Combo lock uses relays and logic gates

logic-combo-lock

Here’s a really fascinating circuit that implements a combination lock using relays and logic gates. Even with the schematic and written explanation of how it works we’re still left somewhat in the dark. We’ll either pull out some paper and do it by hand this weekend, or build it chunk by chunk in a simulator like Atanua. Either way, the project sparked our interest enough that we want to get elbow deep into its inner workings.

From the description we know that it uses a combination of CD4017, CD4030, CD4072, and CD4081 chips. You’re probably familiar with the 4017 which is a decade counter popular in a lot of project. The other chips provide XOR, OR, and AND gates respectively. The relays were chosen for two purposes. One of them activates when a correct combination has been entered, effectively serving as the output for the combo lock. The other two are for activating the clock and affecting a reset if the wrong combination is entered.

It makes us wonder if this would be incredibly simple to brute force the combination by listening for sound of the reset relay activating? It’s hard to tell from the video after the break if you can discern a wrong digit from a right once just based on sound.

Continue reading “Combo lock uses relays and logic gates”

Burglar suspected of using Arduino-Onity hack to rob hotel rooms

Can anyone argue against this being the least-secure hotel room lock on the market? Regular readers will recognize it as an Onity key card lock. A few months back a glaring flaw in the security was exposed that allows these locks to be opened electronically in less than a second. So we are not surprised to hear that a series of hotel room robberies in Houston are suspected to have been performed using this technique.

The image above is from a demonstration video we saw back in October. That hack used an Arduino-compatible chip inside of a dry erase marker as an end-run around the lock’s electronics. It reinforced the warning sound by [Cody Brocious] when he presented the exploit at this year’s Blackhat conference. The barrel jack on the outside of the door lock doubles as a 1-wire communications port and that is how an attacker can gain access. Investigators can find no other means of entry for these thefts.

We applaud one of the victims in this story. At the end of the article she is asked if the information about the Onity flaw should have been kept secret. She said that if there’s a vulnerability that’s not being fixed people have a right to know about it. Bravo [Janet Wolf]!

[Thanks Andrew]

Giving an apartment keyless entry

The key for [rybitski]’s apartment is a copy of a copy of a copy, and the landlord lost the original key years ago. The lock itself still works, but opening it with [rybiski]’s key is a chore. He wanted to make it easier to get into his apartment, and with Arduinos and such he figured he could make a keyless entry device for his front door.

After figuring out how to open his deadbolt with an Arduino and a rather powerful servo, [rybiski] looked into wireless control options. He found a keyless entry remote, complete with receiver, that integrated perfectly to just about any microcontroller project.

After mounting the Arduino, receiver, and servo on a piece of plastic, he attached his contraption to the deadbolt. In the video after the break, you can see his key fob remote locking and unlocking the deadbolt, all without jamming an ill-fitting key into the lock.

Continue reading “Giving an apartment keyless entry”

Dry erase marker opens all hotel room doors

If you’re carrying around an exposed circuit board and a bunch of wires people are going to notice you. But a dry erase marker won’t turn any heads. And this one holds its own little secret. It acts as a master key for hotel room door locks.

This is really more of a repackaging hack. The exploit is already quite well-known. The Onity brand of key card locks most commonly used in hotels have a power jack on the bottom that doubles as a 1-wire communications port. The first published proof of concept used an Arduino board and a simple adapter to unlock any door in under one second. Now that hardware has been reduced in size so that it fits in the hollow shell of a dry erase marker. Even better, the felt tip has been replaced with the appropriately sized barrel jack. Check out the ultra-fast and inconspicuous use of it after the break. We think using this is no more obvious than actually having the key card.

Continue reading “Dry erase marker opens all hotel room doors”

Janus: The Gatekeeper

janus-001

[Piet] wrote in to tell us about his hack that allows for his front gate to be opened without a key. Unlike this hack that we featured in August, you don’t need a subway pass, just a good memory. As explained in his article (and the video after the break) if the proper sequence of doorbell rings is input, the gate unlocks itself.

For hardware a [mehduino] is used to take the doorbell input and decide whether or not the “secret knock” has been achieved. The door can be unlocked remotely via a button on the processor. Reprogramming the code is achieved by simply holding the program button while the code is entered on the “remote ringer” button.

Be sure to check out the video after the break to see this lock in action. The housing application may not be exactly what you expect. Also of interest, is that in true hacker fashion, the bare processor is hanging by a hook on his wall! Continue reading “Janus: The Gatekeeper”

No secret knocks required at [Steve’s] house – your subway pass will do

rfid-door-lock

[Steve] is often host to all sorts of guests, and he was looking for an easy way to let his friends come and go as they please. After discovering that his front door came equipped with an electronic strike, he decided that an RFID reader would be a great means of controlling who was let in, and when.

Giving all your friends RFID cards and actually expecting that they carry them is a bit of a stretch, but lucky for [Steve] he lives near Boston, so the MBTA has him covered. Just about everyone in town has an RFID subway pass, which pretty much guarantees that [Steve’s] cohorts will be carrying one when they swing by.

He crafted a stylish set of wooden boxes to contain both the RFID reader and the Arduino that controls the system, matching them to the Victorian styling of his home. A single button can control the setup, allowing him to add and remove cards from access lists without much fuss. For more granular control however, [Steve] can always tweak settings from the Arduino serial console.

The card system is both stylish and useful – a combination that’s hard to beat.

Work station includes a Smartcard lock for USB ports

The USB ports on this work station are locked. In order to use a USB device you’ll need to insert a Smartcard into the reader seen above. The interesting thing here is that this shouldn’t affect your ability to charge a USB device. When you visit the link above make sure to check out the worklog tab as it contains nine pages worth of build information.

The device is conceived of in two parts. There is one board which does the USB switching, and another that takes care of the Smartcard reader. That reader is based on a PIC 16F1939. It readers the Smartcard, verifies the data, then controls the USB switching board via SPI. An ADG714 chip completes the circuit on eight data lines making up the four USB ports. There is also a mechanical relay on the board which can cut USB power. Since this is separate from the data switching, the power could be left on for charging or toggled separately by a card that has permission to charge but not to use the data ports. You can see a demonstration of the system embedded after the break.

Continue reading “Work station includes a Smartcard lock for USB ports”