Door lock NFC card reader for Raspberry PI

Motivation

Is it possible to use FIDO UAF Standard on an Android mobile + NFC to opening doors?

This project is a simple prototype to verify how FIDO could be used in this scenario (see FIDO Security Reference). This card reader uses NFC to communicate with a specific Android Opening Door App, that emulates a NFC card using Android's Host-based Card Emulation functionality.

The card reader and Android Opening Door App depend of a third-party, called FIDO UAF RP Server.

Figure below shows all necessary components and the relation between them

1. FIDO UAF Demo Server

• If you prefer, there is a Docker container ready to use here: https://github.com/emersonmello/docker-fidouafserver

2. Door lock NFC card reader <- You are working on it right now!
3. Dummy FIDO UAF Client
4. Opening Door Android App

Hardware requirements

• 01 Raspberry PI 2 B or 01 Raspberry PI 3 B
• 01 Adafruit PN532 or 01 Elechouse PN532 NFC RFID module V3
• 01 Breadboard to connect raspberry and PN532
• 01 N channel MOSFET
• 01 Lock-style solenoid
• 02 Resistors - 300 Ohms
• 02 LED (red and green)
• 02 Diode 1N4001

Wiring Raspberry PI 2 B (or Raspberry PI 3 B) & PN532

1. To use UART on Adafruit PN532 breakout you must set to OFF the SEL0 and SEL1 jumpers
   1. To use UART on Elechouse PN532 NFC RFID module V3 you must set to OFF the switch 1 and switch 2.
2. Follow instructions (and pictures) below to connect all components

Raspberry PI (2 or 3) B	Wire color	Adafruit PN532	Elechouse PN532
Pin 2 (5v)	RED	5.0V	VCC
Pin 6 (ground)	BLACK	GND	GND
Pin 8 (BCM 14 TXD)	YELLOW	RXD	SCL (RX)
Pin 10 (BCM 15 RXD)	GREEN	TXD	SDA (TX)

Raspberry PI 2 or 3 B	Wire color	Component on breadboard
Pin 11 (BCM 17)	ORANGE	Green LED anode (+)
Pin 13 (BCM 27)	BLUE	RED LED anode (+)
Pin 15 (BCM 22)	PURPLE	Diode #1 anode (+)
Pin 39 (Ground)	BLACK	Breadboard negative rail

Or, if you have an Elechouse PN532:

Software requirements

• Libcurl
• Libnfc >= 1.7.1
• Json-c >= 0.11-4
• wiringPi library

Installing required packages

sudo apt-get install git build-essential autoconf libtool libpcsclite-dev
sudo apt-get install libusb-dev libcurl4-openssl-dev libjson-c-dev

Freeing UART

sudo raspi-config

On the Raspberry PI 2 B running Raspbian GNU/Linux 8

• Select option "Advanced Options"
• Select option "Serial" and select NO
• Finish and reboot: sudo shutdown -r now

On the Raspberry PI 3 B running Raspbian Stretch

• Select option "Interface options"
• Select option "Serial", and select NO
  • Choose YES for Would you like the serial port hardware to be enable?
• Exit and reboot

Installing libnfc from source

git clone https://github.com/nfc-tools/libnfc.git
cd libnfc
sudo mkdir -p /etc/nfc/devices.d/

On the Raspberry PI 2 B

sudo cp contrib/libnfc/pn532_uart_on_rpi.conf.sample /etc/nfc/devices.d/pn532_uart_on_rpi.conf

echo "allow_instrusive_scan = true" | sudo tee -a /etc/nfc/devices.d/pn532_uart_on_rpi.conf

On the Raspberry PI 3 B

sudo cp contrib/libnfc/pn532_uart_on_rpi_3.conf.sample /etc/nfc/devices.d/pn532_uart_on_rpi_3.conf

Run config & build

autoreconf -vis
./configure --with-drivers=pn532_uart --sysconfdir=/etc --prefix=/usr
sudo make clean && sudo make install all

Testing

You can test your setup reading an ISO14443-A card using nfc-poll program that came with libnfc. Place a card on the reader and run the command:

cd ~/libnfc/examples
sudo ./nfc-poll

Installing wiringPi from source

• Please, follow the instructions provided by official website. Or

• git clone git://git.drogon.net/wiringPi
  cd ~/wiringPi
  sudo ./build
  

Running door lock NFC card reader on Raspberry PI

1. Get the source code

• cd ~ && git clone https://github.com/emersonmello/doorlock_raspberrypi.git
• cd doorlock_raspberrypi

2. Change HOSTNAME and PORT values on Door lock NFC card reader's rp_settings.h file to the IP Address and PORT where you are running the FIDO UAF Demo Server

• For instance: nano rp_settings.h

3. Compile Door lock NFC card reader project

• make clean && make

4. Run it (sorry, you must be root because it is a requirement of wiringPi lib)
   • For instance: sudo ./dist/Debug/GNU-MacOSX/doorlock_raspberrypi

Setting up FIDO UAF Demo Server and Android Apps

FIDO UAF Demo Server

1. Start FIDO UAF Demo Server

• Follow the instructions provided by:
  • FIDO UAF Demo Server
  • Or, if you prefer, there is a Docker container ready to use here

On Android Phone

1. Install Dummy FIDO UAF Client on your Android phone
2. Install Opening Door Android App on your Android phone
3. On Opening Door Android App touch on "Settings" on the main application menu and update "server endpoint" field to the IP Address and PORT where you are running the FIDO UAF Demo Server
4. On Opening Door Android App touch on "Whitelisting facetID" (to follow FIDO UAF specifications ).
   1. Or you can do it: On Opening Door Android App touch on "See app facetID" on the main application menu and insert the showed value in FIDO UAF Demo Server MySQL database. For instance: INSERT INTO facets (fDesc) values ('android:apk-key-hash:Lir5oIjf552K/XN4bTul0VS3GfM')

Testing the whole thing

1. Open Opening Door Android App and touch "Register" button
2. Tap your mobile phone on "NFC reader"
3. Follow the instructions provided by application (i.e. put your finger on the sensor, etc.) and you should see the message "Access Granted"

UML Sequence Diagram

Starting door lock automatically on Raspberry boot

I'm using supervisord to handle this task because it can also restart a failed process

1. Copy doorlock_raspberrypi binary to /usr/local/bin

• sudo cp ~/doorlock_raspberrypi/dist/Debug/GNU-Linux/doorlock_raspberrypi /usr/local/bin

2. Installing python2.7
   • sudo apt-get install python
3. Installing supervisord
   • sudo easy_install supervisor
   • echo_supervisord_conf | sudo tee /etc/supervisord.conf
4. Adding a program section to supervisord's configuration file
   • Add the follow lines at the end of /etc/supervisord.conf file

[program:doorlock]
command=/usr/local/bin/doorlock_raspberrypi

• For instance:

printf "[program:doorlock]\n command=/usr/local/bin/doorlock_raspberrypi \n" | sudo tee -a  /etc/supervisord.conf

5. Download supervisord.sh file and save it at /etc/init.d

sudo cp ~/doorlock_raspberrypi/supervisord.sh /etc/init.d
sudo chmod 755 /etc/init.d/supervisord.sh
sudo update-rc.d supervisord.sh defaults

References

• https://learn.adafruit.com/adafruit-nfc-rfid-on-raspberry-pi/
• https://curl.haxx.se/libcurl/c/libcurl-tutorial.html
• https://gist.github.com/leprechau/e6b8fef41a153218e1f4
• https://github.com/nfc-tools/libnfc/tree/master/examples
• https://netbeans.org/kb/docs/cnd/remotedev-tutorial.html
• http://pinout.xyz/