HSG Door Hack Project

[Michael Cheng]

Hi Guys,

Just to inform the group that i have successfully build a simple Door Hack powered by Arduino micro controllers over the weekend.

1) Exit Sensor

- Hackers exiting the premises (via the front door - walking down the staircase) will be detected by an IR sensor and the door would be unlocked. So you need not press the door exit button (the existing button(s) still work).

2) Door Web

- Hackers within the premises can now unlock the door by browsing to a mobile web page hosted on an Arduino based web server (available only if you are within the HSG wifi).

- With a click of an on screen button (hyperlink) the door will be unlocked.

- I have also exposed a REST URL on the web server to initiate the door unlock.

- For security reasons, I will not reveal the URL here.

The setup is currently still under development and any suggestions (and assistance) to make it better is welcomed.

Fazli has made a simple Windows Phone app to unlock the door. Stephan February was also experimenting with a simple iPhone App that just has a bug "Open Door" button.

The main ingredients:

- 2 x Arduino Duemilanove (http://arduino.cc/en/Main/ArduinoBoardDuemilanove) - 1 for the Web Server, 1 for the IR sensor (hope to reduce this to one).

- 1 x Arduino Ethernet Shield (http://arduino.cc/en/Main/ArduinoBoardEthernet)

- 2 x DFRobot Single Relay (http://www.dfrobot.com/wiki/index.php?title=Relay_Module_(Arduino_Compatible)_(SKU:_DFR0017))

- 1 x Sharp IR Sensor (http://www.sgbotic.com/index.php?dispatch=products.view&product_id=22)

Ta.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Ruiwen Chua]

That's pretty awesome! Thanks Mike!

--
--
Chat: http://hackerspace.sg/chat
 
 
 

[Alvin Jiang]

Sweet! If you're willing, share your code on github.

[Michael Cheng]

Yeah, think I should.

[Dave Appleton]

But change the URL before you post ;-)

On Tuesday, September 25, 2012 1:14:35 PM UTC+8, Miccheng wrote:

Yeah, think I should.

On Tuesday, September 25, 2012, Alvin Jiang wrote:

Sweet! If you're willing, share your code on github.

[Benjamin Scherrey]

That rocks Michael! So if I wanted to recreate this for my own use what would be the hardware required (inclusive of door and lock)? I'm excited to give it a try!

 -- Ben

PS: Looking forward to your RasberryPi control over the projector for the multi-media display on the door next. ;-)

--
--
Chat: http://hackerspace.sg/chat
 
 
 

--
Chief Systems Architect Proteus Technologies

Chief Fan Biggest Fan Productions

Personal blog where I am not your demographic.

This email intended solely for those who have received it. If you have received this email by accident - well lucky you!!

[Michael Cheng]

Yeah, i need to improve the current implementation a bit more before i post the code + instructions.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Meng Weng Wong]

On 26 Sep, 2012, at 10:18 AM, Michael Cheng <mchen...@gmail.com> wrote:

Yeah, i need to improve the current implementation a bit more before i post the code + instructions.

some cars have a proximity sensor.

for example, the charging port on the Tesla automatically pops open as you approach with the connector, and the door handles pop out as you approach with the key.

what technology is that, and what would it take for us to do the same with the HSG door?

[Michael Cheng]

The popping open or the proximity sensor?

I would think that the charging connector has an IR sensor that detects incoming object, which fires off an RFID reader. The door handle probably has an active RFID chip (ie. powered RFID has wider range) which responds and pops open on an active read.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Ruiwen Chua]

<brainfart>

Or could we watch for recognised wifi MAC addresses and unlock the door when they come within wifi range?
</brainfart>

[Michael Cheng]

We'll need to register MAC addresses for each "valid" user for each "valid" device (read: administratively tedious).

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Alvin Jiang]

Yeah the cars use active RFID, it's a cool convenience but overall a
hassle changing batteries every 18 months, rotating keys to maximise
battery life and getting overcharged for a new key whenever yours gets
dunked in water. Doesn't help that most of them these days are ugly
lumps that don't quite fit in the pocket.

Another option would be to perform bunnie's RFID transplantation hack
to put the passive RFID tag into your phone/watch/hand. I've done this
(phone), but since I can only fit one in I decided to go with ezlink
rather than HSG door.

What RFID tag? The door system accepts either PIN or RFID tag. We don't
generally issue tags to members because of the cost and administrative
hassle, but it's an option worth considering if the membership is
willing - besides the cool hacks you could do (and funny places to jam
the RFID tags) it'd prevent PIN sharing.

On 26.09.2012 15:58, Michael Cheng wrote:
> The popping open or the proximity sensor?
>
> I would think that the charging connector has an IR sensor that
> detects incoming object, which fires off an RFID reader. The door
> handle probably has an active RFID chip (ie. powered RFID has wider
> range) which responds and pops open on an active read.
> Regards,
>
> Michael Cheng CM
> Mobile: +65 9185 5166

> LinkedIn: http://sg.linkedin.com/in/miccheng [3]

>
> On Wed, Sep 26, 2012 at 3:16 PM, Meng Weng Wong <meng...@gmail.com
> [4]> wrote:
>
>> On 26 Sep, 2012, at 10:18 AM, Michael Cheng <mchen...@gmail.com

>> [1]> wrote:
>>
>>> Yeah, i need to improve the current implementation a bit more
>>> before i post the code + instructions.
>>
>> some cars have a proximity sensor.
>>
>> for example, the charging port on the Tesla automatically pops open
>> as you approach with the connector, and the door handles pop out as
>> you approach with the key.
>>
>> what technology is that, and what would it take for us to do the
>> same with the HSG door?
>>
>> --
>> --

>> Chat: http://hackerspace.sg/chat [2]
>>  
>>  
>>  
>
> --
> --
> Chat: http://hackerspace.sg/chat [5]
>
>
>
> Links:
> ------
> [1] mailto:mchen...@gmail.com
> [2] http://hackerspace.sg/chat
> [3] http://sg.linkedin.com/in/miccheng
> [4] mailto:meng...@gmail.com
> [5] http://hackerspace.sg/chat

[Michael Cheng]

Good news... i have managed to remove redundant hardware and now it is just 1 Arduino, 1 Ethernet Shield & 1 Single Relay.

The codes are available here: https://github.com/miccheng/HSG-Door-Hack

Photos here: https://www.facebook.com/media/set/?set=a.10151180988032229.472922.503517228&type=1&l=d1490cbb6e

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[ntt]

Also, you can easily change a MAC address (or at least the apparent MAC address) of many devices these days.. :(

[Meng Weng Wong]

On 26 Sep, 2012, at 6:06 PM, Ruiwen Chua <rwc...@gmail.com> wrote:

<brainfart>

Or could we watch for recognised wifi MAC addresses and unlock the door when they come within wifi range?
</brainfart>

Then the door would always be open anytime anyone was in the space, because the MAC addresses would remain within wifi range when they went upstairs.

[kelvin ng]

    Am not sure , I do prefer the software option or linking via ezlink rather then having to carry another item on me ( friends say my wallet is like a hamburger now ) 

   

    But if we decide the adopt RFID. The key would be to increase the range of detection or reduce the distance btw the reader and RFID chip. 

    Also regarding RFID I think it also depends on the reader as well ..... I know for my condo the RFID reader was once strong enough that it can read my passive RFID card although it was hidden in my bag .... 

    

    Perhaps we can install the reader at a lower height ?  Instead of typically placing The reader near shoulder height , place it lower( nearer the waist height) . We could also boost the power of the reader to increase the range of detection ? 

     Another option could be Bluetooth ?the effective range is about 3-10m ?  We could set it so that then trigger could be when the system detects that our phones ( Bluetooth enabled) are within range for pairing . 

Regards ,

Kelvin 

Sent from my iPad

[Meng Weng Wong]

On 27 Sep, 2012, at 11:42 AM, kelvin ng <kel...@hotmail.com> wrote:

     Another option could be Bluetooth ?the effective range is about 3-10m ?  We could set it so that then trigger could be when the system detects that our phones ( Bluetooth enabled) are within range for pairing . 

That won't work, because everybody upstairs will be in range.

[Jolyon P Caplin]

Silly suggestion here…

 

(I remember being involved in your very first door project J)

 

Hack a door camera with smile detection.  Only friendly / happy people admitted!

 

From your friendly / happy colleague, Jolyon!

--
--
Chat: http://hackerspace.sg/chat
 
 
 

[Harish Pillay]

> Another option could be Bluetooth ?the effective range is about 3-10m ?
> We could set it so that then trigger could be when the system detects that
> our phones ( Bluetooth enabled) are within range for pairing .
>
> That won't work, because everybody upstairs will be in range.

unless you put a shield around the reader that blocks out signals from
upstairs and keep open the space from which you want to detect. Some
experimentation might be needed.

Harish

[David Low]

I got a spare PN532 NFC/RFID controller breakout board lying round in my store room, which can read ez-link cards. 

Michael, I could bring it to Hackerspace this saturday noon; if you around, we can try to integrate it into the door hack project ;) 

Cheers, 
David

[Martin Bähr]

isn't it possible to detect the difference of coming into range and
being in range?

i don't know how bluetooth or wifi keep their connections, but wouldn't
it be possible to know if someone has been in range for a while and only
open the door if that device has not been in range for at least 5
minutes (or more)?

that would only cause problems if you sit outside while keeping in range
and then want to get back in.

greetings, martin.
--
cooperative communication with sTeam - caudium, pike, roxen and unix
services: debugging, programming, training, linux sysadmin, web development
--
pike programmer working in china societyserver.(org|net)
foresight developer community.gotpike.org foresightlinux.org
unix sysadmin (open-steam|www.caudium).org realss.com
Martin B�hr http://societyserver.org/mbaehr/

[Michael Cheng]

That sounds like a great idea!

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Michael Cheng]

I was actually just thinking of buying that board! Would be awesome if we could test it out. Yes, i did have plans to integrate some RFID/MiFare reader so that authorised users can gain access by tapping. But i'll need to think of how to add the card ids for members - one which is easy and hassle free.

One solution i thought of is to install a self-service kiosk somewhere in the space where we match your PIN code to your RFID cards, etc.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

On Thu, Sep 27, 2012 at 12:29 PM, David Low <david...@gmail.com> wrote:

[Chow Loong Jin]

On 27/09/2012 13:51, Michael Cheng wrote:
> I was actually just thinking of buying that board! Would be awesome if we could
> test it out. Yes, i did have plans to integrate some RFID/MiFare reader so that
> authorised users can gain access by tapping. But i'll need to think of how to
> add the card ids for members - one which is easy and hassle free.
>
> One solution i thought of is to install a self-service kiosk somewhere in the
> space where we match your PIN code to your RFID cards, etc.

Ironically the door access control system that we tried installing over HackDo
supports that, but we took it down because we wanted to support pin-only access
as well.

--
Kind regards,
Loong Jin

[ntt]

I can see the use of contactless technologies RFID/NFC/Bluetooth etc. But there're always more 'leche' than useful.

But what about a simple mobile app? You go to the door launch the app and press a button to open the door.. The app can do authentication with the server (running on a Raspberry Pi) inside HSG and decide if the door should open or not..

That way most people with smartphones should be able to run it (we can even do a html5 app to make it democratic). And access control would be easy since it's all on a server and can be integrated with other systems.. 

Of course a hybrid solution would work too..

[Alvin Jiang]

I've only one request: that the system works in a basic mode to authenticate and admit users in a standalone mode without network connectivity. 

One of the reasons this door system has worked for so long is that it's simple. Adding components to it as Michael has done is a fantastic solution; even if the server goes off line, is disconnected or the power fails we can still get in. 

Ps. The door backup battery probably needs replacing. It's a standard 12v cell above the shutter. 

[Stefan van der Bijl]

Wow, what an interesting thread! My $0.02 is I'd rather not have to install yet another app or remember another URL or rely on NFC, RFID, Bluetooth, etc ... In the past I've integrated automation with telephony and or SMS. Send an SMS to a special number with a code and the door opens automagically. But I agree, more systems means more moving parts, more stuff that can break.

--
This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately via return email and acknowledge that you have deleted the message. Thank you.

[Michael Cheng]

Hi,

It'll be sometime before we can build anything close to replacing the current door system. 

The door web is a HTML5 app. You can add it as an icon on you iPhone home screen, or create a shortcut on your Android device. It's just a huge "open door" button. :p Only thing is that u need to be within the HSG wifi network to access this app.

I have been using this for the past few days. I walk towards the door and when I'm within wifi range, I trigger the app & tap the button. :)

The RFID/NFC solution is a nice add-on... And we'll really try it out as a proof of concept until such time we can deal with the admin & maintenance realities.

In any case, another hack I'm thinking of is a system to provide "Day Pass" access code to guests of the space - which will expire at the end of the day. It could be as simple as a push button & a mini-printer (like those used for queuing).

Fun times...

[Mats Engstrom]

Isn't the sg subway tokens/cards rfid based?  Usually you can at least read a serial number from them without having the encryption keys available.  And many credit/atm cards also have ncf nodays. So most people would have at least one (short range) contactless device on them that could be used for unlocking the door.

[Michael Cheng]

Hi David,

So i will see you on Saturday noon?

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

On Thu, Sep 27, 2012 at 12:29 PM, David Low <david...@gmail.com> wrote:

[David Low]

Hi Michael, 

Yeah, Saturday 12 noon.

I'm also meeting up Stephan and others in hackerspace to pass them the motorola lapdocks. 

Cheers, 

David

[ntt]

Did someone mention a printer??

http://www.adafruit.com/products/717 

:):)

[Michael Cheng]

http://www.sgbotic.com/index.php?dispatch=products.view&product_id=1191

This one cheaper. Same same...

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Meng Weng Wong]

A separate console should not be necessary – the door reader is sufficient. It can automatically train by learning any card that is presented immediately after the pin is entered...

[Tamas Herman]

a little addition to the topic in case u missed it on hacker news:
https://lockitron.com/preorder

--
tom

[Michael Cheng]

Saw that. It looks cool.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Mats Engstrom]

Connects to internet via builtin wifi and the battery can last up to one year....

Hmm - I don't think so Tim.

[Chow Loong Jin]

It's a cool idea, but I'm a little suspicious over the "control Lockitron and
receive notifications from Lockitron anywhere in the world" bit, to be honest.

Judging by how most home networks are IPv4 NAT'ed unroutable addresses with
dynamic IP addresses this would mean that it probably has to pass messages
through their servers.

This would also mean that they are going to be able to unlock your door for you
if they wanted to. While I'm not saying that they're going to be abusing that
trust, it would also mean that anyone who successfully breaks into their servers
will be able to control all connected Lockitron devices.

Kind regards,
Loong Jin

[Stephan February]

On Oct 3, 2012, at 9:48 AM, Chow Loong Jin wrote:

> This would also mean that they are going to be able to unlock your door for you
> if they wanted to. While I'm not saying that they're going to be abusing that
> trust, it would also mean that anyone who successfully breaks into their servers
> will be able to control all connected Lockitron devices.
>

I don't know how they implemented their cryptography, but it is certainly possible to both proxy requests securely, and at the same time prevent a replay or man-in-the-middle attack. It would really depend on an initial "key-exchange" or "pairing" between your mobile and the door lock. Once this "pairing is done" properly, the door would *always* be able to make a secure connection to the phone with no practical possibility of attack. It would really be easier to employ a crowbar or smash a window :)

That said, I have no idea what the implementation for their cryptographic stack looks like. So we'll just have to trust that the (insert three-letter-acronym-secret-agency-here) has not "backdoored" [pun!] into your house :)

Cheers
Stephan

[Chow Loong Jin]

https://lockitron.com/help/security says that they use https for communication.
However, it didn't mention whether or not they went the extra mile of making
sure that end-to-end communication between the phone and door is encrypted though.

So chances are that they've made sure that your door can speak to the server
securely over https, and that the server can speak to the phone securely over
https, but not such that there is another layer of encryption that prevents
eavesdropping on the server itself as you mentioned.

[Michael Cheng]

They also have secondary unlock capabilities using Bluetooth. In case wifi fails... :p

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Chow Loong Jin]

On 03/10/2012 13:37, Michael Cheng wrote:
> They also have secondary unlock capabilities using Bluetooth. In case wifi
> fails... :p

And NFC. That one's appealing. Tap your phone to unlock. =D

[Mats Engstrom]

The low power BT 4.0 is even better - get within a few meters from the door and it's unlocked.  BT4.0 is one of the few reasons for me considering getting an iPhone. 

Having a BT4 module in the car and when you get out of the car it locks the car and the iPhone can automagically get and store a GPS reading of your location so you can find your way back.

[David Low]

Speaking of BT 4.0, there is a Bluetooth Low Energy (BLE) shield for Arduino available in Seeedstudio. It is developed by a small team in HK, named Red Bear Lab. 

I was in their iOS sdk beta tester team, but haven't got the chance to play with the BLE shield :(

[David Lyon]

Hello,

Hope nobody minds a Sydney Hackerspace member chiming
in. Your list got interesting :-)

btw, I was chatting to a european visitor to our hackerspace
and he was mentioning:

 - http://jabberd.eu/

Don't know if anybody has tried something like this for
controlling 'devices'?

Last week my van got stolen. I replaced it with something
else but now electronic locking suddenly got much more
interesting. :-)

[ntt]

Just saw @codebutler of FireSheep fame (damn it's not kept up to date :( ) talk about Lockitron.. http://pbs.twimg.com/media/A4QlwlXCAAE14fi.png#twimg

I will expect him to do a nice thorough look at how it work.. Will also try to send a word to Steve Gibsson to see if he can get a good grasp of what it does (works better if someone with clout ask Lockitron).. But I will keep an eye on it..

But real hackers roll their own.. :P:P

[Michael Cheng]

By the way, i ordered a 2nd IR sensor so that we can mount one further down the staircase. This is to detect an incoming visitor or outgoing visitor. If the 2nd IR is triggered first, the door will not unlock again (as it does now when someone comes in thru the door).

I am also experimenting with IPv6 as a possible medium to comm between the door system with the outside world. So in theory, the door web can sit on an AWS EC2 server, and tunnel into our IPv6 network to communicate with a Raspberry Pi or with the Arduino Web Server to unlock the door.

Also possibly to grab a video feed off a webcam to allow visitors to check if anyone is at the Hackerspace (ok... prob have to password protect that or something for security & privacy reasons).

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[ntt]

Wow!! I am impressed Mic!! Jia you!

[Michael Cheng]

This definitely looks like a possibility - a chatroom bot that understands commands. I think i might have done something like this before with a simple socket server.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Michael Cheng]

Thanks. The NFC/RFID solution proved to be a little bit more involved than i was comfortable with as a weekend hack. But will get to it eventually thanks for David's discovery on how to read the EZ-link CAN.

Regards,

Michael Cheng CM
Mobile: +65 9185 5166

LinkedIn: http://sg.linkedin.com/in/miccheng

[Alvin Jiang]

Could you verify that you can read the serial off the concession cards, especially the new student conc cards I've heard they do something different that makes them incompatible with off the shelf systems that read Ezlink. Apparenty the retiree conc card is ok. 

Alvin.