Skip to content

Latest commit

 

History

History
222 lines (148 loc) · 9.69 KB

Readme.md

File metadata and controls

222 lines (148 loc) · 9.69 KB

Door lock NFC card reader for Raspberry PI

Motivation

Is it possible to use FIDO UAF Standard on an Android mobile + NFC to opening doors?

This project is a simple prototype to verify how FIDO could be used in this scenario (see FIDO Security Reference). This card reader uses NFC to communicate with a specific Android Opening Door App, that emulates a NFC card using Android's Host-based Card Emulation functionality.

The card reader and Android Opening Door App depend of a third-party, called FIDO UAF RP Server.

Figure below shows all necessary components and the relation between them

alt text

  1. FIDO UAF Demo Server
  1. Door lock NFC card reader <- You are working on it right now!
  2. Dummy FIDO UAF Client
  3. Opening Door Android App

Hardware requirements

Wiring Raspberry PI 2 B (or Raspberry PI 3 B) & PN532

  1. To use UART on Adafruit PN532 breakout you must set to OFF the SEL0 and SEL1 jumpers
    1. To use UART on Elechouse PN532 NFC RFID module V3 you must set to OFF the switch 1 and switch 2.
  2. Follow instructions (and pictures) below to connect all components
Raspberry PI (2 or 3) B Wire color Adafruit PN532 Elechouse PN532
Pin 2 (5v) RED 5.0V VCC
Pin 6 (ground) BLACK GND GND
Pin 8 (BCM 14 TXD) YELLOW RXD SCL (RX)
Pin 10 (BCM 15 RXD) GREEN TXD SDA (TX)
Raspberry PI 2 or 3 B Wire color Component on breadboard
Pin 11 (BCM 17) ORANGE Green LED anode (+)
Pin 13 (BCM 27) BLUE RED LED anode (+)
Pin 15 (BCM 22) PURPLE Diode #1 anode (+)
Pin 39 (Ground) BLACK Breadboard negative rail

Using Adafruit PN532

Or, if you have an Elechouse PN532:

Using Elechousr PN532

Software requirements

Installing required packages

sudo apt-get install git build-essential autoconf libtool libpcsclite-dev
sudo apt-get install libusb-dev libcurl4-openssl-dev libjson-c-dev

Freeing UART

sudo raspi-config

On the Raspberry PI 2 B running Raspbian GNU/Linux 8

  • Select option "Advanced Options"
  • Select option "Serial" and select NO
  • Finish and reboot: sudo shutdown -r now

On the Raspberry PI 3 B running Raspbian Stretch

  • Select option "Interface options"
  • Select option "Serial", and select NO
    • Choose YES for Would you like the serial port hardware to be enable?
  • Exit and reboot

Installing libnfc from source

git clone https://github.com/nfc-tools/libnfc.git
cd libnfc
sudo mkdir -p /etc/nfc/devices.d/

On the Raspberry PI 2 B

sudo cp contrib/libnfc/pn532_uart_on_rpi.conf.sample /etc/nfc/devices.d/pn532_uart_on_rpi.conf

echo "allow_instrusive_scan = true" | sudo tee -a /etc/nfc/devices.d/pn532_uart_on_rpi.conf

On the Raspberry PI 3 B

sudo cp contrib/libnfc/pn532_uart_on_rpi_3.conf.sample /etc/nfc/devices.d/pn532_uart_on_rpi_3.conf

Run config & build

autoreconf -vis
./configure --with-drivers=pn532_uart --sysconfdir=/etc --prefix=/usr
sudo make clean && sudo make install all

Testing

You can test your setup reading an ISO14443-A card using nfc-poll program that came with libnfc. Place a card on the reader and run the command:

cd ~/libnfc/examples
sudo ./nfc-poll

Installing wiringPi from source

  • Please, follow the instructions provided by official website. Or

  • git clone git://git.drogon.net/wiringPi
    cd ~/wiringPi
    sudo ./build
    

Running door lock NFC card reader on Raspberry PI

  1. Get the source code
  • cd ~ && git clone https://github.com/emersonmello/doorlock_raspberrypi.git
  • cd doorlock_raspberrypi
  1. Change HOSTNAME and PORT values on Door lock NFC card reader's rp_settings.h file to the IP Address and PORT where you are running the FIDO UAF Demo Server
  • For instance: nano rp_settings.h
  1. Compile Door lock NFC card reader project
  • make clean && make
  1. Run it (sorry, you must be root because it is a requirement of wiringPi lib)
    • For instance: sudo ./dist/Debug/GNU-MacOSX/doorlock_raspberrypi

Setting up FIDO UAF Demo Server and Android Apps

FIDO UAF Demo Server

  1. Start FIDO UAF Demo Server

On Android Phone

  1. Install Dummy FIDO UAF Client on your Android phone
  2. Install Opening Door Android App on your Android phone
  3. On Opening Door Android App touch on "Settings" on the main application menu and update "server endpoint" field to the IP Address and PORT where you are running the FIDO UAF Demo Server
  4. On Opening Door Android App touch on "Whitelisting facetID" (to follow FIDO UAF specifications ).
    1. Or you can do it: On Opening Door Android App touch on "See app facetID" on the main application menu and insert the showed value in FIDO UAF Demo Server MySQL database. For instance: INSERT INTO facets (fDesc) values ('android:apk-key-hash:Lir5oIjf552K/XN4bTul0VS3GfM')

Testing the whole thing

  1. Open Opening Door Android App and touch "Register" button
  2. Tap your mobile phone on "NFC reader"
  3. Follow the instructions provided by application (i.e. put your finger on the sensor, etc.) and you should see the message "Access Granted"

UML Sequence Diagram

alt text

Starting door lock automatically on Raspberry boot

I'm using supervisord to handle this task because it can also restart a failed process

  1. Copy doorlock_raspberrypi binary to /usr/local/bin
  • sudo cp ~/doorlock_raspberrypi/dist/Debug/GNU-Linux/doorlock_raspberrypi /usr/local/bin
  1. Installing python2.7
    • sudo apt-get install python
  2. Installing supervisord
    • sudo easy_install supervisor
    • echo_supervisord_conf | sudo tee /etc/supervisord.conf
  3. Adding a program section to supervisord's configuration file
    • Add the follow lines at the end of /etc/supervisord.conf file
[program:doorlock]
command=/usr/local/bin/doorlock_raspberrypi
  • For instance:
printf "[program:doorlock]\n command=/usr/local/bin/doorlock_raspberrypi \n" | sudo tee -a  /etc/supervisord.conf
  1. Download supervisord.sh file and save it at /etc/init.d
sudo cp ~/doorlock_raspberrypi/supervisord.sh /etc/init.d
sudo chmod 755 /etc/init.d/supervisord.sh
sudo update-rc.d supervisord.sh defaults

References

alt text