There are readers available from multiple sources, but [RevK] found them either compact but with no prototyping space or plenty of prototyping space and a large footprint. High-speed UART (HSU) was selected over I2C for communication with an ESP32 as testing showed it was just as fast and more reliable over long distances at the cost of only one additional wire.
After a few versions, the resulting PN532 based NFC reader has just enough GPIO for a doorbell and tamper switch and three status LEDs, with board files and a 3D-printed case design included in the open source project on GitHub. When looking into the project, we appreciated learning about tamper switches that can include closed or open contact status when an NFC is read, most often used in the packaging of high-value and collectible products. If you have worked with this tamper feature of NFCs, let us know about it.
You can throw as many resources as possible into securing your systems — patch every vulnerability religiously, train all your users, monitor their traffic, eliminate every conceivable side-channel attack, or even totally air-gap your system — but it all amounts to exactly zero if somebody leaves a door propped open. Or if you’ve put a $5 padlock on a critical gate. Or if your RFID access control system is easily hacked. Ignore details like that and you’re just inviting trouble in.
Once the black-hats are on the inside, their job becomes orders of magnitude easier. Nothing beats hands-on access to a system when it comes to compromising it, and even if the attacker isn’t directly interfacing with your system, having him or her on the inside makes social engineering attacks that much simpler. System security starts with physical security, and physical security starts with understanding how to keep the doors locked.
To help us dig into that, Deviant Ollam will stop by the Hack Chat. Deviant works as a physical security consultant and he’s a fixture on the security con circuit and denizen of many lockpicking villages. He’s well-versed in what it takes to keep hardware safe from unauthorized visits or to keep it from disappearing entirely. From CCTV systems to elevator hacks to just about every possible way to defeat a locked door, Deviant has quite a bag of physical security tricks, and he’ll share his insights on keeping stuff safe in a dangerous world.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
By now we’ve seen plenty of projects that use an ESP8266 as a form of rudimentary access control: tap a button on your smartphone, and the door to your apartment unlocks. With the power and flexibility of the ESP, it’s a very easy project to pull off with minimal additional hardware. But what about if you want to get a little more serious, and need to support many users?
Rather than reinvent the wheel, you might want to check out the extremely impressive ESP-RFID project. It’s still based on the ESP8266 we all know and love, but it combines the diminutive WiFi-enabled microcontroller with a nice custom PCB and some exceptionally slick software to create a very professional access control system without breaking the bank. As the name implies, the system is geared towards RFID authentication and supports readers such as the MFRC522, PN532 RFID, or RDM6300. Add in a stack of Mifare Classic 1KB cards, and your hackerspace is well on the way to getting a new door control system.
The official hardware for ESP-RFID can be purchased through Tindie with or without an installed ESP-12F module, but as it’s a fully open source project, you’re also free to build your own version if you’d like. In either event, the board allows you to easily connect the ESP up to your RFID reader of choice, as well as door sensors and of course the door locks themselves.
On the software side of things, ESP-RFID should be able to handle about 1000 unique users and their RFID cards before the relatively limited RAM and storage of the ESP catches up with it. But if you’ve got that many people coming and going in your hackerspace, it might be time to update your systems to begin with. Incidentally, the project makes no guarantees about the security of the ESP-RFID code, and says that the system shouldn’t be used for secure locations. That said, you can run ESP-RFID without an Internet connection to reduce your attack surface, at the cost of losing NTP time synchronization.
A problem faced by all collaborative working spaces as they grow is that of access control. How can you give your membership secure access to the space without the cost and inconvenience of having a keyholder on site at all times.
Each door has a client with RFID readers, either a Raspberry Pi or an ESP8266, which connects via WiFi to a Raspberry Pi 2 server running a Django-based REST API. This server has access to a database of paid-up members and their RFID keys, so can issue the command to the client to unlock the door. The system also supports the Telegram messaging service, and so can be queried as to whether the space is open and how many members are in at a particular time.
This is a project that is still in active development, and [Torehc] admits that its security needs more work so is busy implementing HTTPS and better access security. As far as we can see through the fog of machine translation at the moment it relies on the security of its own encrypted WiFi network, so we’d be inclined to agree with him.
It is amazing how quickly you get used to a car that starts as long as you have the key somewhere on your person. When you switch vehicles, it becomes a nuisance to fish the key out and insert it into the ignition. Biometrics aims to make it even easier. Why carry around a key (or an access card), if a computer can uniquely identify you?
[Alexis Ospitia] wanted to experiment with vein matching biometrics and had good results with a Raspberry Pi, a web cam, and a custom IR illumination system. Apparently, hemoglobin is a good IR reflector and the pattern of veins in your hand is as unique as other biometrics (like fingerprints, ear prints, and retina vein patterns). [Alexis’] post is in Spanish, but Google Translate does a fine job as soon as you realize that it thinks “fingerprint” is “footprint.” The software uses OpenCV, but we’ve seen the same thing done in MATLAB (see the video below).
[Shawn] recently overhauled his access control by fitting the doors with some RFID readers. Though the building already had electronic switches in place, unlocking the doors required mashing an aging keypad or pestering someone in an adjacent office to press a button to unlock them for you. [Shawn] tapped into that system by running some wires up into the attic and connecting them to one of two control boxes, each with an ATMega328 inside. Everything functions as you would expect: presenting the right RFID card to the wall-mounted reader sends a signal to the microcontroller, which clicks an accompanying relay that drives the locks.
You may recall [Shawn’s] RFID phone tag hack from last month; the addition of the readers is the second act of the project. If you’re looking to recreate this build, you shouldn’t have any trouble sourcing the same Parallax readers or building out your own Arduino on a stick, either. Check out a quick walkthrough video after the jump.
[Jason] really wanted to build an RFID controlled garage door opener and decided to turn to Arduino to get the job done. For someone who’s never worked with an Arduino before, he really seemed to know what he was doing.
The Arduino acts as the brains of the operation while an off-the-shelf NFC/RFID reader module is used to read the RFID tags. To add new keys to the system, [Jason] simply swipes his “master” RFID key. An indicator LED lights up and a piezo speaker beeps, letting you know that the system is ready to read a new key. Once the new key is read, the address is stored on an EEPROM. From that point forward the new key is permitted to activate the system.
Whenever a valid key is swiped, the Arduino triggers a relay which can then be used to control just about anything. In this case, [Jason] plans to use it to control his garage door. The system also has a few manual controls. First is the reset button. If this button is held down for two seconds, all of the keys from the EEPROM are erased. This button would obviously only be available to people who are already inside the garage. There is also a DIP switch that allows the user to select how long the relay circuit should remain open. This is configurable in increments of 100ms.