[Herb Peyerl] is part of a robotics team, and in his robotics endeavours, learned about AprilTags; small QR-code-like printable patterns that are easily recognizable by even primitive machine vision. Later on, when thinking about good ways to let his guests through his property’s front gate, the AprilTags turned out to be a wonderful solution. Now all he needs to do is send his guest a picture of the appropriate AprilTag, which they can present to the camera at his front gate using their smartphone.
He used an OpenMV board for this – thanks to its wide variety of available libraries, the AprilTag recognition is already baked in, and the entire script is merely a hundred lines of MicroPython. An old surveillance camera gave up its dome-shaped housing, and now the OpenMV board is doing guest access duty on a post in front of his property’s front gate. He’s shared the code with us, and says he’s personally running a slightly modified version for security reasons — not that a random burglar is likely to stumble upon this post anyway. Besides it looks like the gate would be easy for a burglar to jump over without any need for security bypass, and the convenience benefits of this hack are undeniable.
In the unlikely chance a burglar is reading this, however, don’t be sad. We do happen to have a bunch of hacks for you, too. There’s far less secure systems out there, from building RFID keyfobs to gated community access control systems, sometimes all you need is a 12 V battery. If you’re not into burglary, that’s okay too — we’ve covered other guest access hacks before, for instance, this ESP8266-powered one.
Similar to my gate. I have a WiFi router at my front gate that i sniff the mac addresses off of. Whenever my phone connects it opens the gate. I setup an easy way to onboard new phones and all of my friends are already setup to be let in and out of the gate. I can also open the gate from the dashboard remotely. I use the same trick for lots of presence detection around my house. Next is to get around to finishing my 2.4ghz and 5ghz wifi sniffers so i can do presence detection for each room rather than just location (House, Gate, Shop). The writeups for this can be found on my hackaday.io page linked in my name
Isn’t this broken by MAC randomization in recent mobile OSes?
You can select “Use Device MAC” in advanced settings for the specific WiFi access point. Apple calls it something different but you can do the same thing there too. This is easily setup when connecting something to the wifi and only has to be done once. I am only trying to track myself on my home network so it is ok. This feature will likely never go away given some people setup a whitelist for their wifi devices.
“Whenever my phone connects it opens the gate.”
That is a really bad idea, because mac addresses can easily be spoofed.
Spoofing the MAC address doesn’t help unless an attacker already knows the WPA password.
Factually, its WHEN they figure out/breakthrough the password. Its always just a matter of time ๐
Isnt it less hassle to just climb the gate? Youre overthinking someone figuring out you use MAC adresses to open the gate, and then hacking your password
I do the opposite. My phone looks for the MAC Address of one of my neighbour’s smart TVs down the street when i drive past. When my phone finds it, it run a Tasker automation to trigger Home Assistant.
๐๐ผ nice
But what about those (like me) that don’t have “gates”? I only have a front door. Maybe it’d be cool to be able to “announce” guests that are already setup by detecting their presence when then are near or an app to provide updates from the smart phone to yours (or your PC — I still like PCs!). That will also let your pending guest concentrate on driving and avoiding accidents.
Homeassistant has several methods of doing this. They have an app that allows you to use geofencing, and I believe they also have a module that integrates with OpenWRT to trigger actions when certain MAC addresses connect to the network.
Bruteforce low res qr?
If you were to use a similar method on something secure enough to worry about the bruteforce attack you can easily make the QR code vastly more complex, even effectively a OTP that would take substantial time to force*, good to open the door exactly once/ one day/ for the week.
*lets assume it must work on the correct code being presented within 1 second (so it only polls the QR reader code every 1/2 second with the ‘best’ (probably most square on) frame of the last 1/2 second), pretty trivial to up the complexity to the point that is hours/days flashing new images at it in hope on average, and easily into the weeks if you don’t get lucky. Using a camera rather than a QR reader I’m not sure quite how tight the grid could reliably get from that distance, but if its not at least quadruple the ‘pixel’ count of the shown code I’d be shocked, and that adds pretty substantial permutation count even if you discount all the patterns without at least n black/white pixels on the opposite background.
It’s basically a password, and the same simple techniques which make bruteforcing passwords impractical (delays between attempts, enforced lockout periods after incorrect entries, etc) would work fine here. But unless you already know what sort of symbology the camera is looking for, you won’t even be able to perform a single attempt let alone lots of them.
There are far simpler ways to break open the gate than trying to manipulate the entry system; a bad actor will just use an angle grinder. A gate is sufficient to deter anyone not already prepared to do that.
Very true, but then I did say ‘on something secure enough to worry about’ – but this unlike a typed password should be easy enough to spy on the comings and going and get a few good photos of the guests phone screens – they have to turn them around from when they look at them to the camera, which should give an outside observer a reasonable chance to get a good capture, where the keyed in code with the user having any sense of security the best you might be able to get is the length of a password and thanks to greasy hands the first few buttons used.
So I’d still call a simple password better up to the point that the QR code really is a OTP and only valid once so there can be no repeats.
Since the tag isn’t something that has to be entered by a human, you can set the lockout after a wrong password quite high. That alone should be sufficient to shift effort away from a brute forcing attempt and towards other ways of circumventing the gate. Just don’t let a failed read cause a delay.
/me breaks out Nokia 5190, plays snake by the reflection in the lens until it’s confused enough to give in.
My father always said that locks keep honest people honest. So let’s call this what it is. It’s cool! and… It works and for cheap. Win win. And one more win for the cool.