# Please explain circuit

Discussion in 'General Electronics Discussion' started by Tha fios agaibh, Oct 14, 2016.

1. ### Tha fios agaibh

2,143
724
Aug 11, 2014
I saw this video on YouTube about a password switch.

I thought it clever, but I assume easily hackable by simply pushing any button s1 thru s4, 4 times without hitting a reset button (pin 15).
How does pin 14 (clock) see Vcc by being fed from the outputs that are presumably low?

2. ### (*steve*)¡sǝpodᴉʇuɐ ǝɥʇ ɹɐǝɥdModerator

25,482
2,830
Jan 21, 2010
The weakness of that if you find the lock open frequently, you can determine the buttons that are part of the password.

From here it's just a matter of trying all the combinations until you find the right one.

3. ### Tha fios agaibh

2,143
724
Aug 11, 2014
Thanks Steve, but that doesn't answer my question.

4. ### hevans1944Hop - AC8NS

4,594
2,149
Jun 21, 2012
The 4017 doesn't get clocked until an output associated with S1, S2, S3, or S4 goes high as a result of previous clocks AND one and only one of the four buttons is pressed. If these four switches are "randomly" placed on the keyboard it is difficult to determine whether one of them will clock the Johnson counter (to advance to another one of the four switches) when pressed. So, pressing any of switches S5 through S10 resets the counter, forcing everything to start over, but the button pusher doesn't know that. I think it is a fiendishly clever design. Why not build it and see?

There are 4! = 24 sequences in which to press the four switches. Get one wrong and nothing happens. Press something other than S1 through S4 and it starts over. Of course, as Steve noted, if the "lock" is used often enough the four buttons (and perhaps one of the reset buttons) will be identifiable by wear. So, allowing for five switch combinations, that's still only a few more "combinations" to try, selecting four buttons in the proper sequence out of five to press. It's a lot harder if you have to select four buttons in sequence out of ten. Might be easier to bypass the lock mechanism like they do in the movies with a pair of alligator clips and a wire or (more violently) with a large caliber bullet.

Tha fios agaibh and Harald Kapp like this.
5. ### (*steve*)¡sǝpodᴉʇuɐ ǝɥʇ ɹɐǝɥdModerator

25,482
2,830
Jan 21, 2010
If the lock is open, pressing any key other than one of the combination keys will immediately lock it. Even without wear on the operational buttons you can determine what key is part of the combination.

6. ### dorke

2,342
665
Jun 20, 2015
I don't like this "lock"design at all:

1. It as a single "hard wired code" ,would be very difficult to change it-requires hard rewiring .
2. It has no limit for the number of trials allowed.
3 .Clocking a counter directly with non debouched push-buttons , leads to erroneous operation.

7. ### dorke

2,342
665
Jun 20, 2015
The 4017 can be described as a "1 out of 10 ring counter".
In other words there is always one output with a "1" while all others are at "0".
Pressing any one of the 6 "Master reset" switches S5-S10 will put the 4017 counter in the "0" state,
meaning pin #3 is at"1".
The correct sequence will always start from pressing S1 and than 2,3 and 4 ,in that order.
Note that you may also press any of the group S1-S4 at that point without interrupting the "correct order".
Only pressing any of the S5-S10 will reset the correct order to it's initial state.

8. ### (*steve*)¡sǝpodᴉʇuɐ ǝɥʇ ɹɐǝɥdModerator

25,482
2,830
Jan 21, 2010
In this case, it's done in an interesting way that would appear (on the surface) to be reliable.

Is there a possibility of getting into a metastable state?

Is it possible to get 2 clock pulses before the output goes low?

I agree with your other concerns.

9. ### dorke

2,342
665
Jun 20, 2015
@(*steve*),
It is a bad design conceptually ,since the synchronous counter is clocked A-synchronously.

The problem boils down to 2 things in this specific case:
1.Would the minimum, clock duration tW of the 4017 be maintained in all cases?
2.Is it possible to get 2 or more activating low to high transitions on the CK line when a switch is pressed?

The general answer is YES ,
it will depend entirely on the bouncing nature of the particular switch used.

Here is an example of both cases:
T1 bounce is greater than tW i.e a "legal" CK pulse width.
T2 -T4 are smaller than tW i.e. non-legal

10. ### hevans1944Hop - AC8NS

4,594
2,149
Jun 21, 2012
I agree it is a poor design, but I think it is clever. Probably "gud enuf" to secure an interior door from casual attack if used in conjunction with an alarm that detects unauthorized access attempts. Everyone knows that locks only keep honest people out. A dishonest person with determination can breach virtually any lock, unless apprehended while attempting to do so.

As for switch bounce, the first "legal" transition that results in a valid clock pulse will advance the counter and remove the voltage to the switch. Who cares if the switch contacts bounce after that? As far as programming different "passwords" is concerned, this could be easily accommodated by using a patch board with movable jumper wires. Yeah, a PITA, but doable. For a DIY lock, this one definitely wins for simplicity. For security... not so much.

In the Department of Defense there are multiple levels of entrance security, ranging from a keyed lock and a cipher lock with mechanical push-buttons that can be programmed to require the same button to be pressed more than once, or two buttons to be pressed simultaneously, typically with only five buttons on the lock. A step up from that is a shielded from easy "peek viewing" box with five bi-directional rocker switches. You place your hand in the box and operate the switches with your fingers, usually by "feel" since these are usually interior entrance lock with high traffic. And it goes on up in complexity from there.

At one facility I visited (a jet engine test cell) one internal entrance door had a 3 x 4 square array of illuminated characters that you looked at to determine which of twelve unlabeled push-button switches to push. The characters, digits 0 through 9 and # and *, were presented at random positions in the array for each entry attempt. To operate the lock, you looked at the display and found the positions of your "password" characters, then entered those on the blank keypad in the same positions. Anyone looking over your shoulder wouldn't have a clue as to which characters you were looking for on the visible display, so when you pressed those character positions on the keypad they wouldn't learn anything, even if they memorized the exact position and sequence of key presses. The characters were scrambled on the display with each new attempt.

Of course a very capable person could memorize both the character positions on the display AND the blank keyboard button press sequence to reconstruct the passcode. To prevent this from happening the characters were "hidden" behind an array of boxes that required close viewing through the depth of the boxes to see the characters. It was impossible to see the characters unless your head was positioned right up against the head of whomever was operating the lock. Good luck getting away with that!

What I liked about this system was its versatility. Everyone who was authorized entry would have their own separate pass code, so the PC controlling this contraption could log who and when they entered. And of course the pass codes could be changed as often as necessary. An excellent example of an embedded PC by someone with waaay too much time on their hands. Our tax dollars at work. Of course they may have purchased this system off-the-shelf, but it would be easy to replicate it at home for better than average entrance security.

All good entrance security systems use a challenge/response system. The best put a human being in this loop. The very best require the person seeking entry to be personally known to the human being challenging them. In one facility for which I was granted access, the challenge occurred after I entered a vestibule with two glass doors. The first door I entered opened easily and locked behind me. Using either door to exit the vestibule required an unseen observer to press a button to unlock one of the doors. I presented my credentials through a slot for scanning, all while being observed by closed-circuit TV cameras. If everything checked out, the credentials were returned to me and the second door was unlocked. I never had to find out what would happen if I failed this entry authorization test, but the corridors outside the first entrance door had numerous armed personnel responsible for building security. Whoever designed this system was really serious about keeping interlopers out.

So, yeah, go ahead and build this thing and play with it, but don't for one minute believe it will "secure" anything. It's a clever toy designed for amusement only. No gambling permitted.

11. ### Tha fios agaibh

2,143
724
Aug 11, 2014
Ahhh! Basically, the clock pin gets its power from the outputs that are high from previous button pushes.
Perfect explanations.
I was thinking outputs would all be low initially. When reset, it defaults to the first output (pin 0). Is that correct?
Thanks for the explanation guys.

John

2,143
724
Aug 11, 2014
13. ### dorke

2,342
665
Jun 20, 2015
Hop,
"As for switch bounce, the first "legal" transition that results in a valid clock pulse will advance the counter and remove the voltage to the switch. Who cares if the switch contacts bounce after that?"

No that thinking is absolutely wrong(both in theory and in practice) !!!

The voltage is "removed" from the output in a non-zero time interval.
For the CD4017 (which is a very slow digital device,Fairchild datasheet )
it can be more than 400nSEC @9V, and 1000nSec @5V.

In that 0.4uSEC the voltage to the switch is still "1", if the switch bounces in that time interval,
we may get false clocking!

The minimum tW for the CK line is 90nSec .
So, we can get up to 400/90 => 4 ,"0" and "1" legal clock levels on the CK line
that is equivalent to 2(or 3) legal clock positive edges.
For non "legal", but still ones that may advance the counter, we can get much more.

My diagram show it clearly let me put in the numbers for you:

Last edited: Oct 14, 2016
14. ### dorke

2,342
665
Jun 20, 2015
Well,The terms are a bit off.

"Basically, the clock pin gets its power from the outputs that are high from previous button pushes."

The clock pin doesn't get "power".
The clock pin advances the count on positive signal edges i.e. the transition from "0" to "1".
This is achieved by closing the switch which is connected to an output pin with a "1" level.

The 4017 is a 0 to 9 counter (has 10 states).
It's outputs are decoding the state in a 1 out of 10 manner, meaning only one output is at level "1" and the others are "0".
Upon reset the counter is forced to state 0 ,the corresponding pin at "1" level is number 3 (and not 0).

15. ### Tha fios agaibh

2,143
724
Aug 11, 2014
@dorke Yes, I get how it works.

The terms; "low"for 0, and "high" for 1 are not correct?
I used "power", meaning positive source on left side of s1 thru s4.
So........What'd be the proper term?
I didn't want to use Vcc because that'd be rail voltage right?

16. ### dorke

2,342
665
Jun 20, 2015
We are dealing with binary logic devices,which have 2 possible levels.
The inputs and outputs are defined to be:
"0" or "false"
"1" or "True"

"low"(for "0") and "high"(for "1") are also used .
They are the indication of the voltage level of the logic states.
These voltage levels can be of various types of levels(positive or negative),
depending on the logic family used (i.e TTL,ECL,LVDS etc.).

Personalty, I like to use either "0","1" or "low","high".

Note:There are also the term negative logic in which we have "low" for "1" and high for "0",but lets leave that for now.

17. ### AnalogKid

2,482
715
Jun 10, 2015
When the chip powers up or is reset, it is in the output 0 state. Pin 3 is high.

Also, internally the 4017 is a shift register, not a counter (synchronous or non).

ak

18. ### dorke

2,342
665
Jun 20, 2015
The 4017 is not a shift register , internally it is a 5 stage synchronous Johnson counter !
Why do you think it's a shift register?

19. ### Tha fios agaibh

2,143
724
Aug 11, 2014
@dork Again, I get how it works. My mind thinks of it as "positive needs to make its way to pin 14 in order for it to trigger clock and increment its outputs.
So, your saying the correct way to say it is; "1 level" instead of "power"?

20. ### AnalogKid

2,482
715
Jun 10, 2015
1. All Johnson counters are variations of a ring counter, and all ring counters are shift registers:
https://en.wikipedia.org/wiki/Ring_counter#Johnson_counter
2. If you look at the CD4017 internal schematic, you will see that there is no feedback from each stage -Q output back to its D input, so each stage is not a binary divider. However, there is a direct connection from the +Q output to the next stage D input. This is a shift register.

ak

Last edited: Oct 14, 2016