hi peps, I am in the process of building a two stage authentication RFID car immobilizer.
since the immobilizer has to be secure and have the ability to add or remove verified users, is there a way to "secure" the code so that it cant be read or rewritten without a key installed ie a master rfid tag or like a usb key or something?
thanks in adnvanced
jmclaughlin1975:
hi peps, I am in the process of building a two stage authentication RFID car immobilizer.since the immobilizer has to be secure and have the ability to add or remove verified users, is there a way to "secure" the code so that it cant be read or rewritten without a key installed ie a master rfid tag or like a usb key or something?
thanks in adnvanced
Since it's almost impossible to reverse engineer the code uploaded to an Arduino, I think you're pretty safe.
That is, until someone writes their own code to control your immobilising device and uploads it to your Arduino.
They will, of course, have to know how and where (which pin) the device is connected to your Arduino to write that code.
How likely is that?
You will have to rewrite your code whenever a verified user is added or removed.
probably not very.
just wanted to be the super safe side.
The verified tags should be stored in EEPROM. This can be reprogrammed by the device itself. For example, you may swipe the "master" tag and then a new tag, and your program can detect this sequence as an instruction to store the new tag. (Unprogramming a lost tag is a problem to be solved.)
The code on the Arduino can be protected. There's a number of "fuses" which can be blown to prevent your code being downloaded or altered. Of course you don't get to reprogram the Arduino after that, so make sure your program is correct before blowing the fuses. The EEPROM can also be protected from external changes.
Of course you don't get to reprogram the Arduino after that, so make sure your program is correct before blowing the fuses.
Well, you can, but you need a high voltage (12V) programmer, and the chip is erased (first) as part of the process.
Nick Gammon has a writeup here on it:
MorganS:
The verified tags should be stored in EEPROM. This can be reprogrammed by the device itself. For example, you may swipe the "master" tag and then a new tag, and your program can detect this sequence as an instruction to store the new tag. (Unprogramming a lost tag is a problem to be solved.)The code on the Arduino can be protected. There's a number of "fuses" which can be blown to prevent your code being downloaded or altered. Of course you don't get to reprogram the Arduino after that, so make sure your program is correct before blowing the fuses. The EEPROM can also be protected from external changes.
I had that in mind, I have the users set with names, so when you swipe your tag it displays "welcome first name Please enter your code"
I would need a way to enter the credentials and store them in the EEPROM.
I also have an issue with the code entry sequence, as soon as I enter one wrong digit it displays the incorrect code screen. I want it to store the code until all digits are entered and then compare to the stored credentials.
I also have an issue with the code entry sequence, as soon as I enter one wrong digit it displays the incorrect code screen. I want it to store the code until all digits are entered and then compare to the stored credentials.
Did I miss something like you posting your code? If not, then you are just whining. We don't much care for that here.
Is a code with one wrong digit not wrong? Is "close enough" the secret code? You can do that if you like.
PaulS:
Did I miss something like you posting your code? If not, then you are just whining. We don't much care for that here.
I'm aware of that, one problem though, my code wont upload due to a character limit.
MorganS:
Is a code with one wrong digit not wrong? Is "close enough" the secret code? You can do that if you like.
a wrong code is a wrong code, but what I mean is when one wrong digit is entered it immediately goes to the incorrect code screen, so al you would have to do is go through the keys until you don't get that screen, then you know the first digit, and do the same over again until the system is disarmed,
what I want to do is store the entire entered code and once a confirm key is pressed, check the code against the database and if it doesn't match then show the incorrect code display.
this is my code for now, as its unfinished. I have posted it in a txt file
RFID arduino immob code.txt (9.61 KB)
char code[10]; // The TAG ID of the card
code[10] = '\0'; // Add null at end to terminate the string
The indices for a 10 element array range from 0 to 9. You just wrote over some other data.
I want it to store the code until all digits are entered and then compare to the stored credentials.
if (currentPosition == 4)
{
logEmployee(currentEmployee, true);
DisableImmob();
currentPosition = 0;
currentState = waitingForTagID;
clearSerial();
}
} else {
// Does not match so it is an invalid code
So, why do you assume that an invalid code has been entered, when the complete code has not been entered?
I
gave
up
on
reading
your
code.
Your
opening
and
closing
curly
braces
do
not
line
up,
and
you've
apparently
got
some
fixation
for
column
one.
th column one thing is to do with wordpad not saving formatting, so don't blame me, I came on here for help not to be made fun of
didn't think of that, sorry to jump the gun
this is my .ino file, hope that helps
car_immobilizer.ino (11.5 KB)
jmclaughlin1975:
this is my code for now, as its unfinished. I have posted it in a txt file
That's what attachments are for.
th column one thing is to do with wordpad not saving formatting, so don't blame me
We can blame you for not reading any of the "sticky" posts at the start of the programming section, can we not, or don't they apply to you? If not, why not?
I did a fairly lengthy post about an RFID system with a master card. That might help you a bit. However I don't bother encrypting the data (after all, the decryption key would have to be stored on the Arduino).
code[10] = '\0'; // Add null at end to terminate the string
That's still wrong.
if (int(key) != 0) {
There is a constant, NO_KEY that is defined, so the useless cast is not needed.
if (key == ourCode[currentPosition])
{
++currentPosition;
if (currentPosition == 4)
{
logEmployee(currentEmployee, true);
DisableImmob();
currentPosition = 0;
currentState = waitingForTagID;
clearSerial();
}
} else {
// Does not match so it is an invalid code
logEmployee(currentEmployee, false); // Log to the serial port the failue
invalidCode(); // Display invalid code screen
currentPosition = 0; // Set the read position back to 0
currentState = waitingForTagID; // Change the state back to waiting for RFID read
clearSerial(); // Clear and junk that is on the serial port
}
} else {
Which
of
those
curly
braces
line
up?
There is a tool, on the Tools menu, called Auto Format. Use it!