Headline Image: Author: Mr Hicks46 | Licence: Human | Borg

[**Part 1: Introduction**] [Part 2: Keypads]

You probably don’t know this, but I am quite proficient with a set of traditional Lock Picks; I carry a set with me everywhere I go, of course, I don’t use them for illegal activities, that would be, well, illegal. I remember the day when I successfully picked my first lock, it was amazing and then it was very scary. All of a sudden, the door locks and padlocks that you think are doing a really good job of protecting your stuff, aren’t doing a very good job at all. In fact, they’re doing a terrible job. These days I’m very, very picky about choosing new locks.

Recently, I was watching Chuck on Netflix, which is excellent, in fact, I liked it so much I bought the box set on iTunes. And whilst what I’m about to mention is in no way exclusive to Chuck, it was Chuck that put this idea into my head.

Author: Matti Mattila Licence: Human | Borg

You see more and more doors these days that are secured with a Keypad entry system. With such a system you enter a 4 digit PIN (usually, although sometimes more digits) and the door opens. This got me wondering; can a laymen, such as myself, build a device that will open a keypad door?

(I would insert a picture of a keypad door hacker here, but with Creative Commons turned on, I was unable to find a single image that looks even remotely like the sort of keypad hacker you see in films and TV shows, suffice to say, watch Chuck S1E4 from 20mins 15seconds. And then watch all of Chuck.)

You see these devices in movies and TV shows all the time, but can a normal person, using normal off the shelf parts build a real life digital lock pick?

So this is the question I’ve been trying to answer for the last week, and I think I now have the answer; I think the answer is Yes.

## PIN Basics

The first step is to do some simple maths to work out what sort of numbers we’re dealing with here.

In everyday life we use Decimal, or the Base 10 counting system, which is where we have 10 symbols to represent numbers, namely 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. If we want to create a number that is higher than 9, we start combining those symbols, 10, 11, 12, etc.

In a 4 digit PIN (where you are allowed to repeat a number, e.g: 1123) there are 10 possible options per digit of the PIN.

To simplify this, we’ll create a table:

Digit 1 | Digit 2 | Digit 3 | Digit 4 |

1 | 1 | 2 | 3 |

Digit 1 can be any number from 0 to 9 (inclusive). Digit 2 can also be any number from 0 to 9, as can digit 3 and digit 4. This means that there are 10 x 10 x 10 x 10 possible combinations of PINs. In other words, the total number of combinations for a 4 digit PIN is 10,000.

That might sound like a lot, but actually it isn’t. Think about your bank card, you have a 4 digit PIN for that. Now think about how many people have bank cards.

The estimated adult population in the UK in 2013 (those aged 15 – 65*) was 41.21m. (Wolfram.)

41.21m / 10,000 = 4121

This means that (assuming the banks allow PINs like ‘0000’, ‘3333’, etc) you share your PIN with 4120 other people in the UK.

(* I am well aware that people over 65 also have bank cards, but for these non-consequential equations, this is good enough for illustrative purposes.)

You can do some interesting things with these numbers. If you assume that 41.21m is accurate (which of course it isn’t, but assuming it is) then, without moving to a different Base counting system, we’d need 8 digit PINs before we each had a unique one. In an 8 digit PIN there are 100,000,000 possible combinations, and as we’ll see later, one of the keypads I’ve been playing with can use 12 digit PINs, for which there are 1 trillion possible combinations.

But for the time being, we’ll just focus on 4 digit PINs. The next step is to get the Arduino to generate all 10,000 combinations.

This it turns out is actually very simple, and if you do it without printing each PIN to the serial monitor, the Arduino can generate them all in 1ms.

void setup() { Serial.begin(9600); delay(5000); for (int a = 0; a < 10; a++) { for (int b = 0; b < 10; b++) { for (int c = 0; c < 10; c++) { for (int d = 0; d < 10; d++) { Serial.print(a); Serial.print(b); Serial.print(c); Serial.println(d); } } } } } void loop() { }

So it’s really quite simple, 4 nested for loops. Voilà, everything from 0000, 0001 to 9998, 9999.

The next step is to work out how Keypads work, generally, and later, how keypads in the wild work. Do they conform to a standard? Are the hooked up the same way? Do manufactures already try to protect against outside interference? These are all good questions which have to be answered.

This is what we’ll do in part 2.

[**Part 1: Introduction**] [Part 2: Keypads]