特斯拉线圈开启智能门锁电子数据检验方法初探

Tentative Exploration into Electronic Data from a Smart Lock about Its Unlocking with Tesla Coil

目的研究特斯拉线圈开启智能门锁前后,锁内芯片电子数据变化情况,提出现场勘查和检验鉴定工作建议。方法将一款智能门锁进行拆解,研究其指纹和密码的存储芯片(微处理器〔MCU〕和电子抹除式可复写只读存储器〔EEPROM〕)及存储方式,反复演示特斯拉线圈开锁过程,分别读取干扰前后芯片内的数据,并比较数据变化情况。研究智能门锁硬件电路的通信方式,使用随机波形发生器模拟不同通信方式受干扰的情况,记录并比较特斯拉线圈开锁前后硬件电路通信方式变化、寻找受特斯拉线圈干扰的通信方式,研究特斯拉线圈开启智能门锁的机制。结果智能门锁的指纹和密码数据存储在EEPROM上,其中密码以明文形式存储,特斯拉线圈干扰开锁后指纹和密码数据被全部擦除。智能门锁的键盘和MCU之间采用中断信号线(IRQ线)、控制线(SCL)、数据线(SDA)三种通信方式进行通信;特斯拉线圈干扰时通信信号发生变化,由于信号变化使IRQ中断程序未能完成,程序紊乱,致EEPROM上的指纹和密码数据被全部抹除,智能门锁被打开。结论特斯拉线圈对智能门锁通信信号产生干扰,造成EEPROM上的密码和指纹存储数据全部被擦除,门锁自动打开。在实际案件中,能够通过检验智能门锁EEPROM上存储数据变化情况,推测是否被特斯拉线圈开启过。

Objective To scrutinize the electronic data changing with its related smart lock which to unlock through Tesla coil so that the key points of crime scene investigation and suggestions are thereby to put forward.Methods A smart lock was disassembled to explore its both fingerprint/password storage chip(MCU:micro control unit or EEPROM:electricallyerasable programmable read-only memory)and mode,consequently having undergone repeatedly to unlock with a Tesla coil such that the data in the lock’s chip were recorded for comparison before and after the unlocking.The hardware-circuit communication of the lock was examined to ascertain which communication mode had been interfered with the Tesla coil.An arbitrary waveform generator was adopted to simulate the interfered communication mode from which the resulting changes were recorded and compared against those caused through Tesla coil disturbing.Consequently,the reason why Tesla coil can unlock the smart lock was to discover.Results The fingerprint and password are found of being stored in EEPROM of the selected smart lock,with the password being kept in the storage mode of plaintext.There are three communication modes of IRQ(interrupt request line),SCL(system clock line)and SDA(static data authentication)between the smart lock’s panel board and MCU.When a Tesla coil opens the smart lock,the communication signal has changed,causing the IRQ program unable to get through and/or being disordered so that all the stored data of password and fingerprint have been completely erased from EEPROM,leaving the door open.Conclusions Tesla coil can interfere the communication signals of smart lock,resulting in the lock’s stored data of password and fingerprint being completely erased from EEPROM and the lock being opened automatically.For crime scene investigation,whether a smart lock has been opened with Tesla coil can be inferred through checking if there is occurrence to changing with the data stored in EEPROM of the lock.