Comments on: USB authenticated deadbolt lock

By: busstopgangsta

busstopgangsta — Tue, 28 Oct 2008 21:27:32 +0000

This would be cooler if the microcontroller board could handle the USB key registration, and read plus the lock unlock. i.e. no pc was used

By: linoth

linoth — Fri, 24 Oct 2008 19:21:14 +0000

To the detractors of using a PC:
I think a lot of people are looking at this as if it was a marketing proposal. These guys aren’t trying to sell this, they’re just showing you that it can be done. I also rather like the potential that it shows, too. You could easily involve a webcam for monitoring all attempts and seeing if people are allowing unauthorized visitors through.
Yes, there are failings, but I don’t think any of them couldn’t be overcome if these guys decided to take that next step toward commercial applications. Great project.

By: BillyBob

BillyBob — Fri, 24 Oct 2008 18:39:12 +0000

C4 will open just about any door…tards! :-D

By: Temporalwar

Temporalwar — Thu, 23 Oct 2008 21:40:18 +0000

COME SEE US FOR 2600 Meetings in HUNTSVILLE< WE HAVE MORE TOYS AND LOVE TO SHARE!

By: X-Cubed

X-Cubed — Wed, 22 Oct 2008 21:29:06 +0000

Am I the only one to notice that they’re not actually checking the serial number on the microcontroller?

They do that with the laptop, then output a character via the serial port to get the microcontroller to move the servo.

Lame…

By: Daniel J. Pritchett

Daniel J. Pritchett — Wed, 22 Oct 2008 21:23:46 +0000

no wireless. less space than a nomad. lame.

By: kurf

kurf — Wed, 22 Oct 2008 20:31:39 +0000

What if the power goes out? I would defiantly have a back up power supply.

By: medix

medix — Wed, 22 Oct 2008 19:21:57 +0000

Chester,
That sounds like a challenge. Program a PIC with microchip’s mass storage firmware and ‘emulate’ the serial for a known working usb drive. Don’t have to build the lock, just see if the script can be fooled… (which it probably can)

Though, I can’t remember if microchip’s firmware allow you to specify a serial or not.. (guess I’ll have to check)

By: CodeDrunk

CodeDrunk — Wed, 22 Oct 2008 19:15:57 +0000

@dok
@byohazrd

Glad to know there are more of us! ;)

By: dok

dok — Wed, 22 Oct 2008 19:04:07 +0000

ok somebody call 4chan, they let chester out again.

By: byohazrd

byohazrd — Wed, 22 Oct 2008 18:53:49 +0000

@codedrunk
@Dok

*Sigh* I guess I’ll join the club too.
Must be something in the water down here.

By: chester

chester — Wed, 22 Oct 2008 18:50:31 +0000

@Gregabyte

I’m not agree with you:

I can code this in a microcontroller such as Microchip PIC’s one. It would look like an USB key, but it’ll just brute forcing your door.

One rule in security: don’t use the low-level layers to secure something. Using usb ids is like securing your wifi network by filtering mac adresses: Just dumb.

By: Gregabyte

Gregabyte — Wed, 22 Oct 2008 18:39:47 +0000

@chester: There are ways around every security system. What this is is a cheap keyless system for hackers and makers that they can build themselves from what is essentially junk laying around their shop. Wouldn’t it be easier to just to pick the lock rather than going to the trouble of stealing someone’s key and then trying to open the door by standing outside with your laptop? Or better yet standing outside for how ever long it takes to brute force the thing? An even easier method would be to just kick the door down or break the window.

My point is this, there is no such thing as perfect security. You can only make it not worth a person’s time to try to break in.

By: Gregabyte

Gregabyte — Wed, 22 Oct 2008 18:27:58 +0000

Actually chacal, that is exactly how it works. The idea is that if you lose your key, you reregister a new drive. It allows for easy logging as you mentioned but by using a normal computer to drive the system you can tie in many other applications such as remote entry through the phone or over the internet.

By: Omegix

Omegix — Wed, 22 Oct 2008 18:25:03 +0000

@rivetgeek: Even if the file is encrypted, it can still be copied and moved to another flash drive. If someone were to steal the encrypted file, they would never have to decrypt it to make a working copy of the key.

This design uses the iSerial information of the device instead of media contents to avoid easy key duplication.

@rasz is right though, this implementation does require a server to run. Gives me some good improvement ideas for a serverless version.

~Omegix (Rocking the Mullet)