The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.
The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.
We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?
Here’s the white paper on the exploit as well as the slides from his talk (PDF).
[Basil Shikin] was thinking about different types of locks, and was trying to come up with a locking solution that he had yet to see. It dawned on him that he had never come across a lock triggered by music, so he set off to construct one of his own.
He ordered a wooden chest online, then proceeded to piece together the electronics required for the locking mechanism as well as the music detecting logic. Using an Atmega328P paired with an electret mic, his system listens for a particular tune (the Prelude of Light from the Ocarina of Time) to be played , which triggers a tiny servo to undo the latch. To do this, he implemented a version of the Goertzel Algorithm on the Arduino, allowing him to accurately detect the magical tune by frequency, regardless of what instrument it is played on.
Be sure to check out the video below to see his musical lock in action.
Continue reading “A locking chest with a musical key”
DIY book safes are well and good, but if you give someone enough time to peruse your book collection, the 3-inch thick “Case study on Animal Husbandry Techniques during the 14th Century” is likely to stand out among your collection of hand-bound “Twilight” fan fiction. In an attempt to teach his friend a bit about microcontrollers and circuits, [Jonathan] spent some time adding a bit more security to your run of the mill book safe.
The pair started out with the time-consuming process of gluing the book’s pages together and creating enough hollow space for both storage and the electronics. With that out of the way, they installed a latch and servo motor inside the cavity, the latter of which is controlled using an Atmega328p with the Arduino bootloader. To gain access to the goodies stashed away inside, Jonathan hooks up a small PS/2 keypad and enters a passcode. This triggers the servo motor, opening the latch.
While the latch likely only adds a nominal bit of security to the book safe, it’s a fun enough learning exercise to justify the time spent putting it together.
Continue reading to see a short video of [Jonathan’s] electronic latching book safe in action.
Continue reading “Adding an electronic lock to a DIY book safe”
The component gods must have smiled on [Darrell], because he recently ran into a cabinet full of 7400-series logic chips for sale at his local college surplus. All the regulars were there – flip-flops, logic gates, and SRAMs – in DIP packages. the 7400-series of logic chips gets very esoteric as the numbers increased, so when [Darrell] found a 74ALS679 address comparator, he didn’t quite realize what he had. After a quick review of the relevant datasheet he had a fairly good idea of the actual function of this chip and decided to make a combination lock.
From the datasheet, [Darrell] figured out how this small logic chip can compare two 12-bit addresses with only 20 pins: each of the 12 address pins are hardwired to match a single four-bit value. If the four-bit ‘key’ is set to 0110, the first six address pins are tied low, and pins 7-12 are tied high. After wiring up his address comparator to a trio of Hex dip switches, [Darrell] had a combination lock that used the word ‘FAB’ as a key.
In the 7400-series of logic chips, there are some oddballs; the 7447 seven-segment display driver is useful, but the 74881 ALU and 74361 bubble memory timing generator aren’t exactly something you would find in a random component stash. If you’ve got a weird logic chip build (there’s a 300-baud modem, you know), send it on in. You can check out an animated gif of [Darrell]’s lock after the break.
Continue reading “Building a combination lock with logic chips”
The Earth orbits the Sun every 365.256 days. Because this number isn’t a whole number, an extra day is tacked onto February every four years, unless the year is evenly divisible by 100, except in cases where the year is divisible by 400, or something like that. To commemorate this calendar hack, here’s some stuff that has rolled in over the last week or so.
[Brian] sent in this marble-based sequencer that sounds like someone is running MIDI into an Atari 2600. There are photoresistors in there somewhere, and it really reminds us of those thingamagoop robots.
[Mike] uses YouTube as his music library. While this is a perfectly acceptable way to listen to music, the user interface is terrible. To solve this problem, [Mike] is downloading videos from the command line, automagically converting them to MP3, and playing them over speakers. It works well with SSH, so we’ll call this a win.
Key card lock
[valenitn] just joined the MIT Media Lab, but something was terribly wrong with his keys – an ID card was required to get into the building, but a key was necessary to get into his office. He doesn’t need the key anymore, at least since he modded his office door. Check out the video.
Pop Tart Cat is everywhere
[skywodd] saw our writeup on the Maximite Basic computer and figured he could send in a project he’s been working on. He programmed his Maximite to sing the nyan cat song and then created a BASIC music player. Nice job, [skywodd].
Not sure if brilliant or insane
[Vikash] ran across a forum post where a user named [I Shooter] describes his setup to dual-boot Windows and Linux: [I Shooter] connected data cables to a pair of SATA hard drives, one loaded up with Windows, the other with Linux. The power cables are switched using relays so only one drive is powered at a time. [I Shooter] gets a ton of points for creativity, but there’s a reason this brute force hardware dual-boot setup isn’t more common. We wish there were pictures of this one.
[Flowolf] added an auto-locking RFID entry system to his front door. He used our favorite fabrication system, acrylic and threaded rod (we also like to throw in aluminum angle bracket from time to time). The support structure mounts underneath the escutcheon plate for the lockset, keeping the main acrylic sheet flat against the door.
An RFID reader and Arduino run the system, with a button inside to unlock the door. But if power were to fail, you will still be able to get in or out manually. When you are using the electronic system, a stepper motor connected to the geared lock knob by a chain is what grants access, then revokes it again five seconds later. The wire going up out of the this image is for a switch that lets the unit sense when the door is closed.
As shown in the video after the break, you can turn the auto-lock feature off. But we’d like to see an emergency entry feature, like a knock-based lock, because eventually you will leave without your keys!
Continue reading “Geared system adds RFID to regular door locks”
[John Boxall] took a different route for a single-input combination lock. This unit uses a Ping ultrasonic range finder to input a four digit code. It’s a hardware upgrade, but uses the same basic concept as his button-based combo lock. That design used an Arduino to measure how long you hold down a single button, with a one second pause between inputs, to enter the code. This one also uses timing to establish when each digit is read, but that digit is grabbed as the distance between your hand and the sensor.
There are things we like and dislike about the redesign. This is obviously much more expensive than other button-based locks like this garage door opener we built. If we were to run with [John’s] design, we might spring for the Ping sensor (because it’s a pretty cool input) and replace he character LCD with an LED or two. The other drawback that we see here is that it may be easy for someone to steal your code by watching from afar. Still, we love the project and think you will too after seeing the demo clip below.
Continue reading “Ultrasonic combo lock”