Visonic Powerlink2 Hacked
Posted: Mon Feb 21, 2011 5:07 pm
You all know that I recently bought a Visonic Powerlink2 with the reason to conect it to my domoticasystem.
You can see the earlier postings about it here
http://www.domoticaforum.eu/viewtopic.php?f=22&t=5624
Together with Digit (he did most of the work) we mananged to find a way to control the basic Powermax Pro functions via the Powerlink 2
Functions Like Arm Home-Away and Disarm bij sending a HTTP request the Powerlink.
POST .../mobile/login/index/?JsHttpRequest=12982287732070-xml HTTP/1.1
Accept: */*
Accept-Language: nl
Referer: http://xxx.xxx.xxx.200/mobile/login/index/
Content-Type: application/octet-stream
Accept-Encoding: gzip, deflate
User-Agent: blabla
Host: xxx.xxx.xxx.200
Content-Length: 42
Connection: Keep-Alive
Pragma: no-cache
Cookie: PowerLink=077d58c208ef9aaef1fe8d464015d929; mobile=e6efb2eae139ca6fe327b603d6c23e76
login=admin&password=admin&time=1298228773
Look at the username and password being sent to the Powerlink2, unencrypted and no HTTPS possible?
Visonic is not doing a nice job on this one!
Good for us though, soon more on the powerlink protocol and now a way to control the Powermax Pro will be available.
For more details check:
Digits Blog:
blog.hekkers.net/2011/02/21/controlling ... owerlink2/
Bwired Blog:
http://www.bwired.nl/weblog.asp?id=415
You can see the earlier postings about it here
http://www.domoticaforum.eu/viewtopic.php?f=22&t=5624
Together with Digit (he did most of the work) we mananged to find a way to control the basic Powermax Pro functions via the Powerlink 2
Functions Like Arm Home-Away and Disarm bij sending a HTTP request the Powerlink.
POST .../mobile/login/index/?JsHttpRequest=12982287732070-xml HTTP/1.1
Accept: */*
Accept-Language: nl
Referer: http://xxx.xxx.xxx.200/mobile/login/index/
Content-Type: application/octet-stream
Accept-Encoding: gzip, deflate
User-Agent: blabla
Host: xxx.xxx.xxx.200
Content-Length: 42
Connection: Keep-Alive
Pragma: no-cache
Cookie: PowerLink=077d58c208ef9aaef1fe8d464015d929; mobile=e6efb2eae139ca6fe327b603d6c23e76
login=admin&password=admin&time=1298228773
Look at the username and password being sent to the Powerlink2, unencrypted and no HTTPS possible?
Visonic is not doing a nice job on this one!
Good for us though, soon more on the powerlink protocol and now a way to control the Powermax Pro will be available.
For more details check:
Digits Blog:
blog.hekkers.net/2011/02/21/controlling ... owerlink2/
Bwired Blog:
http://www.bwired.nl/weblog.asp?id=415