Page 5 of 10
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 12:43 pm
by Rene
I saw that too, but did you decode it?
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 12:47 pm
by Willem4ever
Not yet
but at least we know how to trigger it ... and it is repeatable ...
I believe the second message "0d a5 09 02 03 24 00 00 00 00 00 00 43 e4 0a " indicates the zones open ...
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 12:57 pm
by Bwired
Great
This is the status XML which the powerlink2 gives back, this could help....checking now
Code: Select all
<?xml version="1.0" standalone="yes" ?>
- <reply>
<index>13</index>
- <cameras>
<name>CAMERAS</name>
<picture_name>cam</picture_name>
<picture_path>/tmp/cams/</picture_path>
</cameras>
- <configuration>
- <sensors>
<name>Sensor</name>
<index>1</index>
<type>Delay 1</type>
<location>Front Door</location>
</sensors>
- <sensors>
<name>Sensor</name>
<index>2</index>
<type>Perimeter-Follow</type>
<location>Hall</location>
</sensors>
- <sensors>
<name>Sensor</name>
<index>3</index>
<type>Perimeter</type>
<location>Living Room</location>
</sensors>
- <system>
<name>Control Panel</name>
<disarm />
<status>Ready</status>
<arm>0</arm>
<trouble>There Is a Trouble</trouble>
<quick_arm>Quick Arm Enable</quick_arm>
<latchkey_enable>Latchkey Enable</latchkey_enable>
<ip_mode>manual</ip_mode>
<ip>10.1.1.200</ip>
<subnet>255.255.255.0</subnet>
<gateway>10.1.1.2</gateway>
<dns1>198.199.16.66</dns1>
</system>
</configuration>
- <alerts>
- <alert>
<module>Control Panel</module>
<text>Communication Failure</text>
<picture>Alert_Communication.gif</picture>
</alert>
</alerts>
<alarms />
<qvFullPath>/cams/sess_9e391ef1503154ffdd86f9cad59c266b/cam</qvFullPath>
- <detectors>
- <detector>
<zone>1</zone>
<loc>Front Door</loc>
<type>Delay 1</type>
<status />
<isalarm>no</isalarm>
</detector>
- <detector>
<zone>2</zone>
<loc>Hall</loc>
<type>Perimeter-Follow</type>
<status />
<isalarm>no</isalarm>
</detector>
- <detector>
<zone>3</zone>
<loc>Living Room</loc>
<type>Perimeter</type>
<status />
<isalarm>no</isalarm>
</detector>
</detectors>
</reply>
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 1:03 pm
by Rene
What is the URL you are using?
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 1:08 pm
by Rene
@Willem4ever, you are right row 2 indicates the open zones. Just checked.
I use the following command to trigger the status update (because I saw the Powerlink do it):
0xAB 0x06 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x43
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 1:26 pm
by Odin
Guys I am keen to get involved. How are you connecting to your powermax panels?
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 2:02 pm
by Bwired
read the topic
via rs232
this is for pro, other for plus
http://www.waakzaamwonen.com/visonic-po ... p-280.html
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 2:03 pm
by Bwired
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 2:31 pm
by Odin
Aha. OK thanks. I therefore need to get a cable made up as I want to connect my powermax to my old NSLU2 which I am planning to use as my house email/monitoring/automation server.
I assume there is no way of sniffing the powerlink linux account details by any method?
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 2:37 pm
by Rene
When you buy the RS232 interface there is a cable included. To access the Powerlink 1 you can use userid: root2 and password: visonic. This could already be found on the web.
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 2:44 pm
by Odin
Thanks Rene - sorry, I meant sniffing/cracking the password for Powerlink 2. Tried a number of attempts - seems account of root responds.
My powermax complete panel only has one RS232 connection which is currently being used by my powerlink so looks likely I will have to ditch the powerlink device. shame really as this appears to be in essence a linux server which I could do alsorts with.
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 3:28 pm
by Rene
Just found, with thanks to WIllem, the messages to enable and disable bypasses. With these messages you can bypass one or more zones so you can arm while one or more zones are open. Bypasses are disabled when you disarm (after first arming it off course).
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 4:43 pm
by Rene
Found some information on the status dump (9 rows):
Row 2: BYTE 3 - BYTE 6 indicate the status of the zones. A bit set indicates the zone is open.
BYTE 3: Zone 1 - 8
BYTE 4: Zone 9 - 16
BYTE 5: Zone 17 - 24
BYTE 6: Zone 25 - 30
Row 4:
BYTE 3: System Status
BYTE 4: System State Flags
bit 0: 1 - Ready
bit 1: 1 - Memory
bit 2: 1 - Trouble
bit 3: 1 - Bypass On
bit 4: 1 - Last 10 seconds
Row 6: BYTE 7 - BYTE 10 indicate the zones bypassed. A bit set indicates the zone is bypassed.
BYTE 7: Zone 1 - 8
BYTE 8: Zone 9 - 16
BYTE 9: Zone 17 - 24
BYTE 10: Zone 25 - 30
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 7:06 pm
by Rene
The Ajax request also works for the Powerlink1. All information is retrieved from its database, no communication with the Powermax is initiated from the request.
Re: Visonic Powerlink RS232 Hack
Posted: Sun Aug 07, 2011 11:35 pm
by Odin
if you want something amusing to do, then run this:
http://10.10.1.200/web/ajax/security.ma ... s.ajax.php
This will trigger the current security status from the panel - including the panel voice telling you what the status is!
