DoorLock v3 is the new electronic mechanism that we use in order to open the door of the hackerspace. As the previous doorlock had some problems, we had to start from scratch.
The mechanical part
A classic door release mechanism, most apartment buildings have something like this nowadays. This type of lock is probably the easiest and most robust method to use: you unlock it by connecting it to a power supply, you lock it by disconnecting it. It even comes with a little switch so you can leave it in an "always open" state when we have a gathering. (don't forget to reset it before leaving ;)) Another plus, it doesn't require any modification of the door itself or block the regular lock (so we can still use our keys).
A RaspberryPi was pretty useful in the new setup. After installing wiringPi, thiroros can now lock and unlock the door using its GPIO pins. And since it is a regular GNU/Linux box, we are now able to implement any authentication method we would like by using the network, USB ports etc.
The RaspberryPi doesn't unlock the door directly -- it is connected to a prototyping board that handles this. The signal from the Pi's GPIO pins goes to a transistor, which in turn activates a relay. The relay just connects the mechanical module to its power supply to unlock the door.
- Except from giving us multiple sockets, the power strip is also useful because it has a long extension cord, which we connected to a UPS-backed socket
- The small protoboard at the other side of the RaspberryPi just allows us to connect more easily the 8 pins of the RFID module
- We had to do some sawing on the right side of the speaker, but now it fits perfectly between the cable channel and the window -- we didn't use any tape, glue, nails etc
- The speaker already had a hole at the side; fortunately, because the RaspberryPi's video output didn't fit without it :P. But we did open a hole at the bottom of the speaker to connect the mechanism's power supply
- Well we haven't found yet a stable way to attach the RFID module on the window... But the software isn't ready yet so we're not using it :P
Opening the door
We have two scripts for the doorlock:
- /usr/local/bin/dlock-gpio-cmd is a shell script which sets the pin as an output pin, writes a '1', waits 3 seconds and then writes a '0' by using wiringPi
- /usr/local/bin/doorlock is just a wrapper that calls the previous script using
nohupis a utility that runs a given program so that it ignores kill signals. We need this wrapper because if you just run
dlock-gpio-cmdand kill it before it gets to lock the door again, the door will remain unlocked forever. This is an issue not only because it allows unauthorized acces to the space, but it also overheats the mechanism.
Any software you deploy that wants to open the door should use
Methods currently available
Each user with an LDAP account can ssh directly on the RaspberryPi (hostname thiroros.tolabaki.her.wn, IP 10.176.4.46) with his credentials and run the command
IM via Telegram
If you have a Telegram account, you can open the door by sending a message to @labadoorbot ( http://t.me/labadoorbot ). To use it you have to add your Telegram User ID to your LDAP account. In order to do that, visit https://accounts.tolabaki.gr and add it under the Pager field, in Generic settings. Note that your Telegram ID is different from your phone number and username; the bot will tell you your Telegram ID and repeat these instructions to you when you send it the /register command. The /open command opens the door!
Most of these ideas will probably implement the OTP protocol in various ways. Feel free to add your ideas here and/or implement something from this list!
An RFID module is already connected to the RaspberryPi, the software part needs work though. Since it would probably read a uid from the user's tag, is it possible to store that in a field of the user's LDAP account?
We will also need to buy some RFID cards to give to LDAP members. We already have like 20 RFID keychains, but we checked them and they can't be read through the window (they seem to have ~1.5cm range). We had a couple of cards too, and these we could read through the glass (~3.5cm range)! That's probably because of the size of the coil? The cards are the way to go though.
There was an idea about an Android application. It would send the OTP code to thiroros probably via one or more of:
- QR code (webcam needed from inside the window).
- Serial. The screen flashes (again, webcam needed).
- DTMF tones. Maybe using a dangling cable to connect to the audio jack or a microphone.
Also the user could have the option to add and use multiple private keys, one for each door he has access to in case he implemented a system like this at home.
This one is simple. You call a VOIP number and the server checks if you are allowed to get in using Caller ID. This has been done before -- during the era of the first DoorLock, just leaving this here in case we want to do it again at some point.
Knock the door in a predefined rhythm to unlock the door. Maybe for security reasons it could be combined with:
The user could associate a Bluetooth/MAC address with his account and when his device is detected he can then open the door. Maybe use it in a two-factor authentication fashion, for example require a user's phone to be in reach in order to accept his RFID tag. There are some privacy (and technical) concerns though, so it would probably be better to discuss it in a meeting.