GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« TrustKeeper Scan Engine Update - September 28, 2012 | Main | Trustwave Re-Certified as an Approved Scanning Vendor by PCI SSC »

01 October 2012

Comments

Hello, I would like to learn more about the actual construction of the device... if anyone (especially Jaku) could send me a more in depth tutorial, and where I could buy the parts, please do so at atticus137@mailinator.com. Thanks a lot,

Atticus

R1 shown in the photograph is not 30 ohms or anything near it. For it to be 30 ohms the third stripe would need to be black.

The stripes look to me to be Orange/Orange/Brown which would be 330 ohms or Orange/Orange/Red Which would be 3300 ohms or 3.3 kohms.

If this is really a 30 ohm resistor there is .3 amps (300 mamps) going through that resistor. Which would be 2.6 watts!!! going through maybe a 1/2 watt resistor (more than likely 1/4 watt). Yeah it would burn up pretty quick. If it's a 330 ohm resistor then you have 229 mwatts going through it. Little less than 1/4 watt. The amount of current through the Zener will depend on what is in use by the rest of the circuit.

Just out of curiosity why a 12 volt battery? Why not something at a lower voltage? Perhaps it's what works for the physical size constraints?

Can I buy it off of you? You can name your price

I have a couple questions about the clock timing:

1) If you're shooting for a minimum-component build, why use an external 16MHz crystal? Why not use the 8MHz internal clock and double any relevant time delays in the code?

2) Since you're using a crystal, where are the 20-24pf load capacitors on each side of it (XTAL1 and XTAL2 to ground)? Without these it's likely that the timing is rather imprecise, and if precision timing isn't needed then why not just bypass the crystal altogether as in #1?

Anyone knows what kind of battery holder is being used (and maybe where I could get one)? All the holders I found where like this: http://image.made-in-china.com/2f0j00cCwabTfICLoA/Cell-Box-Batter-Holder-Batteries-Accessories-KLS5-Type-.jpg

I'm surprised nobody has pointed this out yet, but using a SMD (surface mount device) ATtiny85, this could conceivable be fit inside a standard ball point pen, though it may need to be dead-bug wired to fit.

hi...

to be specific about the (possible) errors commented on that I still see present in the diagram are:

[quote]
A close look at the circuit diagram and the build photos posted on the linked site suggests there are two errors on the schematic. The first is the 30 ohm resistor from the battery to the zener which is clearly too small. The photo suggests it is 3k3 which is, arguably, too small. The correct value should be around 470 or 560 ohms IMHO. Using 30 ohms would probably seriously stress that zener and the (small) batteries suggested.

The second error is the connection between the connector barrel and the 3.3V rail which does not match the original designer’s description. It should instead go directly to pin 5. A close look at the build photo suggests that was actually the arrangement used.
[/quote]

and

[quote]
The 5.6K should be used to pull the barrel high, with the barrel inner connected directly to PD3. The circuit diagram is wrong. I don’t seem to be able to comment on his page.
[/quote]

can we please get some updated/corrected info?

thanks

bump..

I too would like an updated schematic.

I had read comments here and hackaday that there were some errors?

Is the current 'drawing' the most updated/correct schematic?

thanks

-whispers

Hi Daniel,

Are there any updated schematics for this? I would like building one right away. So do you have an updated schematic and maybe some pictures of the final product and the board without tape?

Can someone just make me one and I'll pay them? Hahaha. I'm so confused by all these partssss

@Joe: Resistor appearance can vary considerably, if your not sure about the value of your resistor check out the color code. LMWTFY: http://en.wikipedia.org/wiki/Electronic_color_code . Zener diodes are only available from the Zener corporation in Switzerland. No wait, you can get them from a crap ton of places just google it. Regardless, trying to have us guess-tronic your tool together over the internet via blog comments is a pain. Check out some local hacker space or , failing that a local community college that has a electronics program. People at those places with like be overjoyed to help you out, sans the internet sarcasm.

I picked up a 30ohm and it looks NOTHING like the one in the photo.. can we get confirmation on what that resistor actually is.. and still no response on a good place to get a 3.3v zener :(

anyone have a link to a place where I can get the 3.3 zener diode?

The circuit diagram has been updated. R2 is now in the correct place. In previous comments I made a mistake and sometimes said PD1 when I meant PD3.

Thanks Jaku! I cant wait to get this build started.. I ordered most of my parts from newark.. a few pieces I still need.

David, I actually built two versions of the original design using the audrino uno and using an audrino 256.

http://www.forbes.com/sites/andygreenberg/2012/08/28/videos-show-hackers-reproducing-and-refining-hotel-lock-trick-that-opens-millions-of-rooms/1

I'm the clown in the still shot on the page.. the hack/device works.. I just definitly want to shrink it down further.. using the uno I was able to get the project down to the size of a nerf replacement darts box.. but even then its too big for my personal liking.

Joe,

I hope I'm replying to you. This is kinda hard from a phone. Anyways we have an updated diagram that will be getting posted soon. I'll try to get to your other questions when I'm back in front of an actual computer as well.

You wouldnt need a battery connector if you soldered directly to the leads on the battery.. I will concur however I would like more detailed view of the soldered circuit that is pictured here - that or at least some follow up from the original poster about the connection questions peole have.

I based the wiring based on the circuit described in the demoseen.com website. The talk is here: http://demoseen.com/bhtalk2.pdf

and here:
http://daeken.com/blackhat-paper (site seems to be down)

The main info is here:
http://demoseen.com/bhpaper.html

R2 should be between VCC and PD1 while barrell inner should connect directly to PD1.

Best to try the circuit first using an arduino board as in the initial talk, then shrink things down.

I don't see any reason other chips cannot be used except for all the time needed to change the code. Best to keep it simple.

After examining the pics, counting pins and trying to make sense of that solder blob under the red wire, I tend to agree with Daniel's assessment. Presuming the yellow wire goes to the inner barrel, that is... because the yellow wire appears to connect directly to PD3, with the 'short leg' of R2 connected to VCC in the aforementioned blob.

If I haven't totally forgotten the mnemomic, R1 in the pic's actually a 33.2 or 33.3 ohm (can't really tell if the 3rd band's red or orange), for what it's worth.

I guess we're to assume the mini-switch in the parts list is mounted on or integrated into one of the battery holders (which are NOT on the parts list)... it looks like there's a hole in the bottom cap for actuating it while assembled, but I don't really see it in the pics. Perhaps that's what the 'cold' blob on the anode end of the zener is waiting to flow around?

Nice Job. Going to test it next week.

Apart from buying a bareduino (not a plug) on Amazon. Hey they got the arduino bootloader already installed so you're halfway there and you've got the crystal caps and a voltage regulator for $6.95-8.95

Wonder if this work will a Teensy? Besides changing the iopin to pin 7 I'll have to look at the timing differences. Hmmm. Anybody care to chime in?

Have we confirmed that the circuit board sketch is correct or not? And anyone have a good source for the parts.. Radio Shack only carries some of the parts and I would like to work on this project this weekend.

The circuit diargam shown is wrong. R2 is in the wrong place. It should be between the Zener and the barrel inner and not as shown. The barrel inner should connect directly to PD3. You seem to have wired it correctly on the stripboard. Probably just a mistake. PD3 pulls the line low to give a 0 data pulse to the door, while the resistor holds it high to 3.3V when the chip is not pulling it low.

Not essential but I am slightly concerned about R1 I=V/R (12V-3,3V/30R)means 300mA flowing through D1 (probably slightly less due to door lock and chip). At least make sure to use a high power zener, but better to try and measure the current flowing through D1 and increase R1 greatly.

Otherwise a billiant hack and it's great to help.

Why is the Barrel Inner connected to VCC ??

I can't think of a reason why it wouldn't work with the ATTiny85. It might need some changes in timing but it should still be possible.

I was actually able to screw it into the plastic tip of the marker. I created the thread as I screwed it in, so it worked out perfectly. :)

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment