• doofutz (unregistered) in reply to db48x

    In the middle of trying to sell my house currently so I'm familiar with lock boxes too. However, the one at my front door has no buttons and seems to operate via some remote control keypad the realtor carries with him -- not sure how it works though -- cell network perhaps? Bluetooth?

    Gaining access to one of these would be a truly interesting challenge. I hope there is some sort of rolling code for auth to the device. My garage remote even has that!

    Of course in my experience the lockbox is sometimes just sitting on the front porch thus allowing anyone to walk off with it. Plus I would say about 25% of the time the realtors or potential buyers will leave doors unlocked, windows opened, all the lights on, etc. Unscrupulous access wouldn't be hard.

    No, I'm not going to reveal where I live! :-)

  • (cs) in reply to Rootbeer
    Rootbeer:
    TRWTF is that these devices are used at all.

    What's wrong with the access control system called "give a copy of the key to the realtor, and they keep it at their office when they're not showing the property"?

    One realty company, two or more agents. First agent leaves office with client to show a dozen properties all over one end of town. Second agent meets another client who wants to see a dozen properties including one that overlaps first agent's list. Second agent can't leave the office until first agent gets back from making the rounds.

  • (cs) in reply to msturtz
    msturtz:
    It's certainly true that there are many different types of lock-boxes, but the brand and type pictured don't work *exactly* like you say, at least not in my experience. You have to have the correct *set* of numbers, but the sequence doesn't matter -- meaning, if the code is 1234, you can enter 1-2-3-4, or 2-3-1-4, or 4-3-2-1. As long as all the correct buttons are pushed, and none of the incorrect ones are, then it opens. If you make a mistake, the second slider between buttons 3-4 and 8-9 un-pushes all the buttons.

    Clearly the security isn't that great.

    NOW your challange is to write a function that will take the # of buttons in the code (say, you're standing next to your realtor, count the clicks), and print out a list of all possible codes of that length, eliminiating the duplicates based on the above (print 1-2-3-4, and don't print 2-3-4-1 or 3-4-1-2 or 4-1-2-3)... THEN you'll see how insecure these boxes really are.

    And once you have that, you can use it to buy lottery tickets. Once upon a time, I worked out how many tickets you'd have to buy at one time to be assured of winning at least the minimum prize, minimizing unnecessary overlapping combinations. Turned out to be about 500 tickets for a guaranteed win of about $40.

  • (cs)

    I know I have a constructive proof for the shortest sequence somewhere in my graph theory notes, and could construct an algorithm out of it, but I'm too lazy. Also, it's 2 AM.

  • Nick (unregistered) in reply to Frank

    This is more of a fun puzzle than a feasible attack; it may save you a factor of 4, but the output string is still going to be 10003 digits long.

    Also, insert objection to security by obscurity here.

  • storray expert (unregistered) in reply to Frank
    Frank:
    Quite honestly, this is a ethically questionable code challenge.

    You're not only revealing how these lock boxes work (Which, yes, would be commonly available information), but you're announcing "to the world" that they're simple to break into, with a solution to how to do it.

    Why do I have issue with this? People selling their house have a realtor, who will use lockboxes. For the seller, there's no guarantee that others will use spin-wheel, combination, or push-button lockboxes, and the seller has no say on what will be employed.

    You're now telling people how to get a key for doors to houses for people who are selling for one reason or another. Most will not use this information in a negative manner, however, some douche out there will take this information (which might not have been apparent) as an invitation to start ripping people off.

    Think about it - you're selling your house. You're not home most of the time (Work), and neighbours are used to seeing people coming and going into your home. And then you find a website which is announcing a contest, for fun, on how to get a key for your house.

    Strike anyone else as questionable / bad idea? Tinfoil hat wearer I'm not, I just have issues with other people's ethics (Such as the dick who did this to a friend some months ago)

    No. Security by obscurity is not something that should be encouraged.

  • gif (unregistered) in reply to db48x

    See, what bothers me isn't the ethical implications of talking about a trivially insecure system, it's referring to arguments as variables.

  • KCR (unregistered)

    This has been solved. Look up m-sequences.

  • frogbert (unregistered)

    If someone wants to break into a place they're more likely to kick in the door instead of dicking about on a codebox for a few hours.

  • nobody inparticular (unregistered) in reply to db48x

    Agreed with db48x here. While an interesting programming challenge, manually entering such a code would still take a long time with potential for mistake.

    Assuming a 4 digit code with 10 possibilities and order mattering, you have 101010*10 different potential codes. The absolute best code you could hope for out of this program would be that many digits long, plus three for the first number. 10,003 button presses and that's only if it's possible to get a workable solution down to that number. In the time it takes to input that code, a person with nefarious intent could probably manage to pick the lock or work open the box in another easier manner.

    Turning a blind eye to potential security issues does not make them more secure, and testing them does not make them less.

  • Joe (unregistered)

    I determined how to crack a masterlock branded perminate lockbox (one of those meant to be installed by the homeowner, so you affix it to the house with screws.

    It turns out that the only tool needed is a flashlight (that may be optional if the sign is shining in just the right angle.) It turns out that the tumblers can be seen from the outside if you look just right, and it is trivial to find (digit + 5 mod 10). From that it is pretty trivial to rotate the digit 5 clicks, repeat for the remaining three digits.

    The total time to break in in well under a minute without any significant practice.

  • Cheesy (unregistered) in reply to Drew
    Drew:
    A lot of people, when they sell their house, are still living in it. The realtor shows it while they're at work, then they come home and live in it during the night. I know when I was a kid, the realtor would regularly come by when my brother and I were home from school but my parents hadn't gotten home yet.

    ...cue cheesy porn movie music...

  • Jazradel (unregistered) in reply to Frank

    Security by obscurity isn't security at all.

    Besides, you could probably find out this information by reading the manual.

  • Sir Read-a-Lot (unregistered)

    The most efficient sequence is going to be the number of combinations(number of digits^code length) + the code length - 1. eg. 10^4 + 4-1 = 10,003

    Here's a corollary problem: How many different "efficient" sequences are there for a code of length l using n digits?

  • (cs)

    What? No C solution yet?

    #define BUTTONS     10
#define LEN         4
main() {
  int size = 100;
  char *p, *i, *buf=malloc(size);
  memset(buf, '0'+BUTTONS-1, LEN);          // start with highest possible code
  for(p=buf+LEN; ; p++) {                   // loop to build answer from there
    for(*p='0'; *p<buf[0]; (*p)++) {        // try each value at tail position
      for(i=buf; i<p-LEN+1; i++)            // check for cycles
        if(!memcmp(i, p-LEN+1, LEN)) break;
      if(i==p-LEN+1) break;                 // no cycle: accept digit
    }
    if(!memcmp(buf, p-LEN+1, LEN))          // done yet? (hit highest code again)
      return printf("%.*s\n", p-buf, buf);  // print all but last char
    if(p-buf>=size-1)
      buf = realloc(buf, size*=2);          // need more memory?
  }
}

    Addendum (2010-04-01 00:29): Oh and don't mind the horrible bug in there.

  • Mr.'; Drop Database -- (unregistered)

    For the hard problem, I discovered that if I start with 000, and then always choose the largest digit that doesn't create a duplicate subsequence, then I always get a minimal result. I have tested that this works for lengths up to 5 and bases up to 16.

    def lockbox(length=4, base=10):
assert length > 1; assert 2 <= base <= 16
m = dict((n, list(range(base))) for n in range(base ** (length - 1)))
s = '0' * (length - 1); last = 0 # Start at 000
while m:
if last in m:
n = m[last].pop() # Choose the largest digit possible
s += hex(n)[-1]
if not m[last]: del m[last]
last = last * base % (base ** (length - 1)) + n
else:
raise Exception("that didn't work")
# Verify the result; str.index will throw if a sequence is missing
for i in range(base ** length):
substr = ''
for j in range(length): substr = hex(i % base)[-1] + substr; i //= base
s.index(substr)
return s

  • Casey (unregistered) in reply to Frank

    Security through obscurity is really, really bad. I can't express how poor of an excuse that is.

  • Thorsten M. (unregistered) in reply to Frank
    Frank:
    You're not only revealing how these lock boxes work (Which, yes, would be commonly available information), but you're announcing "to the world" that they're simple to break into, with a solution to how to do it.

    For a technically able thief this information will hardly be news. If he's aiming for Key Lock Boxes, he will figure out how they work. From there it's not that challenging to develop the algorithm. --> No Benefit for the thief, no problem.

    A technically not so able thief will very likely not look for this kind of information in the net. --> No Benefit for the thief, no problem.

    A House-Seller might be warned about a risk he was previously not aware of (and not focusing on it because it might have seemed an irrelevant tidbit for the selling process). --> Benefit for the seller, ethically valuable article.

    There might be some (unlikely) cases where a thief gets his information here. My assumption is that the number of Sellers looking for more secure key lock boxes (and actually reading highly important technical details) will prevent more burglarys than are caused by this article.

    CAPTCHA: dignissim I don't think the articel is lacking the required dignissim

  • Fabiano (unregistered)

    I think the problem is not well posed (IMHO). It is quite simple to generate a number sequence which is going to cover all the different combinations but the real challenge is to minimize the number's lenght. I think you should re-write the challenge in this way: The winner is going to be the guy who is going to find out the littlest number covering all the cases.

  • Fabiano (unregistered) in reply to Fabiano

    ok.. i have read the last post.There already guys who has minimized. :-( I have to read the comments first! ;-)

  • anon (unregistered)

    I fear that just reading the comments may put in breach of UK "anti-terrorism" legislation...

  • DD (unregistered)

    I felt like I have seen something like this before: http://www.stefangeens.com/2004/10/the-de-bruijn-c.html

  • Pedants R Us (unregistered) in reply to Cad Delworth
    Cad Delworth:
    grizz:
    Let the ad hominum attacks commence!
    OK, let's start with "ad hominem."

    Really, the standard of Latin on this forum has gone to pot lately. Pfah!

    No, this is also known as the Jackie Gleason method. Fully expressed as ad hominum hominum honinum.

  • Matthijs Kooijman (unregistered) in reply to Fritz

    π (pi) will open any door. Can you prove that?

  • Ray (unregistered) in reply to Frank

    I understand your concerns with the ethics here, but in 2010 the old push-button lock box is about as relevant as the Dodo. Currently, realtors use RFID boxes, based upon a standard system. The lockbox is a smooth, faceless device with a depression in the bottom. The showing realtor now places their RFID dongle into the depression, and once an authentication code is matched, the key tray pops out.

    The boxes now record who opened them, when, and for how long. Thus, cracking the pushbutton code should really be viewed simply as good fun.

  • (cs) in reply to Mr.'; Drop Database --
    Mr.'; Drop Database --:
    For the hard problem, I discovered that if I start with 000, and then always choose the largest digit that doesn't create a duplicate subsequence, then I always get a minimal result. I have tested that this works for lengths up to 5 and bases up to 16.

    I found that if you start with 000 and always choose the highest number that doesn't cause a duplicate code, then you don't need to store every code you have (or haven't) used, just what the lowest final digit you've tried for each prefix is. So for a 4-digit base-10 code, you only need a 1000-element scratch to be able to generate the smallest possible code in the fastest possible time. It would also allow you to stream the solution to a file or terminal without having to store the whole thing in memory.

    c++ code is:

    #include <memory.h>

const char* basechars = "0123456789ABCDEF";

// this is much faster than the c-lib pow for small int values of y
// (the c-lib pow only takes floating point numbers)
// doesn't handle y<= 0
int pow(int x, int y)
{
	int result = x;
	for(y;y>1;y--)
	{
		result*=x;
	}
	return result;
}

// warning: behaviour is undefined for base <= 1 or length <= 1.
// warning: may use an obscene amount of memory with large base and/or length
char* lockbox(int length=4, int base=10)
{
	int outputlength = pow(base,length)+length-1;
	char* output = new char[outputlength+1];
	output[outputlength] = '\0';
	memset(output,basechars[0],length-1);

	int maxprefix = pow(base,length-1);
	int scratchsize = maxprefix;
	char* scratch = new char[scratchsize];
	memset(scratch,base-1,scratchsize);

	char* currentchar = output+length-1;
	int currentprefix = 0;

	do
	{
		char newdigit = scratch[currentprefix]--;
		*currentchar++ = basechars[newdigit];
		currentprefix = (currentprefix * base) % maxprefix + newdigit;
	}
	while(scratch[0] >= 0);

	return output;
}

    output is:

    00099998999799969995999499939992999199909988998799869985998499839982998199809978 99779976997599749973997299719970996899679966996599649963996299619960995899579956 99559954995399529951995099489947994699459944994399429941994099389937993699359934 99339932993199309928992799269925992499239922992199209918991799169915991499139912 99119910990899079906990599049903990299019900989897989698959894989398929891989098 88988798869885988498839882988198809878987798769875987498739872987198709868986798 66986598649863986298619860985898579856985598549853985298519850984898479846984598 44984398429841984098389837983698359834983398329831983098289827982698259824982398 22982198209818981798169815981498139812981198109808980798069805980498039802980198 00979796979597949793979297919790978897879786978597849783978297819780977897779776 97759774977397729771977097689767976697659764976397629761976097589757975697559754 97539752975197509748974797469745974497439742974197409738973797369735973497339732 97319730972897279726972597249723972297219720971897179716971597149713971297119710 97089707970697059704970397029701970096969596949693969296919690968896879686968596 84968396829681968096789677967696759674967396729671967096689667966696659664966396 62966196609658965796569655965496539652965196509648964796469645964496439642964196 40963896379636963596349633963296319630962896279626962596249623962296219620961896 17961696159614961396129611961096089607960696059604960396029601960095959495939592 95919590958895879586958595849583958295819580957895779576957595749573957295719570 95689567956695659564956395629561956095589557955695559554955395529551955095489547 95469545954495439542954195409538953795369535953495339532953195309528952795269525 95249523952295219520951895179516951595149513951295119510950895079506950595049503 95029501950094949394929491949094889487948694859484948394829481948094789477947694 75947494739472947194709468946794669465946494639462946194609458945794569455945494 53945294519450944894479446944594449443944294419440943894379436943594349433943294 31943094289427942694259424942394229421942094189417941694159414941394129411941094 08940794069405940494039402940194009393929391939093889387938693859384938393829381 93809378937793769375937493739372937193709368936793669365936493639362936193609358 93579356935593549353935293519350934893479346934593449343934293419340933893379336 93359334933393329331933093289327932693259324932393229321932093189317931693159314 93139312931193109308930793069305930493039302930193009292919290928892879286928592 84928392829281928092789277927692759274927392729271927092689267926692659264926392 62926192609258925792569255925492539252925192509248924792469245924492439242924192 40923892379236923592349233923292319230922892279226922592249223922292219220921892 17921692159214921392129211921092089207920692059204920392029201920091919091889187 91869185918491839182918191809178917791769175917491739172917191709168916791669165 91649163916291619160915891579156915591549153915291519150914891479146914591449143 91429141914091389137913691359134913391329131913091289127912691259124912391229121 91209118911791169115911491139112911191109108910791069105910491039102910191009090 88908790869085908490839082908190809078907790769075907490739072907190709068906790 66906590649063906290619060905890579056905590549053905290519050904890479046904590 44904390429041904090389037903690359034903390329031903090289027902690259024902390 22902190209018901790169015901490139012901190109008900790069005900490039002900190 00888878886888588848883888288818880887788768875887488738872887188708867886688658 86488638862886188608857885688558854885388528851885088478846884588448843884288418 84088378836883588348833883288318830882788268825882488238822882188208817881688158 81488138812881188108807880688058804880388028801880087878687858784878387828781878 08777877687758774877387728771877087678766876587648763876287618760875787568755875 48753875287518750874787468745874487438742874187408737873687358734873387328731873 08727872687258724872387228721872087178716871587148713871287118710870787068705870 48703870287018700868685868486838682868186808677867686758674867386728671867086678 66686658664866386628661866086578656865586548653865286518650864786468645864486438 64286418640863786368635863486338632863186308627862686258624862386228621862086178 61686158614861386128611861086078606860586048603860286018600858584858385828581858 08577857685758574857385728571857085678566856585648563856285618560855785568555855 48553855285518550854785468545854485438542854185408537853685358534853385328531853 08527852685258524852385228521852085178516851585148513851285118510850785068505850 48503850285018500848483848284818480847784768475847484738472847184708467846684658 46484638462846184608457845684558454845384528451845084478446844584448443844284418 44084378436843584348433843284318430842784268425842484238422842184208417841684158 41484138412841184108407840684058404840384028401840083838283818380837783768375837 48373837283718370836783668365836483638362836183608357835683558354835383528351835 08347834683458344834383428341834083378336833583348333833283318330832783268325832 48323832283218320831783168315831483138312831183108307830683058304830383028301830 08282818280827782768275827482738272827182708267826682658264826382628261826082578 25682558254825382528251825082478246824582448243824282418240823782368235823482338 23282318230822782268225822482238222822182208217821682158214821382128211821082078 20682058204820382028201820081818081778176817581748173817281718170816781668165816 48163816281618160815781568155815481538152815181508147814681458144814381428141814 08137813681358134813381328131813081278126812581248123812281218120811781168115811 48113811281118110810781068105810481038102810181008080778076807580748073807280718 07080678066806580648063806280618060805780568055805480538052805180508047804680458 04480438042804180408037803680358034803380328031803080278026802580248023802280218 02080178016801580148013801280118010800780068005800480038002800180007777677757774 77737772777177707766776577647763776277617760775677557754775377527751775077467745 77447743774277417740773677357734773377327731773077267725772477237722772177207716 77157714771377127711771077067705770477037702770177007676757674767376727671767076 66766576647663766276617660765676557654765376527651765076467645764476437642764176 40763676357634763376327631763076267625762476237622762176207616761576147613761276 11761076067605760476037602760176007575747573757275717570756675657564756375627561 75607556755575547553755275517550754675457544754375427541754075367535753475337532 75317530752675257524752375227521752075167515751475137512751175107506750575047503 75027501750074747374727471747074667465746474637462746174607456745574547453745274 51745074467445744474437442744174407436743574347433743274317430742674257424742374 22742174207416741574147413741274117410740674057404740374027401740073737273717370 73667365736473637362736173607356735573547353735273517350734673457344734373427341 73407336733573347333733273317330732673257324732373227321732073167315731473137312 73117310730673057304730373027301730072727172707266726572647263726272617260725672 55725472537252725172507246724572447243724272417240723672357234723372327231723072 26722572247223722272217220721672157214721372127211721072067205720472037202720172 00717170716671657164716371627161716071567155715471537152715171507146714571447143 71427141714071367135713471337132713171307126712571247123712271217120711671157114 71137112711171107106710571047103710271017100707066706570647063706270617060705670 55705470537052705170507046704570447043704270417040703670357034703370327031703070 26702570247023702270217020701670157014701370127011701070067005700470037002700170 00666656664666366626661666066556654665366526651665066456644664366426641664066356 63466336632663166306625662466236622662166206615661466136612661166106605660466036 60266016600656564656365626561656065556554655365526551655065456544654365426541654 06535653465336532653165306525652465236522652165206515651465136512651165106505650 46503650265016500646463646264616460645564546453645264516450644564446443644264416 44064356434643364326431643064256424642364226421642064156414641364126411641064056 40464036402640164006363626361636063556354635363526351635063456344634363426341634 06335633463336332633163306325632463236322632163206315631463136312631163106305630 46303630263016300626261626062556254625362526251625062456244624362426241624062356 23462336232623162306225622462236222622162206215621462136212621162106205620462036 20262016200616160615561546153615261516150614561446143614261416140613561346133613 26131613061256124612361226121612061156114611361126111611061056104610361026101610 06060556054605360526051605060456044604360426041604060356034603360326031603060256 02460236022602160206015601460136012601160106005600460036002600160005555455535552 55515550554455435542554155405534553355325531553055245523552255215520551455135512 55115510550455035502550155005454535452545154505444544354425441544054345433543254 31543054245423542254215420541454135412541154105404540354025401540053535253515350 53445343534253415340533453335332533153305324532353225321532053145313531253115310 53045303530253015300525251525052445243524252415240523452335232523152305224522352 22522152205214521352125211521052045203520252015200515150514451435142514151405134 51335132513151305124512351225121512051145113511251115110510451035102510151005050 44504350425041504050345033503250315030502450235022502150205014501350125011501050 04500350025001500044443444244414440443344324431443044234422442144204413441244114 41044034402440144004343424341434043334332433143304323432243214320431343124311431 04303430243014300424241424042334232423142304223422242214220421342124211421042034 20242014200414140413341324131413041234122412141204113411241114110410341024101410 04040334032403140304023402240214020401340124011401040034002400140003333233313330 33223321332033123311331033023301330032323132303222322132203212321132103202320132 00313130312231213120311231113110310231013100303022302130203012301130103002300130 00222212220221122102201220021212021112110210121002020112010200120001111011001010 000

  • lazybastard (unregistered)

    The following is to spec but will give an overly long sequence:

    #!/usr/bin/perl $fullcode=""; for ($i=0;$i<10000;$i++) { $code=$i; while (length($code)<4) { $code="0".$code; } if (index($fullcode,$code)==-1) { $fullcode.=$code; } } print $fullcode;

    Extra bonus points for the person that writes code that generates the shortest sequence.

  • lazybastard (unregistered) in reply to da Doctah

    "Once upon a time, I worked out how many tickets you'd have to buy at one time to be assured of winning at least the minimum prize, minimizing unnecessary overlapping combinations. Turned out to be about 500 tickets for a guaranteed win of about $40." ... which is why it costs more than $40 to buy 500 tickets.

  • Count (unregistered) in reply to Joris

    yupp, complete according to:

    #!/usr/bin/perl

    use strict;

    my $string = <STDIN>; my %codes;

    for (my $i = 0; $i<length($string); $i++) { my $code = substr($string,$i,4); if (defined($codes{$code})) { $codes{$code}++; } else { $codes{$code}=1; } }

    for (my $i = 0; $i < 10000; $i++) { if (!defined($codes{sprintf("%04d",$i)})) { printf "missing: %04d\n",$i; } elsif ($codes{sprintf("%04d",$i)} > 1) { printf "code %04d occured %d times\n",$i,$codes{sprintf("%04d",$i)}; } }

  • BillyTheSquid (unregistered)

    People don't seem to be registering something: The same number cannot be used twice in the same sequence of 4 characters. A single ten-digit string (eg: 1234567890) covers the combinations: 1234, 2345, 3456, 4567, 5678, 6789, 7890

    For example, the number displayed above contains the following string: 97749773977 - this is an impossible number using the theory above, as pressing a button twice in the same sequence doesn't register the second button.

  • Count (unregistered) in reply to lazybastard

    yeah, at least 103 are duplicate at least once.

    #!/usr/bin/perl

    use strict;

    my %codes; my $string = "0000111122223333444455556666777788889999"; my $count = 10000; my $touches = 40;

    for (my $i = 0; $i<length($string); $i++) { my $code = substr($string,$i,4); next unless ($code =~ /[0-9]{4}/); if (defined($codes{$code})) { $codes{$code}++; } else { $codes{$code}=1; $count--; } }

    my $x; while ($count > 0) { KEY: for (my $k = 0; $k < 10; $k++) { $x++; next KEY if (defined($codes{substr($string,-3,3).$k}) && ($x<10)); if (!defined($codes{substr($string,-3,3).$k})) { $count--; $codes{substr($string,-3,3).$k}=1; print STDERR "found ".substr($string,-3,3).$k.", $count to go, $touches touches\n"; } $string .= $k; $touches++; $x=0; } }

    for (my $i = 0; $i < 10000; $i++) { if (!defined($codes{sprintf("%04d",$i)})) { printf "missing: %04d\n",$i; $count--; $codes{sprintf("%04d",$i)}=1; $touches += 4; $string .= sprintf("%04d",$i); } } print "needed $touches touches to get string: $string\n";

  • Docta Jonez (unregistered)

    Here's my solution using C# and LINQ.

    void Main() { //get an IEnumerable range from "0" to "9" var buttons = Enumerable.Range(0, 10).Select(r => r.ToString()); //get all possible combinations for a password with a length of 4 var combinations = getCombinations(4, buttons);

    var bruteKey = new StringBuilder();
//build up a string of all combinations, ensure no duplicates
foreach(var combination in combinations)
    if (!bruteKey.ToString().Contains(combination))
        bruteKey.Append(combination);

//here's the result, do something with it
person.SpendHoursEnteringKey(bruteKey);

    }

    public IEnumerable<string> getCombinations(int combinationLength, IEnumerable<string> buttons) { var combinations = buttons; //build up all possible combinations for(int currentLength = 1; currentLength < combinationLength; currentLength++) combinations = combinations.SelectMany(combination => buttons.Select(button => combination + button));

    return combinations;

    }

  • (cs) in reply to BillyTheSquid
    BillyTheSquid:
    People don't seem to be registering something: The same number cannot be used twice in the same sequence of 4 characters. For example, the number displayed above contains the following string: 97749773977 - this is an impossible number using the theory above, as pressing a button twice in the same sequence doesn't register the second button.
    It would be good to get this clarified, the challenge doesn't specify either way.
  • Mark Leander (unregistered)

    http://en.wikipedia.org/wiki/De_Bruijn_sequence

  • BentFranklin (unregistered)

    It's probably too late for anyone to read this but...

    To all the people talking about crowbars, there's a huge difference between tamper-proof and tamper-evident. Physical breaking and entering is tamper evident.

    A LOT of harm can be done by someone who can break into your abode and then leave without any trace of having been there. For just example someone could install a keylogger on your computer. Or they could leave something incriminating and then arrange for it to be discovered by authorities. Stealing your stuff is the least of it.

    Very few systems are tamper-proof but good security requires that tampering at least be evident. That's why the current generation of touchscreen voting machines are so scary.

  • TigerDragon (unregistered)

    It isn't unethical. Most of the houses (in America) use Kwikset or a Kwikset knock-off, or use Schlage. A bump key is more likely to be utilized by someone than some means of attempting to open the lock box.

    Not only that, but the wheel type are just as vulnerable (if not more so) because of a mechanical design flaw. The real estate agents around here actually use an electronic lockbox that requires either a radio or infrared device to open it (haven't gotten a close look yet, but have seen it in use... suspect it is IR, though)

  • FudMasterK (unregistered) in reply to db48x

    Very interesting being that my house was recently put up for sell on the market. I was worried about this issue from prior experience with lock boxes as a kid when I use to play with the one on my neighbors house and managed to unlock it. When we decided on our realtor I brought this up, she had told me they no longer use those types for the very reasons written above. She was able to show my wife and I the new box they use around here and how it works. It requires an electrical key swipe to unlock (kind of like the new credit card readers where you just wave it over the machine) but I still feel that this can easily be bypassed or tricked.

    I was planning to Google and see if I can bypass it with a generic electronic signal sequence soon as I find out a little more how it works.

  • basho (unregistered) in reply to Anonymous

    Copper pipe/wire theft.

  • (cs) in reply to Frank

    These things are on the way the way out anyway. When I bought my house last summer, the lock box had no buttons on it whatsoever. The realtor showing the house held her iPhone up to it, tapped a few button on the iPhone and the lock box popped open.

  • Aaron (unregistered)

    I don't know where you are or what decade you are in, but the majority of them have RSA tokens. It changes daily and Realtors have to update their keychains to gain entry.

  • Go Figure (unregistered)

    The code in Mathematica: In[1]:= << Combinatorica` In[2]:= DeBruijnSequence[{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, 4]

  • (cs) in reply to Frank
    Frank:
    Quite honestly, this is a ethically questionable code challenge.

    You're not only revealing how these lock boxes work (Which, yes, would be commonly available information), but you're announcing "to the world" that they're simple to break into, with a solution to how to do it.

    Why do I have issue with this? People selling their house have a realtor, who will use lockboxes. For the seller, there's no guarantee that others will use spin-wheel, combination, or push-button lockboxes, and the seller has no say on what will be employed.

    You're now telling people how to get a key for doors to houses for people who are selling for one reason or another. Most will not use this information in a negative manner, however, some douche out there will take this information (which might not have been apparent) as an invitation to start ripping people off.

    Think about it - you're selling your house. You're not home most of the time (Work), and neighbours are used to seeing people coming and going into your home. And then you find a website which is announcing a contest, for fun, on how to get a key for your house.

    Strike anyone else as questionable / bad idea? Tinfoil hat wearer I'm not, I just have issues with other people's ethics (Such as the dick who did this to a friend some months ago)

    Are you serious? Apparently you believe in "security by obscurity". It was obvious to me after a little bit of using my home security pad, that this is the way it works. Anyone who wants to know this information can find it.

  • (cs) in reply to BillyTheSquid
    BillyTheSquid:
    People don't seem to be registering something: The same number cannot be used twice in the same sequence of 4 characters.

    Says who? I think you're wrong.

  • Craig (unregistered) in reply to Frank

    Someone wanting to break into a home to rip it off isn't going to even bother dicking around with a stupid box, so your "this is unethical" argument sounds like it needs to take a ride in the waaaahhhhmbulance.

  • the REO guy (unregistered)

    I sell foreclosed properties for the banks and I have never seen a push button lockbox that works in the manner described. All mechanical push button lockboxes that I have ever seen (several different brands) work as follows:

    The combination is programmed in via some mechanical means. The exact procedure varies from brand to brand but universally require the lockbox to be open as the programming is done on the back side of the faceplate.

    The sequence of the combination is irrelevant, as are duplicate numbers. When you push a number you are flipping the mechanical bit for that digit from 0 to 1. When the mechanical bits = the preset combination with no extra bits flipped then the box will open.

    The box pictured is typical - the two larger buttons on the front in the middle column are both spring-loaded and can be pushed down. The lower of the two resets all "bits" back to zero, the upper of the two actually opens the box (when the box opens all bits reset automatically which means that to replace the plate you have to punch in the combination again)..

    Let's say your combination is 1-2-3-4. The order of pushing buttons doesn't matter because once you push a digit's button that bit remains flipped until you either reset or open the box. If you push the "5" digit the box WILL NOT OPEN. If your combination is 1-1-1-3 then you really only have to push 1 then 3 (or 3 then 1) because - again - the mech-bit stays flipped until the box is reset or opened.

    Some DIGITAL locks/boxes work as described but those are rare. As in I've never seen one in the field even after servicing over 5,000 bank-owned houses.

  • the REO guy (unregistered) in reply to campkev
    campkev:
    These things are on the way the way out anyway. When I bought my house last summer, the lock box had no buttons on it whatsoever. The realtor showing the house held her iPhone up to it, tapped a few button on the iPhone and the lock box popped open.

    The local realtor board has to get everybody on-board with those types of systems and for our local board they tried to switch to the electronic boxes several years ago and the support among the local agents was under 5%. And in many of these neighborhoods I would never intentionally leave such a valuable piece of electronics on the door anyway - I've had too many doors stolen.

    And to those who worry about these lockboxes easily being hacked to provide entry I armor plated one house (Vacant Property Security, VPS - google it up) and the bad guys responded by knocking a hole through the wall and crawled through between the studs. If somebody wants to get in they WILL get in. Period. You cannot stop them, the best you can do is make your house more secure and less annoying to break into than the other houses.

  • (cs) in reply to Frank

    I believe the problem is a bit contrived to make a more interesting programming problem, and less applicable in the real world.

    In my experience with these boxes, they do NOT actually open if the code is contained anywhere within the subset of the numbers entered.

    They have other flaws, which I will not detail here.

    This is a slightly contrived programming problem based only loosely on reality. And you are in fact wearing a tinfoil hat, both for so easily swallowing this article in its entirety, and for believing in security-via-ignorance.

  • TMarks (unregistered) in reply to Frank

    The agents in my area have switched to a coded key fob. The lockbox supposedly records who accesses the key, etc.

  • Mr.'; Drop Database -- (unregistered)

    TRWTF is all the people falling for the troll post on the first page.

  • David (unregistered) in reply to Frank

    Ah, a believer in security by obscurity.

    I'm not at all worried about this. In every case I know of, when somebody broke into a place guarded by a lame security measure that can be opened by exhaustive search in five minutes, it was by physical brute force.

Leave a comment on “The Key Lock Box”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article