So Seidle started looking for shortcuts. First he found that, like many safes, his SentrySafe had some tolerance for error. If the combination includes a 12, for instance, 11 or 13 would work, too. That simple convenience measure meant his bot could try every third number instead of every single number, immediately paring down the total test time to just over four days. Seidle also realized that the bot didn't actually need to return the dial to its original position before trying every combination. By making attempts in a certain careful order, it could keep two of the three rotors in place, while trying new numbers on just the last, vastly cutting the time to try new combinations to a maximum of four seconds per try. That reduced the maximum bruteforcing time to about one day and 16 hours, or under a day on average.

But Seidle found one more clever trick, this time taking advantage of a design quirk in the safe intended to prevent traditional safecracking. Because the safe has a rod that slips into slots in the three rotors when they're aligned to the combination's numbers, a human safecracker can apply light pressure to the safe's handle, turn its dial, and listen or feel for the moment when that rod slips into those slots. To block that technique, the third rotor of Seidle's SentrySafe is indented with twelve notches that catch the rod if someone turns the dial while pulling the handle.

Seidle took apart the safe he and his wife had owned for years, and measured those twelve notches. To his surprise, he discovered the one that contained the slot for the correct combination was about a hundredth of an inch narrower than the other eleven. That's not a difference any human can feel or listen for, but his robot can easily detect it with a few automated measurements that take seconds. That discovery defeated an entire rotor's worth of combinations, dividing the possible solutions by a factor of 33, and reducing the total cracking time to the robot's current hour-and-13 minute max.

Safe Bets

In a statement to WIRED, SentrySafe didn't deny that its safes had vulnerabilities. But the company argued its products could still stand up to a less geeky attacker. "In this case, there was a tremendous effort, uninterrupted time in a controlled environment, the right tools and significant technical knowledge needed to eventually manipulate the safe," the statement from SentrySafe reads. "In this environment, the product accomplished what it was designed to do and would be realistically very difficult, if not impossible, for the average person to replicate in the field.”

Seidle counters that yes, anyone can reproduce his bot---that's the point of building it from cheap, open-source parts. But by demonstrating his safecracking bot and showing people how to make their own, Seidle says he's certainly not trying to aid burglars. Instead, he sees his work as mostly harmless DIY fun, and a warning about the limits of the security of a cheap safe. And more broadly, he sees it as a way to demonstrate the changing nature of physical security in an era of cheap robotics. "Could someone replicate it? Yeah, that’s the point," says Seidle."But there are so many cheaper and better ways to open up a safe than building one of these." (Less delicate methods involve a crowbar or a big hammer, for instance.)

In his talk at Defcon, Seidle plans to demonstrate his robot by cracking a newer, larger, $160 SentrySafe model live on stage. He says he couldn't find the smaller one for sale in Las Vegas, where the conference is held. That larger model requires a key as well as a combination to open. But surprisingly, Seidle found he could defeat that key safeguard with an old trick: shoving the plastic body of a Bic pen into the round keyhole and turning it. "Worked like a champ," Seidle says. "They added a layer of security that is completely useless."

Still, neither of the SentrySafes he's testing is a true high security safe, Seidle admits. Other, more expensive brands may not have its indentation giveaway in the third rotor, for instance, though Seidle notes some other elements of his robotic tricks could still vastly reduce the time to bruteforce their combinations. And as for those higher-end safes, Seidle welcomes other DIYers to pick up his work where he left off. "I don’t know if anyone is going to replicate my robot, but I imagine someone will take part one and part five and apply them to open a different model," he says. "And that would make me feel good."