1024-bit encrypted, cloud-based garage
DESCRIPTION
TRANSCRIPT
1024-bit Encrypted, Cloud-Based Garage
*Desired Encryption level proportional to paranoia
**Cloud-base-edness optional extra
Daniel Ng 2012 @embeddedmelb
What?
• Open your garage door from your phone
• Over Wi-Fi
• Secure-enough
• Could be over the Internet if you really want
Why?
• Garage only had 1 working remote control
• Original replacement cost $200+
• Dodgy after-market replacements
• Phone == Universal Controller
• Just for fun, curiosity, learning.
The Gear
• Original push-button local wired controller
• Any phone with an SSH Client
• Dreamplug (overkill)
• mbed (also overkill)
• Simple transistor switch circuit
Dreamplug
• Fanless Plug Computer
• <5W consumption
• Built-in Wi-Fi Access Point
• Runs Linux
• Many other bells & whistles
Phone
• Phone connects to Dreamplug’s built-in Wi-Fi Access Point
• Phone logs in to Dreamplug with specific username eg. ‘g’
• Use any phone with a SSH Client
• Eg. ‘ConnectBot’ on an Android Phone
• Optional: – ConnectBot also has Public-Key Encryption feature
• Convenience of not having to type a password
Hacking The Dreamplug
• Hack /etc/passwd for user ‘g’: g:x:1000:1000:g,,,:/home/g:/sbin/garage
• Create /sbin/garage: #!/bin/sh
echo "ggg"
echo '1' > /dev/ttyACM0
• Optional: – Create (eg. 1024-bit) public-key pair for
convenience of not having to type password: ssh-keygen
mbed
• 32-bit ARM Core
• USB
• Lots of GPIOs
• Many other bells & whistles
Hacking The mbed
Now What?
• GPIO pin on mbed goes high for 1 sec.
• We want this to cause the button on the old controller to be pressed
– ie. close the circuit across the button terminals
• How?
Transistor Circuit
• Transistor acts as a simple switch
Transistors Simplified
• Current entering the Base flows when the mbed’s GPIO goes HIGH
• The Collector is wired to one of the button terminals
• The Emitter is wired to the other button terminal
• Current entering the Base causes current to flow between the Collector and Emitter ie. closing the circuit between the button terminals
Summary
• Phone connects to Dreamplug’s Wi-Fi Access Point
• Phone logs in
• Dreamplug executes hacked login script which sends a ‘1’ to the USB port
• mbed sees the ‘1’ and turns on the transistor switch
• Transistor switch ‘presses’ the garage door button