Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Using a raspberry pi to read an ademco bus
3,615 views
Skip to first unread message
Brendan Robert
Apr 5, 2013, 6:34:39 PM4/5/13
to
I was successful at turning a raspberry pi into an AKP (ademco key protocol) bus sniffer. It's a very rough hack but essentially I used an optocoupler hooked up to the data line (yellow) of the ademco and on the other side of the optocoupler I had it output to the GPIO14 (UART RX) pin. With minimal pain, I was able to set up ser2net and now I can open a telnet port and read everything on my alarm bus.
Only parts required were wire, breadboard, optocoupler, a few resistors as needed.
Hack the planet!
-B
Only parts required were wire, breadboard, optocoupler, a few resistors as needed.
Hack the planet!
-B
Unknown
Apr 11, 2013, 3:22:29 PM4/11/13
to
Brendan Robert
Apr 14, 2013, 10:25:17 PM4/14/13
to
Suffice to say, the Ademco keybus protocol used in various alarm systems sold by ADT is serial-based. With very minimal voltage conversion (step 12v dc down to 1.5v dc) you can hook up the data (yellow) to the RX pin on the raspberry pi and read the alarm as a serial device quite easily. This does not allow you to transmit on the alarm bus though because it is a 1 wire protocol with a second wire used to signal bus assertion and other such stuff (it's kind of an odd protocol really)
I used an optocoupler but you could probably also use a MAX or possibly even a straight-forward transistor circuit. My deal with the optocoupler is that I knew that the protocol is low-speed (4800bps, I think) and therefore an optocoupler is a sufficient choice and provides total isolation between the alarm and the pi.
-B
Jimmy Pop
May 11, 2013, 1:21:21 AM5/11/13
to
Knowing what type of alarm you have, and bypassing said alarm is not quite the same, anyone driving by that sees your yard sign or sticker in the window knows what alarm system you have.
I would be quite interested on the details you found on the bus protocol.
J
I would be quite interested on the details you found on the bus protocol.
J
Brendan Robert
May 12, 2013, 12:02:04 PM5/12/13
to
On Saturday, May 11, 2013 12:21:21 AM UTC-5, Jimmy Pop wrote:
> Knowing what type of alarm you have, and bypassing said alarm is not quite the same, anyone driving by that sees your yard sign or sticker in the window knows what alarm system you have.
>
Unless you leave the signs/stickers as-is and change out the hardware so you can hack your own system together... *ahem* ;-) ADT takes vendor boards and replaces the stock firmware with their own proprietary locked down stuff that basically cripples the hardware from utilizing its full potential until you pay their techs to come out and do another (expensive) firmware swap to get more features. They can go shove it.
> Knowing what type of alarm you have, and bypassing said alarm is not quite the same, anyone driving by that sees your yard sign or sticker in the window knows what alarm system you have.
>
>
>
> I would be quite interested on the details you found on the bus protocol.
>
>
>
> J
So... here's the code I've conjured up to sniff the bus written in Groovy. Basically all it does is read the telnet port for messages, but later I might add better handling to identify the different message types. I think that one dangerous thing about doing this hack is that you also see messages from the keypads -- making it trivial to sniff passwords.
/**
Derived from information found here:
https://github.com/markkimsal/homesecurity
http://www.diysecurityforum.com/index.php?topic=10480.0
http://www.google.com/patents?id=pzwWAAAAEBAJ&pg=PA6&source=gbs_selected_pages&cad=4#v=onepage&q&f=false
Hardware info:
You could do this for $88 and no work:
http://www.nutech.com/online-store/35.html
Or you could get a raspberry pi for $45 and an optocoupler for $1 and build the circuit in a few minutes. Nutech makes a great product. But $88 is too spendy for a hobby hack.
Loop 16 closed:
fd 3 2 1 6
Status message "DISARMED CHIME Hit * for faults.":
fd 0 0 17 10 8 0 c 28 2 0 0 20 44 49 53 41 52 4d 45 44 20 43 48 49 4d 45 20 48 69 74 20 2a 20 66 6f 72 20 66 61 75 6c 74 73 10
**/
def host = "???.???.???.???" // IP address not shown. :-D
def port = 4141
def requestSocket = new Socket(host, port)
requestSocket.setSoTimeout(100000)
r = new BufferedReader(new InputStreamReader(requestSocket.getInputStream()))
w = new BufferedWriter(new OutputStreamWriter(requestSocket.getOutputStream()))
def term = false
def zeroCounter = 0;
def counter = 5000;
def waiting = true;
def size = 0;
def expectedSize = -1;
def message = ""
def messageSize = [0x0FD : 13]
def messageType = 0;
while (! requestSocket.isClosed() ) {
def ch = r.read() & 0x0ff;
if (ch == 0) {
if (--zeroCounter <= 0) {
expectedSize = size;
}
} else {
zeroCounter = 10;
}
if (ch == 0 && size >= expectedSize) {
if (!waiting) {
println ""
println message + " (${size} bytes)"
}
messageType = 0;
message = ""
size = 0
expectedSize = -1
waiting = true
continue
}
if (waiting) {
waiting = false
messageType = ch;
expectedSize = messageSize[ch] ?: -1
}
if (size == 12 && messageType == 0x0FD) {
expectedSize += ch
}
print Integer.toHexString(ch) + " "
message += (ch >= ' ' && ch <= '~') ? (ch as char) : '.'
size++
}
singh.v...@gmail.com
Dec 23, 2015, 3:09:08 PM12/23/15
to
I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.
Brendan Robert
Dec 31, 2015, 11:51:32 PM12/31/15
to
On Wednesday, December 23, 2015 at 2:09:08 PM UTC-6, singh.v...@gmail.com wrote:
> I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.
At the moment, no. Right now my Pi is driving a rover around the living room. ;) L293D drivers interface well with the PiFace. :D
> I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.
-B
Andrew Gabriel
Jan 1, 2016, 4:25:13 PM1/1/16
to
In article <7d06dba6-d7e8-4c74...@googlegroups.com>,
Cytech Comfort. It's a combined alarm and home automation system in
its own right, but they publish details of the alarm's communication
protocol and provide RS232 or ethernet interface cards so you can
connect to it easily. You can do things like arm/disarm, pick up
movement sensors, command it to switch outputs, have it command you
to do something, see and log everything that happens, etc.
Obviously, this is not Pi specific. I was interfacing to their alarms
over 15 years ago from PCs, but a Pi is more than capable of doing that
now, at a power consumption that allows for battery backed operation
for many hours.
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
singh.v...@gmail.com writes:
> I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.
If you're looking for an alarm to interface to, you might check out
> I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.
Cytech Comfort. It's a combined alarm and home automation system in
its own right, but they publish details of the alarm's communication
protocol and provide RS232 or ethernet interface cards so you can
connect to it easily. You can do things like arm/disarm, pick up
movement sensors, command it to switch outputs, have it command you
to do something, see and log everything that happens, etc.
Obviously, this is not Pi specific. I was interfacing to their alarms
over 15 years ago from PCs, but a Pi is more than capable of doing that
now, at a power consumption that allows for battery backed operation
for many hours.
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
Alister
Jan 2, 2016, 5:41:08 AM1/2/16
to
so I did a quick goggle
This may be useful https://github.com/markkimsal/homesecurity
Sam Linton
May 17, 2021, 2:53:47 PM5/17/21
to
Nikolaj Lazic
May 17, 2021, 6:59:34 PM5/17/21
to
Dana Mon, 17 May 2021 11:53:46 -0700 (PDT), Sam Linton <mkyse...@gmail.com> napis'o:
More like RS485.
0 new messages