project:brmdoor:start
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
project:brmdoor:start [2018/04/24 21:35] – Brmdoor outside shield photo added abyssal | project:brmdoor:start [2023/09/17 20:35] (current) – [Raspberry support] pysftp dropped and changed to paramiko for SFTP abyssal | ||
---|---|---|---|
Line 20: | Line 20: | ||
===== Unlocking the Door ===== | ===== Unlocking the Door ===== | ||
- | Executive summary, how to get in without a key - arrange registering your RFID card (ISO-14443A, | + | Executive summary, how to get in without a key - arrange registering your RFID card (ISO-14443A, |
===== BrmDoor Hardware ===== | ===== BrmDoor Hardware ===== | ||
Line 26: | Line 26: | ||
* We have [[https:// | * We have [[https:// | ||
* MCU/ | * MCU/ | ||
- | * OS: Raspbian or Ubuntu (other may work as well, if you can get required packages | + | * OS: Raspbian or Ubuntu (other may work as well if you can get required packages |
- | * Lock device: | + | * Lock device |
- | * [DONE] | + | * From inside, it is possible to open the door anytime by just pushing the handle. |
- | * From inside, it is possible to open the door anytime by just pushing the handle. | + | * From outside, it is possible to open the door by turning the lock by the key, OR by pushing the handle if the voltage is applied. |
- | * From outside, it is possible to open the door by turning the lock by the key, OR by pushing the handle if voltage is applied. | + | * Lock specs say 12-24V should be used, but from experience 12 V is not enough. Use 24 V. |
- | * Lock specs say 12-24V should be used, but from experience 12 V is not enough. Use 24 V. | + | |
- | Communication is over SPI: both SEL0 and SEL1 are shorted which turns communication to be over SPI. | + | Communication is over SPI: both SEL0 and SEL1 are shorted which turns communication to be over SPI. Docs say SEL1 closed, board says both closed, both closed work. |
Documentation of Adafruit PN532 shield (our revision is 1.2): | Documentation of Adafruit PN532 shield (our revision is 1.2): | ||
Line 42: | Line 41: | ||
===== BrmDoor Firmware ===== | ===== BrmDoor Firmware ===== | ||
- | Source repository: https:// | + | Source repository: https:// |
+ | ===== Raspberry support ===== | ||
+ | |||
+ | Brmdoor was tried on: | ||
+ | |||
+ | * Raspberry 1B (very slow import, but works ok) | ||
+ | * Raspberry 3B+ | ||
+ | * Raspberry 4B | ||
+ | |||
+ | Tested Raspbian 9 and 10 (Raspi OS 2021-03-04). Still works on 2023-09-17, when we needed to drop '' | ||
+ | |||
+ | Raspberry 1 and 2 - it's just slow, everything is slow there. Raspberry 3B+ or 4 with USB boot and USB flash instead of SDcard recommended. | ||
+ | |||
+ | Make sure you enable SPI in device tree or '' | ||
===== List of authorized cards ===== | ===== List of authorized cards ===== | ||
Line 50: | Line 62: | ||
===== Adding a new card to JendaSAP and import to brmdoor ===== | ===== Adding a new card to JendaSAP and import to brmdoor ===== | ||
- | Put the card next to reader, then look into log (on brmdoor raspi in ''/ | + | Put the card next to the reader, then look into a log (on brmdoor raspi in ''/ |
Login to vps.brmlab.cz. In ''/ | Login to vps.brmlab.cz. In ''/ | ||
- | '' | + | < |
+ | card 0102ab89 | ||
+ | </ | ||
- | On vps.brmlab.cz in ''/ | + | On '' |
- | '' | + | < |
+ | cd /root/sap | ||
+ | parse.py | ||
+ | </ | ||
+ | |||
+ | This will create | ||
+ | |||
+ | < | ||
+ | cd brmdoor_libnfc/; | ||
+ | </ | ||
+ | |||
+ | No need to restart brmdoor daemon. Note that the import can take even a minute since the brmdoor Raspberry 1 is fucking slow. | ||
+ | |||
+ | <note important> | ||
+ | Commit the changes to '' | ||
+ | </ | ||
+ | |||
+ | In the '' | ||
+ | |||
+ | < | ||
+ | git commit -m "Added card for member Ctulhu" | ||
+ | </ | ||
+ | |||
+ | ===== Adding a new Desfire with authentication to JendaSAP and import to brmdoor ===== | ||
+ | |||
+ | This is similar to above, but has extra step in programming the Desfire. | ||
+ | |||
+ | <note important> | ||
+ | The Desfire needs to be programmed with correct signature first, otherwise brmdoor will reject it. | ||
+ | </ | ||
+ | |||
+ | Writing a signature on a Desfire card (can be done on raspi or using PN532 reader that is in the lab). You must know the private Ed25519 key matching the public key in brmdoor' | ||
+ | |||
+ | < | ||
+ | ./ | ||
+ | </ | ||
+ | |||
+ | Similar to above, but you add line " | ||
+ | |||
+ | < | ||
+ | desfire 04631982cc2280 | ||
+ | </ | ||
+ | |||
+ | The parse.py mentioned above will also create '' | ||
+ | |||
+ | < | ||
+ | cd brmdoor_libnfc/; | ||
+ | </ | ||
+ | |||
+ | <note important> | ||
+ | If you are using old libfreefare 0.4.x, you will need to patch the hardcoded infinte timeouts, otherwise Desfire stuff may deadlock. | ||
+ | </ | ||
+ | |||
+ | In general, set the timeout param in '' | ||
+ | |||
+ | So '' | ||
+ | |||
+ | < | ||
+ | DEB_BUILD_OPTIONS=' | ||
+ | </ | ||
+ | |||
+ | ==== Fixed Raspbian libfreefare .deb files ==== | ||
+ | |||
+ | Link to zip with the rebuilt .deb files for current brmdoor (Raspian 9), just install with dpkg -i like usual: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Latest versions of libfreefare have this fixed, there is either non-infinite timeout or configurable timeout in very latest versions. | ||
+ | ==== Checking that the signature on Desfire ==== | ||
+ | |||
+ | Can be done with brmdoor, PN352 reader on PC or also on mobile app that can show NFC NDEF data: | ||
+ | |||
+ | < | ||
+ | cd brmdoor_libnfc/; | ||
+ | </ | ||
+ | |||
+ | You should see something like: | ||
+ | |||
+ | < | ||
+ | {" | ||
+ | </ | ||
+ | ===== Restarting brmdoor remotely ===== | ||
+ | |||
+ | If brmdoor stops responding for some reason, restart it using: | ||
+ | |||
+ | < | ||
+ | systemctl restart brmdoor.service | ||
+ | </ | ||
+ | |||
+ | In order to get to brmdoor from outside, you'll need to find a hop server accessible from outside, like bbs.brmlab.cz | ||
+ | |||
+ | Sample entry in '' | ||
+ | |||
+ | < | ||
+ | Host = bbs.brmlab.cz | ||
+ | VerifyHostKeyDNS = yes | ||
+ | User = root | ||
+ | IdentityFile = ~/ | ||
+ | ForwardX11 = no | ||
+ | UsePrivilegedPort = no | ||
+ | Protocol 2 | ||
+ | |||
+ | Host = brmdoor-external | ||
+ | ProxyCommand = ssh bbs.brmlab.cz nc %h 22 | ||
+ | Hostname = 192.168.77.30 | ||
+ | Port = 22 | ||
+ | User = root | ||
+ | IdentityFile = ~/ | ||
+ | ForwardX11 = no | ||
+ | UsePrivilegedPort = no | ||
+ | Protocol 2 | ||
+ | </ | ||
+ | |||
+ | ===== OPEN/CLOSED switch with update of topic on IRC and SpaceAPI format on VPS ===== | ||
+ | |||
+ | In '' | ||
+ | update to work. | ||
+ | |||
+ | The first part of the topic until '' | ||
+ | OPEN/CLOSED will be prepended). | ||
+ | |||
+ | Configuration needs setting a file that is read once per second, '' | ||
+ | " | ||
+ | will be read by brmdoor daemon. | ||
+ | |||
+ | For a simple switch (that just closes/ | ||
+ | configure a PIN in input mode and turn on internal pullup on the input PIN. An example of this is in the | ||
+ | '' | ||
+ | |||
+ | <code bash> | ||
+ | # | ||
+ | export PIN=22 | ||
+ | |||
+ | if [ ' | ||
+ | echo $PIN > / | ||
+ | echo in > / | ||
+ | fi | ||
+ | |||
+ | python -c " | ||
+ | </ | ||
+ | |||
+ | If the switch is in open position (connected to ground), the " | ||
+ | of the internal pull-up). | ||
+ | |||
+ | The numbering scheme is the same as in the lock configuration (BCM GPIO numbering, | ||
+ | https:// | ||
+ | '' | ||
+ | |||
+ | ==== Changing OPEN/CLOSED status remotely with software ==== | ||
+ | |||
+ | Any IRC user in ''# | ||
+ | until the physical switch changes the value. | ||
+ | |||
+ | ==== Reporting/ | ||
+ | |||
+ | Currently since v 0.2 brmdoor can upload the status and information in [[http:// | ||
+ | |||
+ | The status JSON is mapped currently is mapped to [[https:// | ||
+ | of json is in under " | ||
+ | |||
+ | Currently to be compatible with old URL (https:// | ||
+ | for the spaceAPI.net since we can't change it and can't submit new, there is alias | ||
+ | in ''/ | ||
+ | uploaded by brmdoor (it's over SFTP with internal-sftp chroot, ssh-key login, so that in case of compromise of brmdoor there | ||
+ | is not much the attacker could do with it (and password can't be bruteforced). | ||
+ | ===== PIN assignments ===== | ||
+ | |||
+ | General GPIO PIN assignments are configurable, | ||
+ | pinouts. Raspi pinouts for all versions: https:// | ||
+ | |||
+ | (Follow whatever Rpi is installed for pinout as power sources keep killing them time to time) | ||
+ | |||
+ | Numbering scheme used by brmdoor for lock and open switch (based on BCM GPIO numbering, different from P1 | ||
+ | header physical PIN numbers): | ||
+ | https:// | ||
+ | |||
+ | PIN assignemnts (physical PINs on P1 header, with BCM GPIO numbers used in config): | ||
+ | |||
+ | * Raspberry power - via USB | ||
+ | * 5V power out into Adafruit PN532 reader: #4 | ||
+ | * Ground for Adafruit PN352: physical #6 | ||
+ | * BERA-E lock open/close: physical #22, BCM GPIO #25 | ||
+ | * Open/close switch input PIN: physical #15, BCM GPIO #22 (/ | ||
+ | * SPI pins for Adafruit PN532 reader - SPI PINs on Raspberry - physical #19, #21, #23, #24 | ||
+ | * electrical measurement (ask Jenda) : physical #12 signal, ground physical #14 | ||
+ | * grounds not mentioned just connect to any ground | ||
+ | |||
+ | |||
+ | ===== microSD card extra vs Sandisk Extra USB experiment (2021-05-20) ===== | ||
+ | |||
+ | I'e bought a 16 GB USB flash that should theoretically be more stable than SD card. | ||
+ | |||
+ | I've copied the 32-GB card, extended the filesystem to 16 GB (from original 4 GB). | ||
+ | |||
+ | The copy is available in my trezor. I benchmarked SD card and the USB boot device, did not find any significant differences. We did thought with rainbof limit the max CPU/GPU freq. | ||
+ | |||
+ | To this day I am not sure whether that " | ||
- | No need to restart brmdoor daemon. Note that the import can take even a minute, since the brmdoor Raspberry 1 is fucking slow. | + | Nevertheless, |
+ | Jenda/Mrkva were politely asked whether they want to design a single board for all future brmdoors. Since there is like 10 parts and foundries will make the poplated boards at $10/piece. | ||
===== GitHub, last commits ===== | ===== GitHub, last commits ===== | ||
{{rss> | {{rss> | ||
- | ===== Photos of cable connections of Raspi + PN532 shield (location Ke kaplicce | + | ===== Photos of cable connections of Raspi + PN532 shield (location Ke kaplicce |
{{: | {{: | ||
Line 74: | Line 285: | ||
{{: | {{: | ||
- | {{: | + | {{: |
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Updated photos after replacing Raspi 1 rev B2 with Raspi 3B+ (18 May 2021) - OBSOLETE ===== | ||
+ | |||
+ | Power source fried the Raspi 3B+ sometimes in 2022, replaced again with Raspi 2B | ||
+ | |||
+ | Added on left side is a stepdown that works with Raspi 3B+ power consumption. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Updated photos after replacing fried Raspi 3B+ for old Raspi 2B and changing casing (14 Jan 2022) ===== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ==== Outside view of PN532 shield (14 Jan 2022) ==== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
===== Brmdoor HOWTO (displayed after you login as root, in /etc/motd) ===== | ===== Brmdoor HOWTO (displayed after you login as root, in /etc/motd) ===== | ||
< | < | ||
Line 82: | Line 321: | ||
Full README is at https:// | Full README is at https:// | ||
- | Preferred | + | A preferred |
## Import cards.txt from JendaSAP' | ## Import cards.txt from JendaSAP' | ||
Line 94: | Line 333: | ||
## Adding card by UID | ## Adding card by UID | ||
- | Note: this is useful for adding card temporarily, since import from JendaSAP will remove it | + | Note: this is useful for adding card temporarily since import from JendaSAP will remove it |
- find out the UID: | - find out the UID: | ||
1. put the card near the reader, | 1. put the card near the reader, | ||
2. as root, look into the log, currently / | 2. as root, look into the log, currently / | ||
- | - look into log for the unknown UID, look for `Unknown UID` message | + | - look into the log for the unknown UID, look for `Unknown UID` message |
- | - the following command will add card as authenticated by UID, for other methods see full README | + | - the following command will add a card as authenticated by UID, for other methods see full README |
cd brmdoor_libnfc/ | cd brmdoor_libnfc/ | ||
Line 139: | Line 378: | ||
* Setting topic is not finished (python-irc has fairly bad API to retrieve topic) | * Setting topic is not finished (python-irc has fairly bad API to retrieve topic) | ||
+ | ===== Remote access from outside brmlab ===== | ||
+ | |||
+ | Add following to your ~/ | ||
+ | |||
+ | You need to have access to '' | ||
+ | |||
+ | You need ssh that supports '' | ||
+ | |||
+ | < | ||
+ | |||
+ | Host data.brmlab.cz | ||
+ | User root | ||
+ | Port 22 | ||
+ | IdentityFile = ~/ | ||
+ | Protocol 2 | ||
+ | |||
+ | Host = brmdoor-via-data | ||
+ | ProxyJump = data.brmlab.cz | ||
+ | Hostname = 192.168.77.30 | ||
+ | Port = 22 | ||
+ | User = root | ||
+ | IdentityFile = ~/ | ||
+ | ForwardX11 = no | ||
+ | UsePrivilegedPort = no | ||
+ | Protocol 2 | ||
+ | </ | ||
+ | |||
+ | Then using | ||
+ | |||
+ | < | ||
+ | ssh brmdoor-via-data | ||
+ | </ | ||
+ | |||
+ | will get proxyjump over data into brmdoor. | ||
project/brmdoor/start.1524605747.txt.gz · Last modified: 2018/04/24 21:35 by abyssal