Good afternoon Somehow I got tired of paying 150 rubles for a copy of the intercom key and decided to assemble a simple, budget iButton duplicator on Arduino. The prices for such ready-made devices “bite”, although their functionality is wider, they copy almost everything, including wireless dongles. A simple copy of the iButton key a la "button" is enough for me. Interesting? Please under "cut"!
So let's get started! To begin with, "technical assignment", what should this device be able to do:
1) Read the contents of the key, it's interesting what is sewn up there.
2) Copy the keys, no matter how strange it sounds :)
3) Flash the "universal" key. By the word "universal" we mean any of our own keys, which will be recorded by default.
UPD. Very important! If the first byte, family code, is 00
, For example 00
:12:34:56:AB:CD:EF: AA, then after the firmware the key will “die”, it will not be read by this programmer, and possibly by others. Found by experience, thanks to a friend 16 :AB:CD:EF:E0 with a naturally incorrect checksum E0. Since the checksum is incorrect, the intercom ignores this sequence when reading. This intercom ruined all rewritable keys, while I figured out what was going on and why the data in the keys “by itself” changes. As a result, it was not possible to make a duplicate for this intercom, I had to go to a service organization and order a key for 100 rubles. :)
The title turned out to be too loud - and the key is not so universal, and not everyone will succumb to the intercom. Anyway.
We are talking about intercoms that work with 1-wire tablets DS1990, like this:
On the Internet you can find a lot of materials on how to read information from them. But these tablets are not only read-only. It is human nature to lose keys, and today a stall with DS1990 cloning services can be found in any underground passage. For recording, they use blanks that are compatible with the original keys, but have additional commands. Now we will learn how to program them.
Why is this needed? If we discard obviously bad options, then the simplest thing is to reprogram the cloned tablets that have accumulated and become unnecessary from the old intercom, replaced with a new one, from the entrance of a rented apartment where you no longer live, from work where you no longer work, etc.
I’ll make a reservation right away that in the description I will omit some points that are obvious to most of those who are “in the know”, but, perhaps, do not allow a simple person who has wandered here from a search engine to repeat the procedure. This is done on purpose. Although I am for the openness of information, and I believe that information about all vulnerabilities should be communicated to the public as quickly as possible, I still don’t want anyone who wants to be able to easily enter my entrance.
The blanks on which the keys are cloned are of different types. In our city the most common ones are TM2004. According to the description, they support finalization, after which they lose the ability to rewrite and function like the most ordinary DS1990. But for some reason, craftsmen who make copies do not always finalize. Perhaps because the majority of programmers on the market were bought a long time ago and do not have such a function, perhaps because finalization requires an increased (9V) voltage. Don't know. But the fact remains, of the 4 keys on which I experimented, only one was finalized. The rest easily allowed you to change your code to whatever you like.
We will assemble the programmer on the Arduino Uno, which is ideal for such purposes of prototyping and assembling disposable crafts. The circuit is simple, 1-Wire for that and 1-Wire.
Assembly time of the device on the brainboard does not exceed five minutes
Sketch code. The recording algorithm itself is taken here - domofon-master2009.narod.ru/publ/rabota_s_kljuchom_tm_2004/1-1-0-5
True, it says there that you can write all 8 bytes in a row, but it didn’t work for me. Therefore, each byte is written separately, through its own 0x3C command.
#include
After starting, the program polls the 1-Wire interface once per second and issues the code read from it to the serial port. If it is FF:FF:FF:FF:FF:FF:FF, then we assume that nothing is connected. In the general case, this, of course, is not true, since some blanks, for example, TM2004, allow you to write 8 0xFF into the key identifier, so if your tablet is flashed with such a code, then the check must be removed.
The order of work: we start, we connect the key whose code we want to know, and the resulting hardcode value into the key_to_write array. We remove the return marked with a comment. We start again and connect the blank, it should be flashed with a new key. Naturally, to record an already known code (say, a master key), the first step is not required.
If an error occurred while writing the first byte, then your key is not writable. If the error is not on the first, but on some of the subsequent bytes, then check the contact between the tablet and the arduino.
A successful write log looks something like this:
KEY FF:FF:FF:FF:FF:FF:FF...nothing found! KEY FF:FF:FF:FF:FF:FF:FF...nothing found! KEY FF:FF:FF:FF:FF:FF:FF...nothing found! KEY 1:98:2C:CD:C:0:0:EB Programming new key...................done! KEY 1:BE:40:11:5A:36:0:E1...already programmed!
We go down to the street, trying to open the next entrance. Works!
Well, firstly, let's face it - the master key will be programmed to you in any transition for very little money. Yes, there are plenty of offers on the Internet. In this regard, one and a half habrozhite who repeated my experience is a drop in the ocean.
Secondly, I still deliberately missed a few rather fundamental questions that will prevent a beginner from starting the device. Well, an advanced person is unlikely to come to your entrance to sleep there or do indecency.
Therefore, I publish without the slightest doubt. Enjoy!
You have lost your intercom keys and cannot make a duplicate. Do you want to visit a friend, but you do not have the keys to her entrance. Or you just need to take a shit to your enemy, but you can't get into his house, then this article is for you.
A few words about the principle of work ...
There is an opinion that there is a magnet in the tablets from the intercom, and it opens the door. No, it's not. The tablet is a ROM, with a hard-wired key in it. This ROM is called - Touch Memory, brand DS1990A. DS1990A is the brand of intercom keys. Communicates with the intercom via the one-wire bus (single-wire interface). This bus was developed by Dallas and allows two devices to communicate over just one wire. If the device is passive (as in our case), then it also transmits power to it through this wire. It should also be noted that a common wire is also needed (so that the circuit closes), but, as a rule, all the grounds of devices connected to this bus are connected together. The key contains a 60 picofarad capacitor, which provides short-term power to the key at the time of the answer. But the host device must constantly (at least once every 120 microseconds) generate a one signal to charge this capacitor so that the ROM in the tablet continues to be powered.
Tablet internals
Organization of the One-wire bus
The One-wire bus works as follows. There is a master device, and a slave device, in our case a passive key. The main signals are generated by the master, logic one and zero signals. The slave device can only force zero signals (i.e. just pull the bus to ground through the transistor). A simplified diagram of the master and slave is shown in the pictures.
Wizard scheme
If you look at the circuit, it is easy to see that by default the master always has +5 volts, a la logical unit. To transfer a logical zero, the master closes the bus to ground through a transistor, and to transfer a unit, it simply opens it. This is done in order to provide power to the slave device. The slave device is made similarly, only it does not generate +5 volts. It can only sink the bus to ground, thereby transmitting a logical zero. The logical unit is transmitted simply by the “silence” of the device.
Work Protocol
You can immediately notice that only the Master rules the parade, the DS1990A key itself either holds the ground (the master sets the bus to zero himself), or simply remains silent, in case he wants to transfer a unit, he simply remains silent. Let's look at the drawing.
An example of reading a key by an intercom.
After generating a PREFERENCE pulse by the key, the master device waits for some time and issues a command to read the ROM, usually this is a family code, in our case 33H. Pay attention to how the transfer of zero and one is done. In any case, the impulse “drops” to the ground, but if a unit is transmitted, then it is quickly restored (about 1 microsecond), if it should be zero, then the impulse “hangs” on the ground for some time, then returns back to one. A return to unity is necessary so that the passive device constantly replenishes the energy of the capacitor, and there is power on it. Further, the intercom withstands for some time and begins to generate pulses for receiving information, a total of 64 pulses (that is, it receives 64 bits of information). The key is just to match the durations correctly. If he wants to display zero, then he keeps the bus at zero for some time, if not, then he simply remains silent. The intercom does everything else for him.
Contents of the DS1990A key.
In intercoms, and simply devices where such devices are used to open doors, a key of the DS1990A standard is used. This device is an 8-byte ROM, with information recorded by a laser.
 |
Key dump schema.
The low byte contains the family code. For DS1990A it will always be 01h. The next six bytes contain the serial number of the key. The most intimate thing that identifies the key. The last byte is called CRC, this is a parity check that ensures the authenticity of the transmitted data. It is calculated from the previous seven bytes. By the way, this is not the only standard. There are rewritable ROMs on which information can be carried, and there are also encryption keys. But the whole variety of Dallas tablets is simply unrealistic to consider within the framework of one article, you can read about them on the disk.
The physical device of the key.
Probably, all of the above discouraged any desire to deal with key emulators, because the key must be read, and this is such a hemorrhage. It turns out not! Dallas manufacturers took care of us and placed all the information we needed directly on the key, moreover, in hexadecimal system! It is engraved on it and it is quite possible to read it, and then later sew it into our wonderful emulator.
 |
Key muzzle
We are interested in the following from all this information:
CC = CRC is the parity check byte of the 7th byte in the firmware
SSSSSSSSSSSS = twelve nibbles //nibbles = 1/2 bytes// of the serial number, i.e. the key itself in hex codes.
FF = family code, in our case it is 01h - zero byte of our key.
It turns out that we can simply write a program, hammer the entire key into it, rewriting the dump visually from the real key with pens, and we will get a ready-made emulator. It is enough just to take the key in the hands of the enemy and rewrite what is written on it. Which I did with great success. :)
emulator.
So we got to the most delicious - the emulator of the keys from the intercom. First, I found a ready-made emulator on some site, sewed it into my AT89C51 and it didn’t work (which is not surprising). But it's not sporty to use other people's firmware and catch other people's, specially left, bugs in the code. Therefore, I began to make my own emulators and write my own programs for them. In general, I tried to make an emulator on 6 different microcontrollers, different architectures, belonging to two families AVR and i8051, all manufactured by Atmel. It did not work for everyone, and a lot of programs were written. At first, Napoleonic tasks were generally set to make a universal emulator with the ability to select a key, but then I left this idea because of its hemorrhoids and meaninglessness, let other people who are interested in this article take care of it. But the cost of the emulator, not counting the labor expended, is less than 70-80 re, you can even meet 30 re, if you do it, for example, on ATtiny12.
The principle of the emulator.
We have considered in detail the principle of operation of the intercom, and accordingly it will not be a big problem to describe the algorithm of the DS1990A emulator program. We look carefully at the diagram and think about what needs to be done. And you need to do the following. The leg of the microcontroller hanging in the air (until it is connected to the ground, the reset pulse) will be considered by the controller as a logical unit. It means that after supplying power to the controller, we must wait until our leg goes to the ground, a la to zero. As we heard zero, we rejoice, wait a while and transfer the port from read mode to write mode. Then we drop the bus to zero, and hold it for a while - we generate a PRESENCE pulse (see the datasheet for the duration of the pulses). Then we again transfer the bus to read mode, and we are waiting for what the master - intercom will tell us. He will tell us the read command, consisting of 8 bits. We will not decode it, because in 99.999% of cases, he will tell us the command to give his dump, a la 33H, just count 8 pulses and don’t worry. We are waiting further. And the most difficult and interesting thing begins - you need to quickly look at what the intercom is telling us and answer it quickly too. We need to bit by bit issue a serial number consisting of 8 bytes, which I mentioned above. I did it as follows (it doesn't matter which microcontroller, the principle will be the same everywhere), loaded the byte into some free register, and shifted it to the right, and watched the transfer bit. As soon as the intercom drops the bus to zero, then if I have the transfer flag set to one, then I simply remain silent on this pulse and wait for the generation of the next bit reading pulse from the master. If I have a zero in the transfer flag, then after the intercom drops the bus to zero, I put the microcontroller port in the output mode and forcibly hold the bus at zero for a while, then release it and switch the controller port back to read mode. According to the duration of the pulse in the ground, the master device understands whether a unit or zero was transmitted to it. In principle, everything, then the intercom should joyfully beep and open the door.
Practice.
Tester board. I can see the inscription dallas.
After a little hemorrhoids and a war with the debugger, the code turned out. Here is an example code for outputting data to the intercom on the AT89C2051. (In general, AT89C2051 is a popular, but outdated controller. One of the first that I programmed. Peripherals are minimal, memory is also nothing. It is sewn only with a high-voltage programmer. Although there is its new replacement AT89S2051, it can already be flashed in-circuit through some kind of AVR ISP, and maybe through AVRDUDE - I didn't check it. The most curious thing is that it is compatible with ATTiny2313 on the legs, so the code can be ported to Tinka. note DI HALT)
D.I. HALTS:
We wrote this hellish code with Long back in 2006 in his apartment. Hurried to hiccups over their blunts. I then felt the AVR for the first time. I was sitting on a completely unfamiliar assembler for the procedure for reading from EEPROM, while Long was picking a demo board for his future emulator. I especially remember my joke with the watchdog when my MK was reset while writing to EEPROM and sawing out the i2c memory chip from the board using a cutting wheel. Eh ... nothing, I'm driving to Moscow, we'll burn it again!
;======================================= ; Issuance of a serial number; in: R0- address where the serial is with the tablet type and CRC8; USES: A,B,R0,R1,R2 ;===================================== ================== DEMUL_SendSer: mov R2,#8 SS3: mov ACC,@R0 mov R1,#8 SS2: JB TouchFuck,$ ; zero 1->0 RRC A ;C:=A.0; shift A; mov TouchFuck,C ;TouchFuck:=C; MOV B,#9 DJNZ B,$ ;Delay 20 us setb TouchFuck JNB TouchFuck,$ ;loop until 0 DJNZ R1,SS2 inc R0 DJNZ R2,SS3 ret ;=============== ========================================
Results.
As a result, I got a lot of emulators. True, some of them still need to be brought to mind. Although a few 100% working. Examples of emulators you can look at the pictures.
 |
 |
Photos of emulators
The most interesting is the CRC check, which is carried out by the intercom. You will need this if you want to put Dallas lock on your computer for example. An example of calculating CRC on A89C2051 (although this code will work on all microcontrollers of the i8051 family.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 DO_CRC: PUSH ACC ;save accumulator PUSH B ;save the B register PUSH ACC ;save bits to be shifted MOV B,#8 ;set shift = 8 bits ; CRC_LOOP: XRL A,CRC ;calculate CRC RRC A ;move it to the carry MOV A,CRC ;get the last CRC value JNC ZERO ;skip if data = 0 XRL A,#18H ;update the CRC value ; ZERO: RRC A ;position the new CRC MOV CRC,A ;store the new CRC POP ACC ;get the remaining bits RR A ;position the next bit PUSH ACC ;save the remaining bits DJNZ B,CRC_LOOP ;repeat for eight bits POP ACC ;clean up the stack POP B ;restore the B register POP ACC ;restore the accumulator RET DO_CRC: PUSH ACC ;save accumulator PUSH B ;save the B register PUSH ACC ;save bits to be shifted MOV B,#8 ;set shift = 8 bits ; CRC_LOOP: XRL A,CRC ;calculate CRC RRC A ;move it to the carry MOV A,CRC ;get the last CRC value JNC ZERO ;skip if data = 0 XRL A,#18H ;update the CRC value ; ZERO: RRC A ;position the new CRC MOV CRC,A ;store the new CRC POP ACC ;get the remaining bits RR A ;position the next bit PUSH ACC ;save the remaining bits DJNZ B,CRC_LOOP ;repeat for eight bits POP ACC ;clean up the stack POP B ;restore the B register POP ACC ;restore the accumulator RET
Conclusion.
As you can see, intercom keys are not as simple as they seem. However, emulating them is available to anyone who owns programming and a soldering iron.
D.I. HALTS:
Cases of bygone days, legends of antiquity deep ... Long - WDR! (it will be clear only to the initiated;)))))
Pre-edited version of an article from Hacker magazine
Each intercom key has its own number - it is this number that serves as the key identifier. It is by the number of the key that the intercom decides - its own or someone else's. Therefore, the copying algorithm is as follows: first you need to find out the number of the allowed key, and then assign this number to another key - the clone. For the intercom, it makes no difference whether the original key or its copy was attached. After checking the number with his database of allowed numbers, he will open the door.
Intercom keys that we will connect to the Arduino (they are sometimes called iButton or touch memory) are read and written via 1-wire interface. Therefore, the connection scheme is very simple. All we need is a couple of wires and a 2.2 kΩ pull-up resistor. The connection diagram is shown in the figure.
The assembled circuit might look something like this:
To work with the 1-wire interface, there are ready-made libraries for Arduino. You can use, for example, this one. Download the archive and unpack it into a folder /libraries/ located in the Arduino IDE directory. Now we can very simply work with this protocol.
Upload this sketch to Arduino in the standard way:
iButton Key Reading Sketch with Arduino(expands) #includeThis sketch shows the key number for the intercom that is connected to the circuit. This is what we need now: we need to find out the number of the key we want to make a copy of. Let's connect the Arduino to the computer. Let's start the serial port monitor: Tools Serial Port Monitor(or keyboard shortcut Ctrl+Shift+M).
Now let's connect the key to the circuit. The port monitor will show the key number. Let's remember this number.
And here is what exchange takes place on a single-wire line when reading the key identifier (for more details, see below):
The figure, of course, does not show all the implementation details. Therefore, at the end of the article, I attach a timing diagram in the *.logicdata format, taken with the help of a logic analyzer and the program Saleae Logic Analyzer and opened to her. The program is free and can be downloaded from the official Saleae website. To open the *.logicdata file, you need to run the program, press Ctrl + O or in the menu Options(located at the top right) select an item open capture / setup.
Now let's write a sketch for writing data to the memory of the iButton key.
iButton key writing sketch with Arduino(expands) #includeDon't forget to set the number of your original key in the array key_to_write which we learned earlier.
Upload this sketch to the Arduino. Open the serial port monitor (Ctrl+Shift+M). Let's connect a key to the scheme, which will be a clone of the original key. The serial port monitor will display a corresponding message about the result of programming.
If this sketch didn't work, try replacing the code after Serial.print("Start programming...") until the end of the function loop() to the next one:
Additional sketch for writing iButton key using Arduino(expand) delay(200); iButton.skip(); iButton.reset(); iButton.write(0x33); // read current key number Serial.print("ID before write:"); for (byte i=0; i<8; i++){ Serial.print(" "); Serial.print(iButton.read(), HEX); } Serial.print("\n"); iButton.skip(); iButton.reset(); iButton.write(0xD1); // команда разрешения записи digitalWrite(pin, LOW); pinMode(pin, OUTPUT); delayMicroseconds(60); pinMode(pin, INPUT); digitalWrite(pin, HIGH); delay(10); // выведем ключ, который собираемся записать: Serial.print("Writing iButton ID: "); for (byte i=0; i<8; i++) { Serial.print(key_to_write[i], HEX); Serial.print(" "); } Serial.print("\n"); iButton.skip(); iButton.reset(); iButton.write(0xD5); // команда записи for (byte i=0; i<8; i++) { writeByte(key_to_write[i]); Serial.print("*"); } Serial.print("\n"); iButton.reset(); iButton.write(0xD1); // команда выхода из режима записи digitalWrite(pin, LOW); pinMode(pin, OUTPUT); delayMicroseconds(10); pinMode(pin, INPUT); digitalWrite(pin, HIGH); delay(10); Serial.println("Success!"); delay(10000);Here the function writeByte() will be as follows:
int writeByte(byte data) ( int data_bit; for(data_bit=0; data_bit<8; data_bit++) { if (data & 1) { digitalWrite(pin, LOW); pinMode(pin, OUTPUT); delayMicroseconds(60); pinMode(pin, INPUT); digitalWrite(pin, HIGH); delay(10); } else { digitalWrite(pin, LOW); pinMode(pin, OUTPUT); pinMode(pin, INPUT); digitalWrite(pin, HIGH); delay(10); } data = data >> 1; ) return 0; )It is pointless to show the timing diagram of the operation of the key identifier recording sketch, because it is long and will not fit in the picture. However, the *.logicdata file for the logic analyzer program is attached at the end of the article.
Intercom keys come in different types. This code is not suitable for all keys, but only for RW1990 or RW1990.2. Programming keys of other types can lead to key failure!
If desired, you can rewrite the program for a key of a different type. To do this, use the technical description of your key type (datasheet) and change the sketch in accordance with the description. Download datasheet for iButton keys can be attached to the article.
By the way, some modern intercoms read not only the key identifier, but also other information recorded on the original key. Therefore, making a clone by copying only the number will not work. You need to completely copy the key data.
Let's take a closer look at the One-wire interface. In organization, it is similar to the I2C interface: it must also contain a master device (master) that initiates the exchange, as well as one or more slave devices (slave). All devices are connected to one common bus. iButton devices are always slaves. The master is usually a microcontroller or PC. The data rate is 16.3 kbps. The idle bus is at logic "1" (HIGH). This protocol provides only 5 types of signals:
Initialization consists in the fact that the master sets the reset condition RESET (lowers the line to "0" for a period of 480 μs or more, and then releases it, and due to the pull-up resistor, the line rises to the state "1"), and the slave no later than 60 µs after that, it must confirm the presence by also lowering the line to "0" for 60 ... 240 µs and then freeing it:
If no acknowledgment signal is received after the initialization pulse, the master repeats the polling of the bus. If the confirmation signal is received, then the master understands that there is a device on the bus that is ready for the exchange, and sends it one of the four 8-bit ROM commands:
(*) By the way, there are quite a few families of iButton devices, some of them are listed in the table below.
iButton family codes(unfolds)| Family code | iButton devices | Description |
|---|---|---|
| 0x01 | DS1990A, DS1990R, DS2401, DS2411 | Unique serial number-key |
| 0x02 | DS1991 | Multikey, 1152-bit secure EEPROM |
| 0x04 | DS1994, DS2404 | 4 kb NV RAM + clock, timer and alarm |
| 0x05 | DS2405 | Single addressable key |
| 0x06 | DS1993 | 4 KB NV RAM |
| 0x08 | DS1992 | 1 KB NV RAM |
| 0x09 | DS1982, DS2502 | 1 kb PROM |
| 0x0A | DS1995 | 16 KB NV RAM |
| 0x0B | DS1985, DS2505 | 16 KB EEPROM |
| 0x0C | DS1996 | 64 KB NV RAM |
| 0x0F | DS1986, DS2506 | 64 KB EEPROM |
| 0x10 | DS1920, DS1820, DS18S20, DS18B20 | temperature sensor |
| 0x12 | DS2406, DS2407 | 1 kb EEPROM + dual channel addressable key |
| 0x14 | DS1971, DS2430A | 256 bit EEPROM and 64 bit PROM |
| 0x1A | DS1963L | 4 KB NV RAM + write cycle counter |
| 0x1C | DS28E04-100 | 4 KB EEPROM + dual channel addressable key |
| 0x1D | DS2423 | 4 KB NV RAM + external counter |
| 0x1F | DS2409 | Two-channel addressable key with the possibility of switching to the return bus |
| 0x20 | DS2450 | Four-channel ADC |
| 0x21 | DS1921G, DS1921H, DS1921Z | Thermochronic sensor with data acquisition function |
| 0x23 | DS1973, DS2433 | 4 kb EEPROM |
| 0x24 | DS1904, DS2415 | Real time clock |
| 0x26 | DS2438 | Temperature sensor, ADC |
| 0x27 | DS2417 | Real time clock with interrupt |
| 0x29 | DS2408 | Bidirectional 8-bit I/O port |
| 0x2C | DS2890 | Single channel digital potentiometer |
| 0x2D | DS1972, DS2431 | 1 kb EEPROM |
| 0x30 | DS2760 | Temperature sensor, current sensor, ADC |
| 0x37 | DS1977 | 32 KB password protected EEPROM |
| 0x3A | DS2413 | Dual Channel Addressable Switch |
| 0x41 | DS1922L, DS1922T, DS1923, DS2422 | High-resolution thermochronic and hygrochronous sensors with data acquisition |
| 0x42 | DS28EA00 | Digital thermometer with programmable resolution, serial link capability and programmable I/O ports |
| 0x43 | DS28EC20 | 20 kb EEPROM |
Data is transmitted sequentially, bit by bit. The transmission of each bit is initiated by the master. When recording, the leader lowers the line to zero and holds it. If the line holding time is 1…15 µs, then bit "1" is written. If the hold time is 60 µs or more, bit "0" is written.
Reading bits is also initiated by the master. At the start of reading each bit, the master pulls the bus low. If the slave wants to send a "0", it holds the bus in the LOW state for 60 to 120 µs, and if it wants to send a "1", it keeps the bus in the LOW state for about 15 µs. After that, the slave releases the line, and due to the pull-up resistor, it returns to the HIGH state.
This is how, for example, the timing diagram of the Search ROM (0xF0) search command looks. Bit writing commands are marked in red in the diagram. Pay attention to the order of the bits when transmitting over 1-Wire: the most significant bit is on the right, the least significant bit is on the left.
Before considering the commands for working with the iButton PROM, it is necessary to say a few words about the dongle memory structure. The memory is divided into 4 equal sections: three of them are designed to store three unique keys, and the fourth is for temporary data storage. This temporary buffer serves as a kind of draft where data is prepared for writing keys.
To work with the PROM, there are 6 commands:
| Name | Team | Purpose |
|---|---|---|
| Write to temporary buffer (Write Scratchpad) | 0x96 | Used to write data to a temporary buffer (scratchpad). |
| Read from temporary buffer (Read Scratchpad) | 0x69 | Used to read data from a temporary buffer. |
| Copy from temporary clipboard (Copy Scratchpad) | 0x3C | Used to transfer data prepared in a temporary buffer to the selected key. |
| Write key password (Write Password) | 0x5A | Used to record the password and unique identifier of the selected key (one of three). |
| Write a key (Write SubKey) | 0x99 | Used to directly write data to the selected key (bypassing the temporary buffer). |
| Read Key (Read SubKey) | 0x66 | Used to read the data of the selected key. |
To be continued...
1) If an error occurs while compiling the sketch WConstants.h: No such file or directory #include "WConstants.h", then, as an option, follows in the file OneWire.cpp replace the first block after the comments with the following:
#include
2) If an error occurs during compilation class OneWire has no member named read_bytes, then find and try to use another library to work with the OneWire interface.
Good day to all!
I would like to bring to your attention a duplicator (copier) of intercom keys.
The copier can read / write to a key fob or card.
I have long wanted to try out an inexpensive device for copying keys from an intercom. And now this moment has come, so let's get started.
The order came in 3 weeks.
Intercom keys. A small educational program.
The keys are:
(i.e. they must be applied to the reader) 
(they just need to be brought to the reader at a distance of 2-3 cm). They are issued in the form of cards, key rings, bracelets, etc. The common name is “cards” and “drops” (key rings). Keys operating up to 10-15 cm are called Proximity (short-range), and operating up to 1 m - Vicinity (long-range). Intercoms use exclusively Proximity keys, and this term has become almost synonymous with "contactless key".
In the world of Proximity, there is also no unity of formats:
This device is designed EXCLUSIVELY to copy 125KHz proximity keys.
No other keys can be copied.
Device in the on position:
(the red light is on, it means the device is on)
If you liked the review, or helped in choosing a device, put likes, this is your best reward for my work.
Thank you all for your attention!
The product was provided for writing a review by the store. The review is published in accordance with clause 18 of the Site Rules.
I plan to buy +88 Add to favorites Liked the review +44 +83
