Rothult has all the stuff you would expect to find in an NFC scanner with a moving part. We find a microcontroller, RFID decoder, supporting passives, metal shaft, and a geartrain. The most exciting part is the controller which is an STM32L051K8 processor by STMicroelectronics and second to that is the AS3911 RFID reader from AMS. Datasheets for both have links in the teardown. Riping up a Rothult in the lab, we find an 25R3911B running the RFID, and we have a link to that PDF datasheet. Both controllers speak SPI.
There are a couple of things to notice about this lock. The antenna is a flat PCB-mounted with standard header pins, so there is nothing stopping us from connecting coax and making a remote antenna. The limit switches are distinct so a few dabs of solder could turn this into an NFC controlled motor driver. Some of us will rest easy when our coworkers stop kidnapping our nice pens.
Rothult first came to our attention in a Hackaday Links where a commenter was kind enough to tip us off to this teardown. Thanks, Pio! If this whets your appetite for NFC, we have more in store.
According to the Ikea website, my local Ikea in Germany has 43 of them in stock. I did not go to check if that’s true though….
Also sold in The Netherlands. I will get one to play with although I don’t trust anything of value with a wireless lock..
— The AS3911 includes several features, which make it incomparable for low power applications. It contains a low power capacitive sensor, which can be used to detect the presence of a card without switching on the reader field. —
Bit confusing :) yet, i haven’t seen before battery powered NFC devices that can last for long. I didn’t think there is “Initiator” chip :) I definitely have to make something with this :D
The mentioned AS3911 is actually the ST25R3911B from STMicroelectronics and is a full blown NFC reader device. You can find out more here: https://www.st.com/content/st_com/en/products/nfc/st25-nfc-rfid-tags-readers/st25-nfc-rfid-readers/st25r3911b.html
The connector very obviously has the SWD pins on it. These would be the primary way to reprogram the board and would probably not require boot0 to be touched unless the SWD pins are disabled by the exiting firmware.
Absolutely correct – Using an STM32 discovery board STLink works perfect, but I never got that far in my writing due to the vacation ending.
His disassembly/debug story of the Rothult seems to be ongoing, apparently he is (looking into) writing a new firmware for it now, posts on his blog:https://blognamn.wordpress.com/
You can extend the antenna cable a bit, with coax or just regular cable. But NFC antennas are usually not 50 ohm matched so I think it wouldn’t work for over 1 meter or so.
It beeps at you before batteries run out, and if you don’t replace the batteries it unlocks itself with its last breath.
So a possible attack would be liquid nitrogen, if it is mounted somewhere, were it could be sufficiently cooled to disable the batteries. E.g. in a drawer.
This thing is more of a convenient tamper proofing against the casual fridge raider or office supplies borrower that a serious security device..
You could extend the battery contacts outside of the cabinet, to a hidden location. If I did that, I would also use protection diodes and a couple capacitors to protect against a high or reverse voltage applied to such contacts.
You’d have to be careful not to freeze the mechanism too. Also, when it loses power, it erases the extra key card data, so it’s still apparent that someone tampered with it.
But what am I talking about, this is a $20 cabinet lock, it’s not designed to be particularly strong or secure. A stern enough look at it is also a possible attack.
Xiaomi also has a similar lock, it features nicer design but also looks more fragile. Oh, yeah, and you use an app to open it. :)
By using our website and services, you expressly agree to the placement of our performance, functionality and advertising cookies. Learn more
13.56mhz Nfc Tag 215
Jewelry Tag, Clothes Tag, Laundry Tag, Book Tag, Anti-Metal Tag, Nfc Tag - Sunlanrfid,https://www.lanrfid.com/