Homebrew Smart Door

Smart locks are now commonly available, but they are plagued by hardware and software vulnerabilities that make it trivial for attackers to unlock doors in-person and/or remotely. Smart doorbells bring a number of privacy concerns.

Plus, there's no fun in buying these problematic off-the-shelf products when you can build yourself something better!

The Smart Door is my custom-built integrated smart lock, doorbell, and security system.

photo of controller wiring


The Smart Door is assembled with 3D printed cases and mechanical parts for exterior and interior components.

Inside, a housing is mounted on the door. A 3D printed cam bar replaces the thumbturn, allowing a servo to directly drive the standard deadbolt. The housing contains the servo and some electronics.

Outside, a larger case holds a number of visitor-facing components.

Everything is controlled with a Raspberry Pi running custom node.js software. There is also a separate internet-facing server hosted on my home network which coordinates with the door controller (and other home automation devices). The door controller is not directly exposed to the internet.


photo of lock casing attached to door

A servo motor is attached to the deadbolt to lock and unlock the door. A button allows users to unlock the door and a LED indicates status. A Hall effect sensor detects whether the door is open or closed.

Each of these components is controlled by GPIO on the Pi.


photo of doorbell mounted on wall next to apartment door

The box mounted on the apartment's exterior wall packs in several features.


There are multiple ways to unlock the door.

Phone app

screenshot of Android phone app
Native Android app written in Kotlin

Watch app

photo of Android wear app running on watch
Android Wear app written in Kotlin

Both the phone and watch apps can communicate over the internet or Bluetooth LE (BLE). Over the internet, an encrypted and signed unlock command is sent to a server hosted on my home network (no cloud services involved). The server authenticates commands and forwards them to the Pi.

When in physical proximity to the door, Bluetooth is automatically used for direct communication between the app and the Pi. The door issues a cryptographic challenge, which the app signs with a SHA256 HMAC, and sends a response back to the door when the user presses the app's unlock button.


photo of watch being held to doorbell's NFC reader.  Screen reads "Reading card..."

Like BLE, a HMAC challenge/response is used over NFC. Both the phone and watch apps implement Android HCE, which allows a simple tap-and-unlock (without having to open the app).

The NFC reader also works with passive smartcards. A YubiKey can securely unlock the door.

Implementing NFC support meant reading the (painful) ISO-14443-4 and 7816-4 specs in order to work with raw APDU bytes sent and received over the NFC interface.

Both Bluetooth LE and NFC allow door unlocks even if internet connectivity is unavailable.

Guest links

Finally, limited-use keys can be generated and sent to guests. The key is a URL with a token that guests open in their browser, where they find a page with unlock buttons. Links automatically expire at a set time.