Wifi Door Unlocker

Why carry a key when I always carry my phone?

Similar projects worth following
After moving into an apartment where my new roommates never locked the door and left it unlocked, I started locking the door being slightly paranoid. After them getting locked out a couple times, something had to be done. We all have our phones and they connect to the WiFi in our apartment a floor before we get to our apartment. Why not detect the phone and unlock the door once they knock on it (as well as have a backup system if they lose their phone or it's out of power).

The plan:

Sniff for authentication packets (the phones usually start trying to connect before they can actually reliably connect. So this packet can be sniffed out relatively early before they get there (particularly since the wifi antenna will probably be by/mounted to the door and the wifi router is on a shelf in the front room). When a user knocks it checks to see if someone has authenticated with the wifi in the last minute and if so, unlock the door. There would also be a backup secret knock that can be used if the person's phone is dead and hence can't connect to wifi. 

  • 1 × Raspberry PI
  • 1 × Wifi card capable of Monitor Mode
  • 1 × Servo/Gearmotor
  • 1 × Piezo electric element for knock detecting

  • Reviving

    Matthew Carlson05/17/2017 at 00:55 0 comments

    My aunt is a lock smith and during a recent family get together for a graduation, she brought some lock picking sets. She gave me a few pointers and within a few minutes, I had picked my first lock. Mushroom pins are still a struggle sometimes but I'm getting better. When I got back to Seattle, I was excited about trying it out on my door. I was able to get it open in less than 2 minutes. This concerns me to say the least. We have a regular lock as well as a deadbolt which is only lockable from the inside. The downside would if the mechanism were to fail, we would be really locked outside. The new ESP32 looks like it might have the guts to be performant in promicious mode.

  • Rethinking

    Matthew Carlson03/06/2015 at 17:34 0 comments

    So having decided to move away from more of a raspberry pi type solution I think it might be best to move to a router based solution. The router knows who is connected or not, no need to packet sniff. I just need to modify a router to send a packet to another wifi connected device when a phone connects to the wifi. I'm thinking open-wrt. Any thoughts?

  • Severe Setbacks

    Matthew Carlson12/04/2014 at 16:34 0 comments

    So I've been working a little bit more on the problem of the USB wifi chip dropping packets particular when there is a large amount of traffic going through the air (such as when someone is streaming Netflix, which happens more than you'd think). Even when there isn't a whole lot of network traffic, it's easy to miss a packet. Obviously if this is going to replace my need to carry keys then this can't not work. If it drops the authentication packet, then there is no way to send a new one unless I turn off the wifi on my phone off and on. The idea is that I can just walk up to the door and it's open.

    I've thought about a few other options such as a FPGA solution that analyzes the packets but it would have to do so at a fairly high level. In order to get a decent sample, the sampling rate would be 4.8 GHZ which I don't think would be possible in an cheap FPGA and would likely require serious cooling in an expensive high end one.

    I've given it some thought and decided that the bluetooth low energy spec is actually pretty decent and since all of us have phones that support it, it does make a good choice. The only problems I've thought of is authentication. I think the idea would be that the micro controller would just sense when a phone came in range so it would unlock the door. It would likely do this through MAC address authentication. While I live in a wonderful community that is very crime free, the security of this isn't as robust as I would like. All it would take is someone to sniff out the bluetooth mac address of one of our phones and then spoof it. Of course, if someone was putting this much effort to get in our house, they might as well just break the large and very thin front window of the apartment.

    The other problem with this approach is the reduction of novelty. Without wifi, it simply becomes another bluetooth doorknob like everyone else. At what point is it simply more convenient to just buy one for a hundred bucks?

    Any thoughts or suggestions?

  • Updates

    Matthew Carlson08/23/2014 at 16:23 0 comments

    Sorry for not updating for a while since I got really busy and [standard excuses]. Anyway- I have moved so I need to revise my overall design and instead of actuating the door knob it would make more sense to have it actuate the deadbolt in this particular setup for my new apartment.

    I've done some more testing and found that intense network traffic can overwhelm the cheap-o wifi dongle and it will start dropping packets (for example, a roommate watching netflix on the couch will just overwhelm it and it will completely miss most/any authentication packets). 

    So here is what I am thinking now- create a aluminum foil overlay that goes over the back so the exposed part of the  antenna facing the door. If I'm correct this should help block out traffic from inside the apartment (since there tends to be a lot of it). That way, in theory, the only the traffic that gets sniffed is directly from the phones outside the door rather than inside the door.

    I also picked up a small motion detector from amazon for a few bucks. It's fully digital so just provide it voltage and ground and it's a simple high and low on the output pin- which means it can be attached to an interrupt! I'm going to assume that you know what interrupts are but if you don't know- here's a good resource to learn more.

    I did some short experimentation with the sensor and an Arduino and found it worked quite well. The idea is to use the motion sensor to turn on and off the polling of the knock sensor and maybe sleep and wake the raspberry pi for power/heat reason (I've noticed the pi tends to get a tad warm). But I'll see if it's really neccesarry in the end.

    Now that things have calmed down and I'm not on vacation or moving I can start working on it again.

  • Successful Packet sniffing!

    Matthew Carlson07/27/2014 at 20:34 0 comments

    So, I figured out what was happening last time. It turns out when you start a monitor interface from the wlan0 it defaults to channel 1. So, you have to start it with

    sudo airmon-ng start wlan0 4 

    Oh course, replacing the four with whatever channel your access point is on (most wifi points are on auto so it might be wise to set it on a specific channel). 

    Anyway, so I found the right command to use which is 

    sudo tcpdump -i mon1 -elnq "type mgt subtype auth and wlan host 00:11:22:33:44:55" |sed s/^/\\a/

    Oh course once again replacing the mac address with the mac address of the device you want to filter on. The line will output a success at the end which is important to check for as if someone were to use a mac spoofer and try to authenticate then they could get in if we didn't check if the authentication wasn't successful. 

    I have some python code to run this in the background- it's in the github repo. I didn't include the settings file that includes the MAC address for my phone. Not a huge security problem, but you can never be too careful. 

    I ordered a new part. A little sensor-  HC-SR501 Human Sensor Module Pyroelectric Infrared to detect if someone is at the door. It's got it's own control circuit and can be easily attached to an interrupt.

  • The joys of tcpdump

    Matthew Carlson07/25/2014 at 18:09 0 comments

    So using this nice hackaday post I started doing some packet sniffing and I got it working. Sort of.

    tcpdump -i mon0 -elnq "type mgt and wlan host 00:11:22:33:44:55" | sed s/^/\\a/

    This actually stopped working and I don't entirely know why. I'm just going to have to dive into the 801.11 protocol and see what I can find.

    As near as I can tell this puts out the management packets from that particular mac address and then puts them through sed where it appends a beep to the terminal. The key is to figure out how to route this through my python program or how to do it an efficient manner (that pi gets pretty hot when running).

    I've looked into pcap and just coding my own solution but then I get away from some of the nice features of python. So that's where I am at.

  • We are in business

    Matthew Carlson07/24/2014 at 03:57 0 comments

    So I got the wifi card, complete with antenna and have started working on it. It went into monitor mode like a charm.

    sudo ifplugd -S -i wlan0
    sudo ifconfig wlan0 down
    sudo iwconfig wlan0 mode Monitor

    Next, I installed the aircrack-ng suite, which wasn't too bad. This website was a big help.

    Now to start sniffing some authentication packets!

  • Renders

    Matthew Carlson07/23/2014 at 18:28 0 comments

    Threw together some quick models in sketchup. Not really accurate right now but just an illustration of what I'm thinking.

  • Beginnings

    Matthew Carlson07/22/2014 at 20:44 0 comments

    So after doing preliminary testing, I determined that my initial method of nmap the network every second took much too long and was very unreliable. That's because when phones go to sleep sometimes they respond and sometimes they do. It would appear to the PI that phones would be dropping in and out of the network. So back to the drawing board. Then I learned about monitor mode.

    A bright ray of hope briefly shone there that day in that humble apartment. It was immediately crushed as the $5 wifi USB card was largely incapable of monitor mode. After a few hours on stack exchange, the solution presented itself in traditional consumerist fashion: buy a new one.

    So that's what I'm waiting for. USPS has notified that it has been delievered. So the next step is to set up a github and start taking pictures.

View all 9 project logs

  • 1
    Step 1

    Flash SD card with Raspberry Pi Distro (Raspbian is what this project used)

  • 2
    Step 2

    Install the aircrack-ng suite

View all instructions

Enjoy this project?



anealkhimani wrote 03/06/2015 at 21:29 point

Wouldn't the door unlock for ANYONE who knocked if your phone was on the network?  Axe murderers, Ex girlfriends etc?

  I dig the concept tho.

  Are you sure? yes | no

Matthew Carlson wrote 04/13/2015 at 19:57 point

Thats why it would only unlock when a phone on the MAC address whitelist connects initially. So if you had a phone inside it would either stay connected or would go to sleep and disconnect. I'm also thinking of making a much more directional attenna to reduce signal from inside the apartment.

  Are you sure? yes | no

Chris wrote 03/06/2015 at 20:21 point

Have you thought about building a webpage that will fire off the code to run the servo? You could get a 3d printed gear to rest over the lock knob. If you hook up a belt or chain of some kind, you could use this to unlock AND lock the door. Just set the code to run in both directions.

  Are you sure? yes | no

Matthew Carlson wrote 03/06/2015 at 20:27 point

The idea was is that you don't need to pull up a webpage to lock or unlock the knob- it's just automatic. That said, I think a webpage would be a likely feature as you could remotely lock and unlock the door as needed from wherever.

  Are you sure? yes | no

Chris wrote 03/06/2015 at 20:31 point

Just seems like an easier idea that a "smart" router that'll send a packet to the pi when your phone connects to it. But, if you used a server as DHCP, such as Windows (perhaps linux, that's out of my skill level) you could have a scheduled task that runs, looking for a response from the phone on a reserved IP address, and carries out the task you want.

  Are you sure? yes | no

jlbrian7 wrote 07/27/2014 at 03:00 point
I was thinking about gluing a small magnet on the piece that twists when you lock and unlock the door and using a hall effect sensor to sense the state, make a pcb, with an rf transmitter on it, the shape of the outer cover so that when you screwed the whole thing together the screws contact the pcb and the knob itself acts as an antenna. I don't know if it would work or not but I think it would be fun.

  Are you sure? yes | no

Matthew Carlson wrote 07/28/2014 at 17:52 point
That's a really interesting idea! I don't know if it would work with my particular solution as the goal is to be portable and not permanently alter the apartment. I'm not using the deadbolt because the doorknob the the unique trait of still opening from the inside when it's locked and staying locked even when you open it from the inside.

  Are you sure? yes | no

Matthew Carlson wrote 07/23/2014 at 18:33 point
Question: Should I use the raspberry pi as the main computer and run it indefinitely. I'm thinking about having a raspberry pi as a server type thing sitting somewhere external to the door or even on the door itself and the arduino does the servo actuation as well as the knock detecting. This way in the even of the crash (on the pi), it can still unlock the door with the secret knock pattern as well as restart the pi (have it do a power cycle on the pi) or the pi could restart that arduino (though I think those a little less prone to system lockups). I want to just leave this running for a long time without touching it and have it no stop working unexpectedly.

  Are you sure? yes | no

davedarko wrote 07/23/2014 at 18:37 point
Sounds like a plan :)

  Are you sure? yes | no

jlbrian7 wrote 07/27/2014 at 02:56 point
I think it would be a great experiment. I want to hear how it fails if it does, and if the system ever gets false positives. I would be waking up in the middle of the night to see if my door unlocked itself.

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates