Page 1 of 5

Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 5:07 pm
by Bwired
You all know that I recently bought a Visonic Powerlink2 with the reason to conect it to my domoticasystem.
You can see the earlier postings about it here
http://www.domoticaforum.eu/viewtopic.php?f=22&t=5624
Powerlink2
Powerlink2
powerlink2.jpg (24.23 KiB) Viewed 42289 times
Together with Digit (he did most of the work) we mananged to find a way to control the basic Powermax Pro functions via the Powerlink 2
Functions Like Arm Home-Away and Disarm bij sending a HTTP request the Powerlink.

POST .../mobile/login/index/?JsHttpRequest=12982287732070-xml HTTP/1.1
Accept: */*
Accept-Language: nl
Referer: http://xxx.xxx.xxx.200/mobile/login/index/
Content-Type: application/octet-stream
Accept-Encoding: gzip, deflate
User-Agent: blabla
Host: xxx.xxx.xxx.200
Content-Length: 42
Connection: Keep-Alive
Pragma: no-cache
Cookie: PowerLink=077d58c208ef9aaef1fe8d464015d929; mobile=e6efb2eae139ca6fe327b603d6c23e76
login=admin&password=admin&time=1298228773


Look at the username and password being sent to the Powerlink2, unencrypted and no HTTPS possible?
Visonic is not doing a nice job on this one!

Good for us though, soon more on the powerlink protocol and now a way to control the Powermax Pro will be available.

For more details check:
Digits Blog:
blog.hekkers.net/2011/02/21/controlling ... owerlink2/
Bwired Blog:
http://www.bwired.nl/weblog.asp?id=415

Re: Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 6:09 pm
by Rene
Good to hear! Although I am still struggling with mine to get it up and running.

I do not find it that strange the password is not encrypted. All that basic authentication, typically used to exchange userid and password, does is obviscating the password using base64 encoding which is easily reversable. A problem although is that you can use HTTP instead of HTTPS to access the web interface. Is it possible at all to use HTTPS?

Re: Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 6:15 pm
by Esteban
Great work guys! That is a nice addition for all the domonauts using this system. *thumbs up*

Re: Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 6:43 pm
by Digit
Rene wrote:All that basic authentication does is obviscating the password using base64 encoding which is easily reversable.
You're right, that's why I expected more than nothing from Visonic, cause that's what you get right now. It should have been more, not less.

Re: Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 7:29 pm
by Rene
Are you able to access the interface using HTTPS or only plain HTTP?

Re: Visonic Powerlink2 Hacked

Posted: Mon Feb 21, 2011 9:08 pm
by Digit
Yes, you can: :lol: (I'm serious)
Capture21-2-2011-20.04.40.png
Capture21-2-2011-20.04.40.png (18.63 KiB) Viewed 42264 times

Re: Visonic Powerlink2 Hacked

Posted: Tue Feb 22, 2011 8:58 am
by BlaDeBla
Thanks guys, for the interesting developments. I also recently bought powerlink2 and follow this story closely.

Re: Visonic Powerlink2 Hacked

Posted: Tue Feb 22, 2011 11:45 pm
by Noel
Interesting.
Who (shop) is selling this Visonic Powerlink2 ?

Re: Visonic Powerlink2 Hacked

Posted: Tue Feb 22, 2011 11:48 pm
by Bwired
See the other Powerlink2 topics for that.
But beware lots of people have trouble with the powerlink2 on a Powermax Pro
Looks like it has something to do with the firmware.
i have a new powermax pro anf works fine with the powerlink

Re: Visonic Powerlink2 Hacked

Posted: Wed Feb 23, 2011 12:33 am
by Rene
Together with Bob, the owner of the webshop, I am trying to solve the problems to get the Powerlink2 up and running on my Powermax Pro. He has some panels were he could not get it up and running also. He is also in contact with Visonic but until now it is not clear what is causing the problems. So if I were you I would wait until at least it is clear why on some panels it is working and on other it is not.

Re: Visonic Powerlink2 Hacked

Posted: Tue Mar 01, 2011 11:32 pm
by fishtank
Is there any update on the problems of Powerlink2 in combination with Powermax Pro???
I also have the problem that it does not work.

FT

Re: Visonic Powerlink2 Hacked

Posted: Wed Mar 02, 2011 12:48 am
by Bwired
I think my setting is the only one working, must have something to do with firmware.....
Is there a version number somewhere on the Powermax Pro

Posted: Wed Mar 02, 2011 8:55 am
by Rene
You can get version info of hardware and software using the remote programmer software.

Re: Visonic Powerlink2 Hacked

Posted: Wed Mar 02, 2011 1:53 pm
by hadyos
Hi,

Anyone can tell me what firmware version should I have in order to have powerlink2 work on Powermax Pro?
I'm using the remote programmer software from Visonic.

Thanks,
Yossi.

Re: Visonic Powerlink2 Hacked

Posted: Wed Mar 02, 2011 2:01 pm
by Bwired
No, even Visonic does not tell or know this, and of the word "Service" they never heard of :(
Like I told before, Visonic is selling the powerlink2 and does not deliver a manual with it.