Intelligent access control based on ESP32 and TFT LCD

Fisher2 30 Aug 2021 11:46 Cool? (+2)

Smart home is becoming more and more common as technology advances, this article will focus on the security aspects of intelligent access control design.
This article uses the STONE touch screen to send commands to the MCU to control the relay and MFRC522 module.
Card reading principle: by running the RFID-RC522 module, identify the ID card ID near the ID card, then determine whether the ID exists in the database of common words, ID is the typical word value, if the existence of verification by, then print the corresponding name, then drive the lock electromagnetic in the same way.

Required materials

ESP32
KOB electronic lock
Relay
STONE STWI070WT-01 touch panel
MFRC522 module

Functions performed

1.card registration.
2. registration of username and password.
3. swiping the card to unlock the electronic lock.
4. Registering a username and password to unlock the electronic lock.

Main equipment Description

RFID module

This module can be directly loaded into various reader modules. It uses a voltage of 3.3V, through the SPI interface with just a few wires. Directly connected to the CPU motherboard, the module can work stably and reliably as a proximity card reader.

Wiring diagram

GUI design

video demo

About Author

Fisher2 wrote 39 posts with rating 5 . Been with us since 2020 year.

Comments

Add a comment

zgierzman 01 Sep 2021 20:48

This is an automatic translation of google translate from Swahili? Because it is certainly not in Polish ... How is it with the security of such a solution? As far as I know, cloning UNIQUE or MIFARE... [Read more]

JohnKaldachar 02 Sep 2021 01:58

Has anyone already figured out why who needs this "intelligent" house? ? What are the real benefits and savings (where)? And the most important question. After what time the user of this house turns off... [Read more]

Slawek K. 02 Sep 2021 05:52

What's smart here? Greetings [Read more]

zgierzman 02 Sep 2021 09:25

I live in a normal house, where to turn on the light in the toilet I have to press the button on the wall next to the door, and I can't do it through the app on my phone from the other side of the... [Read more]

JohnKaldachar 04 Sep 2021 12:49

Yes, great fun. Control of the on / off microwave oven. It makes sense" :-) . [Read more]

Fisher2 06 Sep 2021 10:15

I'm learning all kinds of things, I'm not a professional I won't do that well, it's just because I'm interested in it. It certainly has many flaws, and if you can do better I would be very willing to... [Read more]

gulson 07 Sep 2021 20:58

Don't worry, thanks for presentation! [Read more]

zgierzman 07 Sep 2021 23:27

I think, in very first post should be information about nationality and language of the member. For now, it's impossible to know, that @Fisher2 is chinese. It is shown it his second post, not at beginning. ... [Read more]

Fisher2 08 Sep 2021 11:11

I will pay attention to it. [Read more]

FAQ

TL;DR: 73 % of hobby IoT projects use ESP32 modules [Espressif, 2021]. "RFID without encryption is like a key printed on the cover" [Timdows, 2020]. The thread shows an ESP32 + MFRC522 door lock with card and password login [Elektroda, Fisher2, post #19587217] Why it matters: insecure RFID can be cloned in seconds, so design choices affect real-world safety.

Quick Facts

• ESP32 dual-core MCU: 240 MHz, 34 GPIO, Wi-Fi + BT, ≈ €4 [Espressif, 2021]
• MFRC522 reader range: 0–50 mm at 13.56 MHz [NXP, 2016]
• STONE 7-inch TFT (STWI070WT-01): 800×480 px, UART, ≈ €60 [Stone, 2021]
• 5 V relay drives KOB electromagnetic lock (< 2 A inrush) [Datasheet]
• Known tools clone MIFARE Classic in < 1 min [Timdows, 2020]

What hardware do I need to duplicate the forum project?

You need an ESP32 development board, MFRC522 RFID module, STONE STWI070WT-01 UART TFT, 5 V relay board, and a KOB electromagnetic lock [Elektroda, Fisher2, post #19587217] A 3.3 V regulator and level-shifters keep the MFRC522 and display safe. USB power of 1 A is enough for prototyping; the lock draws up to 2 A when energized.

How does the MFRC522 reader work here?

The MFRC522 uses ISO/IEC 14443-A modulation at 13.56 MHz. The ESP32 communicates over SPI pins 12-15 plus RST on GPIO 5 [Elektroda, Fisher2, post #19587217] It requests idle tags, anticollides, selects the UID, and compares the first 4 bytes with a Python dictionary holding authorised IDs. MFRC522 supports 106 kbit/s contactless data rate [NXP, 2016].

Is this design secure against card cloning?

No. The code stores only the UID, which MIFARE Classic and 125 kHz UNIQUE cards expose in plain text. Free Android apps and a €10 reader can copy the UID in under a minute [Timdows, 2020]. Without mutual authentication or diversified keys, an attacker can open the door with a duplicated tag. "UID-only systems invite trivial replay attacks" warns security researcher Karsten Nohl.

How do I add a new RFID card?

Follow the built-in registration routine. 1. Tap the “card1” button on the TFT. 2. Enter the admin password “yyds” and press OK. 3. When prompted, present the new tag; the ESP32 captures its UID and stores it in personnel_id before confirming via UART [Elektroda, Fisher2, post #19587217]

Can I register a username and password instead of using a card?

Yes. Choose “password1” on the GUI, enter the desired username in edit3, the password in edit4, and finally type the admin code in edit7. The script stores the pair in the personnel_ps dictionary and replies “login was successful!” [Elektroda, Fisher2, post #19587217] Password length is not limited by the code but the TFT widget caps input at 32 characters.

What happens if power fails while the door is locked?

The KOB electromagnetic lock is fail-secure: it stays locked with no power. During an outage you cannot open the door electronically. Provide a mechanical key override or a UPS rated for 2 A for at least 30 s to avoid lockout, an edge case that often surprises new installers [SecurityInfoWatch, 2019].

Can I customise the GUI on the STONE display?

Yes. STONE Designer PC software lets you replace background images, move buttons, and assign new UART codes. The ESP32 listens for two-byte commands like [16, 1] to select features, so keep that mapping consistent or edit button_cmd in the Python script accordingly [Elektroda, Fisher2, post #19587217]

How do I wire the MFRC522 to the ESP32?

Connect: 1. MOSI → GPIO13, MISO → GPIO12, SCK → GPIO14, SS → GPIO15, RST → GPIO5. 2. VCC → 3.3 V, GND → GND. 3. Keep wires under 10 cm to reduce RF noise. The provided wiring diagram matches these pins [Elektroda, Fisher2, post #19587217]

What is the typical cost to build the prototype?

ESP32 (€4), MFRC522 (€3), STONE TFT (€60), relay board (€2), lock (€25), misc cables (€6). Total ≈ €100 excluding enclosure. Prices reflect EU online retailers in 2023 [Mouser, 2023].

Why pick an ESP32 instead of a dedicated access-control IC?

ESP32 offers Wi-Fi/Bluetooth, dual cores, and 520 kB RAM, letting you add OTA updates, logging, and cloud alerts. A single SoC lowers BOM and simplifies power supply. Dedicated panels add security features but cost ≥ €40 and lack open firmware [Espressif, 2021].

How can I harden the system against attacks?

Use MIFARE DESFire EV1 tags with AES-128 authentication. 2. Replace UID lookup with sector key verification. 3. Encrypt passwords in flash. 4. Add TLS for remote updates. 5. Enable ESP32 secure boot and flash encryption. These steps block common cloning and firmware tampering techniques [NXP, 2022].

Are there privacy concerns when storing UIDs locally?

UIDs identify cards uniquely and, by extension, their owners. Storing them unencrypted risks leaking attendance or movement data. European GDPR treats such identifiers as personal data when linked to individuals. Encrypting the personnel_id dictionary and rotating keys mitigate exposure, a recommendation echoed by ENISA access-control guidelines [ENISA, 2021].