Omegix/USB Auth 1.7
From Makers Local 256
Creator: |
Contents
Overview
The USB/NFC Authentication System (1.7) is a Raspberry Pi based system that reads NFC, RFID, and USB chip data (not files on the devices) to unlock an electric deadbolt.
Installation Pictures (6/3/2014): https://plus.google.com/+JeffCotten/posts/5evs8cDmo3H
Repository
Capabilities
- Can read an USB stick and throw a relay to signal to open a door.
- Can read a NFC tag and throw a relay to signal to open a door.
- Can read a RFID tag and throw a relay to signal to open a door.
- Upon detection of ID, can announce owner in an IRC channel.
- Supports a Stand-Alone Willie Bot, and utilization of RQ
- Unlock door upon user button press
- Re-lock door once relay sensor has been static for a time duration (the door has been closed for X amount of time)
In the News
Installation Instructions
- git clone https://github.com/omegix/ML256-Door-Auth
- sudo python scanForNFC_unlock.py
- (TBD, will list dependencies here. Until added, install dependencies until script will run)
- Edit file ldapCheck.py
- Change the following line to use the LDAP server IP address: ld = ldap.initialize('ldap://newldap.256.makerslocal.org/')
- Edit BOTH files, scanForNFC_unlock.py AND scanForUSB_unlock.py
- Change the following line's "True" or "False" values depending on whether you would like the system to use a local whitelist: CHECK_LOCAL_WHITE_LIST = True
- Edit whiteList.xml
- copy and paste as many known <entry> areas as desired.
- <name> is the tag for the name of the ID owner
- <nfc> is the tag for both NFC and RFID IDs
- <iSerial> is the tag for USB IDs
- copy and paste as many known <entry> areas as desired.
Makers Local 256 LDAP Admin Instructions
Use the following tags to enter USB and NFC id information into the LDAP interface.
- USB ID tag: ???
- NFC\RFID tag: <nfcID>
Materials
- Raspberry Pi
- 16GB SD Memory Card
- And a shim (I used a flat piece of zip tie) to firmly wedge the SD card into the slot on the Raspberry Pi board
- GPIO Breakout board (I used "Slice Of Pi" breakout board by IDT research)
- Jumper Wire (For bringing a direct connection from the pre-regulated 5V rail to the GPIO breakout board for powering the NFC and Relay board.)
- 16GB SD Memory Card
- Relay board
- NFC \ RFID Board (Cooqrobot NFC Module)
- And a zip tie to potentially add tension on the loose connector to the board
- USB Power Supply
- Ethernet Cable
- Authetication Devices
- NFC Badge (for positive identification testing)
- NFC Badge (for negative identification testing)
- USB Memory Stick Badge (for positive identification testing)
- USB Memory Stick (for negative identification testing)
- Project Enclosure
- Powered USB Hub
- Some USB Sticks draw so much current they can reset a Raspberry Pi. The hub is used to ensure the usb device does not overdraw the pi.
Development
Changelog
To Do
- Replace NFC Board with a More Reliable board possible give up on I2C and go with USB\Serial
Post Install
- Code "Master RFID" and\or "Master USB" for adding new IDs to the whitelist, and\or generating an email to LDAP admin
- Build enclosure for NFC\RFID reader board to mount on window of Door
- Tell root crontab to run willie with predefined configuration file
Steps Taken
- Installed Raspbian on a 16GB SD memory card
- Followed this guide to get I2C available
- Used this article to determine that I had a 256MB Model B RaspberryPi. This is important, because when checking i2cdetect I have to use "-y 0" instead of the "-y 1".
- This article is good too, it mentions to add the pi user to the i2c group so you don't have to run sudo all the time.
- http://www.skpang.co.uk/blog/archives/575
- sudo adduser pi i2c
- Wiring
- The raspberry pi has a voltage regulator that limits amperage consumption to 700ma. This was not enough to power the NFC reader and relay board from the GPIO, as well as have a USB inserted in the raspberry pi at the same time. To solve this problem I put a jumper wire from the high side of the regulator on the raspberry pi to the daughter board where the relay board and NFC reader board are connected for power.
Willie IRC Bot & Module
- Create directory ~/.willie/TextToSay
- Alternatively, you can customize what directory to scan, and set this in the scanDirectory.py willie module
- Copy scanDirectory.py into willie/willie/modules
- make sure the permissions on scanDirectory.py are set correctly (chmod 777, or something like that)
- cd into the willie directory and run "python willie.py build"
Troubleshooting
- The connector to the NFC board was loose. Whenever the connector momentarily lost contact with the board, I2C would go down and would not come back up without rebooting the RaspberryPi board. Solved this problem by adding a zip tie around the NFC board's connector and mounting hole to add tension and keep the wire from wiggling
- The jostling of the raspberry pi board (from opening and closing the door that the board is attatched to) was causing the SD card to wiggle in its mounting hole on the Raspberry Pi board. There is a tiny mechanical switch at the bottom of the slot to detect when the card has been removed, and the card was wiggling just enough to open the switch.
Using a piece of plastic (the cut off end of a zip tie) we shimmed the card into the slot. This has firmly secured the SD card in place.
- Board suddenly stopped working, including no HDMI out. GPIO fuse is likely blown, but have not confirmed. This Guide has details on how to troubleshoot.
- Was getting some bad errors "journal" errors when plugging in the usb stick. Power supply couldn't power the NFC reader, relays, and read usb at the same time. 800ma Was not enough. Need to figure out what the amp limits are on the traces for the raspberry pi
- Ran into this error when running DannyO's (hubcitylabs) poll.py script:
quick2wire/i2c.py", line 72, in transaction
ioctl(self.fd, I2C_RDWR, addressof(ioctl_arg))
- Problem Description: hubcitylab's poll.py script works on Rev1 RasbPi, doesn't work on Rev2
- Solution: py532.i2c.py is hard coded to use "0" as the i2c_channel. This needs to be updated to "1" for Rev2 boards, or better yet, have it check which bus is in place and use the correct I2C bus location via detection.
- Better Solution: the libraries downloaded with the git clone of the hikaru-gatekeeper are not the latest. make sure to download the latest libraries (quick2wire, py532, possibly others) independently to get code that will work on Rev2 raspberry pi boards
- Rooted Galaxy S3, NFC reader still does not see phone. Mog suggested that an application might have to be running that will broadcast the NFC ID. --Omegix (talk) 21:13, 31 July 2013 (CDT)
- When running NDEF Tools on my rooted (may not matter) GS3, the NFC ID was broadcast.
- The Galaxy S4 (Four) writes a different NFC tag each scan.
Resources
- http://hubcitylabs.org/nfc-on-raspberrypi-with-pn532-py532lib-and-i2c/
- http://www.ebay.de/itm/Cooqrobot-PN532-NFC-RFID-Reader-Writer-Module-starter-kits-with-tags-For-Arduino-/161010274918?pt=Wissenschaftliche_Ger%C3%A4te&hash=item257cf5d266
- http://www.hobbytronics.co.uk/raspberry-pi-raspbian-distro
- this article goes over how to use the internal pullup\pulldown resistors on the pi: https://github.com/quick2wire/quick2wire-gpio-admin/blob/master/README.md
- this could be useful if we want to put a local LDAP on the raspberry pi vs. a whitelist:
- For Setting up PJSUA for asterisk SIP calling on the raspberrypi, you have to set the audio device to null
- lib.set_null_snd_dev()
- The above appears to not work if you need PJSIP to support AccountCallBack. Instead you'll have to install a dummy sound device, and reconfigure PJSIP:
- http://hackaday.com/2015/04/06/more-power-for-raspberry-pi-usb-ports/ Not sure if this mod would allow more current draw from the GPIO header as well (probably not) but a similar solution might be employable so a jumper wire or external power supply for the Relay Board doesn't have to be part of the solution. Even if a higher amp draw off the GPIO header isn't possible, this should allow the ability to tap power off the USB port for the relay board.
Python Approach
Application Files
- DoorAuthWatchDogUSB.sh
- This is run by root user's crontab. It will start scanForUSB_unlock.py at boot, and the script crashes, restart it.
- DoorAuthWatchDogNFC.sh
- This is run by root user's crontab. It will start scanForNFC_unlock.py at boot, and the script crashes, restart it.
- RunWillie.sh
- This is run by root user's crontab. It will start the Willie IRC bot at boot, and if it crashes, restart it.
- /home/pi/.willie/Willie.cfg
- Crontab won't know where to find the default config file, so this official configuration file must exist.
- scanForUSB_unlock.py
- Script will scan for USB key being inserted, and if it's in the whitelist or LDAP, unlock the door.
- scanForUSB_unlock.py
- Script will scan for NFC/RFID being detected, and if it's in the whitelist or LDAP, unlock the door.
- ldapCheck.py
- Take in value, see if it's in the LDAP
- whiteListCheck.py
- Take in value, see if it's in the whitelist file, "whiteList.xml"
- whiteList.xml
- Configuration file holding plaintext values of permissible USB and NFC\RFID keys
- writeToDirectory.py
- Simple function to take in a string (name) and write a file to a directory containing "Unlocking for (name)." This is so the Willie IRC Module will have a file to detect and regurgitate the contents of into an IRC channel.
Root's Crontab
- First login to root (su root)
- > crontab -e
- Add the following lines to the crontab
- @reboot /home/pi/DoorAuth/DoorAuth1.7/src/DoorAuthWatchdog2.sh #> /home/pi/error.log 2>&1
- @reboot /home/pi/DoorAuth/DoorAuth1.7/src/DoorAuthWatchdogUSB.sh #> /home/pi/errorUSB.log 2>&1
- @reboot /home/pi/DoorAuth/DoorAuth1.7/src/DoorAuthWatchdogButton.sh #> /home/pi/error.log 2>&1
- @reboot /home/pi/DoorAuth/DoorAuth1.7/src/RunWillie.sh > /home/pi/errorWillie.log 2>&1
Testing Files
- usbScan.py
- Script will continuously scan for new USB devices, and call ldap Check. If ldap check successful, call DoorUnlock.
- nfcScan.py
- same as usbScan.py, except for NFC (and RFID)
- DoorUnlock.py
- Throw pins high and low on the GPIO to trigger relays that will be tied to a powerbolt1000.
- Monitor pins wired to reed switches to ensure door is closed before re-locking.
- Pin Assignments
- Relay for Door Unlock (IN1 on Keyes Relay Board): #23 on GPIO
- Relay for Door Lock (IN2 on Keyes Relay Board): #24 on GPIO
- ScanReedSwitch
- Pin Assignments: #25 on GPIO
- Willie IRC Bot Framework
- install from github, tarball may not be latest
- Install Dependencies: sudo apt-get install python-lxml python-mysqldb python-tweepy python-feedparser python-enchant; sudo pip install pytz praw
- run sudo ./setup install to install modules
- install from github, tarball may not be latest