ESP32 Freezer Alarm Keeps Tabs On Tricky Door

July 27, 2023 by 31 Comments

Leaving your freezer door open accidentally is a great way to make a huge mess in the kitchen. [Guy Dupont] had a freezer that would regularly fail to close properly, and was sick of the regular meltdown events. Thus, he whipped up a very digital solution.

The build combines an ESP32 with a reed switch, which is activated by a magnet on the freezer door. If the freezer door is open, the reed switch similarly remains open. The ESP32 checks the switch status every few minutes, and if the door remains open for two consecutive checks, it raises the alarm. A notification is sent to [Guy] via WiFi so that he can rectify the situation. The rig runs off a 400 mAh battery, which lasts for just over three weeks running door checks at two minute  intervals.

Based on [Guy]’s YouTube video, it appears the freezer door is jamming up against the wall. Perhaps shoving the freezer into a better position would help, though we suspect he would have thought of that first. And, in his own words, “That would be a very boring YouTube video, wouldn’t it?”

It’s not the first fridge alarm we’ve featured, and it won’t be the last, refrigeration gods willing.

Continue reading “ESP32 Freezer Alarm Keeps Tabs On Tricky Door”

Tesla Door Phone Decoded (Not That Tesla)

July 18, 2023 by 6 Comments

[Danman] has digital door phones manufactured by Tesla — or at least, a Tesla, as they’re not to be confused with the carmaker, though. The problem is if someone comes to the door when no one’s home, there’s no remote indicator. The answer? Reverse engineer the protocol and fix it.

A quick dump on a storage scope showed the data clearly, but it wasn’t obvious what protocol it was using. After a little analysis, it proved the datastream used 4 PWM pulses as symbols with three symbols: one, zero, and stuffing sequence.

Once you can read the bits, it is easy to determine that each frame consists of a 16-bit destination and source address, along with a command byte and a checksum byte. Each station can have an ID from 000 to 999 although you can only dial up to number 323. Some nodes are special, and there are ways to address particular units.

Connecting to the hardware took a transformer for isolation. Honestly, unless you have this exact hardware, this isn’t likely to be something you can directly use. However, it is a great example of how you can figure out a specialized device and bend it to your will.

We love reverse engineering projects. In some cases, it is easier if you have a CT scan.

Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures

July 14, 2023 by 3 Comments

[Alan Reiner] is building a sloth-like door greeter for his house. Sloxel, as he is affectionately known, can move around and even talk, with [Alan] using some nifty tricks in the design process

Sloxel’s job is to vet visitors to [Alan’s] house, before inviting them to knock on the door or to leave their details and go away. There’s still plenty of work to do on that functionality, which [Alan] plans to implement using ChatGPT. In the meantime, though, he’s been working hard on the hardware platform that will power Sloxel. A Raspberry Pi 3B+ is charged with running the show, including talking to the ChatGPT API and handling Sloxel’s motion along a linear rail with a number of stepper motors.

What we really love about this build, though, is the enclosure. [Alan] designed a housing for everything that can be 3D printed as a single part with print-in-place hinges. The four sides of the enclosure can then be folded up and into place with a minimum of fuss. Plus, the enclosure has plenty of nifty features that makes it easy to mount all the required hardware. It’s a neat design that we’d love to repurpose for some of our own projects.

We’ve seen other neat ideas in this area before, like using PCBs themselves as an enclosure. Video after the break.

Continue reading “Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures”

This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”

Secret Bookshelf Door Uses Hidden Fingerprint Scanner

May 30, 2023 by 4 Comments

What is it that compels us about a secret door? It’s almost as if the door itself and the promise of mystery is more exciting than whatever could lay beyond. In any case, [Scott Monaghan] is a lover of the form, and built his own secret door hidden in a bookshelf, as all good secret doors should be.

The door is activated by pulling down on the correct book. This then reveals a fingerprint scanner. Upon presenting the right digit, the door will elegantly swing open to reveal the room beyond. Secret door experts will note there’s an obvious tell due to the light spilling through the cracks, however [Scott] reports that the finishing stages of the build solved this issue. The door was also fitted with a manual release for easier daily use.

Details are light, but the basics are all there. Really all you need is a cheap hardware store door opener, a secret activation lever or authentication method, and a well-hinged bookcase to achieve this feat yourself. We’ve seen some other great secret doors before, too. Video after the break.

Continue reading “Secret Bookshelf Door Uses Hidden Fingerprint Scanner”

Ultimate Garage Door Control Does The Job Brilliantly

May 30, 2023 by 21 Comments

[Stephen Carey] had previously relied on an Insteon garage door controller, only to have it perform poorly and fail at integrating with Alexa properly. Thus, he did what any good hacker would do, and built his own system instead.

The garage door was first outfitted with a pair of reed switches to sense when it was fully open or fully closed. The drive sprocket of the garage door was also set up to be monitored with magnets and Hall effect sensors, essentially creating a rotary encoder. This allows a ESP32 to monitor the door’s direction of travel, it’s position, and when it has hit the end stop in either direction. Using Micropython, [Stephen] whipped up some code to tie the garage door controls in with Home Assistant, complete with a neat visual display of the current door position.

There are millions of home automation products out there, many of which make annoying compromises that frustrate the end user. Sometimes, doing it your own way is the only way to get satisfaction!

Hacking An Apartment Garage Door With New Remotes

April 19, 2023 by 28 Comments

[Old Alaska] had a problem. He needed a second remote for his apartment garage door, but was quoted a fee in the hundreds of dollars for the trouble of sourcing and programming another unit. Realizing this was a rip-off given the cheap hardware involved, he decided to whip up his own sneaky solution instead.

It’s a simple hack, cheap and functional. An RF-activated relay with two remotes was sourced online for the princely sum of $8. [Old Alaska] then headed down to the equipment cabinet in the garage, opening the lock with the side of his own car key. He then wired the relay in parallel with the existing manual pushbutton for activating the garage door.

Sometimes, a hack doesn’t have to be complicated to be useful. Many of us might have jumped straight to trying to capture and emulate the existing remote’s radio signals. There was really no need. With physical access, [Old Alaska] was able to simply wire in his own remote entry setup himself.

We’ve seen similar hacks before, albeit achieved with SIGINT methods instead. Video after the break.

Continue reading “Hacking An Apartment Garage Door With New Remotes”