Visonic Powerlink RS232 Hack

Forum about Visonic products like Powermax Plus and Powermax Pro

Moderators: Rene, Willem4ever

Post Reply
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

I saw that too, but did you decode it?
Rene.
User avatar
Willem4ever
Global Moderator
Global Moderator
Posts: 805
Joined: Mon Oct 30, 2006 3:48 pm
Location: Uithoorn / Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Willem4ever »

Not yet :-( but at least we know how to trigger it ... and it is repeatable ...

I believe the second message "0d a5 09 02 03 24 00 00 00 00 00 00 43 e4 0a " indicates the zones open ...
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink RS232 Hack

Post by Bwired »

Great
This is the status XML which the powerlink2 gives back, this could help....checking now

Code: Select all

  <?xml version="1.0" standalone="yes" ?> 
- <reply>
  <index>13</index> 
- <cameras>
  <name>CAMERAS</name> 
  <picture_name>cam</picture_name> 
  <picture_path>/tmp/cams/</picture_path> 
  </cameras>
- <configuration>
- <sensors>
  <name>Sensor</name> 
  <index>1</index> 
  <type>Delay 1</type> 
  <location>Front Door</location> 
  </sensors>
- <sensors>
  <name>Sensor</name> 
  <index>2</index> 
  <type>Perimeter-Follow</type> 
  <location>Hall</location> 
  </sensors>
- <sensors>
  <name>Sensor</name> 
  <index>3</index> 
  <type>Perimeter</type> 
  <location>Living Room</location> 
  </sensors>
- <system>
  <name>Control Panel</name> 
  <disarm /> 
  <status>Ready</status> 
  <arm>0</arm> 
  <trouble>There Is a Trouble</trouble> 
  <quick_arm>Quick Arm Enable</quick_arm> 
  <latchkey_enable>Latchkey Enable</latchkey_enable> 
  <ip_mode>manual</ip_mode> 
  <ip>10.1.1.200</ip> 
  <subnet>255.255.255.0</subnet> 
  <gateway>10.1.1.2</gateway> 
  <dns1>198.199.16.66</dns1> 
  </system>
  </configuration>
- <alerts>
- <alert>
  <module>Control Panel</module> 
  <text>Communication Failure</text> 
  <picture>Alert_Communication.gif</picture> 
  </alert>
  </alerts>
  <alarms /> 
  <qvFullPath>/cams/sess_9e391ef1503154ffdd86f9cad59c266b/cam</qvFullPath> 
- <detectors>
- <detector>
  <zone>1</zone> 
  <loc>Front Door</loc> 
  <type>Delay 1</type> 
  <status /> 
  <isalarm>no</isalarm> 
  </detector>
- <detector>
  <zone>2</zone> 
  <loc>Hall</loc> 
  <type>Perimeter-Follow</type> 
  <status /> 
  <isalarm>no</isalarm> 
  </detector>
- <detector>
  <zone>3</zone> 
  <loc>Living Room</loc> 
  <type>Perimeter</type> 
  <status /> 
  <isalarm>no</isalarm> 
  </detector>
  </detectors>
  </reply>
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

What is the URL you are using?
Rene.
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

@Willem4ever, you are right row 2 indicates the open zones. Just checked.

I use the following command to trigger the status update (because I saw the Powerlink do it):
0xAB 0x06 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x43
Rene.
Odin
Starting Member
Starting Member
Posts: 27
Joined: Tue Jul 12, 2011 11:33 am

Re: Visonic Powerlink RS232 Hack

Post by Odin »

Guys I am keen to get involved. How are you connecting to your powermax panels?
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink RS232 Hack

Post by Bwired »

read the topic
via rs232
this is for pro, other for plus
http://www.waakzaamwonen.com/visonic-po ... p-280.html
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink RS232 Hack

Post by Bwired »

Rene wrote:What is the URL you are using?
http://10.10.1.200/web/ajax/alarm.chkstatus.ajax.php
Odin
Starting Member
Starting Member
Posts: 27
Joined: Tue Jul 12, 2011 11:33 am

Re: Visonic Powerlink RS232 Hack

Post by Odin »

Bwired wrote:read the topic
via rs232
this is for pro, other for plus
http://www.waakzaamwonen.com/visonic-po ... p-280.html
Aha. OK thanks. I therefore need to get a cable made up as I want to connect my powermax to my old NSLU2 which I am planning to use as my house email/monitoring/automation server.

I assume there is no way of sniffing the powerlink linux account details by any method?
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

When you buy the RS232 interface there is a cable included. To access the Powerlink 1 you can use userid: root2 and password: visonic. This could already be found on the web.
Rene.
Odin
Starting Member
Starting Member
Posts: 27
Joined: Tue Jul 12, 2011 11:33 am

Re: Visonic Powerlink RS232 Hack

Post by Odin »

Thanks Rene - sorry, I meant sniffing/cracking the password for Powerlink 2. Tried a number of attempts - seems account of root responds.

My powermax complete panel only has one RS232 connection which is currently being used by my powerlink so looks likely I will have to ditch the powerlink device. shame really as this appears to be in essence a linux server which I could do alsorts with.
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

Just found, with thanks to WIllem, the messages to enable and disable bypasses. With these messages you can bypass one or more zones so you can arm while one or more zones are open. Bypasses are disabled when you disarm (after first arming it off course).
Rene.
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

Found some information on the status dump (9 rows):

Row 2: BYTE 3 - BYTE 6 indicate the status of the zones. A bit set indicates the zone is open.
BYTE 3: Zone 1 - 8
BYTE 4: Zone 9 - 16
BYTE 5: Zone 17 - 24
BYTE 6: Zone 25 - 30

Row 4:
BYTE 3: System Status
BYTE 4: System State Flags
bit 0: 1 - Ready
bit 1: 1 - Memory
bit 2: 1 - Trouble
bit 3: 1 - Bypass On
bit 4: 1 - Last 10 seconds

Row 6: BYTE 7 - BYTE 10 indicate the zones bypassed. A bit set indicates the zone is bypassed.
BYTE 7: Zone 1 - 8
BYTE 8: Zone 9 - 16
BYTE 9: Zone 17 - 24
BYTE 10: Zone 25 - 30
Rene.
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink RS232 Hack

Post by Rene »

The Ajax request also works for the Powerlink1. All information is retrieved from its database, no communication with the Powermax is initiated from the request.
Rene.
Odin
Starting Member
Starting Member
Posts: 27
Joined: Tue Jul 12, 2011 11:33 am

Re: Visonic Powerlink RS232 Hack

Post by Odin »

Bwired wrote:
Rene wrote:What is the URL you are using?
http://10.10.1.200/web/ajax/alarm.chkstatus.ajax.php
if you want something amusing to do, then run this:

http://10.10.1.200/web/ajax/security.ma ... s.ajax.php

This will trigger the current security status from the panel - including the panel voice telling you what the status is! :)
Post Reply

Return to “Visonic Alarm systems”