Safe-cracking robot autodials combinations to brute-force a high-security safe

MIT students Grant Jordan and Kyle Vogt found themselves in possession of a high-security safe -- the S&G 8400, a class-1 safe of the sort formerly used to store classified documents. They wanted to open it, but they lacked the combination and were unable to crack it using the sort of techniques that work on lesser strongboxen. So they build a safecracking robot that autodialled combination after combination (the robot excluded "impossible" combinations that couldn't be set due to material limitations of the mechanism, which substantially reduced the keyspace). They eventually opened the safe, but didn't find anything interesting in it.

We used a custom stepper motor to rotate the dialer head. The dialer head transmits torque to the dial via a piece of heavy duty surgical tubing. The stepper motor we chose has more than enough resolution to implement our algorithm, but it's not quite as fast as it could be. Stepper motors have an extremely high "holding torque", which is ideal in this situation since the dial must be held in place while the butterfly knob is being turned.

The head also contains an RC servo motor with a machined knob to mesh with the butterfly knob. This setup enables independent rotation of both the dial and butterfly knob. The stepper motor shaft is also connected to a high resolution optical encoder for position feedback. The encoder is mainly used to detect when safe is successfully opened. The torque required to open the safe when the correct combination is entered is much higher than the maximum torque of the stepper motor, so the encoder is programmed to report when the position error exceeds a certain threshold. Basically, the stepper motor stalls and the encoder flips out if the safe actually opens.

Safe Cracking Robot « Kyle Vogt

Safe-cracking robot "brute-forces" high end lock combinations (Make)

(via Command Line)



  1. Too cool.

    Speaking of which, I wonder if generation of heat is a consideration limiting how fast this could work when time is of the essence.

    It’s great that it leaves the safe and the contents undamaged.

    1. Check out :
      That explains how a combi lock works.
      If you spin the dial too fast I imagine the disks in the back would continue spinning a bit when you stop spinning the dial. That’s more likely to be a limiting factor than heat generated in a system that probably doesn’t have much friction.
      When a normal human tries to enter the code they generally stop a few digits before and then rotate the last few degrees slowly to avoid overshoot on the dial and coincidentally in the back.

      (I know I do! One tip for entering the code is to put your thumb from the other hand on the dial to give it a bit of extra friction to stop you slipping past the number)

    1. A James Bond movie had a prop of something similar in the 60’s.

      This is the real thing. A small difference which is, nonetheless, substantial.

  2. They eventually opened the safe, but didn’t find anything interesting in it.

    I say they put their safecracking robot in it, then re-lock it and sell it at a profit to the next guy with the pitch “Guaranteed to contain something interesting.”

  3. Aren’t things like this commercially available?

    I know it’s cute when a couple of MIT people do it, but I seem to remember seeing challenges against professional safe crackers and robots similar to these many years ago on Discover or TLC.

    If memory serves me the human won most of the time against the brute force robot.

    1. Safe dialers are commercially available. I actually know virtually nothing about this field, but the ITL 2000 (for instance) notes that it isn’t compatible with manipulation-proof locks including, quite specifically, this one:

      So I guess that part of the point is that they managed to be extremely clever about the way they built this particular safe dialer — clever enough that it could actually crack open a manipulation-proof lock. It also sounds like they built to target weaknesses in this specific lock and no other (but I may be mis-reading it).

      Also it’s fun to watch so that’s nice.

  4. Utterly unsatisfying article. Approx 21,000 tries to open it, but HOW LONG DID IT TAKE? And how many possible combinations were there? Were there 200,000 combinations and the robot got pretty lucky? Or were there 30,000 combinations and the robot had bad luck?

  5. Most safes have 100 digits and a three number combination, so it probably had 1,000,000 possible combos. If that’s true they got darn lucky opening it on the 20,000th try.

  6. Yes, dialers are available commercially. The better ones take advantage of knowledge about exactly how these locks work to improve their performance. Ones which can handle a _serious_ Class 1 lock (one which requires a separate action to switch from dialing to opening) are less common and more expensive.

    Speaking as a part-time locksmith who has done a (very) small amount of safe work, I should note that on average these generally take a Very Long Time to open even a basic safe lock, making them generally impractical for criminal purposes. And that the wear they put on a lock can be significant — the lock should be examined and quite possibly replaced before the safe is put back into service. For both reasons, they are generally considered a “least worst” approach after more reasonable attempts have not succeeded or not been possible.

  7. ISTR that for the most part, the government has switched to electronic locks that:
    1.)have no fixed correlation between the dial position and number
    2.)have a timed lockout feature after a number of incorrect tries. (this is a pain when you ALMOST remember the combination)
    3.)can’t be hacked by using x-rays to find the combinations.

  8. Actually, the government is notorious for putting hugely secure locks on very-unsecure cabinets. They aren’t worried about someone opening the cabinet with a prybar — that leaves evidence that there’s a problem — they’re worried about _ongoing_ espionage.

    Or to put it another way: They don’t care that you know what they know you know, they just need to know you know they know you know. Y’know?

Comments are closed.