Case Study
·December 2021
Zlock
Engineering a Full-Stack IoT Smart Locker Platform From Scratch
End-to-end smart locker system — from OEM board binary control and Flutter kiosk firmware, to WebSocket Pub/Sub real-time orchestration and multi-courier logistics integration — deployed across 50+ locations serving 10,000+ active users in Johor, Malaysia.
10K+
Active Users
50+
Locker Locations
22
Compartments per Unit
99.7%
System Uptime
Zlock Smart Locker
IoT Platform · Johor, Malaysia
The Challenge
Building an IoT locker platform with zero existing infrastructure
Zlock approached Advisory Apps with OEM locker boards and metal enclosures — but no software, no firmware, no backend, and no mobile apps. The brief: build everything from the ground up. Each locker unit contains 22 individually-controlled compartments powered by electromagnetic solenoid locks connected to a custom motherboard. The Android-based kiosk device communicates with the board via serial interface, connects to the cloud via WiFi antenna (with 4G SIM fallback), and must respond to server commands in under 200 milliseconds. Additionally, the system must integrate with multiple courier partners for parcel logistics and process payments — all while remaining responsive on a touchscreen mounted inside a metal enclosure with variable connectivity.
Hardware–Software Integration
OEM locker boards arrived with no SDK, no documentation, and no existing driver — just raw GPIO pins and an undocumented serial interface requiring firmware-level reverse engineering.
Real-time Device Orchestration
Dozens of lockers deployed across Johor needed sub-second server-to-device communication with guaranteed delivery, even on unstable public WiFi networks.
Multi-party Logistics Routing
Generating consignment codes across courier partners with vastly different API schemas, authentication methods, and webhook formats — all from a single user action.
The Solution
Full-stack IoT architecture — firmware to cloud to mobile
Advisory Apps engineered a four-layer IoT stack: Flutter kiosk app running on an Android device mounted inside the locker unit → custom binary protocol communicating via serial port to the OEM motherboard → WebSocket Pub/Sub channel connecting each locker to the cloud backend → REST API serving the customer mobile app on iOS and Android. The architecture treats each locker as an autonomous edge device that can operate independently during connectivity drops and re-sync when the connection restores.
System Architecture
Four-layer IoT architecture connecting physical locker hardware to cloud services and end-user mobile apps. Each layer is independently deployable and horizontally scalable.
Locker Kiosk App
Flutter on Android
Touchscreen UI
Customer App
Flutter iOS + Android
iOS, Android, Huawei
Admin Panel
Web Dashboard
Fleet Management
Cloud Backend
Pub/Sub Broker · REST API · Courier Gateway · Payment Processing
Database & Storage
Lockers, users, transactions, consignments, device telemetry
IoT Hardware Control Flow
How a "open lock" command travels from the Flutter app through to the physical solenoid lock — translating user intent into binary hardware signals in under 200 milliseconds.
Step 1
User Tap
User selects locker box on touchscreen kiosk or via mobile app
Step 2
Serial Write
Flutter sends binary command via serial port plugin to /dev/ttyS3
Step 3
MCU Decode
Motherboard MCU parses binary frame, validates CRC, identifies target box
Step 4
GPIO Pulse
MCU drives GPIO pin HIGH for 300ms, energising the solenoid coil
Step 5
Lock Opens
Solenoid retracts latch bolt — door pops open, status reported back
Binary Command Frame Structure
Header
0xAA
Cmd
0x01
Box #
0x0F
Data
0x00
CRC
0xC7
Footer
0x55
Each frame is 6 bytes — header, command type, box number, data payload, CRC checksum, footer
Pub/Sub Real-time Architecture
Each locker terminal subscribes to its unique channel via persistent WebSocket. The server publishes commands — open lock, check status, update firmware — and the target locker executes immediately.
Backend Server
Publisher
Sutera Mall
Subscriber
Teega Suites
Subscriber
Setia Sky 88
Subscriber
Austin 18
Subscriber
...
50+ more
Parcel Delivery Flow
End-to-end journey of a parcel through the Zlock system — from customer booking to courier consignment generation to locker deposit and recipient pickup notification.
Step 1
Book Locker
Customer selects locker location and box size via mobile app
Step 2
Payment
Process payment via FPX, credit card, or e-wallet top-up
Step 3
Consignment
Generate shipping label via courier partner API (Yunda, DHL, J&T)
Step 4
Drop Off
Sender deposits parcel — locker opens via kiosk, auto-locks after close
Step 5
Pickup
Recipient gets push notification, collects parcel via app or kiosk QR
Integration Ecosystem
The Zlock platform connects to external services for payments, logistics, notifications, and remote management — each integration normalised through a dedicated abstraction layer.
Zlock Backend
API Gateway + Message Broker
Courier Partners
Consignment generation + tracking webhooks
Payment Gateway
Unified payment abstraction layer
Services
Real-time alerts + remote diagnostics
Connectivity Architecture
Each locker unit runs dual-connectivity with automatic failover — WiFi as primary and 4G SIM as fallback. The application layer is agnostic to the active connection, maintaining WebSocket continuity through reconnection handlers.
Building WiFi — cost-effective, variable latency
Cellular backup — auto-switches on WiFi drop
Effective uptime after automatic failover — near-zero downtime
Failover Decision Logic
WiFi OK?
YES: Use WiFi
NO: Switch SIM
Reconnect WS
Platform Analytics
Key performance indicators across the Zlock locker network — usage distribution, deployment growth, and system response metrics.
Service Usage Distribution
Breakdown of total locker transactions by service type
100%
Total
45%
Drop-off
35%
Delivery
20%
Rental
Locker Network Deployment
Number of active locker locations by year
10x growth in 3 years — primarily Johor residential complexes
System Response Metrics
Latency benchmarks across critical system operations
User Growth Trajectory
Monthly active users from launch to current
Custom Binary Board Protocol
Developed a binary command protocol over serial port to control electromagnetic solenoid locks — translating high-level app commands into precise hardware signals.
WebSocket Pub/Sub Architecture
Each locker maintains a persistent WebSocket connection, subscribing to its unique terminal channel — enabling instant command execution from the server.
Unified Courier Abstraction
A middleware layer normalising different courier APIs into a single consignment generation and tracking interface — one request, multiple carriers.
Implementation Timeline
Phase 1
Hardware R&D & Firmware
Phase 2
Locker Kiosk App
Phase 3
Customer Mobile App
Phase 4
Courier & Payment Integration
Phase 5
Admin Panel & Scaling
Methodology
Hardware-in-loop Agile with field validation
Unlike pure software projects, this IoT build required every sprint to validate against physical hardware. Each feature was tested on real locker units before merge — binary protocol changes were tested against the OEM board, connectivity changes were stress-tested with network drops, and payment flows were end-to-end tested including the physical lock mechanism opening.
Hardware R&D
Board analysis, serial protocol reverse engineering, solenoid control testing, OEM integration with custom binary command set.
Sprint Development
2-week Agile sprints with hardware-in-loop testing — every build validated against physical locker units before merge.
Field Testing
On-site deployment at pilot locations, connectivity stress tests under real-world conditions, locker endurance testing.
Production Rollout
Phased deployment starting with pilot locations, remote monitoring via AnyDesk, then scaling to full Johor network.
Key Features Delivered
Binary Serial Board Control
Custom protocol over /dev/ttyS3 serial port controlling 22 electromagnetic solenoid locks per unit via binary command sequences with CRC verification.
WebSocket Pub/Sub Messaging
Persistent bidirectional channels per terminal ID — server pushes OPEN_LOCK, CHECK_STATUS, and UPDATE commands with sub-200ms delivery.
Dual-Connectivity Failover
WiFi antenna as primary connection with automatic 4G SIM failover — transparent to the application layer, maintaining WebSocket continuity.
Multi-Courier Consignment Engine
Unified API abstraction generating shipping labels and tracking codes across courier partners with different schemas and auth methods.
Remote Device Management
AnyDesk-powered remote access for firmware updates, diagnostics, log retrieval, and emergency lock override — all without physical site visits.
GPS-Enabled Locker Discovery
Real-time nearest-locker finder with compartment availability, box type filtering, and estimated walking distance.
The Results
From zero to a city-wide locker network
10,000+
Active Users
Rapid adoption across Johor with organic growth driven by residential community deployments.
50+
Locker Locations Deployed
Full coverage across Johor Bahru — residential complexes, commercial centres, and transit hubs.
99.7%
System Uptime
WiFi + SIM dual-connectivity failover ensures near-perfect availability across all deployed units.
<200ms
Command Latency
Server-to-lock-open response time via WebSocket Pub/Sub — faster than pressing a physical button.
Modules Used
Built with production-ready modules
This project leverages our library of battle-tested modules — each independently scoped, tested, and deployed across multiple client projects.
Smart Locker IoT
OEM locker box integration with IoT lock/unlock, password management, and collection workflows
Payment Gateway Hub
Unified payment abstraction over FPX, credit cards, e-wallets, and regional payment methods
Push Notification Engine
Multi-channel push notifications with segmentation, scheduling, and analytics
Delivery & Logistics Tracking
Real-time GPS tracking, driver assignment, proof of delivery, and route optimization
User Management
Unified user profiles, role-based access, and secure authentication
Geolocation & Mapping
Interactive maps with geofencing, store locator, proximity search, and route display
QR Code Management
Generate, customize, and track QR codes with dynamic URLs, scan analytics, and bulk creation
Interactive Kiosk Display
Touch-enabled large screen for drag-and-drop appointment calendars and operational dashboards
Conclusion
From OEM boards to a city-wide smart locker network
The Zlock project demonstrates full-stack IoT development at its most demanding: reverse-engineering undocumented OEM hardware, building a custom binary serial protocol, engineering real-time Pub/Sub communication with dual-connectivity failover, and wrapping it all in a polished Flutter experience — both on the locker kiosk and on customer phones. Every layer was built from scratch by Advisory Apps, from the firmware-level board control to the cloud backend to the multi-courier logistics engine.
The result: a production-hardened IoT platform serving 10,000+ active users across 50+ locations in Johor — with 99.7% system uptime, sub-200ms command latency, and a growing network of residential and commercial deployments. The system processes parcel drop-offs, deliveries with multi-courier consignment generation, and on-demand locker rentals — all orchestrated through real-time WebSocket channels.
Future Outlook
- Expansion beyond Johor to Klang Valley and Penang metro areas
- AI-powered demand prediction for optimal locker placement at new sites
- E-commerce platform integration for automated last-mile delivery to lockers
- NFC-based contactless locker access as alternative to QR and PIN
Want similar results for your business?
Let's discuss how we can build a custom IoT solution tailored to your needs.
Get a Free Consultation