HackerBox 0032: Locksport

This month, HackerBox Hackers are exploring physical locks and elements of security alarm systems. This Instructable contains information for working with HackerBox #0032, which you can pick up here while supplies last. Also, if you would like to receive a HackerBox like this right in your mailbox each month, please subscribe at HackerBoxes.com and join the revolution!

Topics and Learning Objectives for HackerBox 0032:

• Practice the tools and skills of modern Locksport
• Configure the Arduino UNO and Arduino IDE
• Explore NFC and RFID technology
• Develop a demonstration security alarm system
• Implement motion sensors for the alarm system
• Implement laser tripwires for the alarm system
• Implement proximity switches for the alarm system
• Code a state machine controller for the alarm system
• Understand the operation and limitations of Blue Boxes

HackerBoxes is the monthly subscription box service for DIY electronics and computer technology. We are hobbyists, makers, and experimenters. We are the dreamers of dreams. HACK THE PLANET!

• HackerBoxes #0032 Collectable Reference Card
• Arduino UNO R3 with MicroUSB
• Transparent Practice Padlock
• Lockpick Set
• PN532 RFID Module V3 with Two Tags
• HC-SR501 PIR Motion Sensor Module
• Two Laser Modules
• Photoresistor Light Sensor Module
• Photoresistor Sensor Components
• Magnetic Proximity Contact Switch
• Matrix Keypad with 16 Keys
• Round 8mm APA106 RGB LED
• Piezo Buzzer
• 9V Battery Clip with UNO Barrel Connector
• Micro USB Cable
• Female-to-Male Dupont Jumpers
• TOOOL Decal
• Exclusive INFOSEC Lapel Pin

Some other things that will be helpful:

• Soldering iron, solder, and basic soldering tools
• Computer for running software tools
• Solderless breadboard and jumper wires (optional)
• One 9V battery (optional)

Most importantly, you will need a sense of adventure, DIY spirit, and hacker curiosity. Hardcore DIY electronics is not a trivial pursuit, and HackerBoxes are not watered down. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from learning new technology and hopefully getting some projects working. We suggest taking each step slowly, minding the details, and don't be afraid to ask for help.

There is a wealth of information for current, and prospective, members in the HackerBoxes FAQ.

Locksport is the sport or recreation of defeating locks. Enthusiasts learn a variety of skills including lock picking, lock bumping, and other techniques traditionally used by locksmiths and other security professionals. Locksport enthusiasts enjoy the challenge and excitement of learning to defeat all forms of locks, and often gather together in sport groups to share knowledge, exchange ideas, and participate in a variety of recreational activities and contests. For a good introduction, we suggest the MIT Guide to Lock Picking.

TOOOL (The Open Organisation Of Lockpickers) is an organization of individuals who engage in the hobby of Locksport, as well as educate its members and the public about the security (or lack thereof) provided by common locks. "The mission of TOOOL is to advance the general public knowledge about locks and lockpicking. By examining locks, safes, and other such hardware and by publicly discussing our findings we hope to strip away the mystery with which so many of these products are imbued."

Checking the calendar on the TOOOL site shows that you will be able to meet folks from TOOOL this summer at both HOPE in New York and DEF CON in Las Vegas. Try to find TOOOL wherever you can in your travels, show them some love, and pick up some useful Locksport knowledge and encouragement.

Diving deeper, this video has some good pointers. Definitely look for the "Lockpicking Detail Overkill" PDF recommended in the video.

ETHICAL CONSIDERATIONS: Carefully review, and take serious inspiration from, TOOOL's strict code of ethics which is summarized in the following three rules:

1. Never pick or manipulate with the aim of opening any lock that does not belong to you, unless you have been granted explicit permission by the lock's rightful owner.
2. Never disseminate knowledge or tools of lockpicking to individuals whom you know or whom have reason to suspect would seek to employ such skills or equipment in a criminal manner.
3. Be mindful of the relevant laws concerning lockpicks and related equipment in any country, state, or municipality where you seek to engage in hobbyist lockpicking or recreational locksporting.

This Arduino UNO R3 is designed with easy of use in mind. The MicroUSB interface port is compatible with the same MicroUSB cables used with many mobile phones and tablets.

Specification:

• Microcontroller: ATmega328P (datasheet)
• USB Serial Bridge: CH340G (datasheet)
• Operating voltage: 5V
• Input voltage (recommended): 7-12V
• Input voltage (limits): 6-20V
• Digital I/O pins: 14 (of which 6 provide PWM output)
• Analog input pins: 6
• DC current per I/O Pin: 40 mA
• DC current for 3.3V Pin: 50 mA
• Flash memory: 32 KB of which 0.5 KB used by bootloader
• SRAM: 2 KB
• EEPROM: 1 KB
• Clock speed: 16 MHz

Arduino UNO boards feature a built-in USB/Serial bridge chip. On this particular variant, the bridge chip is the CH340G. Note that there are various other types of USB/Serial bridge chips used on the various types of Arduino boards. These chips allow you computer's USB port to communicate with the serial interface on the Arduino's processor chip.

A computer's operating system requires a Device Driver to communicate with the USB/Serial chip. The driver allows the IDE to communicate with the Arduino board. The specific device driver that is needed depends upon both the OS version and also the type of USB/Serial chip. For the CH340 USB/Serial chips, there are drivers available for many operating systems (UNIX, Mac OS X, or Windows). The maker of the CH340 supplies those drivers here.

When you first plug the Arduino UNO into a USB port of your computer, a red power light (LED) will turn on. Almost immediately after, a red user LED will start to blink quickly. This happens because the processor is pre-loaded with the BLINK program, which is now running on the board.

If you do not yet have the Arduino IDE installed, you can download it from Arduino.cc

If you would like additional introductory information for working in the Arduino ecosystem, we suggest checking out the instructions for the HackerBoxes Starter Workshop.

Plug the UNO into the MicroUSB cable, plug the other end of the cable into a USB port on the computer, and launch the Arduino IDE software. In the IDE menu, select "Arduino UNO" in under tools>board. Also, select the appropriate USB port in the IDE under tools>port (likely a name with "wchusb" in it).

Finally, load up a piece of example code:

File->Examples->Basics->Blink

This is actually the code that was preloaded onto the UNO and should be running right now to quickly blink the red user LED. However, the BLINK code in the IDE blinks the LED a little more slowly, so after loading it onto the board, you will notice the blinking of the LED will have changed from fast to slow. Load the BLINK code into the UNO by clicking the UPLOAD button (the arrow icon) just above your modified code. Watch below the code for the status info: "compiling" and then "uploading". Eventually, the IDE should indicate "Uploading Complete" and your LED should be blinking slower.

Once you are able to download the original BLINK code and verify the change in the LED speed. Take a close look at the code. You can see that the program turns the LED on, waits 1000 milliseconds (one second), turns the LED off, waits another second, and then does it all again - forever.

Modify the code by changing both of the "delay(1000)" statements to "delay(100)". This modification will cause the LED to blink ten times faster, right? Load the modified code into the UNO and your LED should be blinking faster.

If so, congratulations! You have just hacked your first piece of embedded code.

Once your fast-blink version is loaded and running, why not see if you can you change the code again to cause the LED to blink fast twice and then wait a couple of seconds before repeating? Give it a try! How about some other patterns? Once you succeed at visualizing a desired outcome, coding it, and observing it to work as planned, you have taken an enormous step toward becoming a competent hardware hacker.

The Arduino UNO can be used as controller for experimental demonstration of a security alarm system.

Sensor (such as motion sensors, magnetic door switches, or laser tripwires) can be used to trigger the security alarm system.

User inputs, such as keypads or RFID cards, can provide user control for the security alarm system.

Indicators (such as buzzers, LEDs, and serial monitors) can provide output and status to users from the security alarm system.

RFID (Radio-Frequency IDentification) is a process by which items may be identified using radio waves. NFC (Near Field Communication) is a specialized subset within the family of RFID technology. Specifically, NFC is a branch of HF (High-Frequency) RFID, and both operate at the 13.56 MHz frequency. NFC is designed to be a secure form of data exchange, and an NFC device is capable of being both an NFC reader and an NFC tag. This unique feature allows NFC devices to communicate peer-to-peer.

At a minimum, an RFID system comprises a tag, a reader, and an antenna. The reader sends an interrogating signal to the tag via the antenna, and the tag responds with its unique information. RFID tags are either Active or Passive.

Active RFID tags contain their own power source giving them the ability to broadcast with a read range of up to 100 meters. Their long read range makes active RFID tags ideal for many industries where asset location and other improvements in logistics are important.

Passive RFID tags do not have their own power source. Instead, they are powered by the electromagnetic energy transmitted from the RFID reader. Because the radio waves must be strong enough to power the tags, passive RFID tags have a read range from near contact and up to 25 meters.

Passive RFID tags come in all shapes and sizes. They primarily operate at three frequency ranges:

• Low Frequency (LF) 125 -134 kHz
• High Frequency (HF)13.56 MHz
• Ultra High Frequency (UHF) 856 MHz to 960 MHz

Near-field communication devices operate at the same frequency (13.56 MHz) as HF RFID readers and tags. As a version of HF RFID, near-field communication devices have taken advantage of the short range limitations of its radio frequency. Because NFC devices must be in close proximity to each other, usually no more than a few centimeters, it has become a popular choice for secure communication between consumer devices such as smartphones.

Peer-to-peer communication is a feature that sets NFC apart from typical RFID devices. An NFC device is able to act both as a reader and as a tag. This unique ability has made NFC a popular choice for contactless payment, a key driver in the decision by influential players in the mobile industry to include NFC in newer smartphones. Also, NFC smartphones pass along information from one smartphone to the other by tapping the two devices together, which turns sharing data such as contact info or photographs into a simple task.

If you have a smartphone, it can probably read and write NFC chips. There are a lot of cool apps including some that let you use NFC chips to launch other apps, trigger calendar events, set alarms, and store various bits of information. Here is a table of which type of NFC tags are compatible with which mobile devices.

Regarding the included NFC tag types, the white card and the blue key fob both contain Mifare S50 chips (datasheet).

This NFC RFID module is based on the feature-rich NXP PN532 (datasheet). The module breaks out almost all of the IO pins of the NXP PN532 chip. The module design provides a detailed manual.

To use the module, we will solder in the four pin header.

The DIP switch is covered with Kapton tape, which should be peeled off. Then the switches may be set to I2C mode as shown.

Four wires are used to connect the header to pins of the Arduino UNO.

Two libraries must be installed into the Arduino IDE for the PN532 module.

Install the NDEF Library for Arduino

Install the PN532 Library for Arduino

Once the five folders are expanded into the Libraries folder, close and restart the Arduino IDE to "install" the libraries.

Load up this bit of Arduino code:

Files->Examples->NDEF->ReadTag

Set the Serial Monitor to 9600 baud and upload the sketch.

Scanning the two RFID tokens (the white card and the blue key fob) will output scan data to the serial monitor like so:

Not Formatted
NFC Tag - Mifare Classic
UID AA AA AA AA

The UID (unique identifier) can be use as an access control mechanism that requires that particular card for access - such as to unlock a door, open a gate, or disarm an alarm system.

A keypad can be used to enter a passcode for obtaining access - such as to unlock a door, open a gate, or disarm an alarm system.

After wiring the keypad to the Arduino as shown, download the Keypad Library from this page.

Load up the sketch:

File->Examples->Keypad->HelloKeypad

And then modify these lines of code:

const byte ROWS = 4;
const byte COLS = 4;
char keys[ROWS][COLS] = {
{'1','2','3','A'},
{'4','5','6','B'},
{'7','8','9','C'},
{'*','0','#','D'}
};
byte rowPins[ROWS] = {6, 7, 8, 9};
byte colPins[COLS] = {2, 3, 4, 5};

Use the serial monitor to observe which keys of the keypad are being pressed.

What alarm system doesn't need an alarm siren?

Wire up the Piezo Buzzer as shown. Note the "+" indicator on the buzzer.

Try out the attached code in the file siren.ino

The APA106 (datasheet) is three LEDs (red, green, and blue) packaged together with a shift register driver to support a single pin data input. The unused pin is a data output that would allow the APA106 units to be chained together if we were using more than one.

The APA106 timing is similar to the WS2812 or the class of devices broadly referred to as NeoPixels. To control the APA106, we will use the FastLED Library.

Try out the attached sketch onepixel.ino which uses FastLED to cycle the colors on an APA106 wired to pin 11 of the Arduino UNO.

A magnetic proximity switch (or contact switch) is often used in alarm systems to detect the open or closed state of windows or doors. A magnet on one side closes (or opens) a switch on the other side when they are in proximity. The circuit and code here show how easily these "prox switches" can be used.

Note that the included prox switch is "N.C." or Normally Closed. This means that when the magnet is not near the switch, the switch is closed (or conducting). When the magnet is near the switch, it opens up, or stops conducting.

The HC-SR501 (tutorial) is a motion detector based on a passive infrared (PIR) sensor. PIR sensors measure infrared (IR) radiation from objects in their field of view. All objects (at normal temperatures) emit heat energy in the form of radiation. This radiation is not visible to the human eye because it is mostly at infrared wavelengths. However, it can be detected by electronic devices such as PIR sensors.

Wire up the components as shown and load the example code to feast your eyes on a simple demonstration of motion activated LED illuminations. The activating motion causes the example code to toggle the coloring of the RGB LED.

A laser combined with a light sensor module makes a nice laser tripwire to detect intruders.

The light sensor module includes a potentiometer to set a trip threshold and a comparator to trigger a digital signal upon crossing the threshold. The result is a robust, turn-key solution.

Alternatively, you may wish to try rolling your own laser detector by arranging a bare LDR and a 10K resistor as a voltage divider feeding an analog (not digital) input. In this case, the thresholding is done inside the controller. Check out this example.

The demonstrated elements can be combined into a basic, experimental alarm system. One such example implements a simple state machine with four states:

STATE1 - ARMED

• Illuminate LED to YELLOW
• Read Sensors
• Sensors Tripped -> STATE2
• Correct Keypad Code Entered -> STATE3
• Correct RFID Read -> STATE3

STATE2 - ALARM

• Illuminate LED to RED
• Sound Siren on Buzzer
• Exit Button "D" Pressed -> STATE3

STATE3 - DISARMED

• Illuminate LED to GREEN
• Turn off Siren on Buzzer
• Arm Button "A" Pressed -> STATE1
• NewRFID Button "B" Pressed -> STATE4

STATE4 - NEWRFID

• Illuminate LED to BLUE
• Card Scanned (ADD IT) -> STATE3
• Exit Button "D" -> STATE3

The Blue Box was an electronic phone hacking (phreaking) device that replicates the tones that were used to switch long-distance telephone calls. They allowed routing your own calls and bypassing normal telephone switching and billing. Blue Boxes no longer work in most countries, but with an Arduino UNO, keypad, buzzer, and RGB LED, you can build a cool Blue Box Replica. Also check out this similar project.

There is a very interesting historical connection between Blue Boxes and Apple Computer.

Project MF has some cool information on a living, breathing simulation of analog SF/MF telephone signaling just as it was used in the telephone network of the 1950s through the 1980s. It lets you "blue box" telephone calls just like the phone phreaks of yesteryear.

If you have enjoyed this Instrucable and would like to have a cool box of hackable electronics and computer tech projects descend upon your mailbox each month, please join the revolution by surfing over to HackerBoxes.com and subscribing to the monthly surprise box.

Reach out and share your success in the comments below or on the HackerBoxes Facebook Page. Certainly let us know if you have any questions or need some help with anything. Thank you for being part of HackerBoxes!