As frustrating as it may be for a company to lock you into its ecosystem by encrypting their protocols, you have to admit that it presents an enticing challenge. Cracking encryption can be more trouble than it’s worth, though, especially when a device gives you all the tools you need to do an end-run around their encryption.
We’ll explain. For [Valdez], the encrypted communication protocols between a DSC alarm panel and the control pads on the system were serious impediments to integration into Home Assistant. While there are integrations available for these alarm panels, they rely on third-party clouds, which means that not only is your security system potentially telling another computer all your juicy details, but there’s also the very real possibility that the cloud system can either break or be shut down; remember the Chamberlain MyQ fiasco?
With these facts in mind, [Valdez] came up with a clever workaround to DSC encryption by focusing on physically interfacing with the keypad. The device has a common 16×2 LCD and a 25-key keypad, and a little poking around with a multimeter and a $20 logic analyzer eventually showed that the LCD had an HD44780 controller, and revealed all the lines needed to decode the display with an ESP32. Next up was interfacing with the keypad, which also involved a little multimeter work to determine that the keys were hooked up in a 5×5 matrix. Ten GPIOs on the ESP32 made it possible to virtually push any key; however, the ten relays [Valdez] originally used to do the switching proved unwieldy. That led to an optocoupler design, sadly not as clicky but certainly more compact and streamlined, and enabling complete control over the alarm system from Home Assistant.
We love this solution because, as [Valdez] aptly points out, the weakest point in any system is the place where it can’t be encrypted. Information has to flow between the user and the control panel, and by providing the electronic equivalents to eyes and fingers, the underlying encryption is moot. Hats off to [Valdez] for an excellent hack, and for sharing the wealth with the HA community.
myQ is still an active disaster. Makes me mad every time I think about it
I know it doesn’t work for this exact model of keypad but a quick googling found this: https://github.com/taligentx/dscKeybusInterface
I don’t think DSC equipment is encrypted over RF. RTL-433 had no problem decoding packets coming from my ADT system and it appeared that packets weren’t rolling code which allows for replay attacks.
DSC Neo uses PowerG wireless which is 128-bit AES encrypted.
Just get an envisalink module. No hacking required, local control.
This. It works great.
Envisalink doesn’t work with Neo because the bus is encrypted but the earlier power series was not, but are no longer being manufactured.
Doesn’t work with DSC Neo’s encrypted panels.
All I can say is: THANK YOU for using the word “moot” correctly. Because Facebook users will drive me to drink, I swear. It is absolutely NOT a “mute point”, $%*($%$.
Well just to play pedant the point might be muted – as in made quieter/silenced in some cases. Rather than mooted – debatable with no real answer/irrelevant. So maybe on occasions Facebook users could be correct, which is a truly horrifying thought.
Well, the pedantry in your comment certainly wasn’t muted, yet somewhat moot😋
How about “moo point”? Like cow’s opinion, doesn’t matter.
https://www.youtube.com/watch?v=62necDwQb5E
Boneappletea :-)
I believe it’s spelled : bone apple teef
NCR used to tout the “security” of their ATMs by proclaiming that their keyboard-to-processor connection used “triple-DES” encryption! I dated one of their salespeople, so I heard this all the time.
I told her that was dumb as hell. Nobody is breaking into an ATM to intercept signals from the keyboard. I said I’d just put a fake card reader on it. The was in the early 2000s.
And we all know how it went.
I own one of these POS DSC panels, too. I don’t use Home Assistant, but I don’t use the alarm either because I don’t trust that it won’t go off for no reason while we’re out of town. We have enough problems with interconnected smoke alarms that go off from SHOWER STEAM. Yep. I’d never heard of that either.
On the smoke alarm that doesn’t surprise me any more – just had to do some research into getting new ones as our radiative isotope ones hit EOL. Seems modern ones are often optical and rely on the scattering of IR from an LED to a detector – which does seem to make them way more sensitive to water in the atmosphere.
Yes, steam can set off a smoke detector. As well as vapes, high humidity and even dust. Relocating the detector or replacing them with photoelectric smoke detectors will fix that.
I am in the process of making an interface to the 4 RF remote controlled fans the previous owner installed in our house. Ideally, I’d spoof the RF signals (bought an RTL-SDR for that) but in the short term I designed a board with an RPi Pico W and 20 reed relays. More compact than the 10A relays but not quite as elegant as optoisolators. It’ll even dispense with the tiny 12V batteries in the remote.
Always more than one way to skin a cat…
Bond makes a hub for that exact purpose. I know it’s not as DIY, but it has local integration with Home Assistant, and from my experience, works flawlessly. It also has an IR blaster which can be fun to use to automate TVs and things.
Optocouplers or relays are way overkill. I’d look at something like two CD74HCT4051 connected back to back as a good way to control a keyboard matrix.
I’m not sure I understand the point. If you need an ESP32 with a whole bunch of inputs, why not just ditch the DSC system and hook the sensors straight into the ESP? that’s what I did in my system, works great.
If you already have a Neo system with encrypted wireless sensors they are locked to the Neo ecosystem so would have to also be replaced. It’s frustrating being locked out of integrating your own hardware unless you use the approved for pay partners. Hacking something is sometimes just to show that something thought not possible is possible.
I don’t know about this specific panel, but other manufacturers have options including conversion modules. For example my 18 year old GE NetworX NX-8V2 has a module you can place on the 3-wire keypad bus and provides a USB output. Using this module (admittedly not cheap), I have my alarm panel connected to an RPi in my home automation and notification system (it uses Twilio for notifications and commands).