NFC Expert I sold an old mifare sniffer for the price of parts + a couple of beers. They asked me to write instructions. No problem.
Relevant for those who want to copy protected mifare intercom keys (the ones that will not work without going to the intercom). In my city, this is metacom, three and four stripes on the iron logic reader. If there is a lot of money, I advise you to buy smkey for 17k+ and close the post. If your budget is 500-1000 rubles, read on. You will need: a mobile phone with nfc on android, this device (mifare sniffer, parts are cheap, easy to assemble, I recommend the bluetooth version), classic, zero or cuid blanks. Without a phone with nfc, the functionality will be limited, but in most cases it is enough. I’ll explain right away, mf3, these are, roughly speaking, successful cuids. They bypass almost all filters and are perfectly recorded and overwritten by the phone. Zero support magic commands and are usually not written by phone. Classic does not allow overwriting 0 block 0 sector, but works fine with half of the intercoms in the “record to classic” mode. A sniffer is needed in order to intercept the exchange between the intercom and the tag. After that, the application will calculate and issue the keys to the sectors. And they, in turn, will allow us to fully read the label. Suppose you have already assembled a sniffer. There is a label that cannot be copied anywhere, for example, from a metacom with four stripes on the reader. All sectors are closed, standard keys do not fit. Open the KeyToolsBT application (I have a bluetooth version). We select our device and get into the main menu.
Go to the window “Capture crypto key”. The U ID can be entered manually or read from the tag. After we press “Key Capture” and bring a home-made antenna to the intercom reader. The result is also visible in the second screenshot. These are ready-made keys from sectors. We can save them. Next, I go to notepad – copy / paste.
Click on “add key file”. Let’s get to the second screen and press the plus sign.
Add keys from notepad and the last line is FFFFFFFFFFFF. We save the file with the keys with the name test.keys and go to the “read tag” item in the main menu. There we get to the second screen. We select our key file, attach a label to the phone and try to read. The result is on the third screen. Usually this is sector 0, and sometimes 14. Save with the name test.mct
The contents of the memory are completely read and saved (in the future, you can make copies without access to the intercom). Next, from the main menu go to “write tag” and select “write dump”. We select our dump file and get into the next screen.
Here we can choose only sector 0. If there was 14 on the original label, then his too. Next comes the key file selection screen. Not on the screenshot, but there we select our test.keys file and try to write. Most often it will be recorded immediately and without problems. You can try to read it, as well as the original one. Sometimes the 0 block 0 sector is not written when writing the entire dump. Then we go back and write manually block by block. It can be seen on the second screenshot. Done, the label is completely copied – you can check it. I used this way. As you can see, everything is not difficult. It is especially important for intercom keys or access control cards that are not amenable to standard proxmark3 attacks, there are non-standard keys and the 14th sector is involved. But what if the intercom is simple, but the blank is zero or classic? Then enough sniffer.
I live in one of the houses that is served by PIK Comfort and had the imprudence to break the key to the intercom.
Like this. I broke a corner in my pocket and it was lost.
Well, I thought naively.
. the blank costs 40-50 rubles, the programmer for rfid – 900-1000, let me think I will ask PIK to make a key so as not to “invest” in equipment.
I leave a request, the operator calls back.
“One key for you will cost 500 rubles.
I have one question.
You didn’t go crazy there, did you?
with the level of service provided, barriers wrapped in adhesive tape by the almighty aka duct tape and often standing in elevators for half a day.
Missing commas ,,,,,,,, spaces, ——— dashes
Missing points – in the comments for minuses.
Best posts of today
Intercom is a highly effective device that allows you to gain or restrict access to an apartment building. Typically, such equipment is mounted at the entrance to the entrance (on the door), which blocks access to unauthorized persons who do not know the access code. But you can get inside the entrance with the help of a universal key for the intercom. Such devices are considered legal methods of opening doors with an intercom system. Universal keys should be kept by special services if you need to enter the house in an emergency. The intercom identifier is popularly called an all-terrain vehicle key or a master key, and an employee of an organization that performs maintenance of the installed device needs it.
Universal master keys work on the same principle as regular keys for a specific intercom (this applies not only to a certain city, but also to regions). Not all types of universal all-terrain vehicles are suitable for installed intercoms. Therefore, it is desirable to have a cut of several sets, including a magnetic key, a radio key fob and a proximity indicator. Let’s find out what these keys are, how they work and what is inside.
Where is it used?
Universal keys are needed in cases when special services need to get inside the house or if an expert came to carry out maintenance of the intercom. In such cases, an all-terrain vehicle will be very useful, but one key is not always suitable.
In practice, there are often cases when the key is already registered in the device’s memory. Specialists perform the programming procedure.
Such devices will be needed in the following areas:
- Police.
- Fire service.
- Mail.
- housing and communal services.
If a person knows the indicator code of the key, he can easily make a copy of the master key.
It also happens that the controller contains in memory all the necessary data for entering personal indicators. Such all-terrain vehicle keys are issued to service workers. For example, the Vizit company produced devices that could fit all the devices of this company. That is, the key to the Visit could open any Vizit intercom. But in modern intercoms this possibility is no longer there, since intercoms are installed to secure the entrance, and such devices cannot be distinguished by good security indicators.
It will be useful for you to know – a description of the intercom visit.
What does the universal key consist of
Usually lock picks have different modifications, chips and microcircuits, but there are factors that are similar for everyone. The nuance is that the intercom key is a conventional memory module that stores a binary code with a standard length of 64 characters. 2 types of memory are used:
- Recordable.
- Rewritable.
The same is true in lock picks, there are models that are programmed once during the manufacturing process, and there are also those that can be reprogrammed in the future.
Composition of a standard intercom key
Memory is produced differently depending on the type of keys:
- In the form of a conductor that looks like a crystal.
- In the form of a microcircuit, on which there is a certain number of semiconductors.
- In the form of a miniature chip with a built-in antenna. Allows you to transmit radio signals for data exchange.
The first two types have a standard shape of the product – in the form of a tablet, which looks like a flat battery with a metal handle. The chip is produced in the form of a keychain based on plastic.
How the universal key works
The keys have a memory of 64 characters. It is built according to the binary system, that is, according to a certain sequence of zeros and ones. When the identifier and the place for contact come into contact, the electrical circuit is closed. Thanks to this, the intercom processes the pulses, sending them to the microcircuit installed inside. If the correct master key is selected, which is capable of causing the circuit to close at this particular intercom, the door will open. In the key, a specific identifier is recorded, and if it does not match the device, access will be denied.
In the process of contact between the master key and the call block, 64 pulses are exchanged. As a result, parts of the written calculus code (zeros and ones) are checked. If the codes fully match, access is opened, if a discrepancy is found, the door will not open.
Today, devices are sold that have not only 64 characters in memory, but also 4 or 8 additional characters that allow you to control the reading procedure by executing commands of various types. First, the control bytes are read and checked, and subsequently the main key. If all control pulses match, the intercom will receive a command to open the doors.
Crafting a Universal Lockpick
Any magnetic key can break, or perhaps a person will lose it. It is important to have a duplicate master key or a universal key suitable for each intercom. To create such a device, you need to understand the calculation systems (program code) and write a special code to the device command that is able to transmit the necessary impulses to the intercom chip, opening a secure door. For such purposes, one of the following types of codes can be used:
- Factory.
- Service.
Factory code
Usually, in the process of creating a key, experts enter the necessary code into its memory. But in addition to the number, there may be empty cells in memory with zeros or other characters written in them. These cells are needed if you want to program another code. Previously, factory devices were produced into which all keys could be entered, that is, any factory key was able to open any intercom with a 100% probability. But technology is constantly evolving, and models have improved. Now intercoms have become better in terms of security – not all factory codes are able to open the door (the percentage of operation is not more than 50).
Service code
Universal intercom keys can be programmed. They contain special service keys that can be used by service center employees or a person who installs and repairs intercoms. During the device installation process, a certain key is entered into it. Such a process is quite complicated, because it takes a lot of time if, for example, you need to program universal keys for intercoms of an entire city.
https://youtube.com/watch?v=saFmztHnT8Y%3Fenablejsapi%3D1%26autoplay%3D0%26cc_load_policy%3D0%26cc_lang_pref%3D%26iv_load_policy%3D1%26loop%3D0%26modestbranding%3D0%26rel%3D0%26fs%3D1%26playsinline%3D0%26autohide%3D2%26theme%3Ddark%26color%3Dred%26controls%3D1%26
In what cases does the universal master key not work
In some cases, universal keys cannot open doors, although they match in characteristics, and should do so. In most cases, the reason is that the intercom was installed recently. It no longer has factory keys, and the service code has not yet been registered. Usually, such situations are resolved after a while, the specialists who service the intercoms must prescribe the necessary codes in them, because this is necessary for employees of special services. After that, the keys of all-terrain vehicles will be able to open the doors without any problems.
Recommended reading – intercom key duplicator.
Conclusions
A universal intercom key is a very important thing that can come in handy in various situations. For example, fire service workers can use such a device to access the entrance to start evacuating people, and police officers need them to protect citizens from illegal actions. Universal keys are often issued to medical workers (ambulances), because an entrance with an intercom should not become an obstacle to first aid. Very often, people themselves lose the keys to the intercom, and do not remember the code. That’s when universal master keys are needed. It is recommended to buy a small set of devices, they are not expensive, and the process of their creation will not take much time. Then the tenant of the house can be sure that he will be able to get into the entrance and into his house.
Time to read
Greetings to everyone who is interested in the topic of electronic keys-all-terrain vehicles. I myself, to tell the truth, have not been following the news in this area for a long time. But I want to publish my development of three years ago, as it is easy to repeat and may be of interest to someone. The bottom line: Instead of a dozen keys with all-terrain codes and just codes, all the keys can be carried in one small device.
Disclaimer: I do not urge you to repeat, you are responsible for assembly and use, I share information for informational purposes only. For example, to help companies servicing intercoms to patch “holes” in time, if any are found using the device.
What is it? What can?
The device that I assembled back in 2017 is nothing more than a spoofer of an RFID intercom key operating at a frequency of 125 kHz. The word “spoofer” in this case means that the device, in fact, not being a key, pretends to be it, and intercoms react accordingly.
The device can translate any key codes that are stored in its memory. Some codes can be found on the Web at the request “all-terrain vehicle keys”, I inserted them into the firmware in the first place. But with some skill and desire, you can insert into the firmware the codes of all RFID keys that you use (if they operate at a frequency of 125 kHz), and, thus, be able to replace a bunch of key fobs with one device.
I know that a large number of schemes for such devices are circulating on the Web. My goal was to create the simplest option available. Successful or not – judge for yourself.
What skills do you need to have to repeat this project?
First of all, Arduino skills: have an installed development environment, be able to upload firmware to the board, install libraries, drivers, that’s all. Further. There is a place in the project where without soldering – well, no way. Because – you need straight arms and a soldering iron with consumables. Be able to read electrical circuit diagrams (or similar). Well, programming skills in C ++, in order to be able to customize the device. But this is optional.
What spare parts are needed and how to mount them?
Without delay – here is the diagram of the device:
Sorry for the fact that “not according to GOST” – I draw in drawio, because the only free and convenient alternative to Visio, and now I only use licensed software. But I think it’s all very clear.
As you can see, the BOM for the basic version looks something like this:
You can also assemble a test sample on a solderless breadboard. No special instructions are required here, except for how to deal with “inductance”. More about this.
A key similar to the one in the photo can be obtained from any local master, or ordered from Ali. There is a lid on the key body, which should be carefully opened when you get to the filling:
It is a coil and a memory chip with two pads on the sides. The coil leads are soldered just to these sites. All this is filled with a thin layer of elastic thermopolymer (in appearance and properties similar to the frozen B7000 glue). To get the coil, I did the following. Taking a clerical knife, I carefully pressed the textolite between the pads and the microcircuit with the blade. I separated the microcircuit from the coil and threw it away. Then, with a soldering iron, I carefully (so as not to unsolder the thin wires of the coil) burned the thermopolymer over the contact pads, making further continuity possible.
Before soldering, you should measure the resistance of the coil, making sure that it is not open. If everything is in order, then it is better to assemble it like this: first, solder the SMD capacitor to the contact pads (it should fit neatly between them), then the legs of the transistor, and finally, the resistor to the base. All this can be neatly mounted in the key case. Solder the ground wires and transistor bases last.
Then make a hole in the key cover for these wires, and close the key fob, giving it an almost original appearance. To assemble on a solderless breadboard, solder the pin headers to the wires (or just tin them well so that you can insert them into the breadboard without any problems).
Firmware, test and adjustment
As promised, a link to the project repository. The firmware files are in the folder My_125_kHz_spoofer_v.03.
After assembling and uploading the firmware, the device is ready for use. To make sure that it works, it’s not at all necessary to look for an intercom – you can get by with a Chinese module for reading RFID keys called the RDM6300 and another Arduino board (although it’s easier for someone). I also put the firmware for the RDM6300 module, which issues the broadcast key code in the same format as it is included in the spoofer firmware, into the project repository. Reader connection diagram – in the same place.
Test procedure with RDM6300 reader:
Since the firmware was molded on the basis of this code, which is not quite clear to me, I placed the vital functions that cannot be changed at all, in a separate functions.ino tab. The rest of the program serves solely to provide the user with a comfortable opportunity to call the EmulateCard function (well, a few lines of code before it).
What could be improved in the device
History of creation
It was autumn 2017. As a second-year graduate student, I languished with unresolved issues of self-determination. Simply put, I was idle and looking for something to do. In the end, I decided to complete my old engineering projects to the detriment of attending the university.
The weather outside was simply magnificent. And what could be better than sitting somewhere on the roof of a high-rise building on a cool autumn night, drinking tea from a thermos and contemplating the bustle of the night city under your feet?
As I remember, information about such devices was not immediately found. Googling for the keywords “intercom cracker” did not give almost anything. Adequate began to be found when I a little bit understood RFID technology, and began to ask more meaningful questions, such as “RFID emulator”, “RFID multykey”, “RFID spoofer”.
As a result, we managed to find two decent English-language articles on the topic. In one, the author described how, on the basis of Arduino, a key that was rather confused from a hardware point of view was made, and in the second, everything is the same, but without source codes, but with very simple hardware. Fairly judging that since both circuits are connected to the antenna with one Arduino pin, I decided to cross a simple hardware solution and open source. It worked, albeit not the first time.
The photo at the beginning of this article is far from the first version of the device. The first was on a breadboard, and worked through the COM port. I remember how passers-by in every possible way let me know that I looked suspicious when I stood at the door of a multi-storey building with an open laptop and chirped something in the intercom.
Then there were several more compact versions that I assembled and disassembled for fun. The penultimate one was stolen by one of the main characters of my previous article. The current version was compiled on January 29 of this year, during a break between the lessons that I teach in my circle. Assembled only to make sure that I do not misinform anyone, and the firmware with the circuit works.
Intercom keys Moscow
Sergey: Make a key to the intercom
If you didn’t get a duplicate in the workshop, I’ll do it 100%.
– DOORPHONE KEYS (ANY)
– MAGNETIC CARDS (Electronic passes)
►I’ll come today!
TERMS:
+7 989 300-xx-xx
►Prices are lower than competitors!
►1 year warranty!
►No weekends and holidays
►A copy is made in front of you within 10 minutes
Good afternoon, we are pleased to offer you the production of any intercom and electronic keys, tablets, key fobs, keys from the ACS system
Peter: I will make a key to the intercom
To make a key for an intercom with a departure around Moscow within two to three hours is for us, only proven key blanks allow us to give a one-year guarantee for the keys.
+7 925 025-xx-xx
Vyacheslav: Duplicating intercom keys
Making duplicates of intercom keys. Departure to the client, production on the spot. There is a system of discounts.
+7 916 443-xx-xx,
ALLA: DOORPHONE KEYS
WE MANUFACTURE ALL TYPES OF DOORPHONE KEYS INCLUDING MI HEADLIGHTS AND UNIVERSAL KEYS
+7 903 517-xx-xx,
Yuri: Production of intercom keys keys for intercom
+7 985 520-xx-xx
●●●●●
► We make such keys as
Intercom keys rw1990
KS-4TM ТМ08v2
ТМ-08 ТМ-08v2 ТМ-08 Vi
ТМ-08 Vi-2 ТМ-2004 ТМ-01
ТМ-01С ТМ-01А RW-1990 RW-1990.1
RW-1990.2 Cyfral DC-2000
contact keys Т5557
proximity keys Т5577
► Making a copy of a duplicate of pass cards, keys for intercom
RFID NFC EM-Marin 125 kHz key fob EM-Marine key fobs
► Making copies of intercom keys, pass cards, E-marine, Mifare Dallas Cifral
●●●●●
We make intercom keys master keys that open intercoms Visit Vizit Metakom Metacom Cifral Cyfral Reikmann
Raikmann Eltis Eltis, Marshall, Keyman KeyMan Leader and smart home keys do key repairs
We also make barrier cards, if you need to make a barrier card, or a card for turnstile gates, or an office access card, we can also help you.
A workshop for the production of all types of intercom keys, including such as Mifare Mifare ferrite key Slippers, can offer you a visit of the master to the address at any time convenient for you.
●●●●●
► We work without weekends and holidays
► Orders are accepted around the clock, just write Whats App
WhatsApp what key do you need and we will contact you.
Installation Eyelets , Buttons , Denim Buttons , Blocks ,
George: Workshop
+7 929 555-xx-xx,
Covering buttons with leather fabric.
Replacement of batteries AND straps in watch remotes.
Repair of shoes, bags.
Installation of metal fittings.
The network of workshops “Ivan Bragin” will make duplicate keys: intercom, door, safe, furniture.
Irina: Making keys of any complexity
Making duplicate door, intercom, garage, safe and car keys with a chip. Copying remotes from gates and barriers. Qualitatively and with a guarantee, discounts on volume.
+7 925 771-xx-xx, , Center for Consumer Services OK Master
Tatyana: Making duplicates of magnetic electronic keys.
Production of duplicates of magnetic electronic keys – contactless cards, duplicates of intercom keys, contactless key fobs, RFID tags of various types in Moscow, Pushkino, Mytishchi. From 10pcs. Departure of the master for free. Additional discounts for large orders! A contactless office card duplicate is made in your presence in a minute.
+7 926 581-xx-xx, ,
Ivan Bragin: Making duplicate keys
2 more lines
We will make flat, semicircular, end, one and two-flag wrenches.
Apartment,
+7 499 995-xx-xx, Watch workshop Ivan Bragin
Moscow, m. Pervomaiskaya
Making keys of varying complexity. Encoding of intercom keys, cards, key fobs. Sale of larvae, padlocks.
+7 926 268-xx-xx
Al: Keys. Production of keys of all types, urgent.
Making all kinds of keys. By lock, by key. Apartment, garage, safe, furniture, postal, for blinds, for intercoms, electronic keys (cards)
m.
garage,
safe,
furniture,
postage,
for blinds,
for intercoms,
electronic keys (cards) for access control systems,
for ATMs, vending machines,
booths,
cells,
car keys, including transponder keys (for cars with standard immobilizer),
production of chips for installation of alarms with remote start and warm-up,
replacement of car key cases,
production of car keys with remote door opening,
car SMART keys, SMART cards
The title turned out to be too loud – and the key is not so universal, and not everyone will succumb to the intercom. Anyway.
+7 926 734-xx-xx, Workshop for sharpening and making keys “Master Key”
household services: production of keys of any complexity
production of keys of any complexity, urgently, in 1-5 minutes. If you urgently and professionally need to make a duplicate of door, car, intercom keys, remote controls for gates and barriers, then the right decision is to contact our workshop
+7 968 330-xx-xx,
Andrey: Making keys for intercom
Production of keys for intercom from 100 rubles. m. Domodedovskaya.
+7 965 382-xx-xx,
IE: Production of intercom keys
Making duplicates of intercom keys. – Production of ordinary keys. – Photos of the documents. – Clothing repair.
+7 926 496-xx-xx
Timur: Making Keys
– production of a key for the intercom – —————————————————————————- – replacement of the battery in the remote control – ———————— —————————————————- – key case replacement – —————————————————————————- – replacement.
+7 926 282-xx-xx, Timur
Keys: Key Recovery
+7 926 111-xx-xx, Keys
No novel: Duplicate chipped car keys
Moscow, m. Vykhino
key rings; – copies of keys for intercoms of any type; – as well as duplicates of rewritable thin and thick contactless rfid-kapt. – Our prices are among the lowest in Moscow and.
+7 906 790-xx-xx, No Roman
David: Golden Anchor Workshop
Moscow, m. Timiryazevskaya
+7 926 344-xx-xx
necessary things_shop: Production of intercom keys and key cards
+7 916 829-xx-xx, necessary things_shop
Leonid: Duplicate intercom keys
+7 958 828-xx-xx, Leonid
Alexander: Shoe repair and keys in Novokosino
+7 915 450-xx-xx, Alexander
serg: I will duplicate contactless rfid cards
Moscow, m. Maryino
+7 916 265-xx-xx, serg
We will make duplicates of almost all intercom keys
Moscow, m. Novogireevo
we will make duplicates of almost all intercom keys, magnetic or office passes (on the spot) with verification!!! Departure of the master is free of charge (South-Eastern Administrative District). min. order 2 keys. good discounts when ordering from 5 keys.
+7 965 202-xx-xx
Mihail: I will make a duplicate of back-contact pass cards
Production of duplicate office passes, keys for intercoms, etc. – Departure around the Sokol district, Airport free of charge
+7 916 011-xx-xx, Michael
Moscow, m. Shchelkovskaya
Production of intercom keys, departure to the client, production on site from a sample, discount system. 1 key -200 rub. , 3 keys – 550 rubles. , 5 keys – 850 rubles. , 10 keys -1600 rub.
Vlad: Duplicate intercom keys
Moscow, metro station Petrovsky park, Petrovsko-Razumovsky proezd
Making duplicates of intercom keys on the spot with verification
+7 936 666-xx-xx, Vlad
Kirill: Copies of intercom keys, scud
+7 916 035-xx-xx, Kirill
Al: Making keys, chip car keys
Moscow, m. Semyonovskaya
House of life “Falcon Mountain” – Production of keys of all types: – for apartments – for safes – for intercoms – for cars – chip keys for cars with an immobilizer – for garages
German Quality: Making keys, changing batteries
+7 916 604-xx-xx, German Quality
Making keys from the intercom
In our technical center in Putilkovo, we can make duplicates of almost any intercom keys for you. These are TM: Cyfral, Metakom, Dallas, KT-01 (three-pin), RFID 125 kHz: Urmet, EM-Marin, HID26, HID34, HID37, Indala, Electra, PAC, RFID 13.56 MHz: Mifare Classic, Mifare Ultralight, Tekhkom (including copy-protected ones), Factorial, iCode.
Copy of EmMarine RFID key
In Putilkovo, several types of intercom keys are used: in the first place, Em-Marine keys operating at a frequency of 125 kHz, which are a contactless drop key fob, are very popular. There are no problems with duplicating these keys, they are copied by the simplest duplicators and have no protection. The production of such keys in our service center costs from 300 rubles.
Copy of Mifare key
The second key that is used in Putilkovo is a key in the Mifare system, operating at a frequency of 13.56 MHz. Here everything is already much more complicated – the key has a rare format and not every programmer will be able to cope with it, here special software and NFC USB Reader, a special interface device for reading Mifare tags (and keys) come to the rescue. It turns out a duplicate that works great – costs from 350 rubles.
Copy of AirTAG PIK key
The third key, because of which we had to buy cool equipment for duplication – AirTAG PIK for BasIP and Rubetek intercoms. This is a new generation of intercoms, which the PIK company puts on new houses in its LCDs. The intercom integrates with your personal account, allows you to manage keys and configure access. The key is an encrypted second option – Mifare. Using special equipment, our specialist will make an exact copy of your PIK AirTag key. At the current time, we have checked the duplication of keys in all houses in Putilkovo with new intercoms – 100% of the keys have been successfully copied. The cost of a duplicate key is 500 rubles. Due to the complexity of making the key – before visiting the workshop, please be sure to call our phones, not every duty master will be able to make a duplicate of this key! Please note that at the current time it is only possible to copy AirTAG based on Mifare Ultralight (most often a blue key), now PIK is introducing a new type of AirTAG Mifare Desfire keys (most often a red key with the inscription PIK AirTAG) – we are waiting for an update of our software security to enable duplication of such keys.
We not only make duplicates for Putilkovo intercoms. Our equipment allows you to copy keys from all popular intercoms. Come, we will help.
Price relevance
Due to the sharply increased cost of consumables from 03/24/2022, the prices presented on the website have lost their relevance. Please check the new cost with us by phone or mail, listed in the contacts section.
Making a universal key for the intercom
There are many materials on the Internet on how to read information from them. But these tablets are not only read-only. It is human nature to lose keys, and today a stall with DS1990 cloning services can be found in any underground passage. For recording, they use blanks that are compatible with the original keys, but have additional commands. Now we will learn how to program them.
We will talk about intercoms that work with 1-wire tablets DS1990, like this:
Sketch code. The recording algorithm itself is taken here – domofon-master2009.narod.ru/publ/rabota_s_kljuchom_tm_2004/1-1-0-5
Why is this needed? If we discard obviously bad options, then the simplest thing is to reprogram the cloned tablets that have accumulated and become unnecessary from the old intercom, replaced with a new one, from the entrance of a rented apartment where you no longer live, from work where you no longer work, etc.
I’ll make a reservation right away that in the description I will omit some points that are obvious to most of those who are “in the know”, but, perhaps, do not allow a simple person who wandered here from a search engine to repeat the procedure. This is done on purpose. Although I am for the openness of information, and I believe that information about all vulnerabilities should be communicated to the public as quickly as possible, I still don’t want anyone who wants to be able to easily enter my entrance.
A bit of theory.
As you know, DS1990 is characterized, in general, by one parameter – its own identification number. It consists of 8 bytes and is applied to the surface of the tablet. And it is also issued in response to a request via 1-wire. In fact, one of these bytes is a device type identifier, another is a checksum, but for us this is not important. All the keys known to it are registered in the memory of the intercom, only the company managing the intercom can change this set. But in addition to the keys explicitly recorded in memory, the intercom sometimes responds to the so-called master keys, common for intercoms of this manufacturer, this series, this installer. They try to keep the master key codes secret, but sometimes they leak. In five minutes of googling, you can find about 20 master keys from various intercoms. I have “Visit”, so the choice fell on the key 01:BE:40:11:5A:36:00:E1.
The blanks on which the keys are cloned are of different types. In our city, the most common ones are TM2004. According to the description, they support finalization, after which they lose the ability to rewrite and function like the most ordinary DS1990. But for some reason, craftsmen who make copies do not always finalize. Perhaps because the majority of programmers on the market were bought a long time ago and do not have such a function, perhaps because finalization requires an increased (9V) voltage. Don’t know. But the fact remains, of the 4 keys on which I experimented, only one was finalized. The rest easily allowed you to change your code to whatever you like.
Practice.
We will assemble the programmer on the Arduino Uno, which is ideal for similar purposes of prototyping and assembling disposable crafts. The circuit is simple, 1-Wire for that and 1-Wire.
The assembly time of the device on the brainboard does not exceed five minutes
After starting, the program polls the 1-Wire interface once per second and issues the code read from it to the serial port. If it is FF:FF:FF:FF:FF:FF:FF, then we assume that nothing is connected. In the general case, this, of course, is not true, since some blanks, for example, TM2004, allow you to write 8 0xFF into the key identifier, so if your tablet is flashed with such a code, then the check must be removed.
True, it says there that you can write all 8 bytes in a row, but it didn’t work for me. Therefore, each byte is written separately, through its own 0x3C command.
Well, first of all, let’s face it – the master key will be programmed to you in any transition for very little money. Yes, there are plenty of offers on the Internet. In this regard, one and a half habrozhite who repeated my experience is a drop in the ocean.
Operation procedure: start, connect the key, whose code we want to know, and the resulting hardcode value into the key_to_write array. We remove the return marked with a comment. We start again and connect the blank, it should be flashed with a new key. Naturally, to record an already known code (say, a master key), the first step is not required.
If an error occurred while writing the first byte, then your key is not writable. If the error is not on the first, but on some of the subsequent bytes, then check the contact between the tablet and the arduino.
A successful write log looks something like this:
We go down to the street, trying to open the neighboring entrance. Works!
Moral and ethical issues.
Was it worth posting this? Suddenly, a homeless person can enter my porch and begin to live there?
Therefore, I publish without the slightest doubt. Enjoy!
Secondly, I still deliberately missed a few rather fundamental questions that will prevent a beginner from starting the device. Well, an advanced person is unlikely to come to your entrance to sleep there or do indecency.
The locking mechanism on the doors performs a protective function and is subjected to serious physical stress every day. Locks are mechanical and electronic, and the latter are often very convenient. Over time, such structures deteriorate and require replacement. The reliability of electronics in this situation is higher and with good electrical protection it will last a long time. If the owner of a dwelling loses the keys to a mechanical lock, he has to change the entire castle structure. In the case of an electronic lock, things are easier. You can create a duplicate using the intercom key copier.
How the intercom key duplicator works
RFID key copier is an electronic mechanism that allows you to read a special cipher recorded on a magnetic medium. In case of loss of a magnetic key, its duplicate can be easily obtained by overwriting it on a blank magnetic medium.
To understand how the intercom key duplicator works, you need to pay attention to its design. Externally, the mechanism is similar to a case block with several components. It contains:
Main types and models of duplicators
There are 3 types of intercom key duplicators on the market today:
Contact mechanisms
Rfid duplicator for copying contact keys is a device in 2 modifications. The first type programmer helps to duplicate META-COM and Digital keys, and the second one works with dallas contact keys. It should be noted that the dallas chips contain a hexadecimal code, and the firmware of the Digital keys is performed using a protocol code characterized by a large digital volume.
Contactless copiers
Contactless duplicators are represented by 3 modifications.
You can program duplicate keys on universal devices. With their help, you can not only create a copy of the digital key, but also get a set of additional useful functions:
Code generation helps to write original character ciphers to the intercom key. This option is suitable for large corporations, whose employees receive a key with a unique code to open doors. It allows you to control the time and number of visits by a specific person to production facilities.
Production of do-it-yourself intercom key duplicator
If desired, you can make a copier for intercom keys with your own hands. For this purpose, you will need an Arduino microcontroller. To make such a device, you will need the following set of devices:
From the rf ID RC522 module, several wires of different colors go to the monitor adapter:
https://youtube.com/watch?v=mcgi-V4MTC4%3Fenablejsapi%3D1%26autoplay%3D0%26cc_load_policy%3D0%26cc_lang_pref%3D%26iv_load_policy%3D1%26loop%3D0%26modestbranding%3D0%26rel%3D0%26fs%3D1%26playsinline%3D0%26autohide%3D2%26theme%3Ddark%26color%3Dred%26controls%3D1%26
How to flash keys?
Many intercom chips are made in the form of a pill. To open the door, the surface of the “tablet” is applied to the reader. There is no magnetic field inside such a mechanism, and the device functions due to non-volatile memory. The symbols of the digital cipher are entered into it in a certain sequence. Rewriting keys of this type occurs using the duplicator tmd, which reads the cipher and recreates it based on the pure key. The RFID system is designed in such a way that it transmits a cipher using a specific radio frequency.
The chip circuit contains an oscillatory circuit, upon activation of which information from the memory is transmitted through space to the reading mechanism. The signal that causes the loop to oscillate comes directly from the duplicator or intercom antenna. The further principle of copying the cipher into memory and its reproduction from there occurs by analogy with the functioning of a classical contact device. The only negative aspect is that the duplicator registers only a specific type of digital signal in memory. But there are also universal devices that can be configured to interact with any kind of digital data.
Independent production of intercom keys allows you to quickly solve the problem of recovering lost personal keys, and also becomes a great business idea that will bring good income. At the first stage of business development, you can use a standard intercom key copier, designed to write the cipher to common types of “blanks”. In addition, this type of activity does not require large investments at the start. The service of creating a duplicate intercom key is in demand among the population (especially in large cities).
It will be useful for you to know – OEM (Original Equipment Manufacturer).
I’ll do it professionally: