Rhythmic combo-lock

[MusashiAharon's] dorm room door was practically begging to be hacked. There was already an electronic strike plate in place as well as junction boxes on the inside and out that were connected by conduit. Jumping on the bandwagon after seeing some other door lock hacks here, he built one that uses a rhythmic combination.

The control panel on the outside is a blank faceplate with two buttons and a status LED. Theses are wired to a jack and connected with a cable traveling through the conduit to a breadboard on the inside of the door. Seeing a large breadboard hanging on an outlet cover is a bit comical but it does the job. From there, a Teensy microcontroller waits for the code and if correct, actuates the strike plate via a relay.

The rhythmic nature of this lock reminds us of the knock-based system. One button signals the start and end of the code, the other is used to input the rhythmic sequence. This does seem a little more discreet and we’d imagine it’s quite hard to eavesdrop on the correct combination.

Comments

  1. markii says:

    first! where’s the video man?

    • MusashiAharon says:

      I hope to make one after the break is over, sometime next month. Sorry for the delay! Right after I finished the build, I was chased out of my dorm for the university to save power over the break, so I had to disassemble it again. I look forward to updating my instructable with the vid and more security enhancements.

  2. anon says:

    Would be perfect for a Morse based password.

  3. Agent420 says:

    reminds me of Towlie using “Funkytown” as the door code on SouthPark ;-)

  4. nubie says:

    Use a metal strike plate and some kind of security screws.

    Maybe security Torx filled with JB Weld?

    Cool idea though.

  5. Dan Fruzzetti says:

    you mean he’s secured his residence by something anyone can read?

    seriously this and knock security are a terrible idea. first of all, eavesdropping is irrelevant because he’s either using the super mario bros intro or beethoven’s fifth and everyone carries those passwords around in their heads.

    moreover i’m sure there’re at least two good sigint techniques available to break it: use a sensitive microphone ANYWHERE along the same wall (vertically or horizontally – to calibrate it just walk up to the door and enter whatever and you’ll know exactly what the ‘start/stop’ and ‘code’ buttons ‘sound’ like from your listening device’s perch), or just sniff the certain gob of RF all those unshielded electronics ant protoboard make (incidentally, i understand it’s a huge transmitter antenna).

    unless i’m TOTALLY wrong about this, and in that case someone PLEASE correct me

    • MusashiAharon says:

      I like your comments! I think you are absolutely right that this system is vulnerable to the two attacks you mentioned. I hope to make these attacks more difficult by using my normal room key as often as possible instead (after all, this hack was intended as a backup system for when I accidentally lock my key in my room). If the cracker uses the sniffing methods you mentioned, at least he would have to filter through a few hundred hours’ worth of data first. And of course, the mechanical room key is not completely secure, either.

  6. nubie says:

    Dan Fruzzetti, I am not sure, first as I posted he has no physical security on that plate, so the system itself is moot.

    I read some mention of a conduit connecting that box to an internal box, in which case there is just switches in the external box, which it might be possible to shield, I am unsure how much RF a button generates, although you could use tact switches at the back of the box and non-conductive dowels to push them.

    The statement on Morse code is interesting, you could have a questions that change and a light that signals which answer to give. How about the date or the hour; and/or a specific letter combo in the date or hour.

    Security is an approach based on many factors, and must be balanced against the probable attacks and how secure the physical location is. For all we know there is an accessible window.

    Who wants to gain access and how motivated are they?

    Since it is a push button, you could use a camera to watch the presses.

    I always like the idea of a keypad of colors or moving numbers and letters. You know what to enter but the buttons will be different or they will ask you the question.

    Another possibility is using half-polarized LCD touchscreen, you need to wear polarizing lenses to even see what it is you are pushing.

    If you wanted to get even crazier you could hide the switches on the knob and use a “chord” of multiple fingers to press them, perhaps while simulating key use.

    There are just so many options, I think it is an excellent hack, whatever its perceived deficiencies.

    • MusashiAharon says:

      Thanks for the comment! I think you are definitely right, too. Now that you mention it, the way I would crack my system is to install a datalogger inside the input box and physically wire the buttons to the datalogger. I would have the data logger wait in sleep mode until it detected input to save power. To counteract this strategy, I would have to secure the box (maybe by electrically testing for the removal of the screws and flashing an in-room tamper alarm LED) or by manually checking the box every now and then.

  7. nubie says:

    I just thought of another one on the polarized screen, you could have the buttons shaded in different levels and based on an external factor known to you and the system (but not necessarily obvious at the location of the switch) you know which ones to press. Perhaps a colored light in the window outside only visible from a precise location (in a tube aimed at a corner of the walkway, only visible if you stoop, as if adjusting a shoelace.)

  8. nubie says:

    It is a neat idea for sure, and so many ways you could go with it.

    Obscurity is surely the safest thing about it, nobody should even guess at the purpose of the plate.

  9. MusashiAharon says:

    Aack! Sorry for the vagueness in my posts – I should have noticed that the mobile site was still in beta. My Dec 22 reply was to Dan Fruzzetti; Dec 23, 12:23 AM was to nubie (Dec 22, 4:56 PM); Dec 23, 12:37 AM was to markii.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,463 other followers