Changing a DoorKing greeting message

If you are in college, you are more than likely familiar with the DoorKing. You are probably also familiar with how much these things suck. There are a million of these in Baton Rouge and they never work. I am going to briefly explain the process of changing the greeting message on them (for almost all models). The routine is pretty easy. It relies on the fact that most people keep the default password: 9999 . You can get all this information from the Doorking manual. I suggest you read that first, then read this to get the finer details.

First off, if the password has been changed, this won’t work. But don’t let that stop you! Remember, 10^4 is only 10,000 numbers. That sounds like a lot but people always try to make codes that are easy to remember. Try 1234, 1940-1980 (birth-years), 1776, etc. No worries though, the password is a pain to change for the technological layman. You have to open the machine and set a specific switch, program it, then switch it back so your chances are pretty good. Every one I have tested has had a default password. Now, here is a step-by-step process for a successful hack.

1. You have a space of 48 characters to work with, plan it out before hand. Your character set is every capital letter, 0-9, and a space character. Also, the more your message has that “blue” tinge, the less time it will be up.
2. Go at a time when you will be less likely to have to deal with people coming up behind you. The whole process should take about 1 or 2 minutes depending on your alphanumeric keyboard ability.
3. When you pull up press *80 (the greeting input function) then 9999 (or the password you found). You have to enter these seamlessly or it won’t work.
4. After this, you enter the input mode. The display will say BLOCK 1. There are 3 “blocks”, Block 1 and Block 2 are 20 characters long and Block 3 is 8 characters long.
5. The interface works a lot like a phone. For example, “L” is 555, “P” is 7, “N” is 66, and “2″ is 2222. You can see the character as you push the button, this makes it pretty easy. After each character hit *. You will hear a short beep for each one and the cursor will move over (although not visible). BTW, the space character is 1. // Refer to page 34 of the manual.
6. Now a full example: “TWO 2″ is 8*9*666*1*2222* .
7. Okay, so you keep typing these in until you run out of space on the screen. This is the 20 character limit specified for a “block”. If you keep going, it will start to write over the beginning of the block. You have to enter the block into memory by pressing *. You will see the screen clear and it should say: BLOCK 2.
8. If your message is not done, enter a second block the same way.
9. Do the same for Block 3. Remember, the 3rd block is only 8 characters. // At any point, hitting # will clear the entire block.
10. At the end, press * again to enter all the blocks into system memory. You should hear a long beep. If it doesn’t work out, keep hitting * until it does. You must hear that long beep to finish!
11. Also, if your message is really short, you can skip blocks by hitting *. You may need to enter at least one character, preferably a space (1*), in each block to enter it. I’m not sure about this. Experiment.

That is pretty much it. If you are feeling really adventurous, and psychotic, you could build a small box with 12 solenoids to push the buttons. It could quickly program messages and maybe even brute force a password. There are also other ways to do this. There is special software, that you can probably download easily for free, to do this stuff and more. Anyway, be careful with some of these functions, changing the relay strike time may not be too nice, along with other things.

/** For the record, I recommend that you never do this. I have never done this. Any comment I make about a “real-world” situation is fiction. Also, I’ve heard this has been done before so I can’t take credit for figuring it out. */