
Oct 23, 2012
Onity Door Unlocker, Round Two.
On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the “James Bond” type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker.
On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the “James Bond” type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker. Pro Tip: Connecting a 9v battery with the wrong polarity to an Arduino Mini Pro will make pretty sparks.
Our original attempt to build the Onity door unlocker with a Teensy 2 (and Teensy 2++) failed miserably, and after a short chat with Daeken (the guy who actually did the research on the Onity locks), we figured out the failure is probably due to slight variations in timing between the devices. As we didn’t have the proper hardware to debug these timing issues, we tried using an Arduino Mini Pro, in the hopes that the hardware differences between the UNO and Mini Pro would be negligible. Running the original sketch off 5v (as opposed to 3.3v) did not seem to have any adverse effects on the Onity lock itself or on the opening procedure.
After connecting a 9V battery to the Arduino Mini pro (to RAW), and adding a small pushbutton, we came up with a small, inconspicuous looking power supply which shouldn’t raise too many questions when x-rayed.
In our second build, we connected the arduino to a 6v A11 (tiny!) battery, replacing the massive 9v, allowing us to use even smaller casings such as marker pens, small USB stick cases, etc.
The video below demonstrates the 6v build, Onity door unlocker in action:
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read

Research & Tutorials
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection
Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.
Jul 3, 2025
2 min read

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read