Samsung 3321 not able to register implant

Seems like I’m having the exact same issue.

If Samsung is rolling out firmware updates to remove 3rd party support of other tags, that’s bad news for this community.

All I can think of is if somebody can hook up a JTAG to their implant-functional 3321 and dump the firmware. I’m no hardware developer but it’d be nice if there was a way for us to flash our dysfunctional units back to a working firmware. Else I think I’m just gonna return this lock. $200 is too much to pay for a deadbolt that isn’t compatible with my NExT.

1 Like

I will offer a loaner Samsung lock for this purpose… this needs to happen!

3 Likes

After some thought, the only way to not be at the mercy of lock makers is to make our own locks… unfortunately that’s a very expensive proposition… do we have any mechanical engineers in the house? Can we reverse engineer some locking mechanisms? Can we make our own design? The electronics are not the issue for us, it’s the mechanical design that’s at issue.

I started this topic just now: https://forum.dangerousthings.com/t/open-source-deadbolt-lock

with a fresh empty github repo: https://github.com/vivokey/lock-deadbolt

2 Likes

There are a few retrofit RFID Bluetooth locks that bolt onto existing hardware. An RFID reader, servo and Arduino equivalent, esp32 which has sleep function with touch wakeup to save battery power.

Issue I see is getting insurance company onboard, no-one wants their house broken into then insurance company refusing to pay due to unapproved locks.

Having said that I’d definitely want to work on this. The lock mechanism is relatively simple, and cheap, building the housing is the hard part. Needs to be waterproof, extreme weather proof, vandal proof etc etc. 3D print prototype then cast alloy for production.

Real danger of getting obsessed by this…

3 Likes

Or we could ask Samsung REALLY NICELY to put the code back to how it was.

1 Like

We could petition but we don’t have the numbers, the best shot we have is attempting to get in direct contact with the EZON team at Samsung via email or other means.

I’ll send out some emails to Samsung and see if I can get a response.

@amal has a higher likelihood of getting a response from them, because of his position as the father of biohacking lol.

Realistically, them allowing an xNT is not a security risk for them, so maybe by asking nicely we can get a yes?

2 Likes

Missed def con by a couple of months…hacking the Samsung firmware to allow ntag216 would have been a great challenge for convention attendees. Or a retrofit circuit board. Now there is a thought! The RFID reader and all locking hardware is in place, we need to swap out the brain (little piggy back esp32 board) Maybe there are other locks this approach could be applied to?

4 Likes

Power consumption is the only real challenge with that if you’re gonna add an Arduino or Raspberry Pi to the circuit, also would have to figure out how to take the (possibly serial) output of the NFC reader and feed that into the new controller.

1 Like

The esp32 which has WiFi & Bluetooth in addition to usual Arduino capabilities has an ultra low power sleep mode with touch wakeup built in. I suspect something similar is at the heart of many smart locks. This would explain the need to touch the screen to wake up the lock, and it’s ability to run off AA batteries. I agree normal Arduino or pi would use way too much power.

Deep sleep power usage is in the micro amp range

3 Likes

I bought one of the new ones to tear it up. Interesting stuff.

The “outer” board (the one on the “locked” side of the door) shows where the antenna used to connect to. There are unpopulated parts including an IC that was clearly a RFID reader chip. The antenna is now connected to the inner board. This makes sense from a security standpoint.

The inner board has an 18 series PIC microcontroller and a TRH031M reader chip… What is interesting is this chip should be able to read anything, including ISO-15693 tags.

In all likelihood, the PIC is locked down so you cant read the program flash (but you never know)… but a very possible solution would be just to pull the PIC off and replace with your own unlocked one. You’d be starting from scratch but have some decent hardware…

One downside is most of the board is covered in a rather thick conformal coating. It’s not going to be easy to get through it.

5 Likes

That’s a great idea, just dropping your own microcontroller onto an existing board.

Honestly, thick conformal coatings are easier to work with than thin ones. If you toss the board in the fridge you might be able to just chip the coating off of the areas you’re interested in. Thin conformal coatings can general only be removed with heat or solvents, which can put some seriously volatile chemicals into the air.

3 Likes

I was surprised that the coating actually got soft with heat. I thought it was a solvent based material that cured, but now I believe it’s a plastic based material that was applied hot. I’ll be trying to expose the ICD pins and see what is accessible if anything. As far as I can see they are not connected to anything on the board. Though haven’t fully explored that yet…

3 Likes

They had a film crew come out to my place and film stuff for their internal teams a few years ago… back when I was kind of a dummy. They aren’t in the business of playing nice… Google their history of technology theft. It’s breathtaking.

5 Likes

I happen to have one Samsung 3321 that has the old firmware on it and it works great with my implant! If anyone is interested in it send me a message.

  • if this is not allowed, please remove post.
3 Likes

I’ll take it! Message Me

1 Like

It’s gone. Thank you.

2 Likes

Matt, Did you ever end up getting a dump of the firmware? I’ve foolishly bought a 3321 and am now realising the same issue that the OP had/has.

1 Like

I had the same problem with a new 3321.

I harvested the PCB from an old 3320 and stuck it in the 3321 chassis with the 3321 reader/faceplate sure enough all the tags that would not work before suddenly worked.

This confirms the reader itself supports NTAGs just fine even on newer models. It is the mainboard PCB on the door side or firmware on it for sure.

I can’t confirm firmware versions and the chips are covered in epoxy which is a pain… however comparing the boards side by side I noticed they are identical with one exception: the old one has two pairs of diodes populated and the new one leaves them unpopulated.

I am wondering if this is not firmware at all, but someone cutting corners and someone in QA only checking it still worked with the samsung mifare classics and not bothering to test anything else.

It will be a couple months before I am done moving in and can setup my EE lab again, but if anyone with a non working unit laying around wants to populate those 4 pads with diodes it would be worth trying.

Else I’ll get to it myself and report back eventually. Just figured I would share my terrible workaround and the potential implications :slight_smile:

3 Likes

Hey @lrvick

Did you happen to get to this? I’ve got a “bricked” 3321 and an Elec Lab to do it (depending on the conformal coating), and maybe even some spare time over the uni break!

Where do I go looking for those 4 pads, and what orientation are the diodes in on the board that works?
What are the odds that they’re just anti-flyback protection QC decided wouldn’t kill it until after the warranty expired?

Has anyone managed to dump the firmware of a working unit btw? I’ll have a crack at this while I’ve got mine off the door to work out if its possible and how but that firmware won’t actually be useful