Opening my front door with a fingerprint sensor
In this simple project I want to build a box that allows my children to enter the house with a fingerprint sensor. At the same time this project doubles as a prototype for video doorbell with fingerprint sensor that I might want to build later.
Prerequisites
In my case we are owning a Nuki door lock already: So basically a small box on the inside of my front door that turns the door key when told so via Bluetooth. In my case I am also using the so-called “Nuki Bridge”: That again is a small box in the hallway that can be told via API to tell the small box on the front door via Bluetooth to turn the key. What a wonderful new world!
The idea of this project is simple: I will connect a R503 sensor with an ESP32, that will then (if a valid fingerprint is detected) send that API request to the Nuki bridge.
Similar should be possible for any other smart door lock that has some kind of API. To my understanding it should even work without the Nuki bridge as the ESP32 could also directly communicate with the Nuki door lock via Bluetooth API. Examples for this are projects such as NukiBleEsp32 or Nuki_Hub.
Long story short, you need:
- an API enabled smart door lock
- an ESP32 (or another microcontroller that has (depending on your door lock) Wifi or Bluetooth connectivity)
- a R503 fingerprint sensor
The project build
Everyone in the software industry knows: Nothing holds longer than a prototype. So I decided to invest some extra effort to make the box for the fingerprint sensor “somewhat nice”. It ended up being more on the beefy sides of things… but it serves its purpose.
A word of warning
Some possible pitfalls are:
- If the box is accessible an attacker could swap the sensor with an own, preconfigured one (as the fingerprints are stored on the R503). Therefor you should make use of the password functionality of the sensor.
- Make use of the
confidence
value of the sensor: Only open the door if the sensor is confidence enough about the match. - The so called FAR (False Acceptance Rate) indicated how likely it is, that the sensor will mistake two different fingers for the same. For R503 I found values such as
<0.001%
- which is one out of 100.000. - There could be other attacks to the sensor that I am not aware of.
- There could be stupid programming mistakes that I am not aware of.
It could therefore also make sense to think twice about:
- if to use this system at all
- where to place it and how visible it should be
- deactivating it for longer journeys
- making it only usable in certain time windows
- ensuring that the ESP is not accessible
The project
The actual wiring is quite easy:
R503 Pin | R503 Description | ESP 32 Pin |
---|---|---|
1 (red) | DC 3.3V | 3.3V |
2 (black) | Ground | Ground |
3 (yellow) | TXD, Output | P17 |
4 (brown or green) | RXD, Input | P16 |
The R503 just needs 3.3V from the ESP32 and ground for power supply. Additionally, I connected the yellow TXD Pin of the R503 to P17 Pin of the ESP32 and the brown (sometimes also green) RXD Pin of the R503 to the P16 Pin of the ESP32.
Using the library manager of the Arduino IDE it is quite simple to use the Adafruit Fingerprint Sensor Library. It also includes a lot of examples for registering new fingerprints, checking fingerprints etc.
The main logic of this project so mainly is arranging this examples in a way that you can trigger a “new finger registration” by putting your “admin” finger on the sensor for some longer time. The sensor then blinks and will tell you to show the new finger two times. After that the sensor stores the finger hash internally and will be able to identify the finger in the future.
The rest then again is simple: If the sensor sees a known finger, it will trigger an API Call that - you might guess it - will tell my Nuki bridge via HTTP to tell the Nuki door lock via Bluetooth to turn the key a few times. The door jumps open - and in walk 2 joyfully squealing kids with muddy boots and run with them through the house. With regard to my idea to let the kids in unguarded I just can say: Be careful what you wish for.
As always the code can be found on Github.