Wired/Wireless Alarm Systems

I'm looking for the communication protocol used between alarm central stations and their keypads. Are these available, and if so, where would I go to look?

Also, is information available on "wireless" alarm systems? E.g., how wireless door alarms, PIRs, etc. transmit data to the central receiver.

Any information would be helpful, specifications, licensing info, etc. I want to modify a product to communicate with these devices.

Reply to
James Dabbs
Loading thread data ...

You can find information of public record in the FCC grant for the product in question. Anything beyond that will require industrial espionage or reverse-engineering.

Reply to
larwe

"James Dabbs" Wrote:-

You will not find the keypad to panel protocol for any professional commercial alarm system and I doubt any other either. If the protocol was freely available you would be able to create a keystroke logger by attaching a dodgy device to the data bus, log the access keys and hence be able to disarm and gain free access to the property.

You could of course scope the bus and see if a valid fixed baud rate is apparent and attempt to go from there. Depending on system complexity this could be near impossible and at least very time consuming.

As to how wireless detectors etc. communicate to the alarm panel this may or mat not be available, but you may still hit a brick wall (depending on the grade of system you use) in that all communication will be encrypted in some way to stop record & playback and brute force attacks on the system.

I have never seen (even really cheap do-it-your-self systems) wireless systems without encryption & rolling code employed.

Jim

Reply to
Jim

In article , James Dabbs writes

It depends where you are in the world or more to the point which country the system is used in or made in.

You might find that doing so invalidates your warranty, insurance etc etc It might also make it illegal depending where in the world you are.

Some places may only license it for use in a particular way. Changing it could leave you open to all sorts of things.

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
 Click to see the full signature
Reply to
Chris Hills

Commercially available systems do NOT use encryption of any kind on sensors. It is not necessary. Think what happens when you burst open a door and break in: the sensor sends an alarm to the panel. If you then close the door, that sends a restore for that zone, but it doesn't cancel the alarm. So a record/playback attack is of no use.

Reply to
larwe

The concept sounds almost infintely stupid. That such a system can be disabled with some radio interference ?

Rene

--
Ing.Buero R.Tschaggelar - http://www.ibrtses.com
& commercial newsgroups - http://www.talkto.net
Reply to
Rene Tschaggelar

Wireless alarm systems are extremely popular and work very well indeed.

Reply to
larwe

receiver.

Indeed. Especially if you are a radio amateur working on 433MHz and transmit legally with 100W at the same frequency (somewhere between 433.800 and

434MHz, with the most-fun frequency of 433.995MHz). You simply key the mike and all surrounding alarms, garage door openers and car locks cease to work. How daft must one be to design such systems that operate in the middle of a hamradio band.

Meindert

Reply to
Meindert Sprang

This is a locale-specific thing, 433MHz is a European alarm zone.

868MHz is a more popular frequency for Euro products. And in the US you're looking at 315MHz, 345MHz, 900MHz or 2.4GHz.

More typically they do not "cease to work", they report an RF jamming event causing annoyance to the homeowner. It is surprisingly difficult to saturate the receiver.

I'm speaking there of alarm systems, which is where my experience lies

- garage door openers and car locks, I'm not sure about - they are not designed with the same range requirements as wireless alarm systems.

Reply to
larwe

I have demonstrated to many a salesperson just how easy it is to defete wireless alarm systems.

They may be conveniant, but that comes at a price!

P.S. Does not matter what frequency you put them on as you can easyly build your own TX.

Reply to
???

I design these systems professionally. My company and all that I have reviewed DO use encryption on all sensors. Think about it a little more and you'll realise why. Re-think your record playback scenario. Normally record playback attacks are only an issue on wireless keyfobs that can arm/disarm the system. However, there are zone types that are used to arm/disarm (shunt lock etc.). This type of zone is used commercially and needs encrption.

Jim

Reply to
Jim

Depends on security grade of the system involved. As Larwe as mentioned an RF Supervision event and subsequent RF jamming fault signals can be used to inform a user that the alarm system is being jammed. If someone tries to jam a panel in armed mode then it is possible on some panels to cause an alarm event. The feeling being that someone 'may' be trying to block any detector transmissions.

Of course each design will be different but if a particular standard is being met for a wireless system then this is usually taken care of.

Jim

Reply to
Jim

Right. I design these things professionally too, BTW :) Care to share what size of operation this is you work for? The three big names I can think of here in the US - I work for one of them - do not use encryption on sensors.

Reply to
larwe

Yep. I know you do. ;-)

See private email.

The three big names I can

We designed encryption in to make the system more secure for zone types that can disarm the system and I have seen encryption used on other equipment too. Looks like some panels are more secure than others.

Lets hope that James (original post) has an unencrypted panel. Or better still, has decided that the time and effort involved is too great. I know I wouldn't be able to find the spare time necessary to undertake such a task.

Jim

Reply to
Jim

And after a few weeks of such events without any other consequences, do you expect that anybody would pay attention to them ? Then one night during the blackout something else happens :-).

If the system works on any license free band, such as the ISM bands with other industrial and medical radiators (e.g. 2.45 GHz), it would be quite unlikely that the national telecommunication authorities would start to hunt for the jammer. In addition, locating a randomly transmitting transmitter in an urban environment is quite hard due to reflections.

Paul

Reply to
Paul Keinanen

Empirically I can tell you: millions of installed systems -> no appreciable problems.

Reply to
larwe

Oh there are consequences!. For example (and depending on the installers setup), the panel can be forced to not allow arm if certain faults exist. If the user decides to ignore the persistant fault noise, ignore the fact that the keypad is reporting a jamming fault, ignore the fact that the panel cannot arm, then hey, that user has already made the decision that they don't care if thet are burgled. At the end of the day the ownes is on the user. The alarm panel has done its job of informing the user that a problem has occurred and needs attention.

What, not a battery backed panel?. If theres a blackout then I guess the inteference cause will now not be operating. Guess the battery backed panel can now work even better. :-)

Jim

Reply to
Jim

You just proved my point. The user will eventually disable the "false" alarms and easily also ignore real alarms, if the system generates a lot of spurious alarms due to bad design. IMHO, to be dependable, an alarm system must generate far less false alarms than real alarms.

I was not referring to main failure.

In radio communication "blackout" usually refers to complete loss of communication, often on a large number of frequencies. One the radio link is once again jammed, but the event is ignored as a nuisance, then it is time for the bad guy to act.

My point is that the communication should not be easily jammable, e.g. use cables within the premises rather than radio technology.

Paul

Reply to
Paul Keinanen

Are you familiar with the UL clash tests for wireless security and fire safety appliances?

Wireless sensors are universally approved for use in, and sometimes the only practical choice for, both residential and commercial burglary and fire warning systems.

Reply to
larwe

Out of curiosity: what signal levels should a wireless alarm survive? I'm asking because I find it very hard to believe that such a system, whatever sophisticated modulation methods they use, will keep working if someone transmits a 50W modulated carrier within a few tens of meters of that system.

Meindert

Reply to
Meindert Sprang

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.