Master Lock Speed Dial Style Lock Factory Code Brute Force Attack.

Speed dial style locks work like a hash function,  the input is sequence of directions of 0 to infinite length.  The output domain is one of 7501 finite internal states. (see Master Lock Speed Dial, why there are... for an explanation) Given these facts it follows that there are multiple (infinite in fact) ways to reach a given internal state.  Said another way,  if an input sequence is chosen at random its output will collide with an infinite number of other input sequences.

For the case of factory set codes,  we can devise a brute force sequence which will check more "valuable" output states first, that is states that cover many factory codes. We can also compute a shorter path through the states of interest than naively entering all possible inputs.  In this way we can exhaust half of the factory code input space in under 2 minutes.

The brute force shown in this video should open all speed dial style locks when set to a factory code, eg. MasterLock ONE,  the bike lock version, etc.

UPDATE:  Prevarikation pointed out that Knollans have been seen in the wild that have 3 consecutive directions in their factory code.  This brute force sheet will miss those.  Someday I will generate a sheet specifically for that.


brute force sheet (and full decode worksheets)

https://drive.google.com/file/d/1u3Ag...


For further research see:
mh's paper: https://toool.nl/images/e/e5/The_New_...


prevarikation's port of mh's visualizer: https://prevarikation.com/mh-visualizer/