If Samsung is rolling out firmware updates to remove 3rd party support of other tags, that’s bad news for this community.
All I can think of is if somebody can hook up a JTAG to their implant-functional 3321 and dump the firmware. I’m no hardware developer but it’d be nice if there was a way for us to flash our dysfunctional units back to a working firmware. Else I think I’m just gonna return this lock. $200 is too much to pay for a deadbolt that isn’t compatible with my NExT.
After some thought, the only way to not be at the mercy of lock makers is to make our own locks… unfortunately that’s a very expensive proposition… do we have any mechanical engineers in the house? Can we reverse engineer some locking mechanisms? Can we make our own design? The electronics are not the issue for us, it’s the mechanical design that’s at issue.
There are a few retrofit RFID Bluetooth locks that bolt onto existing hardware. An RFID reader, servo and Arduino equivalent, esp32 which has sleep function with touch wakeup to save battery power.
Issue I see is getting insurance company onboard, no-one wants their house broken into then insurance company refusing to pay due to unapproved locks.
Having said that I’d definitely want to work on this. The lock mechanism is relatively simple, and cheap, building the housing is the hard part. Needs to be waterproof, extreme weather proof, vandal proof etc etc. 3D print prototype then cast alloy for production.
We could petition but we don’t have the numbers, the best shot we have is attempting to get in direct contact with the EZON team at Samsung via email or other means.
I’ll send out some emails to Samsung and see if I can get a response.
@amal has a higher likelihood of getting a response from them, because of his position as the father of biohacking lol.
Realistically, them allowing an xNT is not a security risk for them, so maybe by asking nicely we can get a yes?
Missed def con by a couple of months…hacking the Samsung firmware to allow ntag216 would have been a great challenge for convention attendees. Or a retrofit circuit board. Now there is a thought! The RFID reader and all locking hardware is in place, we need to swap out the brain (little piggy back esp32 board) Maybe there are other locks this approach could be applied to?
Power consumption is the only real challenge with that if you’re gonna add an Arduino or Raspberry Pi to the circuit, also would have to figure out how to take the (possibly serial) output of the NFC reader and feed that into the new controller.
The esp32 which has WiFi & Bluetooth in addition to usual Arduino capabilities has an ultra low power sleep mode with touch wakeup built in. I suspect something similar is at the heart of many smart locks. This would explain the need to touch the screen to wake up the lock, and it’s ability to run off AA batteries. I agree normal Arduino or pi would use way too much power.
I bought one of the new ones to tear it up. Interesting stuff.
The “outer” board (the one on the “locked” side of the door) shows where the antenna used to connect to. There are unpopulated parts including an IC that was clearly a RFID reader chip. The antenna is now connected to the inner board. This makes sense from a security standpoint.
The inner board has an 18 series PIC microcontroller and a TRH031M reader chip… What is interesting is this chip should be able to read anything, including ISO-15693 tags.
In all likelihood, the PIC is locked down so you cant read the program flash (but you never know)… but a very possible solution would be just to pull the PIC off and replace with your own unlocked one. You’d be starting from scratch but have some decent hardware…
One downside is most of the board is covered in a rather thick conformal coating. It’s not going to be easy to get through it.
That’s a great idea, just dropping your own microcontroller onto an existing board.
Honestly, thick conformal coatings are easier to work with than thin ones. If you toss the board in the fridge you might be able to just chip the coating off of the areas you’re interested in. Thin conformal coatings can general only be removed with heat or solvents, which can put some seriously volatile chemicals into the air.
I was surprised that the coating actually got soft with heat. I thought it was a solvent based material that cured, but now I believe it’s a plastic based material that was applied hot. I’ll be trying to expose the ICD pins and see what is accessible if anything. As far as I can see they are not connected to anything on the board. Though haven’t fully explored that yet…
They had a film crew come out to my place and film stuff for their internal teams a few years ago… back when I was kind of a dummy. They aren’t in the business of playing nice… Google their history of technology theft. It’s breathtaking.
I harvested the PCB from an old 3320 and stuck it in the 3321 chassis with the 3321 reader/faceplate sure enough all the tags that would not work before suddenly worked.
This confirms the reader itself supports NTAGs just fine even on newer models. It is the mainboard PCB on the door side or firmware on it for sure.
I can’t confirm firmware versions and the chips are covered in epoxy which is a pain… however comparing the boards side by side I noticed they are identical with one exception: the old one has two pairs of diodes populated and the new one leaves them unpopulated.
I am wondering if this is not firmware at all, but someone cutting corners and someone in QA only checking it still worked with the samsung mifare classics and not bothering to test anything else.
It will be a couple months before I am done moving in and can setup my EE lab again, but if anyone with a non working unit laying around wants to populate those 4 pads with diodes it would be worth trying.
Else I’ll get to it myself and report back eventually. Just figured I would share my terrible workaround and the potential implications
Did you happen to get to this? I’ve got a “bricked” 3321 and an Elec Lab to do it (depending on the conformal coating), and maybe even some spare time over the uni break!
Where do I go looking for those 4 pads, and what orientation are the diodes in on the board that works?
What are the odds that they’re just anti-flyback protection QC decided wouldn’t kill it until after the warranty expired?
Has anyone managed to dump the firmware of a working unit btw? I’ll have a crack at this while I’ve got mine off the door to work out if its possible and how but that firmware won’t actually be useful
Hey folks, bringing back this old thread to say that I bought the same deadbolt unit which came today. It is not accepting my xSIID implant as an acceptable code, despite scanning the included Samsung brand cards just fine. It seems to detect my implant just fine- when I try to register it, it gives me one “beep” as if to acknowledge the scan, followed by the four-tone “ding dong ding dong” which is the error message.
I’ll just be returning it since I don’t care to pay $180 to carry around a different key instead of my regular house key. @amal, can this be used to update the Chip Compatibility Matrix? There’s no info listed for the intersection of the xSIID and any of the Samsung deadbolts, old or new model.
