Visonic Powerlink2 Hacked

Forum about Visonic products like Powermax Plus and Powermax Pro

Moderators: Rene, Willem4ever

User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Post by Rene »

These are my version numbers en identification codes from both the panel hardware and software
powermax.jpg
powermax.jpg (15.55 KiB) Viewed 30510 times
Rene.
geert-jan
Member
Member
Posts: 126
Joined: Sat Nov 27, 2010 7:23 pm

Re: Visonic Powerlink2 Hacked

Post by geert-jan »

This thread looks quite promising. Currently I see that the alarm state can be changed (arm/disarm, etc). Is there any change that you also can trigger the alarm from e.g. homeseer?

One example: I have z-wave smoke-sensors. When smoke is detected the smoke sensors trigger Homeseer, and next Homeseer will switch on the lights in my house. However, I would like that Homeseer also triggers the alarm systems/flash light. If this feature is supported by the powerlink 2, I will certainly consider to purchase a Visonic alarm system with a powerlink2.

Regards,
Geert-Jan
hadyos
Starting Member
Starting Member
Posts: 30
Joined: Tue Nov 18, 2008 4:50 pm
Location: Israel

Re: Visonic Powerlink2 Hacked

Post by hadyos »

Hi,

Is the versions taken from the Remote Programmer software?

Yossi.
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Post by Rene »

The version info I posted was reported by the remote programmer software.
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Bwired »

geert-jan wrote:This thread looks quite promising. Currently I see that the alarm state can be changed (arm/disarm, etc). Is there any change that you also can trigger the alarm from e.g. homeseer? One example: I have z-wave smoke-sensors. When smoke is detected the smoke sensors trigger Homeseer, and next Homeseer will switch on the lights in my house. However, I would like that Homeseer also triggers the alarm systems/flash light. If this feature is supported by the powerlink 2, I will certainly consider to purchase a Visonic alarm system with a powerlink2.
I dont think its in there, the panic option would be good to use for this, but is also not in there I think :) (Or perhaps a hidden feature)
It is much smarter to use the Visonic smoke sensors, can be received in Homeseer and also by the Powermax, much more save!
http://www.bwired.nl Online Home, Domotica, Home Automation. Weblog. http://blog.bwired.nl
BlaDeBla
Starting Member
Starting Member
Posts: 11
Joined: Mon Feb 25, 2008 10:40 pm
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Post by BlaDeBla »

About the firmware, I bought a PowerMaxPro and PowerLink2 last month in the UK.
PowerLink is working fine except the alert (email/sms) function.

I have written an email to Visonic about this. I have mentioned that I -think- I need to register the PowerLink id in the web interface to make this work, but this fails ("PowerLink ID update failed.")

Visonic's answer:
"unfortunatly, I have to tell you, That is only usuable with panels Powerlink2 enforcement version 5.74. Please contact your retailer for Further Information."

Wasn't a very helpfull answer.
I've looked up the panel firmware in the installer menu and it says v5.2.54
The PowerLink2 modules says 'SW Version #:6.1.11' in the webinterface.
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Bwired »

Thats to be expected from Visonic, they dont have a clue about what they are selling.
I'm not sure if that is working on my powerlink2.
I will check it later as my powerlink2 is on a small trip right now :)
User avatar
Rene
Global Moderator
Global Moderator
Posts: 1689
Joined: Wed Oct 08, 2008 3:54 pm
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Post by Rene »

I am going to return mine to the vendor. I am done with it.
Rene.
HadePee
Starting Member
Starting Member
Posts: 4
Joined: Sat Jan 15, 2011 11:38 pm

Re: Visonic Powerlink2 Hacked

Post by HadePee »

For all of the above reasons, I stick to my PowerMax Plus with the External Powerlink-1, instead of upgrading to the Powermax Pro with Powerlink-2.

My current configuration is hackable and, with that, you can make your own application in order to read all the zone activities from the logfile (realtime) or to (dis)arm the alarm.

In fact, the App that I wrote is smarter than the Powermax Plus with much more features like email alerts and SMS. And, it's tuned to run on the iPhone :)

Also, you don't need Homeseer or what so ever. With your own app connected to the Powermax, you can control and read the sensors, alarm and.., all of your X10 devices.

Cost of investment: A Powermax Plus (goes for 125 euro, including shipping from the UK), a Powerlink-1 (goes for 199 EUR at waakzaamwonen.nl), and an (always on) apache/sql server (PC) within your own local lan and that's it.

For those who manage to get in to the Powerlink (version 1 or 2) to read the log file for the sensor, x10 and alarm activities (as input to your own App), here's what I figured out so far:

Code: Select all

$validstringmovement		=	"0d a5 00 04 00 2";			// Code to detect movement (Alarm DISARMED (OFF))
$validstringmovementHOMEarm	=	"0d a5 00 04 04 2";			// Code to detect movement (Alarm HOME ARMED (ON))
$validstringmovementAWAYarm	=	"0d a5 00 04 05 2";			// Code to detect movement (Alarm AWAY ARMED (ON))
$validstringopen			=	"0d a5 00 02";				// Code to detect Open/Close zone switch in ANY mode

$findpmaxalarmINIT			= 	"CMMMON: Core -> 88 5 8 ff";	// Do NOT change - Alarm INIT (FOLLOW with delay)
$findpmaxalarmAWAY		= 	"CMMMON: Core -> 88 5 1 ff";	// Do NOT change - Alarm AWAY
$findpmaxalarmHOME		= 	"CMMMON: Core -> 88 5 2 ff";	// Do NOT change - ALarm HOME
$findpmaxalarmOFF			= 	"CMMMON: Core -> 88 5 4 ff";	// Do NOT change - Alarm OFF
$findalarmcode				=	"CMM:";					// Do NOT change

$validstringuserINPUT			=	"0d a5 00 07 00 00";		// Control device command input by User (start INIT (follow) mode)

$validstringkpUSED			=	"0d a7 01 00 2f 5";		// Control device KeyPad Used
$validstringkpOFF			=	"0d a7 01 00 2f 55";		// Control device KeyPad OFF
$validstringkpHOME			=	"0d a7 01 00 2f 51";		// Control device KeyPad HOME
$validstringkpAWAY			=	"0d a7 01 00 2f 52";		// Control device KeyPad AWAY
$validstringkpHOMEQUICK		=	"0d a7 01 00 2f 53";		// Control device KeyPad HOME Quick mode (no code typed)
$validstringkpAWAYQUICK		=	"0d a7 01 00 2f 54";		// Control device KeyPad AWAY Quick mode (no code typed)

$validstringkfUSED			=	"0d a7 01 00 1f 5";		// Control device KeyFob Used
$validstringkfOFF			=	"0d a7 01 00 1f 55";		// Control device KeyFob OFF
$validstringkfHOME			=	"0d a7 01 00 1f 51";		// Control device KeyFob HOME
$validstringkfAWAY			=	"0d a7 01 00 1f 52 ";		// Control device KeyFob AWAY

$validstringpnUSED			=	"0d a7 01 00 00 5";		// Control device Panel or Remote-App Used
$validstringpnOFF			=	"0d a7 01 00 00 55";		// Control device Panel or Remote-App OFF
$validstringpnHOME			=	"0d a7 01 00 00 51";		// Control device Panel or Remote-App HOME
$validstringpnAWAY			=	"0d a7 01 00 00 52";		// Control device Panel or Remote-App AWAY
$validstringpnHOMEQUICK		=	"0d a7 01 00 00 53";		// Control device Panel or Remote-App HOME Quick mode (no code typed)
$validstringpnAWAYQUICK		=	"0d a7 01 00 00 54";		// Control device Panel or Remote-App AWAY Quick mode (no code typed)

$validstringpsysUSED			=	"0d a7 01 00 27 5";		// Control device PMAX System Panel Used
$validstringsysOFF			=	"0d a7 01 00 27 55";		// Control device PMAX System Pane OFF
$validstringsysHOME			=	"0d a7 01 00 27 51";		// Control device PMAX System Pane HOME
$validstringsysAWAY			=	"0d a7 01 00 27 52";		// Control device PMAX System Pane AWAY
$validstringsysHOMEQUICK		=	"0d a7 01 00 27 53";		// Control device PMAX System Pane HOME Quick mode (no code typed)
$validstringsysAWAYQUICK		=	"0d a7 01 00 27 54";		// Control device PMAX System Pane AWAY Quick mode (no code typed)

$validstringsysaccessmenu		=	"0d a5 00 04 08 41";		// Access to the menu on the Control Panel of the PMAX
$validstringsysaccesslogin		=	"0d a7 01 00 00 61";		// Sys Admin login on Powermax system
$validstringsysaccesslogout 	=	"0d a7 01 00 00 60";		// Sys Admin logout on Powermax system

$validstringHOMEFOLLOW		=	"0d a5 00 04 01 41";		// Alarm HOME Armed - FOLLOW mode (x seconds) when arming
$validstringHOMEFOLLOWls	=	"0d a5 00 04 01 11";		// Alarm HOME - Last few seconds of follow mode when arming
$validstringHOME			=	"0d a5 00 04 04 41";		// Alarm HOME Armed

$validstringAWAYFOLLOW		=	"0d a5 00 04 02 41";		// Alarm AWAY Armed - FOLLOW mode (x seconds) when arming
$validstringAWAYFOLLOWls	=	"0d a5 00 04 02 11";		// Alarm AWAY - Last few seconds of follow mode when arming
$validstringAWAY			=	"0d a5 00 04 05 41";		// Alarm AWAY Armed

$validstringWALKOUTFOLLOWop	=	"0d a5 00 04 02 60";		// Zone open when in follow mode (ues, this is right) walkout
$validstringWALKOUTFOLLOWcl	=	"0d a5 00 04 02 61";		// Zone closed when in follow mode (ues, this is right) walkout

$validstringWALKINFOLLOWop	=	"0d a5 00 04 03 60";		// Zone open when in follow mode (ues, this is right) walkin (triggers follow)
$validstringWALKINFOLLOWcl	=	"0d a5 00 04 03 61";		// Zone closed when in follow mode (ues, this is right) walkin
$validstringWALKINFOLLOWls	=	"0d a5 00 04 03 2";		// Follow on entering follow zone - last few seconds (seems to be true)
$validstringWALKINFOLLOWls2 	=	"0d a5 00 04 03 1";		// Follow on entering follow zone - last few seconds  (seems to be true)
$validstringWALKINALARM		=	"0d a5 00 04 05 60";		// Follow delay not met. Alarm event set for follow mode (when in AWAY mode)

$validstringOFF				=	"0d a5 00 04 00 4";		// Alarm OFF Disarmed, regardless errors
$validstringOFFNOERRORS		=	"0d a5 00 04 00 41";		// Alarm OFF Disarmed with no errors
$validstringNOTREADY		=	"0d a5 00 04 00 40";		// Alarm OFF - Not Ready to Arm - Zones Open or Malfunction
$validstringOFFMEM			=	"0d a5 00 04 00 43";		// Alarm OFF - Alarm message in memory
$validstringOFFMEMNOTREADY	=	"0d a5 00 04 00 42";		// Alarm OFF - Not ready AND Alarm message in memory

$validstringHOMEALARM		=	"0d a5 00 04 04 0";		// Alarm ACTIVATED in HOME mode
$validstringHOMEALARMzone	=	"0d a5 00 04 04 03";		// Alarm ACTIVATED in ZONE in HOME mode?
$validstringHOMEALARMopen	=	"0d a5 00 04 04 02";		// Alarm ACTIVATED in SWITCH in HOME mode?

$validstringAWAYALARM		=	"0d a5 00 04 05 0";		// Alarm ACTIVATED in AWAY mode
$validstringAWAYALARMzone	=	"0d a5 00 04 05 03";		// Alarm ACTIVATED in ZONE in AWAY mode?
$validstringAWAYALARMopen	=	"0d a5 00 04 05 02";		// Alarm ACTIVATED in SWITCH in AWAY mode?

$validstringsireneAWAYon		=	"0d a7 01 00 03 02";		// Siren ON in AWAY mode?
$validstringsireneAWAYoff		=	"0d a7 01 00 00 1c";		// Siren OFF in AWAY mode. Yes, looks likes this is valid
$sirenon					=	"0d a7 01 00 01 03";		// Siren ON in AWAY when breaching the FOLLOW time?
$sirenon1					=	"0d a7 01 00 02 02";		// Needs more analysis ??
$sirenon2					=	"0d a7 01 00 04 02";		// Needs more analysis ??

$placknowledgestringrt		=	"0d 02 43 ba 0a";		// Acknowledge (15)  message from Powermax to Powerlink
$placknowledgestring2rt		= 	"0d 02 fd 0a";			// Acknowledge (4)  message from Powermax to Powerlink
$placknowledgestring3rt		= 	"0d 08 f7 0a";			// Login (enroll) to pmax denied (?)  message from Powermax to Powerlink
Let me know if you found out other sensor/event codes when you (ever) dig into this.

Oh, and by the way. As My PowermaxPlus does not have firmware F or higher, I could NOT enroll my Powerlink-1 to the Powermax.... This did drive me to make my own App because (despite the fact I could not enroll the powerlink to the powermax) I can still control X10 and the Alarm and read (from the log) all activities (sensor, alarm, x10, etc). A nice security bug of Visonic which I made use of ;)
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Digit »

Too bad the Powerlink2 only seems to work in some cases...
I did some more fun stuff with the Powerlink2 earlier this week by using the web interface to monitor the status of the Control Panel:
http://blog.hekkers.net/2011/03/04/more ... nk2-stuff/
I have a Powermax+ myself, so the chance of buying a Powerlink myself is getting higher and higher each minute I play with these toys :lol:
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Bwired »

Powerlink2 is working if you have the latest version of the Powermax Pro, old Plus versions are bound to have problems.
hadyos
Starting Member
Starting Member
Posts: 30
Joined: Tue Nov 18, 2008 4:50 pm
Location: Israel

Re: Visonic Powerlink2 Hacked

Post by hadyos »

Bwired

Could you please check and inform what firmware version you have in your Powermax Pro so we could know what do you mean
when you type "latest version of the Powermax Pro"

Thanks,
Yossi.
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Bwired »

If i get my powermax and powerlink2 back i will do that, both are on a hackerstrip right now :D
olof
Member
Member
Posts: 281
Joined: Tue Aug 17, 2010 10:00 pm
Location: Netherlands

Re: Visonic Powerlink2 Hacked

Post by olof »

Perhaps a difficult question to answer, but is it safe to assume that all this great Powerlink2 hack info is also relevant for the Powermax 'Complete' version?

I'm about to purchase an Complete (from UK supplier) w/ Powerlink2. As the Powerlink2 is officially designed for Visonic's Complete and Express versions, I figure it should work.

Thanks in advance for any info

Olof
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

Re: Visonic Powerlink2 Hacked

Post by Digit »

Check your spelling, Pieter :lol:
Post Reply

Return to “Visonic Alarm systems”