Legally and ethically extremely dubious, hooked up to the box in your apartment, I can understand it. Hooked to the shared door controller, handing out access "keys" to all your friends, not great. You seem to know this based on all your attempts to avoid discovery.
I have a similar Apple HomeKit integration to my apartment door system in a much simpler way;
When you buzz the apartment from the intercom it connects to a dedicated landline phone, That landline is setup to automatically go straight to voicemail, and then the voicemail message is just a recording of the tone required to open the door.
Then I have a smart power socket that the landline phone gets its power from - which I can toggle in the home app.
So if you turn on the power socket and dial the apartment code at the entrance, it buzzes you straight in. Or turn the power socket off and it doesn't.
I had the same problem and I've searched for ready made solutions for over an year before I found a guy that reverse-engineers and builds ready-made boards to install in my intercom for less than 30 euro.
I’m actually pretty surprised how bad the intercom ecosystem is these days.
Why aren’t there more ‘semi dumb’ Ethernet or wifi products that just let you announce that dinner is ready? It doesn’t need to be a fully ruggedised commercial system like this one or a fully integrated cloud managed solution like ring.
The cheap no name wireless ones can’t handle comms between rooms, let alone across a house.
The security implications aren’t insurmountable - you could use pairing codes if there are multiple on the network.
I’ve accepted that it’s a niche market, and that the only solution is to use Asterix with a some cheapo voip phones.
I did something a lot simpler than this to have some more control: I gave a Twilio number to the building manager for the door box, then had an app where I could give out codes to people. Valid codes responded with a "9" DTMF signal which opened the door, a "1" forwarded the call to my phone.
For some European intercoms, there is Doorman [0]. Their authors reversed engineered the protocol used by Koch and built an ESP32 + Home Assistant solution that works quite nicely (including board). The "party mode" [1] was a life saver for me when doing events on the rooftop.
This reminds me of another annoyance I have. We have a wall mounted thermostat using batteries at the cabin. It controls how much water is let through from the central heating to the floors by sending some radio signal. I would like to be able to control this remotely, for instance to turn on heating a day before arrival. But the only way to do this is to buy a new unit connected to the pipes as well and upgrade the whole thing, which was quoted like $2k++ and need their app and their subscription. But why can't something just mimic the radio signals? That already works today! Why do I have to rebuild the whole heating setup for this? So stupid when technology locks you in without need.
I'm tempted to have a remote controlled screw driver that can twist the knob remotely or something.
Frank's guests just need to get the Doorking 16120 default key and start letting themselves in.
Edit: undergrad shenanigans from ten years ago:
Our university student-run electronics lab had an issue: technically anyone with a student card was allowed on premises at any given time, but the department only gave us a small set of keys that we had to share with the rest of the student associations. Obviously we needed a solution.
We did some snooping and found that the request-to-exit button wire was running on a cable tray alongside all the other wiring and plumbing, as the lab was in the basement. We picked a suitably dark, inconspicuous spot and wired up a Raspberry Pi driving a transistor and in turn a relay which we then wired in parallel with that button. Users could then connect to the local lab wifi and then SSH into the device. Login shell was replaced with a script that pulsed the GPIO line for half a second and subsequently caused the door to open.
We never got caught and apparently all the evidence was destroyed when the building was renovated a few years later.
> While it is theoretically possible that the relays could fail on through some sort of physical failure, this is so unlikely that we did not design for it.
Anecdotally, I've had a relay fail on when I inadvertently pulled more amps through it than it was rated for, so it's definitely possible.
This looks like a very guest-hostile intercom, I would just stare at it and read instructions, then read them again, then think why is it A and Z and not up and down... And also why I cannot just enter the number. At some point I would give up and just take out my phone and call the friend "hey, can you buzz me in? I'm in front of the door".
This is a very interesting project. Protocol choice on constrained hardware like this is always underestimated, most people default to JSON over HTTP, but on devices with limited MTU or battery constraints the overhead adds up really fast.
We have seen similar trade-offs working on binary encoding for our alerting systems; even a few hundred bytes difference per message changes what's feasible over BLE or LoRa.
What protocol the intercom uses natively and how much of the HomeKit overhead is format vs transport?
> I bought the cheapest compatible BTicino intercom device (BT 344232 for 32 €) that I could find on eBay, then soldered in 4 wires and added microcontrollers to make it smart. It now connects to my Nuki Opener Smart Intercom IOT device, and to my local MQTT Pub/Sub bus (why not?).
Great, the esp32 will probably never be discovered. Because when the landlord decides to fix the original problem, the whole unit will probably be replaced.
My mom's condo building hasn't had a working buzzer in forever, so she has to go downstairs every time there's a delivery. I've been tempted to do this, but am highly discouraged by the presence of video cameras. I don't particularly want to catch a charge to save my mom a trip in the elevator.
That aside, I enjoyed this read and it's such a niche thing that there is almost no way they'll step on the toes of another resident wanting to do the same thing
When I was shopping for an intercom system for my 8 unit building I purposely went for the dumbest system I could find. I wanted it as a foundation and isolated from the rest of the world. I also wanted no cameras.
Here is the installation documentation I have the 4-wire system. I installed it using Cat-5 and standard 548B wiring layout. The rest of the electronic door locks uses the Identiv Liberty key fob system. This was the only system I could find that allowed self-hosting.
I wouldn't mind another layer of integration that would add smartphone access control. The way the 2 systems are currently deployed I could ignore the TekTone side and just integrate the key fobs with the smartphones. I think this might already be possible be possible as the key fob readers already react to the NFC radios on my smartphone.
Years ago I was renting a condo in a building with a bit of an older system; on the outside there were a series of buttons, each hard-wired to each of the condo units, where the units had a phone handset on the wall, with a button on the base to open the front door. Just three wires, IIRC.
I only had one key to the main door, which was annoying when I had guests who were staying a few days. It finally got annoying enough once I had a steady girlfriend who was more or less unofficially living with me. So I opened up the handset base, figured out the voltage on the wire for opening the door, and got a Raspberry Pi and a relay rated for the voltage I needed. I connected the relay's control pin to a GPIO on the Pi, and wrote a little python HTTP server that would enable the GPIO pin, and fire off a thread to turn it back off after a few seconds.
I was working at Twilio at the time, so I figured the easiest trigger would be SMS. I set up a phone number, and the backend logic for it had a list of sender phone numbers and 6-digit codes. That way I could only allow certain people's phones to trigger, and on top of that, it required a code, unique to each visitor I was allowing. It would also send a text to me every time someone used it, so I could monitor things to ensure nothing odd was happening.
I already had a small home automation system running using openHAB, with remote access set up on a VPS I rented, so it wasn't hard to hook all that together, in a way that the callback handler from Twilio could reach back into the home.
I didn't have a great way to mount it, and didn't want to mess up the wall. The Pi and relay were light enough that I ended up just hanging it from the wires connecting to from the relay to the handset base. Fortunately there was an electrical socket almost directly below the handset so I could plug in the Pi. (I forgot about it when my landlady had to come over due to a water leak; surprisingly she didn't even comment on it.)
My one worry was that the little python HTTP server would crash between closing the relay and then opening it up again after a few seconds, leaving the door persistently unlocked. But I used a default-open port on the relay, so if power went out, the relay would stay open, keeping the door locked. I also made sure that the little HTTP server would reset the GPIO to keep the relay open on startup, so if it crashed and restarted, it would ensure the door was locked. IIRC there was also something you could put in the Pi's /boot/config.txt to set GPIOs to a certain value on boot(?). And on top of that, I wrote another little python script that just sat there checking the GPIO every second, and if it remained on for more than a few seconds, it would close it. This was probably overkill, but I wanted to be as sure as possible I wouldn't be putting my neighbors into any kind of danger by perma-unlocking the front door.
Something like an ESP32 would certainly have been smaller and lower-power (maybe could have even run it off battery), but at the time I hadn't even heard of ESP32 yet (that would come a few years later, when I was bored during the pandemic and needed a project).
I use a Ring Intercom Audio for a similar use. Works surprisingly well, I wish someone would clone the hardware and make an open version so Jeff didn't listen in every time someone rings my doorbell or buzz himself in whenever he wants.
This is a good way to breathe new life into existing tech for your smart home ecosystem. My setup mainly consists of Philips Hue lights at the moment, which. I have hooked up using Openclaw, I'd love to add more smart functionality and like an intercom, thermostat and digital lock, but the current devices are stuck in the past, so cant do much at the moment.
This is quite illegal. (More in some states than others) Just working on an access control system without a license is a crime in most states. It's actually a felony in North Carolina.
I did similar in my apartment in Amsterdam but a little more low-tech. I soldered the relay on an Esp8266 directly to the unlock button on the intercom PCB in my apartment. Worked flawlessly for years
It's a little sad that, having realised that the simplest route for the hardware was the best, a simple route for communications wasn't explored. I suspect that cramming in a complex stack wasn't the best or quickest solution.
Related, I'm still upset at the lies told by landlords regarding phone number privacy in buzz-in intercoms. I've been told multiple times at multiple apartment buildings, "don't worry, while the system will call your phone when someone taps your entry code, your phone number won't be revealed". And then you sign the lease, get a delivery from Instacart in your new place, and find that your 'private' number is blasted out loud, heard a whole city block away, in a loud-ass DTMF tone sequence.
Tldr: he found the wire to the solenoid. Cool stuff. Do the easy thing! The rabbit hole avoidance was impressive. Like an escape room of sorts. Questionable legality notwithstanding.
Confessing to felonies, in writing, under one’s real name is wild.
Here’s hoping nobody decides to bother them about this. I’m not a lawyer but this appears to this layperson at the very least a CFAA violation by accessing the router and resetting its root password, as well as possibly criminal mischief as well as whatever stealing AC power is.
You couldn’t pay me to do a writeup like this, and I’d be wearing gloves the whole time.
Box of Secrets: Discreetly modding an apartment intercom to work with Apple Home
(jackhogan.me)250 points by jackhogan11 23 March 2026 | 107 comments
Comments
When you buzz the apartment from the intercom it connects to a dedicated landline phone, That landline is setup to automatically go straight to voicemail, and then the voicemail message is just a recording of the tone required to open the door.
Then I have a smart power socket that the landline phone gets its power from - which I can toggle in the home app.
So if you turn on the power socket and dial the apartment code at the entrance, it buzzes you straight in. Or turn the power socket off and it doesn't.
I'm unsure if I should post the link or not as it's specific to Romania, but I love how janky the buids are: https://www.olx.ro/d/oferta/automatizare-interfon-electra-cu...
Why aren’t there more ‘semi dumb’ Ethernet or wifi products that just let you announce that dinner is ready? It doesn’t need to be a fully ruggedised commercial system like this one or a fully integrated cloud managed solution like ring.
The cheap no name wireless ones can’t handle comms between rooms, let alone across a house.
The security implications aren’t insurmountable - you could use pairing codes if there are multiple on the network.
I’ve accepted that it’s a niche market, and that the only solution is to use Asterix with a some cheapo voip phones.
[0] https://doorman.azon.ai/ [1] https://doorman.azon.ai/guide/features/ring-to-open
I'm tempted to have a remote controlled screw driver that can twist the knob remotely or something.
Edit: undergrad shenanigans from ten years ago:
Our university student-run electronics lab had an issue: technically anyone with a student card was allowed on premises at any given time, but the department only gave us a small set of keys that we had to share with the rest of the student associations. Obviously we needed a solution.
We did some snooping and found that the request-to-exit button wire was running on a cable tray alongside all the other wiring and plumbing, as the lab was in the basement. We picked a suitably dark, inconspicuous spot and wired up a Raspberry Pi driving a transistor and in turn a relay which we then wired in parallel with that button. Users could then connect to the local lab wifi and then SSH into the device. Login shell was replaced with a script that pulsed the GPIO line for half a second and subsequently caused the door to open.
We never got caught and apparently all the evidence was destroyed when the building was renovated a few years later.
Anecdotally, I've had a relay fail on when I inadvertently pulled more amps through it than it was rated for, so it's definitely possible.
We have seen similar trade-offs working on binary encoding for our alerting systems; even a few hundred bytes difference per message changes what's feasible over BLE or LoRa. What protocol the intercom uses natively and how much of the HomeKit overhead is format vs transport?
> I bought the cheapest compatible BTicino intercom device (BT 344232 for 32 €) that I could find on eBay, then soldered in 4 wires and added microcontrollers to make it smart. It now connects to my Nuki Opener Smart Intercom IOT device, and to my local MQTT Pub/Sub bus (why not?).
I love the future so far.
That aside, I enjoyed this read and it's such a niche thing that there is almost no way they'll step on the toes of another resident wanting to do the same thing
Those Doorkings have had to get replaced at so many buildings in Seattle now that criminals figured out how easy they were to override.
Here is the installation documentation I have the 4-wire system. I installed it using Cat-5 and standard 548B wiring layout. The rest of the electronic door locks uses the Identiv Liberty key fob system. This was the only system I could find that allowed self-hosting.
I wouldn't mind another layer of integration that would add smartphone access control. The way the 2 systems are currently deployed I could ignore the TekTone side and just integrate the key fobs with the smartphones. I think this might already be possible be possible as the key fob readers already react to the NFC radios on my smartphone.
https://www.tektone.com/pdf_files/manuals/IL826_PK543A_insta...
I only had one key to the main door, which was annoying when I had guests who were staying a few days. It finally got annoying enough once I had a steady girlfriend who was more or less unofficially living with me. So I opened up the handset base, figured out the voltage on the wire for opening the door, and got a Raspberry Pi and a relay rated for the voltage I needed. I connected the relay's control pin to a GPIO on the Pi, and wrote a little python HTTP server that would enable the GPIO pin, and fire off a thread to turn it back off after a few seconds.
I was working at Twilio at the time, so I figured the easiest trigger would be SMS. I set up a phone number, and the backend logic for it had a list of sender phone numbers and 6-digit codes. That way I could only allow certain people's phones to trigger, and on top of that, it required a code, unique to each visitor I was allowing. It would also send a text to me every time someone used it, so I could monitor things to ensure nothing odd was happening.
I already had a small home automation system running using openHAB, with remote access set up on a VPS I rented, so it wasn't hard to hook all that together, in a way that the callback handler from Twilio could reach back into the home.
I didn't have a great way to mount it, and didn't want to mess up the wall. The Pi and relay were light enough that I ended up just hanging it from the wires connecting to from the relay to the handset base. Fortunately there was an electrical socket almost directly below the handset so I could plug in the Pi. (I forgot about it when my landlady had to come over due to a water leak; surprisingly she didn't even comment on it.)
My one worry was that the little python HTTP server would crash between closing the relay and then opening it up again after a few seconds, leaving the door persistently unlocked. But I used a default-open port on the relay, so if power went out, the relay would stay open, keeping the door locked. I also made sure that the little HTTP server would reset the GPIO to keep the relay open on startup, so if it crashed and restarted, it would ensure the door was locked. IIRC there was also something you could put in the Pi's /boot/config.txt to set GPIOs to a certain value on boot(?). And on top of that, I wrote another little python script that just sat there checking the GPIO every second, and if it remained on for more than a few seconds, it would close it. This was probably overkill, but I wanted to be as sure as possible I wouldn't be putting my neighbors into any kind of danger by perma-unlocking the front door.
Something like an ESP32 would certainly have been smaller and lower-power (maybe could have even run it off battery), but at the time I hadn't even heard of ESP32 yet (that would come a few years later, when I was bored during the pandemic and needed a project).
No native apple home - homebridge handles that.
BS.
Here’s hoping nobody decides to bother them about this. I’m not a lawyer but this appears to this layperson at the very least a CFAA violation by accessing the router and resetting its root password, as well as possibly criminal mischief as well as whatever stealing AC power is.
You couldn’t pay me to do a writeup like this, and I’d be wearing gloves the whole time.