Have you tried transposition of motions in a short combination? In particular, have you tried swapping the first direction with every direction in the short combination? Have you tried a combination consisting entirely of the same direction, and shortening or lengthening that?
Because one possible (bad) implementation would be an MxN grid with a specific point as the unlock coordinate. A slightly less bad implementation that doesn't permit trivial transpositions would be such a grid plus a long internal pad that modifies the direction (realdir[i] = userdir[i] + lockspecificdata[i%LEN]%4).
Unfortunately I don't still have the lock to try that. I was also looking around and found this video: https://www.youtube.com/watch?v=aPKVMTGqTQo which is quite illustrative of its internals as well as this patent https://encrypted.google.com/patents/US6718803 which seems to be for it. And it looks like you're right! The "hash" appears to just be the pair (x,y) where x is the net motion right and y is the net motion down. This is pretty worrisomely bad! In particular the example password I gave at the start would be equivalent to having no password at all!
If I were to try to make this more secure, my first guess would be to have a varying number of pins on each of the four wheels, particularly having the top/bottom and left/right pairs being coprime to each other. Then there'd be a much larger number of possible positions, though I'm not sure if this would make it hard to configure the password.
(And actually, the pair (x,y) is taken mod 5 (I think), just to make it worse.)
Because one possible (bad) implementation would be an MxN grid with a specific point as the unlock coordinate. A slightly less bad implementation that doesn't permit trivial transpositions would be such a grid plus a long internal pad that modifies the direction (realdir[i] = userdir[i] + lockspecificdata[i%LEN]%4).