Visonic Powerlink RS232 Hack
Moderators: Rene, Willem4ever
- Willem4ever
- Global Moderator
- Posts: 805
- Joined: Mon Oct 30, 2006 3:48 pm
- Location: Uithoorn / Netherlands
Re: Visonic Powerlink RS232 Hack
Examples for pincode 1234
disarm
0d a1 00 00 00 12 34 00 00 00 00 00 43 d4 0a
arm away
0d a1 00 00 05 12 34 00 00 00 00 00 43 cf 0a
You will get a ack from the panel
0d 02 43 ba 0a
Followed by a 'type 8' message when your pin is incorrect
0d 08 43 b4 0a
disarm
0d a1 00 00 00 12 34 00 00 00 00 00 43 d4 0a
arm away
0d a1 00 00 05 12 34 00 00 00 00 00 43 cf 0a
You will get a ack from the panel
0d 02 43 ba 0a
Followed by a 'type 8' message when your pin is incorrect
0d 08 43 b4 0a
Re: Visonic Powerlink RS232 Hack
Cool. If any of you finds time, can you document this here... (I wont have time before the weekend): http://powermax.wikia.com/wiki/Powermax_Wiki
I try to get all the information on the protocol in one place.
I try to get all the information on the protocol in one place.
Re: Visonic Powerlink RS232 Hack
working here also
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
Re: Visonic Powerlink RS232 Hack
Thanks to Marcel from WaakZaamWonen I am back in business. My PowermaxPro panel seemed to be broken and lucky as I was, Marcel had a replacement. And best of all free of charge. Thanks Marcel!
Rene.
Re: Visonic Powerlink RS232 Hack
Willem4ever, what would be the response to a wrong pin code? Is there an extra message for that or is it just that you do not get the 08 message?
Also, do you need to send an ACK back for 08 messages or is it like 02 messages that do not need an ack?
... just trying to document all bits in the wiki as we go along finding out more bits.
Also, do you need to send an ACK back for 08 messages or is it like 02 messages that do not need an ack?
... just trying to document all bits in the wiki as we go along finding out more bits.
Willem4ever wrote:Examples for pincode 1234
0d a1 00 00 05 12 34 00 00 00 00 00 43 cf 0a
You will get a ack from the panel
0d 02 43 ba 0a
Followed by a 'type 8' message when your pin is incorrect
0d 08 43 b4 0a
- Willem4ever
- Global Moderator
- Posts: 805
- Joined: Mon Oct 30, 2006 3:48 pm
- Location: Uithoorn / Netherlands
Re: Visonic Powerlink RS232 Hack
This is the sequence of a disarm with the wrong pincode (using my code)
2011-08-05 11:37:15 0d a1 00 00 00 12 34 00 00 00 00 00 43 d4 0a - OUT
2011-08-05 11:37:15 0d 02 43 ba 0a - C_OK - IN
2011-08-05 11:37:15 0d 08 43 b4 0a - C_OK - IN
2011-08-05 11:37:15 0d 02 fd 0a - OUT
I do not ack an ack and the Powermax seems happy with that but I do ack error '8'
2011-08-05 11:37:15 0d a1 00 00 00 12 34 00 00 00 00 00 43 d4 0a - OUT
2011-08-05 11:37:15 0d 02 43 ba 0a - C_OK - IN
2011-08-05 11:37:15 0d 08 43 b4 0a - C_OK - IN
2011-08-05 11:37:15 0d 02 fd 0a - OUT
I do not ack an ack and the Powermax seems happy with that but I do ack error '8'
Re: Visonic Powerlink RS232 Hack
Willem4ever, sorry I got it mixed up. the 08 message is only there when code is wrong ...
- Willem4ever
- Global Moderator
- Posts: 805
- Joined: Mon Oct 30, 2006 3:48 pm
- Location: Uithoorn / Netherlands
Re: Visonic Powerlink RS232 Hack
Hi Utz,
In case of correct pincode you only get an ack (2)
In case of a wrong pincode you get an ack(2) followed by (8)
In case of correct pincode you only get an ack (2)
In case of a wrong pincode you get an ack(2) followed by (8)
Re: Visonic Powerlink RS232 Hack
Everything works like a train in the Bwired setting.
arming and disarming from my application works also great.
In this topic hoewever some differences between the translations of the bytes (status, sensors etc)
But that is not a big problem, just a matter of reversing stuff
very great job all!!
This is a major breaktrough in controlling (friendly hacking) the Visonic Powermax alarm panels (like Powermax Pro and Plus)
And the most important thing is, that until now its a very stable setup.
Nice thing is that we had this option for more then 10 years under our noses
arming and disarming from my application works also great.
In this topic hoewever some differences between the translations of the bytes (status, sensors etc)
But that is not a big problem, just a matter of reversing stuff
very great job all!!
This is a major breaktrough in controlling (friendly hacking) the Visonic Powermax alarm panels (like Powermax Pro and Plus)
And the most important thing is, that until now its a very stable setup.
Nice thing is that we had this option for more then 10 years under our noses
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
Re: Visonic Powerlink RS232 Hack
I noticed as well that people have different views on what all the bits mean in the different messages. Thats why I tried to get a central place that people can edit to collect the truth; I used this wiki space here: (http://powermax.wikia.com/wiki/Powermax_Wiki). However, if you people here have a better place on where to collect and allow collaborative editing I am happy to move the things there. I hope to get at the end a proper protocol specification that people can use for implementation of their different home automation systems.
Re: Visonic Powerlink RS232 Hack
and now hope there aren't any burglars that know anything about hacking to disable your alarm from remote
Alexander
Re: Visonic Powerlink RS232 Hack
I think what they actually do for checksum is:Rene wrote: I have an update of the information provided sofar.
The byte before the postamble is the checksum which is calculated as follows:
1. Sum all bytes except for the preamble, postamble and the checksum itself offcourse.
2. Divide this sum by 255.
3. Take the one complement of the remainder.
In Python this looks as follows (where message contains only the bytes that need to be added to the sum):Code: Select all
for char in message: checksum += ord(char) checksum = (checksum % 255) ^ 0xFF
1) Fill an 8bit register with 0xFF
2) Substract the next byte in the message from the value in the register (ignoring overflows)
3) After the message is received the register contains the checksum value
so you can do
Code: Select all
checksum = 0xFF
for each char in message do
checksum = checksum - char
Code: Select all
for char in message:
checksum += ord(char)
checksum = FF - (checksum % 255)
Re: Visonic Powerlink RS232 Hack
Guess what, your algorithm is the only right one. I just had a bad checksum where the sum of the bytes was 0xFF. My algorithm resulted in a checksum of 0xFF, where it should have been 0x00. Your algorithm results in 0x00!
Rene.
- Willem4ever
- Global Moderator
- Posts: 805
- Joined: Mon Oct 30, 2006 3:48 pm
- Location: Uithoorn / Netherlands
Re: Visonic Powerlink RS232 Hack
What is the datastream causing the problem ?