Hi everyone,
I'm writing a PC application to communicate with the Apex 6100 Destiny
security panel over the optional RS232 port.
So far it does most of what I want it to (arm/disarm, poll the zone
states). I learned how to set register 0155 to 9 to enable the
communications.
However, I don't know how to enable the 'System Notification Messages'
to the RS232 port. These are basically the asynchronus events
reporting, that don't require polling via the "zs" command.
The RS232 instructions say "See the Communicator Options section in
the installation manual." Well I have been over and over the
installation manual and it just doesn't seem to be in there.
I tried setting bit 5 in register 0155 (the '32') and it started
spewing out a string of 18-character messages, but they weren't in the
correct format.
I called the tech support line and basically got an answering message
that said "ask someone else or search the Internet." Grr.
Now, surely SOMEONE out there knows how to do this..?
Thanks,
Matt
|
|
0
|
|
|
|
Reply
|
 matt
|
9/23/2003 1:37:24 PM |
|
Hi Matt,
I'm not 100% positive of this but ISTR someone said the EEPROM data is
stored in "little endian" but the message strings are "big endian." I ran
into the same thing in designing a download app for fire alarm panels.
Regards,
Robert
=============================>
Bass Home Electronics, Inc
2291 Pine View Circle
Sarasota � Florida � 34231
877-722-8900 Sales & Tech Support
941-925-9747 Fax
941-232-0791 Wireless
Nextel Private ID - 161*21755*1
http://www.bass-home.com
=============================>
> I'm writing a PC application to communicate with the Apex 6100 Destiny
> security panel over the optional RS232 port.
>
> So far it does most of what I want it to (arm/disarm, poll the zone
> states). I learned how to set register 0155 to 9 to enable the
> communications.
>
> However, I don't know how to enable the 'System Notification Messages'
> to the RS232 port. These are basically the asynchronus events
> reporting, that don't require polling via the "zs" command.
>
> The RS232 instructions say "See the Communicator Options section in
> the installation manual." Well I have been over and over the
> installation manual and it just doesn't seem to be in there.
>
> I tried setting bit 5 in register 0155 (the '32') and it started
> spewing out a string of 18-character messages, but they weren't in the
> correct format.
>
> I called the tech support line and basically got an answering message
> that said "ask someone else or search the Internet." Grr.
>
> Now, surely SOMEONE out there knows how to do this..?
|
|
|
0
|
|
|
|
Reply
|
Robert
|
9/23/2003 11:04:55 PM
|
|
Matt wrote:
> Hi everyone,
>
> I'm writing a PC application to communicate with the Apex 6100 Destiny
> security panel over the optional RS232 port.
Wow! the computer can disarm your house alarm system.
Is it only me that that scares the crap out of?
I understand "ARM", I absolutely understand "state of zones"
and would love it to tell ME when 'back door has opened'
(useful when alarm is off and you just want to know that
someone or you has come in for non-security reasons).
But "disarm" just begs me to
1) access your computer or
2) tap into that easy unauthenticated signal...
....
> I called the tech support line and basically got an answering message
> that said "ask someone else or search the Internet." Grr.
I love this. "You have the internet, we no longer need to pay support
folks"
> Now, surely SOMEONE out there knows how to do this.
|
|
|
0
|
|
|
|
Reply
|
Chuck
|
9/24/2003 5:31:09 AM
|
|
>> I'm writing a PC application to communicate with the
>> Apex 6100 Destiny security panel over the optional
>> RS232 port.
>
> Wow! the computer can disarm your house alarm system.
> Is it only me that that scares the crap out of?
If the app has sufficient protection this may not be as scary as it seems.
Use a non-obvious username and password. Use SSL. Limit access to a
specific IP address if possible. With a little planning the control can be
as secure as the on premises system (most of which aren't that secure
anyway).
> But "disarm" just begs me to
> 1) access your computer or
> 2) tap into that easy unauthenticated signal...
Hopefully you will resist the temptation.
>> I called the tech support line and basically got an
>> answering message that said "ask someone else
>> or search the Internet." Grr.
>
> I love this. "You have the internet, we no longer
> need to pay support folks"
Apex is part of Ademco. Poor support is a given.
Regards,
Robert
=============================>
Bass Home Electronics, Inc
2291 Pine View Circle
Sarasota � Florida � 34231
877-722-8900 Sales & Tech Support
941-925-9747 Fax
941-232-0791 Wireless
Nextel Private ID - 161*21755*1
http://www.bass-home.com
=============================>
|
|
|
0
|
|
|
|
Reply
|
Robert
|
9/24/2003 4:31:33 PM
|
|
OK, I figured it out. Stupid incomplete manual.
You have to set bit 4 (value 16) of the "Dialer Options" for each type
of event you want reported.
i.e. for zone open, set 0430 to 16. For zone close set 0431 to 16, or
"OR" the 16 with whatever values you want. Hopefully that will
benefit someone else.
I found it in the manual for the 6100AN. Turns out to be the same.
As for the safety of the computer, the computer will be inside the
house. And in many cases, it will only be monitoring/recording zone
activity and won't necessarily be controlling it per se.
"Robert L. Bass" <robertlbass@comcast.net> wrote in message news:<rPKdnXnkC-BtW-yiRVn-gQ@giganews.com>...
> >> I'm writing a PC application to communicate with the
> >> Apex 6100 Destiny security panel over the optional
> >> RS232 port.
> >
> > Wow! the computer can disarm your house alarm system.
> > Is it only me that that scares the crap out of?
>
> If the app has sufficient protection this may not be as scary as it seems.
> Use a non-obvious username and password. Use SSL. Limit access to a
> specific IP address if possible. With a little planning the control can be
> as secure as the on premises system (most of which aren't that secure
> anyway).
>
> > But "disarm" just begs me to
> > 1) access your computer or
> > 2) tap into that easy unauthenticated signal...
>
> Hopefully you will resist the temptation.
>
> >> I called the tech support line and basically got an
> >> answering message that said "ask someone else
> >> or search the Internet." Grr.
> >
> > I love this. "You have the internet, we no longer
> > need to pay support folks"
>
> Apex is part of Ademco. Poor support is a given.
>
> Regards,
> Robert
>
> =============================>
> Bass Home Electronics, Inc
> 2291 Pine View Circle
> Sarasota � Florida � 34231
> 877-722-8900 Sales & Tech Support
> 941-925-9747 Fax
> 941-232-0791 Wireless
> Nextel Private ID - 161*21755*1
> http://www.bass-home.com
> =============================>
|
|
|
0
|
|
|
|
Reply
|
matt
|
9/24/2003 10:01:09 PM
|
|
"Robert L. Bass" <robertlbass@comcast.net> wrote in message
news:rPKdnXnkC-BtW-yiRVn-gQ@giganews.com...
>
> Apex is part of Ademco. Poor support is a given.
Then why "support" them, Robert?? Stick with Napco... ;-)
|
|
|
0
|
|
|
|
Reply
|
Frank
|
9/26/2003 4:45:41 AM
|
|
Robert L. Bass wrote:
>>>I'm writing a PC application to communicate with the
>>>Apex 6100 Destiny security panel over the optional
>>>RS232 port.
>>
>>Wow! the computer can disarm your house alarm system.
>>Is it only me that that scares the crap out of?
>
>
> If the app has sufficient protection this may not be as scary as it seems.
> Use a non-obvious username and password. Use SSL. Limit access to a
> specific IP address if possible. With a little planning the control can be
> as secure as the on premises system (most of which aren't that secure
> anyway).
I find that EXCESSIVELY rare. Mr Murphy is alive and well.
And a security system is just a perfect target.
It's not that computer systems aren't secure ... oh wait,
it IS.
While the security system is NOT, say, a dialysis machine, if
it's that important, then I want a gap between my general system
and my dedicated security system.
The most secure OS is one that's off.
Then next best way to secure a computer is with
a pair of wirecutters to outside connectivity.
If you MUST, don't USE a password. Use a single use passwd.
I have a little calculator. I connect and it says (say) "2456".
I type my PIN into a calc and that number and get "49815".
It lets me in.
Next time I connect, it gives me a different challenge.
I've cleaned up too many computer breakins where machines where
secure, except...
except where someone turned on VNC to reach it from over there
(and forgot to turn it off).
except where there was a security hole in something and they
missed it or, as with all holes, it was hit before the solution
(or even the problem) was known.
etc.
|
|
|
0
|
|
|
|
Reply
|
Chuck
|
9/26/2003 7:45:48 PM
|
|
Please describe the security problem with VNC. I presume you are
talking about
some kind of back door?
Chuck Y wrote:
>
>
> Robert L. Bass wrote:
>
>>>> I'm writing a PC application to communicate with the
>>>> Apex 6100 Destiny security panel over the optional
>>>> RS232 port.
>>>
>>>
>>> Wow! the computer can disarm your house alarm system.
>>> Is it only me that that scares the crap out of?
>>
>>
>>
>> If the app has sufficient protection this may not be as scary as it
>> seems.
>> Use a non-obvious username and password. Use SSL. Limit access to a
>> specific IP address if possible. With a little planning the control
>> can be
>> as secure as the on premises system (most of which aren't that secure
>> anyway).
>
>
> I find that EXCESSIVELY rare. Mr Murphy is alive and well.
> And a security system is just a perfect target.
>
> It's not that computer systems aren't secure ... oh wait,
> it IS.
>
> While the security system is NOT, say, a dialysis machine, if
> it's that important, then I want a gap between my general system
> and my dedicated security system.
>
> The most secure OS is one that's off.
> Then next best way to secure a computer is with
> a pair of wirecutters to outside connectivity.
>
> If you MUST, don't USE a password. Use a single use passwd.
> I have a little calculator. I connect and it says (say) "2456".
> I type my PIN into a calc and that number and get "49815".
> It lets me in.
> Next time I connect, it gives me a different challenge.
>
>
> I've cleaned up too many computer breakins where machines where
> secure, except...
>
> except where someone turned on VNC to reach it from over there
> (and forgot to turn it off).
>
> except where there was a security hole in something and they
> missed it or, as with all holes, it was hit before the solution
> (or even the problem) was known.
>
> etc.
>
|
|
|
0
|
|
|
|
Reply
|
Edward
|
9/27/2003 2:29:50 PM
|
|
Edward Cheung wrote:
> Please describe the security problem with VNC. I presume you are
> talking about
> some kind of back door?
No the problem was someone left a VNC server on on a machine.
Where a good guess got them the "head" of the machine.
And control of it.
My point being that ones you open up the security panel
to another device, you must be totally, and absolutely sure
that that other device, and the link between them, is 100%
secure. And if that device has a web server, you are betting
your security system's integrity that the web server is 100%
secure.
The chain gets longer (and weaker).
Add a little time, someone makes a mistake, installs something
handy that has an overflow, or perhaps has a back door (finding
"lurkware" in lots of software lately - things taht communicate
out - often to the vendor's home site. Spoof that site upstream
a bit and its talk to YOU.
segregation is critical for full security. I *really* don't
want my alarm able to be turned off remotely.
> Chuck Y wrote:
....
>>
>> I've cleaned up too many computer breakins where machines where
>> secure, except...
>>
>> except where someone turned on VNC to reach it from over there
>> (and forgot to turn it off).
>>
>> except where there was a security hole in something and they
>> missed it or, as with all holes, it was hit before the solution
>> (or even the problem) was known.
>>
>> etc.
>>
>
|
|
|
0
|
|
|
|
Reply
|
Chuck
|
9/30/2003 7:15:06 AM
|
|
> segregation is critical for full security. I *really* don't
> want my alarm able to be turned off remotely.
Just because the two are connected does not mean you have to allow the PC to
disarm the alarm. With most decent packages the end user or installer
decided how much, if any, control is passed to the PC. You need to think
things through thoroughly, consider what kind of access and control will get
you what you want and what risks are acceptable. While we all like to
obviate every possible means that a thief might use to circumvent an alarm,
the reality is that most burglary is a crime of opportunity. There are very
few thieves with the knowledge and hardware to crack a decent alarm, even
one that is PC-connected. The few that have those skills aren't breaking
into "little" 4,000 square foot homes. They're hitting museums and homes on
Rodeo Drive.
I've been designing security systems for high end homes for decades and I
have yet to run across a single attempt by even one thief to use a PC to
circumvent an alarm. I have seen plenty of cases where they cut the phone
line or just smashed a door, ran in and grabbed a few things and took off
before the police arrived. You'll find that among burglars there are
probably 10,000 crow bars for every computer. Heck, most burglars are
junkies. If one of them gets his hands on a PC he doesn't hack anything.
He sells it to some fence for $50 and buys his next fix.
Regards,
Robert
=============================>
Bass Home Electronics, Inc
2291 Pine View Circle
Sarasota � Florida � 34231
877-722-8900 Sales & Tech Support
941-925-9747 Fax
941-232-0791 Wireless
Nextel Private ID - 161*21755*1
http://www.bass-home.com
=============================>
|
|
|
0
|
|
|
|
Reply
|
Robert
|
9/30/2003 8:37:13 AM
|
|
Edward Cheung <echeung@bellatlantic.net> writes:
> Please describe the security problem with VNC. I presume you are talking about
> some kind of back door?
Every copy of VNC uses a single, fixed DES key to encrypt passwords,
which means that their no real security at all if an attacker can sniff
packets on your network. The password is stored in encrypted form in
the Windoze registry, but since that same key is used everywhere, there
is no security if someone has brief access to your machine.
Here is the DES key from the VNC sources:
unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
or in hex:
17 52 6B 06 23 4E 58 07
One work around is to find this string in hex in your client and server
binaries and patch it to a different value, making your VNC
non-interoperable with others, but more secure.
There are some patches that attempt to use a more rational password
protection scheme, but you also must have a patched client and server
pair in order for it to work.
|
|
|
0
|
|
|
|
Reply
|
bko
|
9/30/2003 3:40:16 PM
|
|
On Tue, 30 Sep 2003 07:15:06 GMT, Chuck Y
<Newsboy@September2003.snew.com> wrote:
>
>
>Edward Cheung wrote:
>> Please describe the security problem with VNC. I presume you are
>> talking about
>> some kind of back door?
>
>No the problem was someone left a VNC server on on a machine.
>Where a good guess got them the "head" of the machine.
>And control of it.
>
>My point being that ones you open up the security panel
>to another device, you must be totally, and absolutely sure
>that that other device, and the link between them, is 100%
>secure. And if that device has a web server, you are betting
>your security system's integrity that the web server is 100%
>secure.
If you need that much security, I would assume the person would
do a format and clean install on the machine.
>The chain gets longer (and weaker).
>
>Add a little time, someone makes a mistake, installs something
>handy that has an overflow, or perhaps has a back door (finding
>"lurkware" in lots of software lately - things taht communicate
>out - often to the vendor's home site. Spoof that site upstream
>a bit and its talk to YOU.
This assumes you are letting anybody have admin rights and access
to this supercritical machine. If you allow anybody access to the
hardware, then anything goes. I think upstream spoofing to get a
bi-directional connection is somewhat involved. I would also
think the person who has this machine would be watching the
access logs and have a login attempt counter with total user name
denial after 3 incorrect attempts (some computers at work have
this).
>segregation is critical for full security. I *really* don't
>want my alarm able to be turned off remotely.
Then don't connect it to the net. ;-)
|
|
|
0
|
|
|
|
Reply
|
shb
|
9/30/2003 4:09:10 PM
|
|
This is a multi-part message in MIME format.
--------------080607070109080508090103
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Thanks for the clear explanation.
bko-no-spam-please@ieee.org wrote:
>Edward Cheung <echeung@bellatlantic.net> writes:
>
>
>
>>Please describe the security problem with VNC. I presume you are talking about
>>some kind of back door?
>>
>>
>
>Every copy of VNC uses a single, fixed DES key to encrypt passwords,
>which means that their no real security at all if an attacker can sniff
>packets on your network. The password is stored in encrypted form in
>the Windoze registry, but since that same key is used everywhere, there
>is no security if someone has brief access to your machine.
>
>Here is the DES key from the VNC sources:
>
>unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
>
>or in hex:
> 17 52 6B 06 23 4E 58 07
>
>One work around is to find this string in hex in your client and server
>binaries and patch it to a different value, making your VNC
>non-interoperable with others, but more secure.
>
>There are some patches that attempt to use a more rational password
>protection scheme, but you also must have a patched client and server
>pair in order for it to work.
>
>
>
--------------080607070109080508090103
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Thanks for the clear explanation.<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:bko-no-spam-please@ieee.org">bko-no-spam-please@ieee.org</a> wrote:<br>
<blockquote type="cite" cite="miduzngmwahr.fsf@ieee.org">
<pre wrap="">Edward Cheung <a class="moz-txt-link-rfc2396E" href="mailto:echeung@bellatlantic.net"><echeung@bellatlantic.net></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">Please describe the security problem with VNC. I presume you are talking about
some kind of back door?
</pre>
</blockquote>
<pre wrap=""><!---->
Every copy of VNC uses a single, fixed DES key to encrypt passwords,
which means that their no real security at all if an attacker can sniff
packets on your network. The password is stored in encrypted form in
the Windoze registry, but since that same key is used everywhere, there
is no security if someone has brief access to your machine.
Here is the DES key from the VNC sources:
unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
or in hex:
17 52 6B 06 23 4E 58 07
One work around is to find this string in hex in your client and server
binaries and patch it to a different value, making your VNC
non-interoperable with others, but more secure.
There are some patches that attempt to use a more rational password
protection scheme, but you also must have a patched client and server
pair in order for it to work.
</pre>
</blockquote>
</body>
</html>
--------------080607070109080508090103--
|
|
|
0
|
|
|
|
Reply
|
Edward
|
10/1/2003 1:03:16 AM
|
|
Chuck Y wrote:
>
> Wow! the computer can disarm your house alarm system.
> Is it only me that that scares the crap out of?
>
Don't ever store the security code on the computer either in
configuration or the program. Always require that the user input the
security code to be passed to the alarm system when arming/disarming.
Then the computer is no more or less secure than the least secure keypad
-- depending upon how the system handles multiple failed security codes.
The devil is in the details...
--
Steve Rosenberry
Sr. Partner
Electronic Solutions Company -- For the Home of Integration
http://ElectronicSolutionsCo.com
(610) 670-1710
|
|
|
0
|
|
|
|
Reply
|
Steve
|
10/2/2003 5:17:51 AM
|
|
|
13 Replies
340 Views
(page loaded in 0.151 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
5338 articles. 
1 followers. 