Teardown: Bluetooth Padlock - LEKULE

Breaking

26 Mar 2018

Teardown: Bluetooth Padlock

,
The Masterlock Bluetooth Padlock allows keyless entry using a built-in four-button keypad or Masterlock's Bluetooth apps.

Rather than using a typical numerical passcode to access a padlock, the Masterlock Bluetooth Padlock uses a series of key-presses with four directional buttons: up, down, right, and left. These four options combined to create a seven-sequence unlock pattern provides

unique combinations. Someone trying to break into this lock has only a 1 in 16348 chance of guessing the correct combination.


Image of Bluetooth Padlock from Masterlock.

As an alternative, the lock can use its Bluetooth capabilities to be opened via Masterlock's app.

Taking Apart the Padlock

The lock must be destructively disassembled by drilling through or around stainless steel rivets in the back of the lock. Since drilling through a rounded-head stainless steel rivet is a bit difficult, I chose to drill the aluminum case that surrounds the rivets with a very inexpensive 1/4" hole saw. With the four rivets defeated, the padlock can never be securely reassembled.

The electronics are in a compartment on the front side of the padlock and are separated from the mechanical and electromechanical parts by the body of the lock. The electronics compartment is held closed with two threaded bolts whose heads are on the back side of the lock. One screw is in clear view in the upper right corner. The second screw is blocked by the long end of the shackle. To remove the shackle, grind off the small pin pressed into the side of the shackle with a rotary tool.



What's Inside the Padlock: Mechanics and Electromechanics

Image created by Mark Hughes.

Above is a graphic that demonstrates how the lock works on a mechanical level. Here's a guide to the parts labeled:
  1. Motor
  2. Blocking cam
  3. Post
  4. Cylindrical pieces
  5. Shackle
Inside the padlock, a motor (1) has a flat disk with a protruding pin that intercepts an asymmetrical blocking cam (2) and rotates the blocking cam to allow the downward movement of a post (3). When a user exerts an upward force on the shackle (5), the two cylindrical pieces (4) move out of the concavities in the shackle and apply a force against the camming surface of (3), forcing the protrusion of (3) to move down against the spring pressure.

For more details of a similar locking mechanism, see Masterlock's Patent 8453481

What's Inside the Padlock: Electronics


View of the dismantled padlock. The image at the left is the front of the padlock, the image at the right is the rear of the padlock.

ComponentDescriptionCostMore Information
MSP430 FR594916-bit FRAM Microcontroller$6User's Guide
CC2541 F256Bluetooth Low Energy and System-on-Chip$6Datasheet | User's Guide
The two main microchips that control the padlock are the MSP430FR5949 and the CC2541F256. The circuit board is also populated with support circuitry that includes a DC motor driver circuit composed of transistors and possibly MOSFETs, crystals to control timing, a Light Emitting Diode to provide visual feedback, and various resistors and capacitors.



MSP430FR5949

The Texas Instruments MSP430FR5949 is a 16-bit microcontroller and the brains of this device. It interprets button presses, activates the LED and motor, and communicates with the CC2541F256. The MSP430FR59xx microcontroller series has a standby power consumption as low as 350 nA. It also uses Ferroelectric Random Access Memory (FRAM), which allows for very low power write cycles.


 

CC2541F256

The CC2541F256 is a Bluetooth transceiver that communicates both with the MSP430FR5949 and the phone app, allowing users to control the lock and update the device when necessary. At the core of this chip is an 8051 microprocessor.


Functional diagram of TI's CC2545 SoC. Image from Texas Instruments. Click to enlarge.

Conclusion

The Masterlock 4400D Bluetooth Electronic Padlock is built around two microchips, the CC2541F256 and the MSP430FR5949. It also contains the microchip support circuitry and a motor driver circuit.


While getting into this device was challenging, there's also not much inside that would require regular service.
Read more
Author Image

About SOSTENES LEKULE JR
Hi, I`m Sostenes, Electrical Technician and PLC`S Programmer. Everyday I`m exploring the world of Electrical to find better solution for Automation. I believe everyday can become a Electrician with the right learning materials.

By at
Tags ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)