This is an old revision of the document!
Table of Contents
BrmDoor
~~META: status = active &relation firstimage = :project:pir.jpg ~~
For hackerspace more secure and without the annoyance of physical keys. DIY digital lock control, open/closed space status monitor and burglar alarm.
Status: Currently, we have digital lock control and open/closed space status monitor, doorbell. Burglar alarm is TODO long-in-the-future.
System Architecture: Digital lock, card reader and Club Mate panel are hooked up on an Arduino. The Arduino needs just power - it unlocks the door autonomously, the list of allowed cards is stored internally. The Arduino is further (optionally) reporting to brmd daemon which provides web, IRC interface to the status and unlock notifications.
Unlocking the Door
Executive summary, how to get in without a key - arrange registering your RFID card with stick first, then you need to sometime come physically to brmlab to meet with him; he will add your ID to the Arduino sketch code. (We do not use external database out of security concerns.)
If your card is registered, just put it at the door around the place with the “RFID” sticker. When you unlock the door, you will hear a click - then, you can open it. After a short while, you will hear another click and the door auto-locks itself again. At the other side, unlock visual feedback is provided by the orange Arduino LED.
BrmDoor Hardware
- Simple token-based Identity Check device (we just rely on serial numbers for starters):
- [DONE] MiFare RFID cards (e.g. ISIC, OpenCard, or plain tokens)
- We have Adafruit PN532 NFC/RFID Controller Shield for Arduino. (lessons learned: do not use http://www.seeedstudio.com/depot/1356mhz-rfid-module-iosiec-14443-type-a-p-196.html).
- We have it wired up and can detect a card and receive its serial id. Tested on ISIC and OpenCard, works like a charm!
- It is already duct-taped at the inner side of the door. Most rfid cards have no trouble with talking through the wooden door; a sticked by chido marks the spot. The wires are routed off the door through UTP cable.
- TODO: More secure crypto-based auth?
- [TODO] harvie can provide a USB smartcard reader. That means people will be able to use e.g. their bank cards to enter, or some plainer tokens. (Or OpenCard, but just the much less common version.)
- Lock device:
- [DONE] BERA-E electromagnetic clock, sponsored by b00lean!
- From inside, it is possible to open the door anytime by just pushing the handle.
- From outside, it is possible to open the door by turning the lock by the key, OR by pushing the handle if +15V is fed in.
- We have it wired up and can control it fine. The wires are routed off the door through UTP cable.
- AxTheB breadboarded a Darlington IC that switches the 15V based on 5V TTL input. The power source used to be first an old ATX PSU (unreliable, 12V sometimes cannot unstuck the lock), then PoE adapter, now a dedicated DC adapter.
- [DONE] Microcontroller will interface the hardware (RFID reader, EM lock)
- We use just Arduino hooked up on USB serial (sponsored by TomSuch)
- TomSuch created a mini-shield that has all the extra wiring and Darlington.
- “Dolní brmdoor” na RPi: brmdoor.zip
BrmDoor Firmware
Programmed mainly by tomsuch and stick during overnight hacking session. One-line message is sent to serial every 1 second. It can have one of the following 3 forms:
- NOCARD
- no card is detected
- CARD <username> 0123456789ABCD
- card from ACL is detected
- CARD UNKNOWN FEDCBA98765432
- card not found in ACL
When message 2 is sent (card in ACL found), the door is also unlocked for few seconds.
Each message is prefixed by two space-separated boolean numbers; the first denotes the state of the “status” switch, the other the state of the “video” switch.
The Arduino sketch is here: source
Status Monitor
How to detect whether the space is currently inhabited?
Two big switches with LEDs are now by the door (“Club Mate Panel”); the one with green led is to be switching the open/close status, while the one with yellow led switches on/off live stream from brmlab.
Few more old photos @ https://picasaweb.google.com/petr.baudis/BrmdoorStatusPanel
brmd
The software side is brmd, awesome brmlab integration hub that collects data from various sources and provides unified reporting on IRC and web. So you can see the current status on http://nat.brmlab.cz/brmd/ and IRC topic contains the current status too.
Pasky’s blogpost about fighting with Perl POE
brmd runs at brmdoor@brmdoor.brm (Raspberry_Pi sponsored by ruza).
Alphasign
brmd also allows Alphasign control. It is a LED display with scrolling random text in the middle of the wall. Random status information is normally periodically shown by cronjobs running at brmlab@sargon.
Alphasign hardware broke a long time ago.
BrmDoor Access Policy
The requirement is to always have a backup way to get in, even when the digital control gets stuck at the most inconvenient moment in the most stupid way. Also, the building owner always needs to have a means of access, a plain key if possible; this is also related to fire regulations. Therefore, having digital entry as primary access method, with couple of backup plain keys in case things go wrong, should be the most preferred method.
Some means of the digital entry should still work if the network is offline for some reason.
The door is always closed from the outside and locked and must be unlocked every time before it is open; it stays unlocked for a short period enough to open the door.
Adding card under new PN532 system
When you login as 'brmdoor' user on brmdoor Raspberry Pi (or 'su' to that user), you'll get instructions from .bash_login script how to edit the card uids. There is currently new cardids_proper.h file that should be edited - its syntax doesn't suffer from the old reader's issues.
The new version currently running will be soon merged into brmlab/brmdoor git repository.
GitHub, last commits
- push-cardids.sh update by ruzaq (2017/06/01 18:31)
- Allow dot in card owner name by mrkva@mrkva.eu (2017/05/03 16:55)
- Configuration is no longer hardcoded, spaceapi support implemented by mrkva@mrkva.eu (2017/04/22 21:12)
- Update README by ruzaq (2016/06/07 02:21)
- Update README by ruzaq (2016/06/07 02:20)
Yet another Brmdoor implementation - Pythonic this time
The brmdoor_libnfc is another implementation for Raspberry Pi that aims to be clean and documented. The daemon is written in Python that uses wrappers of libnfc written in C++ and Swig.
Features:
- Clean, documented and extensible code
- Authentication data is stored in SQLite DB - no need to restart daemon to make any change; extensible DB schemas
- NFC smartcard communication support (ISO 14443-4)
- Multiple authentication schemes supported
- simple authentication by UID
- Dedicated configuration file and logging facilities
Missing features:
- No sound produced (can be fixed via WiringPi)
- No IRC messages yet
Links
-
- yet another doorlock projects made by various hackerspaces http://hackerspaces.org/wiki/Doorlock