This is an old revision of the document!
Table of Contents
BrmDoor
~~META: status = active &relation firstimage = :project:pir.jpg ~~
For hackerspace more secure and without the annoyance of physical keys. DIY digital lock control, open/closed space status monitor and burglar alarm.
Status: Currently, we have digital lock control and open/closed space status monitor, doorbell. Burglar alarm is TODO long-in-the-future.
System Architecture: Digital lock, card reader and Club Mate panel are hooked up on an Arduino. The Arduino needs just power - it unlocks the door autonomously, the list of allowed cards is stored internally. The Arduino is further (optionally) reporting to brmd daemon which provides web, IRC interface to the status and unlock notifications.
Unlocking the Door
Executive summary, how to get in without a key - arrange registering your RFID card (ISO-14443A, e.g. Mifare Classic, Mifare Desfire) with council at meetup (or over mail rada _at_ brmlab.cz). After adding your card to brmdoor DB, you will be able to unlock door by placing the card next to the reader.
BrmDoor Hardware
- Simple token-based Identity Check device (we just rely on serial numbers for starters):
- [DONE] MiFare RFID cards (e.g. ISIC, OpenCard, or plain tokens)
- We have Adafruit PN532 NFC/RFID Controller Shield for Arduino. (lessons learned: do not use http://www.seeedstudio.com/depot/1356mhz-rfid-module-iosiec-14443-type-a-p-196.html).
- We have it wired up and can detect a card and receive its serial id. Tested on ISIC and OpenCard, works like a charm!
- It is already duct-taped at the inner side of the door. Most rfid cards have no trouble with talking through the wooden door; a sticked by chido marks the spot. The wires are routed off the door through UTP cable.
- Lock device:
- [DONE] BERA-E electromagnetic clock, sponsored by b00lean!
- From inside, it is possible to open the door anytime by just pushing the handle.
- From outside, it is possible to open the door by turning the lock by the key, OR by pushing the handle if +15V is fed in.
- We have it wired up and can control it fine. The wires are routed off the door through UTP cable.
- AxTheB breadboarded a Darlington IC that switches the 15V based on 5V TTL input. The power source used to be first an old ATX PSU (unreliable, 12V sometimes cannot unstuck the lock), then PoE adapter, now a dedicated DC adapter.
Communication is over SPI: both SEL0 and SEL1 are shorted which turns communication to be over SPI.
Documentation of Adafruit PN532 shield (our revision is 1.2):
BrmDoor Firmware
Source repository: https://github.com/brmlab/brmdoor
List of authorized cards
Card list is on brmlab VPS (vps.brmlab.cz) are exported from JendaSAP, on /root/sap/cards.txt.
GitHub, last commits
- push-cardids.sh update by ruzaq (2017/06/01 18:31)
- Allow dot in card owner name by mrkva@mrkva.eu (2017/05/03 16:55)
- Configuration is no longer hardcoded, spaceapi support implemented by mrkva@mrkva.eu (2017/04/22 21:12)
- Update README by ruzaq (2016/06/07 02:21)
- Update README by ruzaq (2016/06/07 02:20)
Photos (location Ke kaplicce 18)
Brmdoor HOWTO (displayed after you login as root, in /etc/motd)
Current brmdoor directory is `/root/brmdoor_libnfc` Config is in the file: `/root/brmdoor_libnfc/brmdoor_nfc.config` Full README is at https://github.com/hiviah/brmdoor_libnfc/blob/master/README.md ## Adding card by UID - find out the UID: 1. put the card near the reader, 2. as root, look into the log, currently in screen: `screen -r brmdoor` (run as root) - look into log for the unknown UID, look for `Unknown UID` message - the following command will add card as authenticated by UID, for other methods see full README cd brmdoor_libnfc/ ./brmdoor_adduser.py -c brmdoor_nfc.config -a uid 1234ABCD SomeUserName ## Import cards.txt from JendaSAP's cards.txt (WARNING: THIS WILL OVERWRITE THE TABLE WITH UIDS) cd brmdoor_libnfc/ ./import_jendasap_cards.py cards.txt target_db.sqlite If `target_db.sqlite` does not exist, it will be created. If it exists, the `authorized_uids` table will be replaced with UIDs/nick pairs from `cards.txt` (other tables are not touched). ## List authorized cards UIDs + nicks from DB sqlite3 ~/brmdoor_libnfc/brmdoor.sqlite 'select nick, uid_hex from authorized_uids;' ## Start/stop daemon systemctl start brmdoor.service systemctl stop brmdoor.service Systemd unit location: `/etc/systemd/system/brmdoor.service`
Features
Source: brmdoor_libnfc
Requires libnfc, libfreefare and WiringPi2
Features:
- Clean, documented and extensible code
- Authentication data is stored in SQLite DB - no need to restart daemon to make any change; extensible DB schemas
- NFC smartcard communication support (ISO 14443-4)
- Multiple authentication schemes supported
- simple authentication by UID
- Authentication with EdDSA (Ed25519 signatures) for Desfire cards (can be used with Host Card emulation on Android phones)
- Dedicated configuration file and logging facilities
Missing features:
- No sound produced (can be fixed via WiringPi)
- Setting topic is not finished (python-irc has fairly bad API to retrieve topic)