Using a raspberry pi to read an ademco bus

I was successful at turning a raspberry pi into an AKP (ademco key protocol ) bus sniffer. It's a very rough hack but essentially I used an optocouple r hooked up to the data line (yellow) of the ademco and on the other side o f the optocoupler I had it output to the GPIO14 (UART RX) pin. With minima l pain, I was able to set up ser2net and now I can open a telnet port and r ead everything on my alarm bus.

Only parts required were wire, breadboard, optocoupler, a few resistors as needed.

Hack the planet!

-B

Reply to
Brendan Robert
Loading thread data ...

Can't you publish the details?

Reply to
Unknown

n
e
n

Oh, I don't mind doing so. I originally wanted to make a big article about it for hackaday as I love posting there. But then I realized it might be categorically stupid to announce to the world what kind of alarm system I u se in my home.

Suffice to say, the Ademco keybus protocol used in various alarm systems so ld by ADT is serial-based. With very minimal voltage conversion (step 12v dc down to 1.5v dc) you can hook up the data (yellow) to the RX pin on the raspberry pi and read the alarm as a serial device quite easily. This does not allow you to transmit on the alarm bus though because it is a 1 wire p rotocol with a second wire used to signal bus assertion and other such stuf f (it's kind of an odd protocol really)

I used an optocoupler but you could probably also use a MAX or possibly eve n a straight-forward transistor circuit. My deal with the optocoupler is t hat I knew that the protocol is low-speed (4800bps, I think) and therefore an optocoupler is a sufficient choice and provides total isolation between the alarm and the pi.

-B

Reply to
Brendan Robert

Knowing what type of alarm you have, and bypassing said alarm is not quite the same, anyone driving by that sees your yard sign or sticker in the window knows what alarm system you have.

I would be quite interested on the details you found on the bus protocol.

J
Reply to
Jimmy Pop

e the same, anyone driving by that sees your yard sign or sticker in the wi ndow knows what alarm system you have.

Unless you leave the signs/stickers as-is and change out the hardware so yo u can hack your own system together... *ahem* ;-) ADT takes vendor board s and replaces the stock firmware with their own proprietary locked down st uff that basically cripples the hardware from utilizing its full potential until you pay their techs to come out and do another (expensive) firmware s wap to get more features. They can go shove it.

The bus protocol is pretty well-documented since the ademco keybus protocol was used in several different systems. I should caveat that I can *mostly

  • read it because it is a one-wire data line and there is another wire pull ed high by devices when they want to assert that they are transmitting, and other times works more like a clock line. I don't read that line, just t he data wire. And as such transmitting on the bus from the Pi is not possi ble unless I get a lot more clever beyond using resistors and a optocoupler . :-D

So... here's the code I've conjured up to sniff the bus written in Groovy. Basically all it does is read the telnet port for messages, but later I mi ght add better handling to identify the different message types. I think t hat one dangerous thing about doing this hack is that you also see messages from the keypads -- making it trivial to sniff passwords.

/** Derived from information found here:

formatting link
formatting link
formatting link

Hardware info: You could do this for $88 and no work:

formatting link

Or you could get a raspberry pi for $45 and an optocoupler for $1 and buil d the circuit in a few minutes. Nutech makes a great product. But $88 is too spendy for a hobby hack.

Loop 16 closed: fd 3 2 1 6 Status message "DISARMED CHIME Hit * for faults.": fd 0 0 17 10 8 0 c 28 2 0 0 20 44 49 53 41 52 4d 45 44 20 43 48 49 4d 45

20 48 69 74 20 2a 20 66 6f 72 20 66 61 75 6c 74 73 10 **/

def host = "???.???.???.???" // IP address not shown. :-D def port = 4141 def requestSocket = new Socket(host, port)

requestSocket.setSoTimeout(100000) r = new BufferedReader(new InputStreamReader(requestSocket.getInputStream ())) w = new BufferedWriter(new OutputStreamWriter(requestSocket.getOutputStre am()))

def term = false def zeroCounter = 0; def counter = 5000; def waiting = true; def size = 0; def expectedSize = -1; def message = "" def messageSize = [0x0FD : 13] def messageType = 0;

while (! requestSocket.isClosed() ) { def ch = r.read() & 0x0ff; if (ch == 0) { if (--zeroCounter = expectedSize) { if (!waiting) { println "" println message + " (${size} bytes)" } messageType = 0; message = "" size = 0 expectedSize = -1 waiting = true continue } if (waiting) { waiting = false messageType = ch; expectedSize = messageSize[ch] ?: -1 } if (size == 12 && messageType == 0x0FD) { expectedSize += ch } print Integer.toHexString(ch) + " " message += (ch >= ' ' && ch

Reply to
Brendan Robert

I was wondering if you proceeded any further with this. Maybe arm/disarm the system using the Pi.

Reply to
singh.vineet85

At the moment, no. Right now my Pi is driving a rover around the living room. ;) L293D drivers interface well with the PiFace. :D

-B

Reply to
Brendan Robert

If you're looking for an alarm to interface to, you might check out Cytech Comfort. It's a combined alarm and home automation system in its own right, but they publish details of the alarm's communication protocol and provide RS232 or ethernet interface cards so you can connect to it easily. You can do things like arm/disarm, pick up movement sensors, command it to switch outputs, have it command you to do something, see and log everything that happens, etc.

Obviously, this is not Pi specific. I was interfacing to their alarms over 15 years ago from PCs, but a Pi is more than capable of doing that now, at a power consumption that allows for battery backed operation for many hours.

--
Andrew Gabriel 
[email address is not usable -- followup in the newsgroup]
Reply to
Andrew Gabriel

I am always interested in different communications shardware protocols so I did a quick goggle

This may be useful

formatting link

Reply to
Alister

an

the

en

rs

t it for hackaday as I love posting there. But then I realized it might be categorically stupid to announce to the world what kind of alarm system I u se in my home.

sold by ADT is serial-based. With very minimal voltage conversion (step 12v dc down to 1.5v dc) you can hook up the data (yellow) to the RX pin on the raspberry pi and read the alarm as a serial device quite easily. This does not allow you to transmit on the alarm bus though because it is a 1 wire p rotocol with a second wire used to signal bus assertion and other such stuf f (it's kind of an odd protocol really)

ven a straight-forward transistor circuit. My deal with the optocoupler is that I knew that the protocol is low-speed (4800bps, I think) and therefore an optocoupler is a sufficient choice and provides total isolation between the alarm and the pi.

Like RS232?

Reply to
Sam Linton

More like RS485.

Reply to
Nikolaj Lazic

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.