Some guys at CCCKC brought part of an old-school Simplex lock down to the cave. I've always wondered exactly how they work and what kinds of vulnerabilities they have.
Pushbutton locks like this (and older designs with the buttons arranged in a pentagon shape) have been around for ages, but I've never had one in my hands before. I have always guessed that:
- They are 100% mechanical (requiring no electricity)
- The order doesn't matter.
- Any combination from 1-5 digits would be viable
- Each button can only be pressed once
I'll explain how these hypotheses work out as I go along.
Starting out, you can see where the inner door knob will attach on the other side of the wall. The nub at the top (or, to the left in this photo) is strange to me. As it turns out, it's used to reset the combination.
Once open, the lock mechanism inside is covered by a metal shroud. Some pivoting arms can be seen.
Here, I have swung the arm going to the combination mechanism out of the way, and I'm pulling the shield away. There's no power in here, so hypothesis #1 is true.
Here, I've re-attached the arm with the shield removed. Every time a button is pressed, the pawl associated with it rotates a little. The bar seen across the top of them will increment any of the lower numbers at the same time. If you press "1", only the first pawl moves. If you press "3", then pawls 1, 2, and 3 move at the same time. This means that the order in which buttons are pressed DOES matter. Hypothesis #2 is false.
Here is the other side of the combination mechanics. Visible is a gate with 5 fingers. When the outer knob is turned and the gate can't fit into the pawls (wrong combination) the furthest left bar (vertical in this photo) stays upright. The pivoting arm buckles, and the inner knob does not turn. The bolt work (not visible) is not withdrawn.
When the gate is aligned, the pivoting arms are allowed to swing up a bit (angled left a bit in this photo), and the inner knob is caught. The bolt is withdrawn and the door is allowed to open.
To reset the combination:
- Enter the current combo
- Activate the combination reset. I'm activating it with my finger in the above photo, but twisting that nub in the first photo does the same thing. It should "click" when you get it pressed. You do not need to hold the button.
- Turn the door knob to clear the combination.
- Enter the desired combination.
- Turn the door knob again.
- Test the new combination. You don't want to get locked out!
So what about hypotheses #3 and #4?
I got a few surprises:
- If you accidentally turn the knob twice during a combination reset, you end up completely clearing the combination. If this happens, the door will open without you entering anything. Obviously, if you DO enter something in this state, it'll be wrong and won't open.
- More than one button can be pressed at a time, and it's part of the combination. You can require any combination of keys to be pressed simultaneously, up to and including all five at once. 2/3, 1, 4, 5 is a valid combo, and you can't press 2, 3, 1, 4, 5 or 3, 2, 1, 4, 5 to make it work.
#3 was incorrect on a technicality. Any combination of 0-5 keypresses is valid.
#4 is correct. Once a button's been pressed, pressing it again does nothing, but you CAN press multiple at once to increase the complexity of the combination.
All in all, this was a fun little way to spend an hour or so at the cave. I was happy to finally get to learn how these fascinating relics work. As with any combination lock, once you can see the mechanics of it while you mess with it, it's pretty easy to get it to pop open.
The sheer reliability and simplicity of the mechanics leaves me in awe. It's no wonder you can still see these in airports, hospitals, post offices and elsewhere. This is certainly one of the more clever locks I've dealt with.
Props to Rob K for helping me get some higher quality shots of the combination mechanics.
Posts
