Good spot. most people seem to miss that. On some locks of this type its when the shackle is pushed back down to lock it that the shackle retaining plate knocks the wheels to scramble them. I noticed when I first pulled one of these apart and I asked myself why that retaining plate was shaped that way and not just a spring clip. ...more worryingly in this video... If you look through to where the locking bolt is, on the front plate behind the dial, there seems to be some access holes. So you could easilly yank the dial off using a sharp flat-head screwdriver and then push the locking pall back through that hole with the same screwdriver. Those holes arent there on other versions of this type of lock so I have no idea why Masterlock included them here. Maybe it was a manufacturing shortcut. Masterlock keep doing these stupid things. They do a good job of making a lock physically strong, and then leave in or include a vulnerability. Back in the days of lock development, weak points or Drill Points were left in or included on purpose so that Locksmiths or Police could get past a lock if needed. That I believe was originally a legal requirement. But that was many years ago before portable drills with carbide diamond tipped drill bits and Portable grinders with cutting discs were readilly available (or invented). Theres absolutely no need for that kind of requirement nowadays. Its about time Masterlock beat the markets overpricing and made locks without added weak points.

Awesome job!! I’m proud of you too.

Nite 0wl Ohh, very cool! I'll note your comment in the annotations with attribution to you -- thanks Nite-diggity!

I honestly didnt know that. I was glad to see that the two floating disks were metal and not plastic, so kudos to Masterlock for that, but WHY did they leave access holes behind the dial that arent present in other versions of this type of lock. Easy vulnerability to just lever off the dial and push the locking pall back.

Thank you! Yeah, definitely could have simplified the math and effort!

Great job! How did it feel to open it? :)

+btpcmsag Thanks!

I'm a newb

Lol.... I think the joke "How many engineers does it take to change a light bulb" is apt here... :)

judgeomega I was thinking the same thing. It seems so obvious when looking at the internals, right? Why complicate it with measurements and finding the circumference when you have a cutaway lock specifically for finding these vulnerabilities? The distance between the "indentation," or rather the protuberance, and the groove in the wheel is never going to change or even vary from lock to lock.

While the exploit he found is pretty smart, I think he was trying to seem *extra* smart by doing the unnecessary calculation, but in reality it backfired

+Vranvs don't worry, I'm not that smart

+Ahmed Twakkal Sweet!!

Thanks!

I'm so happy to help.

+mark johnson Thanks!

Why do you think they make math boring? They can’t have the less behaved kids running around using what they learned in 8th grade math to get into the boiler room at school and shut off all the heating for the building.

Chris Dunn not quite right - it's as the shackle is extracted that the third disc (1st number) is perterbed so that when closed (hence the spring on the latch) it is not unlocked. However it less than scrambles the discs - it moves the last disc slightly. If you open your lock and do not turn it (at least 3 complete revolutions) at some stage before leaving it, it is very easy to open - 1) note the unchanged 3rd number 2) turn dial gently to left until you feel (hear) the lug on the 3rd disc engage with the lug on the 2nd disc - note the 2nd digit of the combination. 3) keep turning to the left until you feel (hear) the lug on the 2nd disc engage with the lug on the 1st disc; add 5 to get the 1st number. 4) to unlock continue turning left until 1 less than number of engagement in step 3 (= 6 less than 3rd number) 5) turn right past that number to 2 less than 2nd number 6) turn left to final number. Alternatively: 1) note 3rd number 2) turn right until you feel the lugs between discs 3 and 2 engage - subtract 2 from number to get 2nd digit 3) keep turning right until you feel the lugs between discs 1 and 2 engage; move one number further on - you have the 1st number 4) to unlock continue as normal to turn left for 2nd and then right for 3rd digits.

://kzbin.info/www/bejne/rWm0gqWeiJ6HhZo Sure what’s

+David Clark Thank you!

BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! BOO!!!!!!!!!! NOT WORK AT ALL AFTER A MILLION TRIES SO THIS VIDEO MUST BE HOAX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

+Andrew Lisenby Awesome!

Nice job!

So I count my disks with 1 being the one close to the dial, and 3 being the one at the back of the lock.

Nice!

I wish I had paid more attention at school

Jack Atherton Also a hack on how to improve internet speed, would be *AMAZING*.

Jack Atherton Thanks Jack! Okay, I will add these to the list of videos! I have a few upcoming that I need to get out first...stay tuned

+Jim Locke Interesting! I was able to feel the protrusion in all Master combo locks I've tested, including several brand new ones and several older ones, with one being at least 10 years old (the newer ones were easier to feel for the protrusion, however the old ones had it), however I doubt I have any as old as some of yours!

Hi there, I realize 2 years have gone by. I found this video as part of a master lock search. I too have experienced the inability to feel the relock tab hitting the bump on the 1st number wheel. In fact, with the shackle unlocked and spinning the dial as suggested, I found the following. I found that the shackle needs to come out about 1/16" beyond the interference point between the lever fence and the 3rd wheel false gates. I tried 6 old locks that are 20 plus years old. I could feel the relock rub on just 1 of the locks. I too wonder if the vunerability (the relocker hit on the 1st number wheel as the shackle is pulled up) is only detectable on newer master locks?

Getting the feel for the resistant location is tough (it's about how much you lift the shackle and is a very specific amount), however once you do find it, it's like riding a bike and you can always find it very easily the next time and across different locks. If it's rotating smoothly at that location (minus about 5.5), then lift the shackle slightly higher -- if it gets locked instead of just resistance, then release shackle a little, and keep repeating those two steps. Good luck!

​@@samykamkar Thanks for the response. I ended up cracking it via the old method: locating the 3rd number of the combo via the 12 "sticky points", and then working through the table of 100 combos. I picked ones that "felt" right (I vaguely recall there being only even numbers, this was my lock 20+ years ago) so that didn't take me but 30 tries Now that I know the combo, I started hacking your calculator to get it to spit out what I want. The values that I should have entered with your method are: 4, 7, 7 I was already pretty confident in the first 2 locked positions (4, 7) after following your instructions. But I was no where close to ever thinking that 7 was the resistant location. Not only because 7 was already one of the inputs, but the lock really likes to stick around the 0 position, so I think that was really throwing me off. Needless to say the thrill when it finally opens is worth the effort. I watched many videos of this variety and I was suspicious that I was being trolled until I watched yours! Your video (and response :-) gave me the confidence to keep trying! Thanks for sharing your knowledge!

Xbox disc reader...

Yeah you'd think, but there was likely several meetings to discuss if the cost/value ratio of that corner. They asked the question "Would the amount of money we would save in manufacturing be greater than the potential impact to sales if the vulnerability were made public?" The answer was obviously "Yes"... Master Lock probably even hired an actuary (That's what you can do with a math degree kids. $100K/year avg. google it.) or two to figure that ratio out. The depiction in Fight Club of the car manufacturers assessing whether to do a recall or not isn't too far from the truth of nearly all industry, on all levels (not just the safety critical industries). I too had no idea how convoluted the whole corporate mechanism becomes, all in the pursuit of one thing: profit margin.

+Brad Stronger -- I was going to tell a friend that little button on the back of the 1st number dial is only there to save Master some money. Now I'm glad I read your comment. Whoever settled on this design probably thought that leaving the button there (making the first 2 dials the same) could serve as the method of scrambling the combo automatically, and it's convenient that can be done using two identical dials. They perhaps never thought about the picking vulnerability.

+Tobia C. Interesting!

The one i have doesn't have a single bump when trying to find the first digit - it has 3 roughly evenly spaced across 8 digits, none of which is 5 from the correct first digit. It does however have the same 2nd and 3rd discs that his lock has (which are both the same - I hope there are other discs which can be put there): subtract 14 from the first digit and I (and he) get our second digit. It also has a key override in case combo lost. The combo can be converted into a left-handed version by subtracting 6 from the first number, add 2 to the second and leave the third alone.

Perhaps the term you were looking for was OUTdentation? Ha ha ha (thanks for calling this one for me... leaving me wound up to say something that had already been said... so I HAD to make up something else... or just waste my breath....)

Haha, thank you both!

I know this video didn't offer or imply anything resembling a warranty, but I came looking precisely because of these two locks I happened to have lying around the garage for lots of years now - totally useless to me because I can't even remember their sources, much less their combo's! Sadly, NONE of the tricks I find on YT are any help: one doesn't EVEN have the usual snags when tugging and twisting; the other has them entirely symetrically - lacking the necessary oddball. Pretty frusterpating! (Obviously, given the low cost of buying a new one, this ain't earth-shattering, but surely maddening that I can't seem to break either one!) Totally aside, and as useless for you as it was for me: one time when I was a kid I had one of unknown combo - took it to bed one night, after all was REAL QUIET, and held it to my ear as I turned. Actually opened it by ear, but in the dark I still had NO IDEA what the combo was! Oh well....

Thanks!

+Olivia Lambert I agree, I don't know why this and other comments like this one are unanswered. However... his over engineered method of measuring everything is a formula that will work in more complex situations.

+Olivia Lambert Totally agree, I was wondering the same thing.

+Olivia Lambert cuz it gonna give you 5.5 but if you get the resistance on a whole number (like 8, not 8.5) 5.5 doesn't give you a exact number (8+5.5=13.5 so u don't know if 1st digit is 13 or 14) with the other way u know the exact digit diference (5.76) and u know that u need to round to 6 if u have a whole number and 5.5 if u get a X.5 number...

You're hot and smart. Not bad. It funny to think that 90% of the population has no clue what this guy is taking about.

skyler guerette Well then 90% of the population needs to stop and think. This video isn't exactly hard to understand. Quantum physics sure, but measuring a few indents on a disk really isn't.

id=10t The mod trick has been known for a long time. Simple reason: the indents that couple the lock wheels together are a fixed distance away from the grooves that allow the lever in. That distance happens to be 18°, i.e. 2 digits on the dial.

Sai Does that mean that they could modify their production process to place them at other distances, thereby breaking this long-known rule, or do the technical (mechanical) requirements enforce this rule, so that they cannot be modified by the manufacturer?

Thomas Tempelmann I'm not 100% sure, but I believe that they could indeed mostly randomize the distances - at least enough to make it better than %4. It'd be more expensive to produce, though.

As a joke, of course. I'm not actually going to steal anything.

MrHatoi Morgan freeman voice: "and on that day.. he stole everything"

***** Oh, very interesting!

chasenallimcam he could actually simpli have turned the thing till the pin end up where he merured for other edge and substract both numbers values

Alex Arsenault Desjardins Exactly, he resorted to convoluted math when he could have just observed the dial and got a more accurate number. The technique is awesome though

chasenallimcam Can't you just use the dial and the internals to get the number? Turn the dial to see where it lines up with the release and compare it to the digit where there's resistance.

he rounded up to 9 anyway.

Masterlock did change the design when they started making these locks in China. Those are even easier to pick like this demo lock.

As I continue watching I'm noticing that you may even be able to shim the lock despite these protections, but you'd need a strong shim that will retain its original shape without folding or breaking, but with a little bit of flexibility to it. Try this with your cutaway lock. It looks like if you apply an upward force to the shackle before you insert the shim, you may just be able to negotiate the shim between the shackle and the groove cut into the latching mechanism meant to trap a shim. It may require several attempts and some blind luck, but I think it might be at least possible...

Interesting! I've tried using strong shims on these with no luck (not an aluminum soda can but rather stronger, dedicated shims), but perhaps with a thinner yet strong shim it can be done. I will try playing around with it further.

Good call! Thanks!

+bridekiller17 Nevermind. I see you did it with JS, and a simple inspect element worked.

Yeah, this is my main question too! Whats the reason for this modulo 4 correlation? Is this due to some manufacturing decision? Could it have been avoided?

+Basse Baba it's because the 3rd combo disc has those little bumps on it-they are a "disguise" so you can't tell when the disc's slot is passing under the spring. They happen to be 4 numbers apart, but they didn't have to make them evenly distributed.

It also relates to why you get the 12 locking numbers (8 you track and 4 you ignore): 12 x 3 = 36, +4 for the gap (the +-2 buffer between the 2nd and 3rd numbers), and there you have your 40 digit combo lock.

+Micker I have basic Javascript code that does it here: samy.pl/master/master.html

+Austen S Thanks!

I could have simplified that portion! Ah, so the bump is required...which makes it harder for them to remove the vuln unfortunately.

+Reichart Von Wolfsheild Thanks, and good point!

@Reichart Von Wolfsheild: Oh thank you! I was looking to see if anyone else pointed out this word glitch. Now that Sammy knows, I will not have to cringe for his future videos. Every time he said indentation, I got distracted from the content. And to you Sammy, great video; you did get there after all.