Visonic Powerlink RS232 Hack

Forum about Visonic products like Powermax Plus and Powermax Pro

Moderators: Rene, Willem4ever

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 11:43 am

I saw that too, but did you decode it?
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Willem4ever » Sun Aug 07, 2011 11:47 am

Not yet :-( but at least we know how to trigger it ... and it is repeatable ...

I believe the second message "0d a5 09 02 03 24 00 00 00 00 00 00 43 e4 0a " indicates the zones open ...
User avatar
Willem4ever
Global Moderator
Global Moderator
 
Posts: 804
Joined: October 2006
Location: Uithoorn / Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Bwired » Sun Aug 07, 2011 11:57 am

Great
This is the status XML which the powerlink2 gives back, this could help....checking now

Code: Select all
  <?xml version="1.0" standalone="yes" ?>
- <reply>
  <index>13</index>
- <cameras>
  <name>CAMERAS</name>
  <picture_name>cam</picture_name>
  <picture_path>/tmp/cams/</picture_path>
  </cameras>
- <configuration>
- <sensors>
  <name>Sensor</name>
  <index>1</index>
  <type>Delay 1</type>
  <location>Front Door</location>
  </sensors>
- <sensors>
  <name>Sensor</name>
  <index>2</index>
  <type>Perimeter-Follow</type>
  <location>Hall</location>
  </sensors>
- <sensors>
  <name>Sensor</name>
  <index>3</index>
  <type>Perimeter</type>
  <location>Living Room</location>
  </sensors>
- <system>
  <name>Control Panel</name>
  <disarm />
  <status>Ready</status>
  <arm>0</arm>
  <trouble>There Is a Trouble</trouble>
  <quick_arm>Quick Arm Enable</quick_arm>
  <latchkey_enable>Latchkey Enable</latchkey_enable>
  <ip_mode>manual</ip_mode>
  <ip>10.1.1.200</ip>
  <subnet>255.255.255.0</subnet>
  <gateway>10.1.1.2</gateway>
  <dns1>198.199.16.66</dns1>
  </system>
  </configuration>
- <alerts>
- <alert>
  <module>Control Panel</module>
  <text>Communication Failure</text>
  <picture>Alert_Communication.gif</picture>
  </alert>
  </alerts>
  <alarms />
  <qvFullPath>/cams/sess_9e391ef1503154ffdd86f9cad59c266b/cam</qvFullPath>
- <detectors>
- <detector>
  <zone>1</zone>
  <loc>Front Door</loc>
  <type>Delay 1</type>
  <status />
  <isalarm>no</isalarm>
  </detector>
- <detector>
  <zone>2</zone>
  <loc>Hall</loc>
  <type>Perimeter-Follow</type>
  <status />
  <isalarm>no</isalarm>
  </detector>
- <detector>
  <zone>3</zone>
  <loc>Living Room</loc>
  <type>Perimeter</type>
  <status />
  <isalarm>no</isalarm>
  </detector>
  </detectors>
  </reply>
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
User avatar
Bwired
Administrator
Administrator
 
Posts: 5308
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 12:03 pm

What is the URL you are using?
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 12:08 pm

@Willem4ever, you are right row 2 indicates the open zones. Just checked.

I use the following command to trigger the status update (because I saw the Powerlink do it):
0xAB 0x06 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x43
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Odin » Sun Aug 07, 2011 12:26 pm

Guys I am keen to get involved. How are you connecting to your powermax panels?
Odin
Starting Member
Starting Member
 
Posts: 27
Joined: July 2011

Re: Visonic Powerlink RS232 Hack

Postby Bwired » Sun Aug 07, 2011 1:02 pm

read the topic
via rs232
this is for pro, other for plus
http://www.waakzaamwonen.com/visonic-po ... p-280.html
User avatar
Bwired
Administrator
Administrator
 
Posts: 5308
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Bwired » Sun Aug 07, 2011 1:03 pm

Rene wrote:What is the URL you are using?


http://10.10.1.200/web/ajax/alarm.chkstatus.ajax.php
User avatar
Bwired
Administrator
Administrator
 
Posts: 5308
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Odin » Sun Aug 07, 2011 1:31 pm

Bwired wrote:read the topic
via rs232
this is for pro, other for plus
http://www.waakzaamwonen.com/visonic-po ... p-280.html
Aha. OK thanks. I therefore need to get a cable made up as I want to connect my powermax to my old NSLU2 which I am planning to use as my house email/monitoring/automation server.

I assume there is no way of sniffing the powerlink linux account details by any method?
Odin
Starting Member
Starting Member
 
Posts: 27
Joined: July 2011

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 1:37 pm

When you buy the RS232 interface there is a cable included. To access the Powerlink 1 you can use userid: root2 and password: visonic. This could already be found on the web.
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Odin » Sun Aug 07, 2011 1:44 pm

Thanks Rene - sorry, I meant sniffing/cracking the password for Powerlink 2. Tried a number of attempts - seems account of root responds.

My powermax complete panel only has one RS232 connection which is currently being used by my powerlink so looks likely I will have to ditch the powerlink device. shame really as this appears to be in essence a linux server which I could do alsorts with.
Odin
Starting Member
Starting Member
 
Posts: 27
Joined: July 2011

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 2:28 pm

Just found, with thanks to WIllem, the messages to enable and disable bypasses. With these messages you can bypass one or more zones so you can arm while one or more zones are open. Bypasses are disabled when you disarm (after first arming it off course).
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 3:43 pm

Found some information on the status dump (9 rows):

Row 2: BYTE 3 - BYTE 6 indicate the status of the zones. A bit set indicates the zone is open.
BYTE 3: Zone 1 - 8
BYTE 4: Zone 9 - 16
BYTE 5: Zone 17 - 24
BYTE 6: Zone 25 - 30

Row 4:
BYTE 3: System Status
BYTE 4: System State Flags
bit 0: 1 - Ready
bit 1: 1 - Memory
bit 2: 1 - Trouble
bit 3: 1 - Bypass On
bit 4: 1 - Last 10 seconds

Row 6: BYTE 7 - BYTE 10 indicate the zones bypassed. A bit set indicates the zone is bypassed.
BYTE 7: Zone 1 - 8
BYTE 8: Zone 9 - 16
BYTE 9: Zone 17 - 24
BYTE 10: Zone 25 - 30
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Rene » Sun Aug 07, 2011 6:06 pm

The Ajax request also works for the Powerlink1. All information is retrieved from its database, no communication with the Powermax is initiated from the request.
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Postby Odin » Sun Aug 07, 2011 10:35 pm

Bwired wrote:
Rene wrote:What is the URL you are using?

http://10.10.1.200/web/ajax/alarm.chkstatus.ajax.php

if you want something amusing to do, then run this:

http://10.10.1.200/web/ajax/security.ma ... s.ajax.php

This will trigger the current security status from the panel - including the panel voice telling you what the status is! :)
Odin
Starting Member
Starting Member
 
Posts: 27
Joined: July 2011

PreviousNext

Return to Visonic Alarm systems

Who is online

Users browsing this forum: No registered users and 1 guest