ESP8266 MQTT Remote Gate Entry

Do you live in an area where you (or your car) are locked in by a gate? If so, you may know how [Alexander Else] feels about letting his guests in and out constantly with a remote control — it’s just not convenient. [Alexander] could have just purchased some extra remote controls and passed them out, but they aren’t exactly as cheap as party favors. Not to mention it wouldn’t make sense to hand one out to every single visitor anyway. Because the gate is a community gate, hacking the actual gate system was not an option. There was only one thing he could do — hack the remote control!

Like just about every other hacker, [Alexander] had a spare ESP8266-based board lying around. [Alexander] also had a couple of spare relays which he used to control the two buttons on his designated ‘sacrifice’ remote — one relay per button. After throwing these parts together with a couple of supporting bits of electronics, the hardware was done.  Now [Alexander] can just set up HTTP Request Shortcuts on each trusted visitor’s smartphone. From there on out they can open/close the gates themselves!

Originally, he was using IFTTT to trigger the string of events that make it all happen, but there was a delay of about 8 seconds (from trigger to relay action). [Alexander] was not having this so he turned to the HTTP Request Shortcuts app. When he made this change, the delay disappeared.

That’s pretty impressive considering the near-dizzying amount of software components involved in this project. There is the firmware on the NodeMCU board of course, and there’s everything else: CloudMQTT, Python, Flask, AWS Lambda, Zappa, HTTP Request Shortcuts. If you want to see how all of this ties together to make his system work, check out his GitHub page for this project.

Looks like he’s not done yet. [Alexander] updated this project with a couple of improvements, which he put on a separate page which we’ll have to keep our eye on. We have just one suggestion for this project — it could use some security. [Alexander] does mention adding some kind of authentication/security later, so that makes us feel a little better.

There are surprisingly few electric gate hacks around here so if you have one, send it in! Need a little inspiration? This gate was hacker-created, while this one was hacker-hacked.

39 thoughts on “ESP8266 MQTT Remote Gate Entry

  1. I don’t know why people choose such complex software setups.

    Here is a GET request sent over a TCP/IP stack

    GET /blog/ HTTP/1.1\r\n

    If you don’t have DNS then use the IP address

    GET /blog/ HTTP/1.1\r\n

    To send data

    GET /blog/?temp=27C&humid=55 HTTP/1.1\r\n

    A typical response is like this –

    HTTP/1.1 200 OK\r\n
    Server: nginx\r\n
    Date: Mon, 05 Jun 2017 06:54:32 GMT\r\n
    Content-Type: text/html; charset=UTF-8\r\n
    Transfer-Encoding: chunked\r\n
    Connection: keep-alive\r\n
    Vary: Accept-Encoding\r\n
    X-hacker: If you're reading this, you should visit and apply to join the fun, mention this header.\r\n
    Content-Encoding: gzip\r\n
    X-ac: 4.sin _bur\r\n

    These are just the headers and any “content” is transferred after the double \r\n (\r\n\r\n)

    If the destination server is on a shared IP then you need to send the host name as well as the IP.

    1. Agreed, even in commercial products these days developers over complicate everything to the point that everything is built on some janky house of cards.

      Probably because a bunch of them are idiots that want to use whatever software package is trendy instead of trying to design something that works.

      1. It think it’s because modern programmers have become so efficient accustomed to downloading and patching libraries together that they forget that they can actually write code themselves.

        1. I think a lot of this is managers that are more likely to reward people who suggest whatever buzzword heavy piece of software is trending.

          They know they can take it upstairs to a bunch of people who will google it, see all the buzzwords, and be impressed.

    2. > I don’t know why people choose such complex software setups.

      I’m the project creator. The problem I was solving is “How do i trigger something on the controller over the internet?”. You aren’t on the wifi network outside the garage so there needs to be a way to reach the controller via a phone with data service.

      One way would be to expose the controller by opening up a port on my router to allow internet traffic into my network. I didn’t want to do that, and it’s not something you can easily solve with rudimentary http requests as you suggested, so I went looking for alternatives.

      MQTT is designed for use in this kind of device and avoids having to do any kind of regular polling or long poll / websockets from the controller to a http server. Instead it just waits for an inbound message and reacts to it. Conceptually very simple and very easy to implement on the esp8266 so it was an easy choice. Access to the message broker is authenticated (sufficient for my purposes here that not just anyone can connect and push messages into the system).

      The only thing left is to choose how to push a message onto the queue. Dropping a web api in front of a message queue (or any other kind of data store/transceiver) is not at all novel. It was easy to write a simple one and run it in AWS Lambda. This also benefits from various Android clients capable of making http requests already being available (as opposed to having an Android client talk MQTT) so that was a piece of the puzzle i didn’t have to deal with.

      It’s not all that complex a setup – just a web api in front of a message queue. This is the kind of thing i deal with in my day job so really i’m leveraging what i already know to complete the project. In the end I spent far less time on the python code, mqtt broker and android app (less than a day) than i did figuring out the electronics. In a community like hackaday you’re bound to find people whose strengths are heavily weighted towards either the hardware or software side (in my case the latter) and what is complex to one person is trivial to another.

    1. Judging by the code: Non extisting.
      I’m sorry, but this project is utter crap. Relays to trigger the buttons of a cracked open remote via unsafe mqtt? Zero points for novelty, bad engineering, worse code.

      1. You’ve judged too quickly — this is still a work in progress. The OP acknowledges that there is no security yet, and that’s what he’s going to work on next. The relays are just in the first of two revisions, both mentioned and linked in the article. The second uses transistors in place of the relays.

        But look, some people are just starting out, and others are more advanced. I’m not sure that makes one project “utter crap”. And I’m not sure that’s a nice thing to be saying in either case. Please try to be constructive, and polite to people with less experience than yourself.

        1. I’m a great fan of the relay/remote combination myself in that it allows easy if inelegant control of simple devices, running mains current, without most of the danger using commercially available remote switching modules (think X-10 and its descendants). Putting the access online and handing it around at random maybe not so much but if you just want to switch on/off a fan in the window or a light in the next room it’s a great first iteration and something you could trust a young tinkerer to play with since the big current isn’t part of your project.

        2. There have been many times I’ve looked back at an old project and thought, “Oh man, I could do this soooo much better today.” You work with the tools you have. Sometimes this means working within your current skillset and sometimes that means working with parts you have on hand before other parts come in.

          1. Couldn’t have said it better myself. I might be able to write better code than seen in this but I haven’t done anything with relays yet. This guy used two. Sure it could be done better but as others have said, you work with what you have. Mentally and physically.

        3. I’m the project creator. Thanks for the fair appraisal and comments about how to be polite. If you want to foster a community then that’s important to remember.

          Right on the money about me just starting out. This is my first microcontroller project and at the start I had no electronics knowledge. Avoiding blowing up my $130 garage remote was important and relays gave me electrical isolation between the remote and the rest of the circuit. As I gained some knowledge and confidence i changed the second revision to use transistors and power the remote from the controller instead of a battery.

          The comments from others about security i think are made with insufficient context.

          This is not a gated community as others have suggested (anyone can walk from the street into the middle of the compound). The gates are just to the car park and aren’t secure – they open at least every 5 minutes during the day for cars to go in and out. If you want to talk about security you need to deal with the threat model. Someone wanting to break into the car park by discovering the URL to my remote trigger is very unlikely, and why bother when you can wait for the next car and just walk or drive in?

          1. I used to live in a place with a gate like that, it even had a button on the outside you could just press to open the gates to the car park, although this was an oversight for 10 years and as I was moving they finally fixed it to only work at a set time when the garbage truck was coming.

            $130 remote is a bit steep, our place charged £40 but even then it was just a simple OOK at 30mhz, if you could work out what frequency it is on you can probably get a cheap cloning remote for less than $20, you could use a cheap SDR to work out if it was 30/316/433/868/915 etc and if you had an expensive SDR you could just blast the signal to open the gate direct from that, although at a stupid cost compared to getting a cloning remote.

      2. Everyone makes a “proof of concept” first, usually out of whatever crap you have in the junk box.

        The general idea is to make it simple as possible so that you’re not introducing features or failure points until you get the most basic code / hardware working.

        1. Yes! Optocouplers have saved my ass too many damn times! Every time I need circuit isolation I just used to immediately think just about relays. But admittedly, that’s usually the most crude solution there is…

          Now, I think can I use just FET? Is it enough, or do I need ground isolation as well? What about optocouplers? Isolation transformer maybe? Etc… Really, there are just so many options – but you have to be aware of them. And people just coming into contact with electronics / MCUs / hw aren’t really aware, or don’t happen think of them as a potential solution to their problem.

  2. A friend used an old phone plus a light detector on the screen. Whenever the phone is called, the screen lights, and the detector operates the gate open relay (could be the gate remote). Cost is a minimal mobile phone number. Any visitor just has to ring the appropriate phone number.

    1. This is good until someone calls the phone by mistake and opens the gate in the middle of the night.

      A better approach would be to wire the gate to the phone speaker, keep the phone on mute for every message, alert, alarm, call and so on, and have it to ring only for a defined group, and put on this group all the numbers of people allowed to open the gate. One friend did this to only allow his car to start when he called the car.

  3. Am I correct in assuming that his gate is out-of-reach of WiFi?
    If it is out of WiFi range, don’t they make breakout boards with SIM cards and a basic data only mobile service?

  4. Oh, I get it now … he didn’t want to modify the actual gate electronics, just the remote. If the gate is like a garage door opener, it probably has some aux trigger inputs. And having feedback from switches (gate is opened or closed) would be nice.

  5. My complaint here is that I bet the landlord/owner/neighbors would not be happy if they knew this was happening. I get setting starting a new project and not having all the vulnerabilities figured out, for YOURSELF. However, to do it to other, potential, unwilling participants is not cool. It’s kind of selfish to expose the front gate of a community, which is I’m sure a selling point of the complex and furthermore why people pay more to live in it, all so that you don’t have to let your friends in when you invite them over. You decided to live behind a gate, you decide to invite clusters of people over (to the point of it being inconvenient enough to have to automate) and although I can appreciate the effort, creativity and follow through.

    Some things shouldn’t be automated, especially given this context. Speaking from a dark experience, the safety that a simple gate would offer is way more important than this trivial convenience. It’s selfish to impose a different opinion on everyone else who uses the gate.

    1. As vunerable as losing / having stolen one of the remotes.
      Could be upwards of 50 remotes issued.
      Do you think each of them is likely to have an individual code?
      Would you wish to administer that ?

      It’s clear that spare remotes are obtainable. Spare remotes could be issued to friends/family.
      You wager none of the other tenants has done that ?

    2. In fact, the gate is in a complex, and the underground wiring to the units are broken. So this job was done for the body corporate that saved them about $10K. Everyone is delighted.

  6. its probably a keeloq remote . they are not expensive . and they are not secure either.

    nothing wrong with janky builds . they teach us how and why things shouldn’t be done :)

  7. I did almost the same. But I used “Blynk” app, where it was super simple to set up – upload empty arduino sketch on ESP, add button to blynk app and say which gpio it triggers.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.