Visonic Powerlink2 Hacked

Forum about Visonic products like Powermax Plus and Powermax Pro

Moderators: Rene, Willem4ever

Re: Visonic Powerlink2 Hacked

Postby Rene » Wed Mar 02, 2011 10:38 pm

These are my version numbers en identification codes from both the panel hardware and software

powermax.jpg
powermax.jpg (15.55 KiB) Viewed 6121 times
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby geert-jan » Thu Mar 03, 2011 1:18 pm

This thread looks quite promising. Currently I see that the alarm state can be changed (arm/disarm, etc). Is there any change that you also can trigger the alarm from e.g. homeseer?

One example: I have z-wave smoke-sensors. When smoke is detected the smoke sensors trigger Homeseer, and next Homeseer will switch on the lights in my house. However, I would like that Homeseer also triggers the alarm systems/flash light. If this feature is supported by the powerlink 2, I will certainly consider to purchase a Visonic alarm system with a powerlink2.

Regards,
Geert-Jan
geert-jan
Member
Member
 
Posts: 119
Joined: November 2010

Re: Visonic Powerlink2 Hacked

Postby hadyos » Thu Mar 03, 2011 5:23 pm

Hi,

Is the versions taken from the Remote Programmer software?

Yossi.
hadyos
Starting Member
Starting Member
 
Posts: 30
Joined: November 2008
Location: Israel

Postby Rene » Thu Mar 03, 2011 6:31 pm

The version info I posted was reported by the remote programmer software.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby Bwired » Thu Mar 03, 2011 7:26 pm

geert-jan wrote:This thread looks quite promising. Currently I see that the alarm state can be changed (arm/disarm, etc). Is there any change that you also can trigger the alarm from e.g. homeseer? One example: I have z-wave smoke-sensors. When smoke is detected the smoke sensors trigger Homeseer, and next Homeseer will switch on the lights in my house. However, I would like that Homeseer also triggers the alarm systems/flash light. If this feature is supported by the powerlink 2, I will certainly consider to purchase a Visonic alarm system with a powerlink2.

I dont think its in there, the panic option would be good to use for this, but is also not in there I think :) (Or perhaps a hidden feature)
It is much smarter to use the Visonic smoke sensors, can be received in Homeseer and also by the Powermax, much more save!
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
User avatar
Bwired
Administrator
Administrator
 
Posts: 5301
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby BlaDeBla » Thu Mar 03, 2011 10:34 pm

About the firmware, I bought a PowerMaxPro and PowerLink2 last month in the UK.
PowerLink is working fine except the alert (email/sms) function.

I have written an email to Visonic about this. I have mentioned that I -think- I need to register the PowerLink id in the web interface to make this work, but this fails ("PowerLink ID update failed.")

Visonic's answer:
"unfortunatly, I have to tell you, That is only usuable with panels Powerlink2 enforcement version 5.74. Please contact your retailer for Further Information."

Wasn't a very helpfull answer.
I've looked up the panel firmware in the installer menu and it says v5.2.54
The PowerLink2 modules says 'SW Version #:6.1.11' in the webinterface.
BlaDeBla
Starting Member
Starting Member
 
Posts: 11
Joined: February 2008
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby Bwired » Fri Mar 04, 2011 9:36 am

Thats to be expected from Visonic, they dont have a clue about what they are selling.
I'm not sure if that is working on my powerlink2.
I will check it later as my powerlink2 is on a small trip right now :)
User avatar
Bwired
Administrator
Administrator
 
Posts: 5301
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby Rene » Fri Mar 04, 2011 11:57 am

I am going to return mine to the vendor. I am done with it.
Rene.
User avatar
Rene
Global Moderator
Global Moderator
 
Posts: 1689
Joined: October 2008
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby HadePee » Fri Mar 04, 2011 8:54 pm

For all of the above reasons, I stick to my PowerMax Plus with the External Powerlink-1, instead of upgrading to the Powermax Pro with Powerlink-2.

My current configuration is hackable and, with that, you can make your own application in order to read all the zone activities from the logfile (realtime) or to (dis)arm the alarm.

In fact, the App that I wrote is smarter than the Powermax Plus with much more features like email alerts and SMS. And, it's tuned to run on the iPhone :)

Also, you don't need Homeseer or what so ever. With your own app connected to the Powermax, you can control and read the sensors, alarm and.., all of your X10 devices.

Cost of investment: A Powermax Plus (goes for 125 euro, including shipping from the UK), a Powerlink-1 (goes for 199 EUR at waakzaamwonen.nl), and an (always on) apache/sql server (PC) within your own local lan and that's it.

For those who manage to get in to the Powerlink (version 1 or 2) to read the log file for the sensor, x10 and alarm activities (as input to your own App), here's what I figured out so far:


Code: Select all
$validstringmovement      =   "0d a5 00 04 00 2";         // Code to detect movement (Alarm DISARMED (OFF))
$validstringmovementHOMEarm   =   "0d a5 00 04 04 2";         // Code to detect movement (Alarm HOME ARMED (ON))
$validstringmovementAWAYarm   =   "0d a5 00 04 05 2";         // Code to detect movement (Alarm AWAY ARMED (ON))
$validstringopen         =   "0d a5 00 02";            // Code to detect Open/Close zone switch in ANY mode

$findpmaxalarmINIT         =    "CMMMON: Core -> 88 5 8 ff";   // Do NOT change - Alarm INIT (FOLLOW with delay)
$findpmaxalarmAWAY      =    "CMMMON: Core -> 88 5 1 ff";   // Do NOT change - Alarm AWAY
$findpmaxalarmHOME      =    "CMMMON: Core -> 88 5 2 ff";   // Do NOT change - ALarm HOME
$findpmaxalarmOFF         =    "CMMMON: Core -> 88 5 4 ff";   // Do NOT change - Alarm OFF
$findalarmcode            =   "CMM:";               // Do NOT change

$validstringuserINPUT         =   "0d a5 00 07 00 00";      // Control device command input by User (start INIT (follow) mode)

$validstringkpUSED         =   "0d a7 01 00 2f 5";      // Control device KeyPad Used
$validstringkpOFF         =   "0d a7 01 00 2f 55";      // Control device KeyPad OFF
$validstringkpHOME         =   "0d a7 01 00 2f 51";      // Control device KeyPad HOME
$validstringkpAWAY         =   "0d a7 01 00 2f 52";      // Control device KeyPad AWAY
$validstringkpHOMEQUICK      =   "0d a7 01 00 2f 53";      // Control device KeyPad HOME Quick mode (no code typed)
$validstringkpAWAYQUICK      =   "0d a7 01 00 2f 54";      // Control device KeyPad AWAY Quick mode (no code typed)

$validstringkfUSED         =   "0d a7 01 00 1f 5";      // Control device KeyFob Used
$validstringkfOFF         =   "0d a7 01 00 1f 55";      // Control device KeyFob OFF
$validstringkfHOME         =   "0d a7 01 00 1f 51";      // Control device KeyFob HOME
$validstringkfAWAY         =   "0d a7 01 00 1f 52 ";      // Control device KeyFob AWAY

$validstringpnUSED         =   "0d a7 01 00 00 5";      // Control device Panel or Remote-App Used
$validstringpnOFF         =   "0d a7 01 00 00 55";      // Control device Panel or Remote-App OFF
$validstringpnHOME         =   "0d a7 01 00 00 51";      // Control device Panel or Remote-App HOME
$validstringpnAWAY         =   "0d a7 01 00 00 52";      // Control device Panel or Remote-App AWAY
$validstringpnHOMEQUICK      =   "0d a7 01 00 00 53";      // Control device Panel or Remote-App HOME Quick mode (no code typed)
$validstringpnAWAYQUICK      =   "0d a7 01 00 00 54";      // Control device Panel or Remote-App AWAY Quick mode (no code typed)

$validstringpsysUSED         =   "0d a7 01 00 27 5";      // Control device PMAX System Panel Used
$validstringsysOFF         =   "0d a7 01 00 27 55";      // Control device PMAX System Pane OFF
$validstringsysHOME         =   "0d a7 01 00 27 51";      // Control device PMAX System Pane HOME
$validstringsysAWAY         =   "0d a7 01 00 27 52";      // Control device PMAX System Pane AWAY
$validstringsysHOMEQUICK      =   "0d a7 01 00 27 53";      // Control device PMAX System Pane HOME Quick mode (no code typed)
$validstringsysAWAYQUICK      =   "0d a7 01 00 27 54";      // Control device PMAX System Pane AWAY Quick mode (no code typed)

$validstringsysaccessmenu      =   "0d a5 00 04 08 41";      // Access to the menu on the Control Panel of the PMAX
$validstringsysaccesslogin      =   "0d a7 01 00 00 61";      // Sys Admin login on Powermax system
$validstringsysaccesslogout    =   "0d a7 01 00 00 60";      // Sys Admin logout on Powermax system

$validstringHOMEFOLLOW      =   "0d a5 00 04 01 41";      // Alarm HOME Armed - FOLLOW mode (x seconds) when arming
$validstringHOMEFOLLOWls   =   "0d a5 00 04 01 11";      // Alarm HOME - Last few seconds of follow mode when arming
$validstringHOME         =   "0d a5 00 04 04 41";      // Alarm HOME Armed

$validstringAWAYFOLLOW      =   "0d a5 00 04 02 41";      // Alarm AWAY Armed - FOLLOW mode (x seconds) when arming
$validstringAWAYFOLLOWls   =   "0d a5 00 04 02 11";      // Alarm AWAY - Last few seconds of follow mode when arming
$validstringAWAY         =   "0d a5 00 04 05 41";      // Alarm AWAY Armed

$validstringWALKOUTFOLLOWop   =   "0d a5 00 04 02 60";      // Zone open when in follow mode (ues, this is right) walkout
$validstringWALKOUTFOLLOWcl   =   "0d a5 00 04 02 61";      // Zone closed when in follow mode (ues, this is right) walkout

$validstringWALKINFOLLOWop   =   "0d a5 00 04 03 60";      // Zone open when in follow mode (ues, this is right) walkin (triggers follow)
$validstringWALKINFOLLOWcl   =   "0d a5 00 04 03 61";      // Zone closed when in follow mode (ues, this is right) walkin
$validstringWALKINFOLLOWls   =   "0d a5 00 04 03 2";      // Follow on entering follow zone - last few seconds (seems to be true)
$validstringWALKINFOLLOWls2    =   "0d a5 00 04 03 1";      // Follow on entering follow zone - last few seconds  (seems to be true)
$validstringWALKINALARM      =   "0d a5 00 04 05 60";      // Follow delay not met. Alarm event set for follow mode (when in AWAY mode)

$validstringOFF            =   "0d a5 00 04 00 4";      // Alarm OFF Disarmed, regardless errors
$validstringOFFNOERRORS      =   "0d a5 00 04 00 41";      // Alarm OFF Disarmed with no errors
$validstringNOTREADY      =   "0d a5 00 04 00 40";      // Alarm OFF - Not Ready to Arm - Zones Open or Malfunction
$validstringOFFMEM         =   "0d a5 00 04 00 43";      // Alarm OFF - Alarm message in memory
$validstringOFFMEMNOTREADY   =   "0d a5 00 04 00 42";      // Alarm OFF - Not ready AND Alarm message in memory

$validstringHOMEALARM      =   "0d a5 00 04 04 0";      // Alarm ACTIVATED in HOME mode
$validstringHOMEALARMzone   =   "0d a5 00 04 04 03";      // Alarm ACTIVATED in ZONE in HOME mode?
$validstringHOMEALARMopen   =   "0d a5 00 04 04 02";      // Alarm ACTIVATED in SWITCH in HOME mode?

$validstringAWAYALARM      =   "0d a5 00 04 05 0";      // Alarm ACTIVATED in AWAY mode
$validstringAWAYALARMzone   =   "0d a5 00 04 05 03";      // Alarm ACTIVATED in ZONE in AWAY mode?
$validstringAWAYALARMopen   =   "0d a5 00 04 05 02";      // Alarm ACTIVATED in SWITCH in AWAY mode?

$validstringsireneAWAYon      =   "0d a7 01 00 03 02";      // Siren ON in AWAY mode?
$validstringsireneAWAYoff      =   "0d a7 01 00 00 1c";      // Siren OFF in AWAY mode. Yes, looks likes this is valid
$sirenon               =   "0d a7 01 00 01 03";      // Siren ON in AWAY when breaching the FOLLOW time?
$sirenon1               =   "0d a7 01 00 02 02";      // Needs more analysis ??
$sirenon2               =   "0d a7 01 00 04 02";      // Needs more analysis ??

$placknowledgestringrt      =   "0d 02 43 ba 0a";      // Acknowledge (15)  message from Powermax to Powerlink
$placknowledgestring2rt      =    "0d 02 fd 0a";         // Acknowledge (4)  message from Powermax to Powerlink
$placknowledgestring3rt      =    "0d 08 f7 0a";         // Login (enroll) to pmax denied (?)  message from Powermax to Powerlink

Let me know if you found out other sensor/event codes when you (ever) dig into this.

Oh, and by the way. As My PowermaxPlus does not have firmware F or higher, I could NOT enroll my Powerlink-1 to the Powermax.... This did drive me to make my own App because (despite the fact I could not enroll the powerlink to the powermax) I can still control X10 and the Alarm and read (from the log) all activities (sensor, alarm, x10, etc). A nice security bug of Visonic which I made use of ;)
HadePee
Starting Member
Starting Member
 
Posts: 4
Joined: January 2011

Re: Visonic Powerlink2 Hacked

Postby Digit » Fri Mar 04, 2011 9:09 pm

Too bad the Powerlink2 only seems to work in some cases...
I did some more fun stuff with the Powerlink2 earlier this week by using the web interface to monitor the status of the Control Panel:
http://blog.hekkers.net/2011/03/04/more ... nk2-stuff/
I have a Powermax+ myself, so the chance of buying a Powerlink myself is getting higher and higher each minute I play with these toys :lol:
User avatar
Digit
Global Moderator
Global Moderator
 
Posts: 3388
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby Bwired » Fri Mar 04, 2011 11:50 pm

Powerlink2 is working if you have the latest version of the Powermax Pro, old Plus versions are bound to have problems.
User avatar
Bwired
Administrator
Administrator
 
Posts: 5301
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby hadyos » Mon Mar 07, 2011 2:43 pm

Bwired

Could you please check and inform what firmware version you have in your Powermax Pro so we could know what do you mean
when you type "latest version of the Powermax Pro"

Thanks,
Yossi.
hadyos
Starting Member
Starting Member
 
Posts: 30
Joined: November 2008
Location: Israel

Re: Visonic Powerlink2 Hacked

Postby Bwired » Tue Mar 08, 2011 1:47 pm

If i get my powermax and powerlink2 back i will do that, both are on a hackerstrip right now :D
User avatar
Bwired
Administrator
Administrator
 
Posts: 5301
Joined: March 2006
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby olof » Tue Mar 08, 2011 2:43 pm

Perhaps a difficult question to answer, but is it safe to assume that all this great Powerlink2 hack info is also relevant for the Powermax 'Complete' version?

I'm about to purchase an Complete (from UK supplier) w/ Powerlink2. As the Powerlink2 is officially designed for Visonic's Complete and Express versions, I figure it should work.

Thanks in advance for any info

Olof
olof
Member
Member
 
Posts: 280
Joined: August 2010
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Postby Digit » Tue Mar 08, 2011 2:44 pm

Check your spelling, Pieter :lol:
User avatar
Digit
Global Moderator
Global Moderator
 
Posts: 3388
Joined: March 2006
Location: Netherlands

PreviousNext

Return to Visonic Alarm systems

Who is online

Users browsing this forum: No registered users and 1 guest