Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#198055 24-Jun-2016 08:03
Send private message

Hi, i have an arrowhead alarm which is connected to my network so i can set the alarms on/off etc. via my smartphone. I would like my home automation server to get these events so i can do bit more e.g notify if the alarm is turned on when i get near the house etc. Packet captures from the smart phone app shows that it does a GET to http://m.aap.co.nz:8080/user/getpanels while passing the phone number and device id as inputs. Unfortunatly the data returned is just of characters e.g 17A21F1C9E044A5FAB1C2410.... so i cannot make sense of it.

 

Has anyone tried this approach or am i better off hooking up something directly to the alarm panel to pick up events. Arrowhead are not interested in sharing any API details.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
t0ny

395 posts

Ultimate Geek

Lifetime subscriber

  #1579344 24-Jun-2016 08:08
Send private message

The other approach i was thinking is to set up the IP module to pass data using CID reporting




jamesrt
1609 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1579367 24-Jun-2016 08:52
Send private message

t0ny: Arrowhead are not interested in sharing any API details.

 

Slightly off-topic reply, but considering the API includes the ability to remote disarm, that's probably not unreasonable.

 

And with respect to your wanting to check alarm status when approaching the house, you know their app shows that, right?


t0ny

395 posts

Ultimate Geek

Lifetime subscriber

  #1579376 24-Jun-2016 09:03
Send private message

Yeh..it shows it but i need to open the app to see that. A simple pushbullet notification is all i need to tell me alarm is on 




jamesrt
1609 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1579398 24-Jun-2016 09:48
Send private message

t0ny: Yeh..it shows it but i need to open the app to see that. A simple pushbullet notification is all i need to tell me alarm is on

 

I agree opening the app is a pain; I wonder if Arrowhead have plans for updating / improving the app; the ability to have an option to display an icon on the status-bar (up by the clock) if the alarm is activated would be really useful.

 

I think I had an email address for one of their techs; perhaps I should go and look...


richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1579415 24-Jun-2016 10:02
Send private message

So an alarm is posting data and getting responses from a server over http? Guess thats another one for internet of s..t.





Richard rich.ms

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

  #1579422 24-Jun-2016 10:09
Send private message

security is probably not one of their strong points :)

 

 

 


michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1579469 24-Jun-2016 12:05
Send private message

People think I am nuts for not allowing embedded devices access to the internet... And this is a good example as to why.

 

Alarm, chatting over HTTP (not HTTPS with certificate checking) with the ability to remote-disarm... Honestly. It wouldn't take much to work it out. I would suggest capturing everything over a long period of time and looking for patterns however looking at it from here it appears it may well be a salted hash.

 

It would be interesting to fire up a local server and replay events to it (eg - disarm / arm) to see if the alarm panel accepts it.





Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
t0ny

395 posts

Ultimate Geek

Lifetime subscriber

  #1579486 24-Jun-2016 12:39
Send private message

Doesnt look like a hash. I ran the string against https://md5hashing.net/hash and it found no match.


t0ny

395 posts

Ultimate Geek

Lifetime subscriber

  #1579959 25-Jun-2016 09:59
Send private message

Some hours later and basically, the data sent back and forth is encrypted. The data are mqtt messages which are converted to hex and a light encryption scheme is used to scramble the info before sending it the server.

paulobrien
2 posts

Wannabe Geek


  #1580503 26-Jun-2016 14:07
Send private message

ive had a play around with these alarms over the years and installed probably 15-20 of them..

 

i have the IP module as well.. and would interested in anywhere you get with comms to the IP module

 

i also have a serial module (around $50ish from memory) and wrote some c# a couple of years ago to emulate the keypad and get some basic event handling when zones triggered, alarm triggered etc

 

was thinking if AAP wont release API, maybe a NodeMCU (ESP8266) or Arduino connected to the AAP Serial interface board with some code on it to create a bridge?


phrozenpenguin
840 posts

Ultimate Geek


  #1802522 17-Jun-2017 10:49
Send private message

Awakening an older thread but keen to understand if anyone has progressed things here? I've got an Arrowhead alarm and am exploring what I could do in terms of logging/controlling etc. I have seen the serial module, but haven't used a serial interface for a long while. Is that still the best thing to consider? Anyone doing anything else smart e.g. interfacing with openHAB, doing serial over ethernet or ?


danfaulknor
933 posts

Ultimate Geek

Trusted
Prodigi

  #1802523 17-Jun-2017 10:52
Send private message

I have the serial module. It's a very very simple protocol. I haven't quite gotten around to it yet but my plan was to write something to present an API on my local network. I don't think it would take much effort at all





they/them

 

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.


phrozenpenguin
840 posts

Ultimate Geek


  #1802526 17-Jun-2017 10:57
Send private message

Do you have the serial module directly connected to a computer / Raspberry Pi - or are you using a serial-network converter?


danfaulknor
933 posts

Ultimate Geek

Trusted
Prodigi

  #1802527 17-Jun-2017 10:59
Send private message

It's connected to a RaspberryPi on a separate VLAN, given that it has the ability to arm and disarm the alarm, it needs to be secure





they/them

 

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.


mattrix
193 posts

Master Geek
Inactive user


  #1802538 17-Jun-2017 11:36
Send private message

A D1 Mini could easily read / write to serial and connect to your WiFi and has a MQTT library.

But yes, you would need to think about security.
But that's the fun part!

 

I'd use a separate WiFi network for all smart nodes in home.
Then have it hard-wired (ethernet) to main network via a master node (Raspberry Pi).
This master node is also running the MQTT broker.
This smart home WiFi uses a very long random password - with all the trimmings (it's stored in the devices so no need for typing it in)
  and also MAC authentication (smart device MAC addresses are allowed - any other device is not).

 

Also have a saved "secret key" (SALT) on sender and receiver.
Each message payload is hashed with this key and sent a long with the data.
The receiver then get's the data, hashes it with the same SALT and compares the hashes.
If they don't match - ignore.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.