No secret knocks required at [Steve's] house – your subway pass will do

rfid-door-lock

[Steve] is often host to all sorts of guests, and he was looking for an easy way to let his friends come and go as they please. After discovering that his front door came equipped with an electronic strike, he decided that an RFID reader would be a great means of controlling who was let in, and when.

Giving all your friends RFID cards and actually expecting that they carry them is a bit of a stretch, but lucky for [Steve] he lives near Boston, so the MBTA has him covered. Just about everyone in town has an RFID subway pass, which pretty much guarantees that [Steve’s] cohorts will be carrying one when they swing by.

He crafted a stylish set of wooden boxes to contain both the RFID reader and the Arduino that controls the system, matching them to the Victorian styling of his home. A single button can control the setup, allowing him to add and remove cards from access lists without much fuss. For more granular control however, [Steve] can always tweak settings from the Arduino serial console.

The card system is both stylish and useful – a combination that’s hard to beat.

Work station includes a Smartcard lock for USB ports

The USB ports on this work station are locked. In order to use a USB device you’ll need to insert a Smartcard into the reader seen above. The interesting thing here is that this shouldn’t affect your ability to charge a USB device. When you visit the link above make sure to check out the worklog tab as it contains nine pages worth of build information.

The device is conceived of in two parts. There is one board which does the USB switching, and another that takes care of the Smartcard reader. That reader is based on a PIC 16F1939. It readers the Smartcard, verifies the data, then controls the USB switching board via SPI. An ADG714 chip completes the circuit on eight data lines making up the four USB ports. There is also a mechanical relay on the board which can cut USB power. Since this is separate from the data switching, the power could be left on for charging or toggled separately by a card that has permission to charge but not to use the data ports. You can see a demonstration of the system embedded after the break.

[Read more...]

Arduino, resistor, and barrel plug lay waste to millions of hotel locks

The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.

The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.

We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?

Here’s the white paper on the exploit as well as the slides from his talk (PDF).

[via Reddit]

A locking chest with a musical key

music-detecting-box

[Basil Shikin] was thinking about different types of locks, and was trying to come up with a locking solution that he had yet to see. It dawned on him that he had never come across a lock triggered by music, so he set off to construct one of his own.

He ordered a wooden chest online, then proceeded to piece together the electronics required for the locking mechanism as well as the music detecting logic. Using an Atmega328P paired with an electret mic, his system listens for a particular tune (the Prelude of Light from the Ocarina of Time) to be played , which triggers a tiny servo to undo the latch. To do this, he implemented a version of the Goertzel Algorithm on the Arduino, allowing him to accurately detect the magical tune by frequency, regardless of what instrument it is played on.

Be sure to check out the video below to see his musical lock in action.

[Read more...]

Adding an electronic lock to a DIY book safe

electronic-book-safe

DIY book safes are well and good, but if you give someone enough time to peruse your book collection, the 3-inch thick “Case study on Animal Husbandry Techniques during the 14th Century” is likely to stand out among your collection of hand-bound “Twilight” fan fiction. In an attempt to teach his friend a bit about microcontrollers and circuits, [Jonathan] spent some time adding a bit more security to your run of the mill book safe.

The pair started out with the time-consuming process of gluing the book’s pages together and creating enough hollow space for both storage and the electronics. With that out of the way, they installed a latch and servo motor inside the cavity, the latter of which is controlled using an Atmega328p with the Arduino bootloader. To gain access to the goodies stashed away inside, Jonathan hooks up a small PS/2 keypad and enters a passcode. This triggers the servo motor, opening the latch.

While the latch likely only adds a nominal bit of security to the book safe, it’s a fun enough learning exercise to justify the time spent putting it together.

Continue reading to see a short video of [Jonathan’s] electronic latching book safe in action.

[Read more...]

Building a combination lock with logic chips

The component gods must have smiled on [Darrell], because he recently ran into a cabinet full of 7400-series logic chips for sale at his local college surplus. All the regulars were there – flip-flops, logic gates, and SRAMs – in DIP packages. the 7400-series of logic chips gets very esoteric as the numbers increased, so when [Darrell] found a 74ALS679 address comparator, he didn’t quite realize what he had. After a quick review of the relevant datasheet he had a fairly good idea of the actual function of this chip and decided to make a combination lock.

From the datasheet, [Darrell] figured out how this small logic chip can compare two 12-bit addresses with only 20 pins: each of the 12 address pins are hardwired to match a single four-bit value. If the four-bit ‘key’ is set to 0110, the first six address pins are tied low, and pins 7-12 are tied high. After wiring up his address comparator to a trio of Hex dip switches, [Darrell] had a combination lock that used the word ‘FAB’ as a key.

In the 7400-series of logic chips, there are some oddballs; the 7447 seven-segment display driver is useful, but the 74881 ALU and 74361 bubble memory timing generator aren’t exactly something you would find in a random component stash. If you’ve got a weird logic chip build (there’s a 300-baud modem, you know), send it on in. You can check out an animated gif of [Darrell]‘s lock after the break.

[Read more...]

Hackaday Links: Leap Day, 2012

The Earth orbits the Sun every 365.256 days. Because this number isn’t a whole number, an extra day is tacked onto February every four years, unless the year is evenly divisible by 100, except in cases where the year is divisible by 400, or something like that. To commemorate this calendar hack, here’s some stuff that has rolled in over the last week or so.

Marble sequencer

[Brian] sent in this marble-based sequencer that sounds like someone is running MIDI into an Atari 2600. There are photoresistors in there somewhere, and it really reminds us of those thingamagoop robots.

YouTube CLI

[Mike] uses YouTube as his music library. While this is a perfectly acceptable way to listen to music, the user interface is terrible. To solve this problem, [Mike] is downloading videos from the command line, automagically converting them to MP3, and playing them over speakers. It works well with SSH, so we’ll call this a win.

Key card lock

[valenitn] just joined the MIT Media Lab, but something was terribly wrong with his keys – an ID card was required to get into the building, but a key was necessary to get into his office. He doesn’t need the key anymore, at least since he modded his office door. Check out the video.

Pop Tart Cat is everywhere

[skywodd] saw our writeup on the Maximite Basic computer and figured he could send in a project he’s been working on. He programmed his Maximite to sing the nyan cat song and then created a BASIC music player. Nice job, [skywodd].

Not sure if brilliant or insane

[Vikash] ran across a forum post where a user named [I Shooter] describes his setup to dual-boot Windows and Linux: [I Shooter] connected data cables to a pair of SATA hard drives, one loaded up with Windows, the other with Linux. The power cables are switched using relays so only one drive is powered at a time. [I Shooter] gets a ton of points for creativity, but there’s a reason this brute force hardware dual-boot setup isn’t more common. We wish there were pictures of this one.