This Open-Source Robot Can Crack A Safe in 30 Minutes
By Matthew Mensley
Using cheap open-source hardware, 3D printed parts and some engineering know how, a group of hobbyist hackers have brute-forced their way into a safe, live on stage at the DEF CON cybersecurity conference.
For Nathan Seidle, Bob Reynolds and Joel Bartlett, nuts and bolts are their daily business. Together, they all work at SparkFun, a Colorado, US, based hardware store serving the needs of open-source builders.
By night (figuratively) however, they hack. But cast aside any visions of darkened rooms and lone figures hunched over a computer, furiously tapping lines of code into a keyboard. These hackers are of the hardware variety, focusing on finding and exploiting vulnerabilities in everyday objects that ought not have them.
Entirely for the fun of it, rather than desire for financial gain, the group recently turned their attention to a cheap and fairly common SentrySafe safe.
The group built a machine from parts costing approximately $200. This machine is designed to brute-force it’s way into the safe. Despite the aggressive sound of it, this simply means that the robot will attempt every plausible combination to unlock the safe.
This safe-cracking robot is the subject of a lengthy piece on Wired. The magazine picked the story up just before the group took to the DEF CON cybersecurity conference. There, live on stage, they put it to the test in front of a large crowd.
Building a Safe-Cracking Robot
Seidle and co’s break-in bot is comprised of an aluminum frame, Arduino, motor, magnets, sensors and a 3D printed coupler. Thanks to the flexibility of 3D printing, this last part is customizable to fit any safe that uses a rotating dial combination lock.
The way the robot goes about its task is very simple. Attaching it to the front of the safe with magnets engages the ‘bot to the dial.
It then follows a routine to try every possible combination of the three number code. Each number could be as high as 100, meaning from the outset the robot needs to attempt 1,000,000 (100 x 100 x 100) combinations.
To simplify its job however, Seidle and his hacking compatriots have divined some vulnerabilities in the safe that allows them to drastically reduce this number of possibilities.
From the get-go, the robot can determine the final number in the sequence by measuring notches inside the mechanism. A difference of a mere fraction of an inch — undetectable by human hand — is easily found by the machine, which betrays the final number in the combination.
Add to this the discovery that adjacent numbers to the correct code work. This means that the robot tries every third number in its search. In all, through its own actions and the group’s knowledge, the number of possible combinations drop to approximately 1,000.
A far more achievable task. And one that the group’s robot managed to do onstage at DEF CON in approximately 30 minutes.
Is My Safe Safe?
Seidle gives the assurance that this doesn’t herald the dawn of machine-enabled kleptomania. Speaking to Wired, he said: “You’re going to have an army of geeks like myself poking and prodding and trying to do things like this… . The nature of the toolset is getting cheaper, so more nerds are getting brave with their puzzling.”
SentrySafe said in a statement regarding the matter:
“In this case, there was a tremendous effort, uninterrupted time in a controlled environment, the right tools and significant technical knowledge needed to eventually manipulate the safe… . In this environment, the product accomplished what it was designed to do and would be realistically very difficult, if not impossible, for the average person to replicate in the field.”
It’s easy to draw the conclusion of this being a safe-cracking machine for anyone to build and get-a-robbin’. But it’s probably not the best method for breaking open such safes. Seidle adds, “There are so many cheaper and better ways to open up a safe than building one of these.”
The post This Open-Source Robot Can Crack A Safe in 30 Minutes appeared first on All3DP.
July 31, 2017 at 07:57PM
via All3DPAll3DP http://ift.tt/2uRHKha