Difference between revisions of "Doorbot"

From Technologia Incognita
Jump to: navigation, search
(Requirements)
m (New Keypad)
 
(45 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 
{{Project
 
{{Project
|ProjectSkills=access control
+
|ProjectStatus=Finished
|ProjectStatus=Planning
+
|ProjectNiche=Mechanics
|ProjectNiche=Electronics
 
 
|ProjectPurpose=Infrastructure
 
|ProjectPurpose=Infrastructure
 
}}
 
}}
We need a door control system. Preferably one that works with the RFID fobs handed out by UR for the main door at ACTA, since otherwise we'd need to maintain two parallel fob administrations and have added cost for purchasing our own fobs.
+
==Usage==
 +
[[File:Doorbot instructions.svg|thumb]]
 +
=== Entering the space: (normally) ===
  
=Requirements=
+
# scan your fob
* Embedded hardware (critica infra requires high availability and a PC isnt the solution)
+
# enter your pin
* Queries a *membership database* for auth
+
# press the bell button
* lock must be normally-closed. board members to have keys (Ultratux has a normally-closed electronic lock he is willing to donate)
 
  
== Future proofing ==
+
=== Opening the door when in Open mode (RFID Reader LED is green) ===
(Good to have in mind when choosing the platform)
 
* Networking capable
 
* Ability to do basic cryptographic operations (at least SHA1 hashing).
 
* Nice to have: The platform could speak LDAP over TLS, but we could wing it with a much simpler request-response API.
 
  
In addition we have outlined the need for two-factor auth, so we want to add a keypad to this where you type your PIN.
+
# press bell
  
=RFID options=
+
=== Changing your pin: ===
== UR HID RFID Fobs ==
 
  
The fob is the Proxkey IIII which operates at 125kHz: http://www.nodaccess.com/media/content/files/proxkeyIII_ds_en.pdf
+
# scan your fob
 +
# enter 999
 +
# press bell
 +
# enter your current pin
 +
# press bell
 +
# <b>wait for the doorbot to make the the 'success' double beep</b>
 +
# enter your new pin (min 4 characters)
 +
# press bell
 +
# repeat new pin
 +
# press bell
  
We should only need to read the fob-identifier from the card, which means activating it at the right frequency and reading it's output (which hopefully already contains the id).
+
=== Resetting your pin when you have forgotten: ===
  
I think that pdf says nothing of value, it's just a brochure. Some of our peers however, have some interesting stuff on HID RFID systems. Mostly this is about a different frequency system: iClass, but nevertheless I think it's a highly recommended read ! http://www.openpcd.org/HID_iClass_demystified
+
# Ask a doorbot maintainer (brainsmoke for now) to trigger a pin reset
 +
# scan your fob
 +
# enter your new pin (min 4 characters)
 +
# press bell
 +
# repeat new pin
 +
# press bell
  
'''Readers that were tried:'''
+
=== Add a fob: ===
* [[AuthenTec-RFID-reader]]
 
* Leser 6 - owned by [[User:Ultratux|ultratux]] ([http://www.conrad.nl/ce/nl/product/751242/ Link to vendor] [http://www.codatex.com/index.php?en_Leser_6plus link to 'plus' version])
 
  
 +
# Trick a doorbot maintainer into starting an addkey procedure
 +
# scan your fob
 +
# enter your new pin (min 4 characters)
 +
# press bell
 +
# repeat new pin
 +
# press bell
  
We should study the '''HID ProxkeyIII''' documentation (if available) to find out why it might be incompatible. There may be general crypto stopping non-HID devices talking to HID devices. In that case we could solve it by acquiring a HID ProxkeyIII reader off ebay. However, there may even be a crypto key inside the UR reader that was created unique to UR, in which case all our attempts will fail.
+
==Administration==
  
'''Other possible ideas to test compatibility prior to purchasing a HID proxkey III:'''
+
===doorbot shell (doorsh.py)===
  
1) Acquire a HID tag and ask if UR would enable that tag instead of a UR-provided tag. If that proves possible, UR having unique crypto can be all but ruled out-- unless installing that crypto key is an integral part of the activation process...
+
ssh doorbot@doorbot
  
2) If someone knows the right people at a place the HID ProxkeyIII is deployed, it may be possible to bring a UR fob to them and ask if they can try to add it to their system. Obviously one needs to be on a very friendly basis with such a person, otherwise this would simply not be allowed for a whole range of reasons. But maybe one of us knows a friendly datacenter operator or some other place where such systems are in use...
+
Administration:
  
An rfid reader could be made using an arduino, a simple circuit, and winding our own antenna: http://arduino.cc/playground/Main/DIYRFIDReader - a [[Arduino/RFID-Reader|project]] for this has been started.
+
doorbot> list
 +
doorbot> enable <fobid>
 +
doorbot> disable <fobid>
 +
doorbot> delete <fobid>
 +
doorbot> addkey                  # add key using key reader + pinpad
 +
doorbot> addkey <fobid> <pin>    # add key using doorbot shell only
 +
doorbot> resetpin                # reset pin using reader + pinpad
 +
doorbot> resetpin <fobid> <pin>  # reset pin using shell
 +
doorbot> authmode                # put doorbot in authentication mode (default at startup)
 +
doorbot> openmode                # put doorbot in open mode
  
 +
===doorctl.py===
  
 +
python doorctl.py initdb
 +
 +
# import fob db using plain-text pin
 +
# rfid authorised pin
 +
python doorctl.py import-plain << EOF
 +
5431553 1 12345
 +
5431554 1 12345
 +
5431555 1 12345
 +
5431556 1 12345
 +
EOF
 +
 +
python doorctl.py export    # export fob db
 +
 +
python doorctl.py import    # import fob db
 +
 +
python doorctl.py rfidlisten # print fob IDs of fobs being scanned
  
 +
==Design==
  
== PIN systems ==
 
  
Several vendors have integrated RFID + PIN systems for little money. The reason we rejected such systems (aside from a possible HID fob incompatibility) was that all logic is in one box and that box unavoidably sits on the outside of the door since it has the keypad. This is unacceptable, if you tear it off the wall you not only can power actuate the lock, but you potentially also have a data leak if they can read out which fobs are allowed in (and therefore, into UR too).
+
        5V 2A
 +
    _____||_____        [door sensor]          5V  ___12V____
 +
    |            |            |                ||  |          |
 +
    |            |--usb--[Lock arduino]--opto--[relay]  [door lock]
 +
    | Cubieboard |                                  |__________|
 +
    |            |--usb--[Auth arduino]
 +
    |____________|        |        |
 +
          |          [HID reader] [keypad]
 +
        Earth
 +
    (for keypad)
  
So we need a separate system where the keypad does not house the RFID data. It probably is acceptable that you can circumvent the PIN by tearing the keypad off the wall; you'd then still need a fob. The people breaking in through violence usually aren't the same people breaking in through cloning of the fobs... However, the reverse does not necessarily hold true-- the people who painstakingly cloned our fobs may well see their attempt foiled by the added keypad, and try to circumvent that last hurdle using conventional means (read: a screwdriver/crowbar)  So let's discuss this...
+
==Hardware==
  
= The case we want to avoid: a UR-independent system =
+
==Software==
  
If for whatever reason we cannot re-use the fobs of UR main door for our own space we might have other options like the aforementioned wish to link members to [[SpaceFED|SpaceFED / LDAP]]. I have looked at cheap systems but most all have a limited number of fobs (20 or 50) which is directly or in the short run insufficient. After more digging I've found a system that has no attainable limit (500), and can interface with a PC for logging. http://www.conrad.nl/ce/nl/product/750782/
+
=== Cubieboard ===
This system has the obvious drawback of not being able to use the UR fobs, but if that fails anyway OR if we feel that linking to LDAP has strong advantages maybe this becomes a feasible system.
 
In the case we go for this option we'd have to buy our own rfid fobs, which adds [amount of members] x 6 euro which is a lot. However: maybe we can add generic fobs people already own (their work, home or garage) to our reader, thereby avoiding the purchase of a fob. This could present a security risk for those people so they must make the choice on a case by case basis.
 
  
Phicoh has two 125khz RFID readers, one with USB, one with wires for the raw low level protocol. The USB one is trivial to connect to a pc as keyboard.
+
==== udev persistence rules ====
 +
 
 +
To get identifiable arributes:
 +
 
 +
udevadm info -p /class/tty/ttyUSB0 -a
 +
 
 +
 
 +
SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="XXXXXXXX", SYMLINK+="ttyAUTH"
 +
SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="XXXXXXXX", SYMLINK+="ttyLOCK"
 +
 
 +
 
 +
==== doorbotd.py / doorctl.py / doorsh.py ====
 +
 
 +
https://github.com/techinc/doorbot
 +
 
 +
=== Authentication arduino ===
 +
 
 +
==== source ====
 +
 
 +
https://github.com/techinc/doorbot/blob/master/doorauth/doorauth.ino
 +
 
 +
==== protocol ====
 +
 
 +
Serial, 9600 baud
 +
 +
send:
 +
 +
LED ON\n
 +
LED OFF\n
 +
LED BLINK\n
 +
BEEP\n        (short beep)
 +
DENIED\n      (distorted sound)
 +
GRANTED\n    (double short beep)
 +
 +
receive:
 +
 +
RESET\n      (arduino has reset)
 +
KEY [0-9]\n  (keypad press)
 +
RFID [01]*\n  (rfid scanned)
 +
 
 +
=== Lock arduino ===
 +
 
 +
==== source  ====
 +
 
 +
https://github.com/techinc/doorbot/blob/master/doorlock/doorlock.ino
 +
 
 +
==== protocol ====
 +
 
 +
Serial, 9600 baud
 +
 +
send:
 +
 +
UNLOCK\n
 +
LOCK\n
 +
 +
receive:
 +
 +
RESET\n        (arduino has reset)
 +
OPEN\n        (door has opened)
 +
CLOSED\n      (door has closed)
 +
 
 +
=== New Keypad ===
 +
[[File:mechpad1.jpg|thumb]]
 +
 
 +
Project page: [[mechpad]]
 +
 
 +
Serial, 9600 baud
 +
 +
keypad -> arduino
 +
[0123456789CB]  (keypresses)
 +
[XYZW]          (unused buttons to the right)
 +
 +
arduino -> keypad:
 +
 +
R    (red swirl)
 +
G    (green swirl)
 +
B    (blue swirl)
 +
S    (sleep animation)
 +
P    (party mode / color wheel swirl)
 +
 
 +
==== source ====
 +
 
 +
https://github.com/techinc/mechpad
 +
 
 +
=== Old Keypad ===
 +
 
 +
The old keypad was replaced due to glitching :-(
 +
Project page: [[matrixpad]]
 +
 
 +
==== source ====
 +
 
 +
https://github.com/techinc/matrixpad
 +
 
 +
=== Temp. replacement keypad ===
 +
 
 +
the new keypad code is:
 +
made by beatskip, will post a schematic later this week
 +
 
 +
<pre>
 +
#include <Arduino.h>
 +
#include <Wire.h>
 +
#include <Adafruit_TCA8418.h>
 +
 
 +
#define I2C_SDA 19
 +
#define I2C_SCL 18
 +
 
 +
Adafruit_TCA8418 keypad;
 +
 
 +
#define ROWS 4
 +
#define COLS 3
 +
 
 +
char keymap[COLS][ROWS] = {{'1', '4', '7', 'C'},
 +
                          {'2', '5', '8', '0'},
 +
                          {'3', '6', '9', 'B'}};
 +
 
 +
void setup() {
 +
  Serial.begin(9600);
 +
    pinMode(10, OUTPUT);
 +
    pinMode(7, OUTPUT);
 +
  digitalWrite(10, HIGH);
 +
  digitalWrite(7, HIGH);
 +
  Wire.begin(I2C_SDA, I2C_SCL);
 +
  //run_i2c_scanner();
 +
 
 +
 +
  if (! keypad.begin(TCA8418_DEFAULT_ADDR, &Wire)) {
 +
    Serial.println("keypad not found, check wiring & pullups!");
 +
    while (1);
 +
  }
 +
 
 +
  // configure the size of the keypad matrix.
 +
  // all other pins will be inputs
 +
  keypad.matrix(ROWS, COLS);
 +
 
 +
  // flush the internal buffer
 +
  keypad.flush();
 +
  Serial.println();
 +
 
 +
}
 +
 
 +
 
 +
void loop()
 +
{
 +
 
 +
  if (keypad.available() > 0)
 +
  {
 +
    //  datasheet page 15 - Table 1
 +
    int k = keypad.getEvent();
 +
    bool pressed = k & 0x80;
 +
    k &= 0x7F;
 +
    k--;
 +
    uint8_t row = k / 10;
 +
    uint8_t col = k % 10;
 +
 
 +
    if (pressed)
 +
      Serial.write(keymap[col][row]);
 +
 
 +
   
 +
  }
 +
}
 +
</pre>

Latest revision as of 21:12, 15 December 2023

Projects
Participants Brainsmoke
Skills
Status Finished
Niche Mechanics
Purpose Infrastructure

Usage

Doorbot instructions.svg

Entering the space: (normally)

  1. scan your fob
  2. enter your pin
  3. press the bell button

Opening the door when in Open mode (RFID Reader LED is green)

  1. press bell

Changing your pin:

  1. scan your fob
  2. enter 999
  3. press bell
  4. enter your current pin
  5. press bell
  6. wait for the doorbot to make the the 'success' double beep
  7. enter your new pin (min 4 characters)
  8. press bell
  9. repeat new pin
  10. press bell

Resetting your pin when you have forgotten:

  1. Ask a doorbot maintainer (brainsmoke for now) to trigger a pin reset
  2. scan your fob
  3. enter your new pin (min 4 characters)
  4. press bell
  5. repeat new pin
  6. press bell

Add a fob:

  1. Trick a doorbot maintainer into starting an addkey procedure
  2. scan your fob
  3. enter your new pin (min 4 characters)
  4. press bell
  5. repeat new pin
  6. press bell

Administration

doorbot shell (doorsh.py)

ssh doorbot@doorbot

Administration: 

doorbot> list
doorbot> enable <fobid>
doorbot> disable <fobid>
doorbot> delete <fobid>
doorbot> addkey                  # add key using key reader + pinpad
doorbot> addkey <fobid> <pin>    # add key using doorbot shell only
doorbot> resetpin                # reset pin using reader + pinpad
doorbot> resetpin <fobid> <pin>  # reset pin using shell
doorbot> authmode                # put doorbot in authentication mode (default at startup)
doorbot> openmode                # put doorbot in open mode

doorctl.py

python doorctl.py initdb

# import fob db using plain-text pin
# rfid authorised pin
python doorctl.py import-plain << EOF
5431553 1 12345
5431554 1 12345
5431555 1 12345
5431556 1 12345
EOF

python doorctl.py export     # export fob db

python doorctl.py import     # import fob db

python doorctl.py rfidlisten # print fob IDs of fobs being scanned

Design

       5V 2A
    _____||_____        [door sensor]          5V   ___12V____
   |            |             |                ||  |          |
   |            |--usb--[Lock arduino]--opto--[relay]   [door lock]
   | Cubieboard |                                  |__________|
   |            |--usb--[Auth arduino]
   |____________|         |         |
         |          [HID reader] [keypad]
       Earth
    (for keypad)

Hardware

Software

Cubieboard

udev persistence rules

To get identifiable arributes: 

udevadm info -p /class/tty/ttyUSB0 -a



SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="XXXXXXXX", SYMLINK+="ttyAUTH"
SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="XXXXXXXX", SYMLINK+="ttyLOCK"


doorbotd.py / doorctl.py / doorsh.py

https://github.com/techinc/doorbot

Authentication arduino

source

https://github.com/techinc/doorbot/blob/master/doorauth/doorauth.ino

protocol

Serial, 9600 baud

send:

LED ON\n
LED OFF\n
LED BLINK\n
BEEP\n        (short beep)
DENIED\n      (distorted sound)
GRANTED\n     (double short beep)

receive:

RESET\n       (arduino has reset)
KEY [0-9]\n   (keypad press)
RFID [01]*\n  (rfid scanned)

Lock arduino

source

https://github.com/techinc/doorbot/blob/master/doorlock/doorlock.ino

protocol

Serial, 9600 baud

send:

UNLOCK\n
LOCK\n

receive:

RESET\n        (arduino has reset) 
OPEN\n         (door has opened)
CLOSED\n       (door has closed)

New Keypad

Mechpad1.jpg

Project page: mechpad 

Serial, 9600 baud

keypad -> arduino
[0123456789CB]   (keypresses)
[XYZW]           (unused buttons to the right)

arduino -> keypad:

R     (red swirl) 
G     (green swirl)
B     (blue swirl)
S     (sleep animation)
P     (party mode / color wheel swirl)

source

https://github.com/techinc/mechpad

Old Keypad

The old keypad was replaced due to glitching :-( Project page: matrixpad

source

https://github.com/techinc/matrixpad

Temp. replacement keypad

the new keypad code is: made by beatskip, will post a schematic later this week 

#include <Arduino.h>
#include <Wire.h>
#include <Adafruit_TCA8418.h>

#define I2C_SDA 19
#define I2C_SCL 18

Adafruit_TCA8418 keypad;

#define ROWS 4
#define COLS 3

char keymap[COLS][ROWS] = {{'1', '4', '7', 'C'},
                           {'2', '5', '8', '0'},
                           {'3', '6', '9', 'B'}};

void setup() {
   Serial.begin(9600);
    pinMode(10, OUTPUT);
    pinMode(7, OUTPUT);
  digitalWrite(10, HIGH);
  digitalWrite(7, HIGH);
  Wire.begin(I2C_SDA, I2C_SCL);
   //run_i2c_scanner();

 
  if (! keypad.begin(TCA8418_DEFAULT_ADDR, &Wire)) {
    Serial.println("keypad not found, check wiring & pullups!");
    while (1);
  }

  // configure the size of the keypad matrix.
  // all other pins will be inputs
  keypad.matrix(ROWS, COLS);

  // flush the internal buffer
  keypad.flush();
  Serial.println();
  
}


void loop()
{
  
  if (keypad.available() > 0)
  {
    //  datasheet page 15 - Table 1
    int k = keypad.getEvent();
    bool pressed = k & 0x80;
    k &= 0x7F;
    k--;
    uint8_t row = k / 10;
    uint8_t col = k % 10;

    if (pressed) 
      Serial.write(keymap[col][row]);

    
  }
}
Retrieved from "https://wiki.techinc.nl/index.php?title=Doorbot&oldid=28311"