Because IC security has become an increasingly prevalent issue for hardware designers, a number of IC protection schemes have been introduced in the literature. One such scheme, logic locking, involves transforming a hardware design so that it will not operate correctly unless extra inputs (called key inputs) are driven to specific values that are secret. Many existing logic-locking solutions are vulnerable to attacks that uncover the key- input values necessary for correct operation. However, the success of such attacks wane as the size of the design and the number of key inputs increases. In this work, we introduce a logic-locking attack which uses circuit simulators to determine key-input values from large-scale circuits with thousands of added key inputs. Attacks performed on large-scale designs demonstrate the effectiveness of this approach in comparison to other attacks.