CodeLock 60 - the ultimate combination lock

The proposed code lock can drive various electromechanical locking mechanisms directly. Whereas, in idle state, the appliance does not consume any power at all. This allows for independent operation from batteries or rechargeables. For uncompromising safety, decimal keys may be up to 60 digits. As a matter of fact, all hardware and software details have been fully disclosed.

Electronic code locks, any ideas?

Well, let's have a look on how to make a really safe electronic code lock!

Project "CodeLock"

1. A code lock how it's supposed to be. Only input device is a decimal keypad. This code lock will energize a motor/solenoid based mechanism to perform "door-open", after the right code has been entered. If not, the "door-close" functionality will be triggered, as with other keys pressed. Even the code change is rather straightforward on this lock. In particular, it does not require brainfuckin' input sequences. And we will do without mindless LCD or LED stuff. Nobody really needs a display to indicate that a key is to be entered or the door has been unlocked. A single LED will be sufficient to indicate that the system has just been energized. Of course, my CodeLock provides optional acoustic feedback, but the beeps are not prerequisite for successfull operation.
   
   
2. Autonomous operation: The CodeLock circuit must be activated by pressing asterisk [*] key at first. In the deactivated state, the electronics will actually be disconnected from the power supply. Its quiescent current is negligible and the whole appliance may be powered by batteries or rechargeables.
   It is even possible to feed both, electronics and electromechanics, from one and the same battery. Such battery must be strong enough to energize an electro motor, but anyway, there will only be comparably short periods of peak power. Most of the time, the CodeLock is being deactivated and no current is drawn from the battery. This minimizes risk of deep discharge which could otherwise brick some electronic code lock. Of course, with systems under heavy load, some backup and permanently recharged battery technology would be an option to improve reliability.
   
   
3. Control capabilities: Power switching is done by two (monostable) relays, capable of energizing different types of  DC-motors in CW/CCW mode or bistable relays for load control of up to 4 Amps.
   For clarification: Present circuit does NOT perform electric isolation, since its initial concept was to provide an independent electronic lock to be simply operated by one single battery, e.g. for strongboxes and safes.
   Yet, in a customized setup with modified circuit firmware it would be easy to implement electric isolation. My recommendation is yet to leave the circuit of CodeLock unchanged and then use its switched DC to selectively drive one or two "downstream" relays selected by a prediode, or maybe some bistable relays etc. Generally this method enables control of higher current and considerable AC load.
   
   
4. The CodeLock Hardware was designed for an energy-efficient and reliable operation with batteries. Heart of this CodeLock is the AVR ATtiny2313, which has proven its longevity in many other projects.
   
   
5. The suggested Firmware named "CodeLock 60" could administer two decimal access codes of up to 60 digits (!) each. One code is for daily use ("User-Code"), another code is destined to regain access to the CodeLock, if the User-Code got "lost" ("Master-Code"). It has to be mentioned, that there is NO hardcoded "factory settings" or "maintenance code" existing. The Master-Code in this CodeLock is the one and only "backdoor" and it remains a 100 percent under the control of the legitimate user.
   
   
6. A Software utility for the PC platform could help with decimal random generation of variable strength and storage of codes. Along with a human-readable text file, the programme also provides binary and hexfiles that may be used for direct programming of the EEPROM section in the Microcontroller.
   
   
7. Alarm systems and home automation: Integration of CodeLock into networked/security environment was not intended from original concept but you are free to do so by utilizing existing signals to arm/disarm alarm systems and/or do some firmware mods that provide additional signalling on some of the spare I/O's of the microcontroller.
   
   
8. All details of this project are being fully disclosed under Creative Commons.
   

Circuit plan

The CodeLock concept offers serious security features and versatile actuator control with no backdoors. You can download full technical documentation here.

Top | Index

---

Hardware

General notes: Press [*] to energise the lock. Legitimate user can then input the code of up to 60 digits and finish code entry by pressing the "number sign" [#].
CodeLock will then check the code just entered and, if correct, energize some electromagnet/electromotor for release of a locking-mechanics. Yet, if the code entered was not correct, then CodeLock will be blocked for at least 8 seconds. This effectively inhibits multiple attempts of "brute-forcing" the correct combination.
The solution utilizes position switches ("end-switches") to ensure that the door/bolt is completely extended, rejected. This feedback is quite useful for an energy-efficient operation, but is not an obligation. Get more information regarding the logic control in my Operating instructions and the details of the Firmware. Right here, we will focus on electronic details.


Power supply: As already mentioned, one fundamental of this code-lock-concept was minimum power consumption that will allow continued operation on batteries. These are required to deliver higher currents only for the short time when electromotors or solenoids are being energized. The "Standby" state of the appliance is rather a switched off state. The circuit will have no measurable operating current then.
And that's how it works: The PNP transistor T3 (BC327) is utilized as an electronic switch between battery and logic. Since the base terminal of T3 is being held on positive voltage by R7 (47 k), i.e. emitter voltage level, the transistor won't become conductive and is effectively "switched off".
However, if the user presses "asterisk" key on the numeric keypad, a base current of several milliamps will flow through R10, keypad contacts X1-Y4 and R23 (several milliamps) to ground. Now T3 will forward unstabilized positive current from the battery to voltage regulator VR1 (78L05) and logic parts.
The microcontroller itself can now secure its power supply by rising portline PD1 to switch T4 and thus pulling the base of T3 permanently to ground.
After the programe had done its job, or time-out of the CodeLock application has expired, the controller can also detach itself from power supply by T4/T3. After this, the lock may be re-energized by pressing [*].
VR1 is a conventional linear regulator (78L05) that provides pretty good protection against voltage drops and peaks and noise caused by dc-motor. However, this type of regulator will draw a quiescent current of no less than 5 mA (see data sheet). This is no problem in here, since we always disconnect the whole microcontroller plus stabilizer from the battery.
To enable programming of the microcontroller via ISP-intermediate socket right on-board, we may short X6 (MASTER KEY) by a simple jumper. This will provide permanent electric power to the logic part.
Additionally, this input may be used for a "Master-Button" that allows to open (and close) the locking system from the "other side" (inside the domicile).
The fact, that motor voltage supply and logic control supply are provided by the same battery, is way not so problematic. Some testing in a 12-V-system showed up, that the controller won't even crash if the load is a "mechanically locked DC motor". If the shunt resistors (see below) are not too low impedance, there should always be enough voltage provided to ensure safe operation of the controller. Should however, the battery voltage collapse and fall below the minimum voltage for the controller (Brown-out detector), then a Reset is automatically applied and it's a matter of fact that the circuit was designed such way that power-drop in the logic part will cause safe switch-off of the load.
Relay energizing voltage depends on battery voltage. Battery voltage depends on motor voltage. Consequently for this CodeLock circuit, any operating voltage in the range of 6 to 24 V is safe.


Microcontroller: All control lies within IC1, an AVR-ATtiny2313 microcontroller. The micro doesn't have to calculate very fast, so it shall be fed either with internally generated clock of 500 kHz (derived from 4-MHz-RCO and division by 8) or internal 128 kHz that are provided by the Watchdog-Oscillator that will be needed anyway.


H-Bridge output with motor brake feature (X2): Re1 and Re2 present a classic H-bridge that powers motor terminals X2a and X2b with positive or negative current of (full) supply voltage. Electromotors or solenoids should be connected ground-free (floating) to the CodeLock circuit, and sufficient filtering (chokes, capacitors) is recommended for DC-motors. The resistors R1 and R2 in series with supply voltage are intended to limit maximum load current, particularly in case of a locking mechanism being blocked or motor terminals even short circuit.
Dimensioning of R1 and R2 must consider that worst-case fault current should not excite 4 Amps with respect to the maximum current specifications for this type of relays. On the other hand, the motor should be provided with sufficient starting current even inspite of a
weak battery. For many small and medium motors in question, the values of R1+R2 are ranging between 2...10 Ohms.
It is plain to see that, when in idle/unpowered state, both terminals X2a and X2b are permanently tied to GND. This provides for a "motor brake" that will stay in force even with battery power switched off; this feature can effectively defeat attempts to manipulate motor driven locking mechanisms by means of "rock-and-shake".
Bigger motors (from 2 Amps up) should not be stopped directly by short-circuit because of considerable electrical and mechanical stress imposed by this method. It is better with such motors to first short them with a shunt resistor before direct short circuit.
Such "soft-brake" is also considered in this circuit concept: With both relays being energized at the same time, both motor terminals are being connected to their respective series resistor, and its generator current will flow thru the series-impedance of these resistors and quickly slow down the rotor and other gyrating parts in a gentle way.
Since we've always using both contact-sets in parallel, we may expect the maximum switching current to be about double the rated contact current (roughly).


Endswitches (X3): The endswitches provide important information, whether the latch is fully retracted or extended. It is also possible to drive the electric motor into the blue and cut off after some seconds. But even if the mechanics can cope well with that, this would impose significant burden onto the batteries. (Timeout-method is supposed to be only 'Plan B' if there is no signal coming from the switch.)
The signal ES1/ES2 from X3 should as usual be floating or switched against circuit ground. It is recommended to have separate wiring for every end switch that is preferably shielded against motor-power, to avoid coupling.
It turned out that the relatively high-impedance of the controller's ports (around 20 kOhm) are not that problematic, since the signal is not very demanding by nature, and the Firmware can apply generous debouncing/denoising on that signal. Yet, protection of the controller from induced voltage spikes may be necessary to prevent hardware damage to the microcontroller. The block capacitors C7+C8 (100nF ceramic) provide a certain level of protection.


Keypad (X4): This is for connection of a numerical keypad (3 x 4 matrix). Note, that keypads with single contacts (13 wires) could NOT be used with this code lock.
The CodeLock firmware already provides for a comparably low multiplex frequency of only 25 Hz. However, connecting the keyboard by longer cable is not that trivial, if you want to have a secure solution. The steep, unfiltered square wave multiplex features higher frequency components (harmonics) that could in fact lead to "compromising emissions" on a longer cable. Too many hobbyist and commercial circuits don't show the slightest awareness for this vulnerability. Different with CodeLock!
The series resistors R15 to R21 not only provide portline protection but also increase line impedance that will attenuate RF harmonics of the keypad-matrix signal. In combination with basic shielding on/around the keypad, its wiring and the CodeLock assembly, it became very hard to detect anything (with amateur equipment) in a distance of more than 10 cm.
Amount of RF-blocking may be further improved by ferrite rings/chokes. For example, one could solder R15-R21 in upright position each with one additional ferrite bead.
Keyboard cable should be as short as possible, shielded or at least flat ribbon type with alternating ground lines. Unfortunately, even with all those protective measures in place, RF-specialist people may experience "frequency-selective surprise" from time to time. What looks like an exemplary EM-safe appliance up to the UHF band, could become a pity when exposed to microwave radiation.
Just saying: Stay alert!


LED (X5): The terminals provide the switched, unstabilized battery voltage (minus 0.7 V drop off T3) that may operate an Indicator-LED or keypad illumination. Current limiting resistor R12 dimensioned accordingly.


MASTER-KEY (X6): We may short this connection with a Jumper to get permanent power supply for testing purposes or programming sessions on the ATtiny (i.e. via ISP-adaptor socket). The X6 goes to the base of T3 over R8 (10 k) and is connected by D5 (BAT42) to the port input PD0 of IC1.
X6 is also intended for a MASTER-KEY when CodeLock is being used as a doorlock. In such application the numeric keypad will be located "outside", and we will need a separate button to easily activate the door-close or door-open functionality.
Well, no problem with some fancy button at X6: A short stroke on that MASTER button will regularly activate the lock and trigger "lock" functionality (if the locking mechanics was not already closed). However, a long press on this button will activate the "unlock" sequence (if the door was not already opened). To enable this, the microcontroller evaluates the button status via certain port line PD0.
It is therefore impossible to activate the "unlock" function by any activities or manipulations with keypad signals accessible from the outside. (For more details, see Firmware details).
X6 could also be activated by relay or open collector of any other control system.


Considerations regarding Phreaking / TEMPEST / RF attacks:  It's a matter of fact that security devices such as a code lock should send out none or minimum radio frequency energy as possible to disengage passive RF attacks. Else, in a very bad designed code lock, an attacker could literally "record the code entry of a legitimate user" from many meters of distance with sophisticated radio equipment and certain knowledge about the target electronics.
With active RF flooding, the attacker could remotely "illuminate" the target system with pulsed high-frequency energy (microwaves) to gain modulated echo signal by the attacked system components. Yet, with a carefully designed circuit, such attacks will not provide any significant informations because the modulation effects of various components and adjacent electronics devices will mix and interfere in a way that no distinct echo could be gained from the circuit parts and signals of interest. If, on the other hand, the attacker got physical access to the target, he could have built in kind of a passive "bug" at an appropriate place. This may be unsuspiciously lookin' "standard components" which will produce well-defined modulation when coupled with RF energy of a certain wavelength and thus send out the signal of interest into the world.
The few leaked documents about the NSA division 'ANT' indicate that spy organizations today have a wide range of radar/rf technology and standard procedures at hand to compromise target systems.
Good news is, that the same measures which inhibit RF emissions, are also effective precautions against RF-penetration. High-quality metal housing is one of the most important countermeasures. More to suggest (with focus on simple applications like code locks):

• Peripheral wiring as short as possible. Ferrite chokes.
• RF-blocking capacitors.
  
• Shield keyboard cable, shield keypad in metal case.
• Main PCB in metal case. All incoming and outgoing signals blocked for RF (chokes, capacitors)
• Prevent manipulations: sealing, tamper switches, link to an alarm system, other surveillance
  
• Photograph device details after every maintenance inspection (suspicious alterations could be recognized).

Ground connection(s): The board layout enables isolated mounting of the CodeLock circuitry. Ground of the circuit is not necessarily tied to chassis by mounting bolts. Though it appears that such "floating" installation is only desirable in a few special situations. In most cases, it is clearly better to have a direct electrical connection of the circuit ground to the chassis at exactly one point. This provides for defined ground conditions and reduces uncontrollable interference coupling, RF emissions andsusceptibility to RF flooding. If the keypad in located in a separate metal housing with no direct connection to a common ground/chassis (like a steel door), it is of course to be explicitly grounded by the ground line provided by CodeLock PCB (GND X4-4).



Top | Index

---

Build it

PCB: CodeLock's circuit board data is provided in a 300-dpi-graphics which prints out to a layout of 100 x 53 mm. The files are provided in the download packet. (NOTE: As mentioned elsewhere, Julien Thomas does not support proprietary or vector formats nor does he make use of such stuff. So, please refrain from asking.)
To ensure reliable operation in a humid or corrosive environment, the whole circuit should placed either in a sealed case or protective coating should be applied at least on the solder/copper side.


These components depend on the actual voltage of battery power supply:

Relais: DIL miniature relay. Coil voltage = unstabilized battery voltage = nominal voltage of DC-motor
Tested with 6 V:
Finder 30.22.9-6V (switching current per contact up to 2A); Takamisawa RY5W-K (only small load up to 500 mA!)
Tested with 12 V:
Finder 30.22.9-12V
Since we have both sets of contacts in parallel, the rated maximum contact current will roughly double up.

Series resistor R12 (LED at X5):
For illuminated keypads, assuming maximum current of about 50 mA and green or yellow LEDs:
6V ~ 100 Ohms    /    12V ~ 220 Ohms   /  24V ~ 470 Ohms
For indicator LED only:
6V ~ 1 kOhm   /    12V ~ 2.2 kOhm     /     24V ~ 4.7 kOhm

Series Resistors / Shunts R1 + R2 (current limitation on DC-Motor, motor soft brake):
These resistors should be dimensioned by the following criteria:
provide sufficient starting current of the respective motor (and sort of "soft start" capability), and protection of battery and relays from excessive current loads in case of motor being blocked / short-circuit.
Typical values range from 2.2 ... 10 Ohms and should be rated 5 Watts at minimum.

Power Supply and motor connectors: Connector X1 (and other connections associated with a battery pack) and connector X2 must be electrically and mechanically "rugged", i.e. capable of carrying the maximum motor current expected. Screw terminals may be used either (grid 7.5 mm).

Drilling diameters: 0.8 mm  for most electronic components; 1.0 mm  for the connectors and relays; 3,0 mm for mounting holes (M3 bolts).


Top | Index

---

Hall of Shame

	Commercial code lock (panel) Plastic all the way Nasty membrane keypad Annoying "acoustic feedback" Mindless clock feature ("Hey, what time is it?" - "Wait a minute, just have a look at my safe...!" <lift-picture-frame> ) Battery compartment and mechanical emergency lock easily accessible from the outside - convenient and sabotage-friendly
Commercial code lock (electronics) Cheap China controller "EM78P447" Separate EEPROM to store codes (WTF???) Obscure firmware Maximum keylength of only 8 digits Eventually has backdoors Limp motor drivers (SMD crap) Not trustworthy at all

Top | Index

Operating instructions "CodeLock"

ACTIVATE (general) * USER-CODE ("1234"): * 1 2 3 4 #        = ON, confirm beeps, UNLOCK Wrong code typed, but corrected with [*]: * 1243... * 1234 # = ON, confirm beeps, UNLOCK Wrong code entered (not corrected): * 0815 #     =   WARNINGSOUND, 8 secs blocked, OFF LOCKING (general): #
	CHANGE USER-CODE (old: "1234" /  new: "4321") * 1234 #   = ON, confirm beeps, ÖFFNET * 4321 #  * 4321 #  * 4321 # or   * 4321 # 4321 # 4321 # =  Special confirm beeps, Code changed to "4321" Notes: If Timeout occurs before the finishing [#] has been pressed, the code will not be altered. Entry of a code of zero-length ( [*] [#] ) will not be allowed.
MASTER-CODE ("5678") * 5678 #  = ON, Special confirm beeps, UNLOCK CHANGE MASTER-CODE Same procedure as with User-Code so far, BUT: When CodeLock was opened by the Master-Code, this Master-Code is automatically overwriting the previous User-Code.	MASTER-KEY (electric button at X6) SHORT keypress: = ON, LOCK (same as with [#] on the keypad) LONG keypress ( > 0,5 s): = ON, UNLOCK Note: Any following key being pressed on the regular keypad will automatically LOCK the door again.
ACOUSTIC FEEDBACK Key-acknowledge (0-9):   short beeps (key released) LOCK:   long tone ERROR:   long tone SUCCESS:  3x short beeps CHANGES:    9x short beeps User-Code:     high tones Master-Code:  lower tones	Further remarks: CodeLock will time-out after approx. 8 seconds of inactivity (no key being pressed). Actuator will NOT move in this case. Activation of this CodeLock will automatically LOCK the mechanism, if is was not safely locked already (depends in end switches). Low-Power-Warning: Short beeps in long intervals (similar to smoke detectors with dying battery). "CodeLock 60" = Firmware to handle one User- and one Master-Code of up to 60 decimal digits each.

Firmware

• Reset / Watchdog-Reset: As already mentioned in the Hardware section, this circuit will only be powered-up after prior key action of [*] being pressed. After the internal undervoltage protection (Brown-Out-Detector) has given an all-clear signal the Controller will perform its regular Power-On-Reset and programme execution will start. One of the first things to do is driving PD1 to activate the "catch circuitry" (T4 to T3 ) that will ensure further power supply for the microcontroller. Also the required I/O ports will be initialized.
  Watchdog-Timer will make sure that the Mikrocontroller would disconnect itself from the power supply after 8 seconds of inactivity. Same applies to any programme part "hung" or having crashed. Thus, the Watchdog could be seen as a life-insurance for the battery. It should be permanently activated by setting the WDTON fusebit.
  
  
• User-Code: Combination should consist of 8 digits minimum. As mentioned before, we can make it up to 60 digits, if we feel so... Entered decimals from 0...9 will be regularly acknowledged by short beeps. Input of code must be completed by pressing the number sign [#]. Only now the firmware is checking the Number sequence against the sequences that are being stored in the EEPROM as User- or Master-Keys. If the code was identical to one of both valid keys, the CodeLock will unlock the electromechanics and in the following 8 seconds, we have option to change the User-Code or trigger the close function by pressing [#] key.
  
  
• Changing of User-Code: After the door was unlocked by entry of the correct User-Code, we can change this User-Code by the procedure of triple entry of a new code. All sequence is to be initiated by [*] and finished by [#]. If we mistyped, an acoustic error signal will occur, but we can re-start entry by pressing [*]. The 2nd und 3rd Input are compared with the 1st input sequence respectively. After the new code was entered three times, firmware confirms by special signal (9 short beeps). Previous User-Code has been replaced by the new one. Now the respective EEPROM writes are being initiated.
  Should the entry of a new code being interrupted for longer than 8 seconds (Timeout), then all codes remain unchanged.
  
  
• Master-Code: Master-Code is supposed to be the one and only alternative code to unlock the CodeLock (from the keypad). For better distinction, the tone frequency in the Master-mode is significantly lower than with normal User-login.
  IMPORTANT DIFFERENCE TO USER-CODE-MODE: As soon as we unlocked the CodeLock by submission of Master-Code, the old User-Code will be erased and replaced by the present Master-Code.
  That is to make sure, that the old User-Code will be replaced by a new code, which is not only stupid default values.
  
  
• Changing of Master-Code: After the door was unlocked by entry of the correct Master-Code, we can change the Master-Code by the procedure of triple entry of a new code. Like with User-Code, the new sequence must be entered without errors three times consecutively. Firmware confirms by special signal (9 short beeps). Previous Master-Code is being replaced by the new one.
  Should, for any reason, the EEPROM access fail when a new Master-Code was supposed to be written, we will always be enabled to at least open the door by entry of the old Master-Code, which has become the new User-Code just when we have logged in with the old Master-Code.
  
  
• EEPROM-Access: All changes of EEPROM contents are performed by the robust "Atomic Write" method. Address ranges for storage of User- and Master-Code respectively are clearly separated by programme structure when access is done. It is quite unlikely to unadvertently erase key contents. There should always be a chance to login with the other Code respectively, even if power would drop just within EEPROM access.
  
  
• LOCK / UNLOCK functionality: The subroutines will first probe Endswitches and only start Motor in the desired direction, if needed. Motor will be immediately stopped (or not even started) when the respective Endswitch is touched. Signals coming in from the Endswitches may be noisy, so they are sampled/debounced with a generous interval of 1/10 seconds.
  

• LOCK-Events: The CodeLock will initiate the LOCK sequence if one of the following events occur:
  - Entering [#] on keypad within 8 seconds just after the lock has unlocked the door;
  - Activation of CodeLock by way of the keypad, while door was not surely closed (Endswitch open);
  - By a SHORT keypress of MASTER KEY.
  
  
• MASTER-KEY / X6: The connector X6 (MASTER) may be shorted by a "Jumper" for maintenance/ISP sessions to enforce continuous power supply. Also the Controller is capable of monitoring the status of X6 by way of its port input line PD0. This allows dual-use of X6 for an input device. Connecting a pushbutton to X6 will enable the functionality of a "Master-Key" that allows the door to be opened and closed from the "other side" in a door-lock-setting.
  Firmware will check directly after Power-On-Reset, if the Button connected to X6 has been pushed and how long. Short stroke will always initiate the regular LOCK cycle (same as with activation via keypad), if the locking mechanism was not already locked. If the button is being pressed longer than 1 second approximately, the Firmware will start the UNLOCK sequence.
  Method seems quite robust and safe. It is impossible to unrightfully open the door by any keypad-activities other than entry of the legitimate User- or Master-Code.
  

• Battery-Warning: Programme is able to recognize weak battery by the Brown-out reset flag and will try to remind user checking the battery, assuming there will be still enough energy for a last attempt of UNLOCKing the door. The acoustic warning is similar to that of a smoke detector with fainting battery.
  

• Relay driving: Relay portlines (PD2/PD3) are directly driven LOW from the beginning. Depending on the desired polarity (LOCK/UNLOCK) either Relay Re1 or Re2 ís being energized by issuance of a HIGH logic level onto PD2/PD3 and thus switching on either T2/T3. As soon as the respective Endswitch is bing touched (of after Timeout of some seconds elapsed), the relay will be switched off again. Also Power-off or other reset event would switch off an activated relay.
  

• Firmware variant for big motors: As mentioned earlier, this H-Bridge is capable of controlling even "bigger" DC-motors by application of a Soft-Brake functionality that's effective with both relays energized. The necessary modification of firmware's switching logic is being comfortably applied by conditional assembly.
  BIGMOTOR = 0  => small DC-Motor (< 1A peak current) --- BIGMOTOR = 1 => bigger motors up to 4 A (with DIL relays)
  

• Security considerations code verification: Digits being entered are always buffered in the SRAM with this CodeLock!
  This is because we do not feel to create a first-class-backdoor in our code-verification scheme! Comparing the single digits right when their entered, is an issue
  If we compared single digits right when their entered, as seen in some dilettantic projects elsewhere, the inner state of the logics/microcontroller would change right at the moment, when first wrong digit has been submit. This will lead to a slight drop or rise in power consumption and modulation of electromagnetic characteristics of the microcontroller. The change in power could be detected by wiretapping any lead-out terminals (like keyboard lines), the second may be analysed remotely by elaborate radio equipment. (Yet, there is certain programming techniques, in particular clock-cycles' accurate Assembly programming, that mitigates these effects.)
  Been there, done that. Just googling with "power analysis" gives tons of information on that topic.
  So, it is clearly much better to first store the entered code in SRAM, whenever possible. Then verify this code against the legitimate code sequence. Verification will only take Microseconds. Power-Analysis attacks and also Spectrum-Analysis are most likely to fail because of the smoothing effects of even the smallest capacitors the voltage rails, and the short timeframe to be observed.
  
  
• Minimize EM-footprint: Microcontroller-based appliances using comparably high clock frequency will always feature electromagnetic emissions that can be easily detected even by amateur equipment. Such radio signals might possibly reveal even more information than power-analysis. Yet, EM radiation could be drastically reduced by hardware in the first place, but we can also do some preventive measures by firmware-related measures. First of all, the controller's clock frequency may not be higher than necessary for a certain application.
  In the case of our CodeLock, the ATtiny2313 may be run with 500 kHz being provided by the internal RC-Oscillator and frequency division by the factor 8. This is the option of choice for most fields of application and should be no problem for any ISP programming adaptor. Second option is the consequent double-use of the internal Watchdog-Oscillator of 128 kHz for a clock source. Note, that some ISP-programmers cannot cope with such comparably low device clock, and thus there may be ISP-lockout from the moment, the fuses have been set accordingly.
  Firmware sourcecode can easily be adjusted to any clock frequency.
  
  
• Firmware flashing: Firmware should be written into the ATtiny only by ISP. This can be done on a separate board or by adaptor socket. Please observe the correct setting of Fusebits, as they are part of the security concept (see Download).
  

Software

... delivers 10-digits of User-Code (output on screen).

... forwards screen output of the program to a file named "user.txt" (in the current working directory).

... generates User-Code of 10 digits, Master-Code of 40 digits and the following files in R:

security.bin         EEPROM data for CodeLock in binary format
security.hex         EEPROM data for CodeLock in the format Intel(R) Hex
security.txt         Same as screen output (ASCII)

Example will produce the screen output above, plus three files:

20140404125010.bin    20140404125010.hex    20140404125010.txt

now with "hypergeometric" (equally distributed) random numbers.

Remarks

• Safe / Strongbox: CodeLock has been successfully tested with small and medium safes with DC-motor driven mechanics at most. In particular, if the safe was already equipped with such electromechanic bolt drive, including endswitches, upgrade by this code lock works like a charm.
• Electric appliances: Access control to electric devices or machines would be possible by extending the CodeLock circuit by a bistable power relay/contactor and build in the whole stuff into the appliance. Of course, one cannot expect the highest security standards in such setting, but it provides for a nice "childproof" protection.
• Bicycle lock: Just an idea that i plan to further elaborate on... In a waterproof and compact version with rugged locking mechanism for a cable rope, this could be the ultimate bike lock.
• Door lock: Keypad "outside", electronics, batteries  and MASTER-Button inside. Proven setup!

Download

• CodeLock.zip (HW: 20140501, FW:20140501, SW:20140323)
  SHA-256: 975509F322EFD0872E5BE16DACBAEFE8645FE547DBC5F4321D10D7DAD56321AB

Top | Index

Links

1. Door-locking systems Elektro-Riegelsysteme (German):
   http://www.assaabloy.de/Local/DE/Downloads/effeff/Kataloge%20dt/Elektro-Riegel/2.1901-072_Elektro-Riegel%20Katalog_03.pdf
   
   
2. Looking for some horrific code locks?
   
   
3. Datasheets:
   ATtiny2313 (Atmel/microchip): ww1.microchip.com/downloads/en/DeviceDoc/Atmel-2543-AVR-ATtiny2313_Datasheet.pdf
   PNP switching transistor BC327: http://www.fairchildsemi.com/ds/BC/BC327.pdf
   78L05 linear voltage regulator: http://www.ti.com/lit/ds/symlink/lm78l05.pdf
   

Top | Index