metal splate is just a spring. The Anti-shim is the two groves on the latch (because that catches the shim and prevents it from pushing the latch away)

Note the collar that holds the shackle in place also acts as a "scrambler" to make sure the lock can't be opened again after pushing it shut. That might be the reason that they use a disk with an extra bump on the first ring.

That thin strip of metal that you said might be stopping a shim is interesting. On the latching mechanism that holds the short, locking end of shackle inside of the lock's body when it's locked closed, you'll see a groove where the latching mechanism meets the shackle. That's the main shim-preventing feature. If you were to insert the shim into your cutaway lock you'd see the shim get trapped by that small groove on the shackle latch before it can travel far enough into the mechanism to separate the latching mechanism from the indent in the shackle. With a little manipulation you would still be able to shim the lock if not for that thin strip of metal. From what I'm seeing in the video, it appears to me that the thin strip of metal helps the shim-prevention technology work even better. Again, inserting a shim into the cutaway lock would illustrate it better than my words can, but upon pushing a shim into the shackle hole, the shim would first hit the thin strip of metal and that strip would rotate the body of the latching mechanism to the right (from our rear perspective) pushing the latching mechanism farther into the shackle. At that point any simple shim is guaranteed to be trapped by the groove that's cut into the shackle latching mechanism, preventing the shim from continuing on to separate the latch from the shackle.

Instead of calculating the distance along the circumference per digit could you have just spun the dial until the gap is in the correct position and just read the number off the dial. (or am I missing something?) Interesting video. Now I wish I hadn't thrown that old master lock away.

I wish I had known the first number trick 15 years ago. I also vaguely recall the third number giving me trouble with some locks. Maybe it was slight dial misalignment? Eventually I figured something out and would always get it right, but I might not have been able to describe how I knew then, and I definitely can't now.

I made a program that runs on the ti-83+ graphing calculator using this video. I would have never done it without this video.

great explanation!

Really interesting. I tried it and it worked! Thank's body!

In your video, you say that you don't know what that "indentation" on the third disk is for. The indentation that you feel the resistance on to find the third digit. I believe that is to bump the combination off of the correct setting when the lock pops open. The plate on the bottom of the shackle when it pops open turns the third wheel so if you just push the shackle back closed it is no longer in the correct alignment to re-open.
Nice video. Thanks for your efforts.

Thanks for your video. I just opened my Dudley combination lock after using your method 👍

I wasn't sure that this video was legit until I saw you put on those Kanye glasses. Well done 🙌

I just got back from Sydney, AU. Had tried picking an old master combo for some time before going. Saw a Master combo near Mrs MacQuarie's "chair" overlooking the harbor. Wished I had success on the lock here before encountering one ever so far away from the US. Still can't open this old thing here.

Please upload videos on hacking more things. You are very good at it, and informative.

This is so amazing!

In fact, the info leakage should be enough to directly crack the combination - once you have the point of resistance, you have the location of the opening on the first disc. If you rotate the first disc enough, it will pull the second and third into tow.
Now you know the location of all the openings (assuming you've kept track of how far you rotated the first disc) because the openings are at a fixed angle to the indentations. Then, it's just a question of rotate and leave your discs in the correct spots.

Does that last knob has anything to do with auto-locking mechanism? By auto-locking I mean the mechanism that prevent the lock from opening again when you closed the lock but didn't turn the dial.
Master Lock should make different plates to the knob isn't predictable.

Interesting video. Hopefully this will lead to them improving their design.

Great video! One question: Why did you do the calculations with diameter, circumference, etc in order to get the # of digits offset from the resistance digit (for the 1st number of the combination)? It seems like you could have just manually turned the dial to read off the value on the front and determined visually that the difference is 5.5 digits between resistance and where the notch lines up. That would remove some of the rounding and measuring errors inherent in the caliper.

you do realize that that instead of converting distance to a angle and then back to the number of digits, you could have just rotated the lock until the groove was aligned and check the digit offset.

I'd be damn. After watching quite a few CZcams videos on my MasterLock 1813M that I forgot combo for a long time and was not able to use. Was getting quite disappointed with all of them because they were cumbersome and confusing. Then picked this video by Sammy because he had 300,000+ views and I said "why not?"
Follow exactly his instructions and on second tries got my combo back!!!
Bravo, Sammy and thanks much for your help.
Now I am subscribing, who knows what other hacks he can give me.

Dear Samy,
I tried to apply this method ito two different locks and it didn't work out. I turned out that the problem was with the third numer. It is not always the same modulo 4 as the first number. After watching how this locks work, I tried just to find the number with the widest gap or the smoothest gap of all locked numbers and then it worked out :) Thirst and second numbers were consistent with your method, so if you modify your calculator it would apply to wider range of such locks. Tested on two locks from different producer.
Love your videos!
Cheers

So let's count how many unique combinations can possibly exist among MasterLock combinations worldwide.
The naive estimate would be 64000 (40x40x40), but the previously known vulnerability already trims this down to 4000 (10x10x40) by constraining two of the numbers. The argument in this video about the second number limits that number to 3200 (10x8x40).
That same argument should also limit the possibilities for disc 1 (8x8x40), as well as the disc on the dial; based on the width of the gap, I am going to guess that this removes 5 possibilities. (the final number appears to depend solely on that disc, so if I am right, there must be some set of five or so consecutive numbers that never appear as the final number in a MasterLock)
That gives us a maximum of 2240 (8*8*35) different unique combinations worldwide. That's pretty small... but how small?
Small enough that if you grab 56 students and ask for their locker combinations, there is a 50-50 chance that you will find that two of them are identical (before you are escorted off the premises).
( www.wolframalpha.com/input/?i=birthday+problem+56+people+2240+possible+birthdays )

When you accidentally reverse the numerator and denominator, go ahead and press the equal key, then just press the 1/x key and you will have the correct answer. If your calculator does not have this key, throw it away because any decent calculator will have it, and it is so handy just for this purpose (even more than for entered numbers).

If you feel like your high school dropout is showing too much @14:39, then you can use a somewhat lesser known technique called various things in different fields where you always write the measurements for all quantities and the measurements should cancel out to get you what you want. For example, you wanted digits, so if you had written 8.64 mm * (1.5 mm / digit) you would have gotten mm^2/digit, which doesn't make sense, so you would instead write 8.64mm * (digit/1.5mm), the mm cancel and you get digits out. The other key to understanding how this work is you can multiply any number by 1/1, since any number * 1 is itself. Since 1.5mm = 1 digit, you are essentially multiplying by 1/1.

Great series of videos, very interesting!
It's academic at this point, but why bother with the measurement, conversion into circumference, etc.? Why not just observe the number difference on the dial? First find the resistance point, then turn that disc to align with the groove.
Technically, measuring the outside of the disk with that tool gives you the length of a chord between the two points, not the circumference.
Of course it doesn't matter now, because now you know the value for your formula.

Very Nicely explained

You stated that the second number cannot be close to the 3rd number by 1 position away in either direction. Would it stand to reason that the first number could not be close to the second number for the same reason? I would think that you could eliminate one of the numbers based on closeness to the 1st number.

The indentation are how you enter the combination. Without those intentions, you couldn't turn the wheel to enter the first or second digits. It would either only spin the 3rd one or all of them at once. This is why you have to turn right 2 then left 1 then right 0. You are preparing the lock for the combination. This is is just how combination locks are designed.

Or bolt cutters. Bolt cutters work good for combination locks also.

Your videos are wonderful.
(I do want to note, what you call and 'indentation' perhaps would be more descriptive if called a 'nipple'. It is the difference between an innie and an outtie.)

15:33 If you already have the lock opened up you can determine the number offset empirically: just turn the knob till the notch position is seen to match up with the lever stop.
I read some of the comments, which now I realize pointed out the same.

I definitely love your vedio. Hope to see more on youtube.

My school has these exact same locks in the locker room. Can't wait to try this!

If there just would be a simple graduated dial to see how many numbers to offset from that "indentation" of yours to the actual combination number...oh wait...

Excellent video.

VERY GOOD WORKS REALLY WELL

Samy is my hero :)

I think the anti-shimmy tech is the ridges in the latch. It would prevent anything rigid enough to push the latch back from getting in between the shackle and the latch by catching it.

Dude I love your videos your super cool keep it up

YESSS I thought you stopped making videos :D

The outer shell steel is pretty bendy. You can undo the crimp with a pair of diagonal cutters in a minute. Very little noise & no flying metal shards.

With measuring the distance then the circumference etc I can't see the advantages of that way vs simply looking at the number you felt resistance at then placing the dial in the open location and comparing the two numbers. Anyway, interesting view and it certainly shows why making the cheapest possible lock has some serious flaws. Additionally I am surprised even the cheap locks are quite so basic on the inside, I really thought they would be made so much better. It really doesn't seem hardened to a simple hammer strike downwards making it utterly worthless.

Epic Breakdown.

This video cured my cancer. Thank you sammy

Wouldn't the little bulging things also mean that the second number can't be within the 2 closest numbers from the first number?