EVO192 v.7.50.000+ with 307USB

[lpaolini]

Alarm system

EVO192 256k 7.70.01

Question

Changelog for version 7.50.011, as shown in #272, says:

• Added serial port encryption - the serial output will be operational only with Paradox devices (IP150/+, PCS250/260/265/265LTE, USB307)

Would this mean that we can use 307USB for communicating with firmware versions >=7.50.000 ?
Also, If I understand correctly, communication over IP150 introduces a noticeable delay. Could this be a solution?

Thanks.

[yozik04]

PAI does not support serial encryption yet. IP150 does encryption/decryption for us, this is why it still works.
Nobody has yet reported that FW 7.50+ is not working with PAI serial connection. But we assume that it won't.

[lpaolini]

I see, but when it says "the serial output will be operational only with Paradox devices (IP150/+, PCS250/260/265/265LTE, USB307)" I think it means that 307USB will handle the encryption/decryption, as the IP150 does. Doesn't it?

[lpaolini]

By the way, I've just tried my panel running version 7.70.01 with PAI using a PL2303 usb-serial converter and here's the log.

pai  | 2022-12-21 20:11:58,019 - INFO     - PAI - Starting Paradox Alarm Interface 3.1.0
pai  | 2022-12-21 20:11:58,019 - INFO     - PAI - Config loaded from /etc/pai/pai.conf
pai  | 2022-12-21 20:11:58,020 - INFO     - PAI - Console Log level set to 20
pai  | 2022-12-21 20:11:58,022 - INFO     - PAI - Starting...
pai  | 2022-12-21 20:11:58,022 - INFO     - PAI.paradox.paradox - Connecting to interface
pai  | 2022-12-21 20:11:58,023 - INFO     - PAI.paradox.paradox - Using Serial Connection
pai  | 2022-12-21 20:11:58,032 - INFO     - PAI.paradox.connections.serial_connection - Connecting to serial port /dev/ttyUSB0
pai  | 2022-12-21 20:11:58,042 - INFO     - PAI.paradox.connections.serial_connection - Serial port open
pai  | 2022-12-21 20:11:58,043 - INFO     - PAI.paradox.paradox - Connecting to Panel
pai  | 2022-12-21 20:11:58,063 - INFO     - PAI.paradox.paradox - Panel Identified EVO192  version 7.70 build 1
pai  | 2022-12-21 20:11:58,063 - INFO     - PAI.paradox.paradox - Initiating panel connection
pai  | 2022-12-21 20:12:03,076 - ERROR    - PAI.paradox.paradox - Timeout while connecting to panel. Is an other connection active?
pai  | 2022-12-21 20:12:03,077 - ERROR    - PAI - Unable to connect to alarm
pai  | 2022-12-21 20:12:06,080 - INFO     - PAI - Starting...
pai  | 2022-12-21 20:12:06,081 - INFO     - PAI.paradox.paradox - Disconnecting from the Alarm Panel
pai  | 2022-12-21 20:12:06,081 - INFO     - PAI.paradox.paradox - Clean Session
pai  | 2022-12-21 20:12:06,082 - INFO     - PAI.paradox.paradox - Cleaning previous session. Closing connection
pai  | 2022-12-21 20:12:06,085 - ERROR    - PAI.paradox.connections.protocols - Connection was closed: None
pai  | 2022-12-21 20:12:06,086 - ERROR    - PAI.paradox.connections.serial_connection - Connection to panel was lost
pai  | 2022-12-21 20:12:06,192 - INFO     - PAI.paradox.paradox - Disconnected from the Alarm Panel
pai  | 2022-12-21 20:12:06,193 - INFO     - PAI.paradox.paradox - Connecting to interface
pai  | 2022-12-21 20:12:06,193 - INFO     - PAI.paradox.connections.serial_connection - Connecting to serial port /dev/ttyUSB0
pai  | 2022-12-21 20:12:06,203 - INFO     - PAI.paradox.connections.serial_connection - Serial port open
pai  | 2022-12-21 20:12:06,204 - INFO     - PAI.paradox.paradox - Connecting to Panel
pai  | 2022-12-21 20:12:06,224 - INFO     - PAI.paradox.paradox - Panel Identified EVO192  version 7.70 build 1
pai  | 2022-12-21 20:12:06,225 - INFO     - PAI.paradox.paradox - Initiating panel connection
pai  | 2022-12-21 20:12:11,240 - ERROR    - PAI.paradox.paradox - Timeout while connecting to panel. Is an other connection active?
pai  | 2022-12-21 20:12:11,241 - ERROR    - PAI - Unable to connect to alarm
pai  | 2022-12-21 20:12:11,244 - INFO     - PAI - Starting...
...

So, it's detecting the panel and the firmware version, but then it doesn't seem to be able talk to it.
Please let me know if there's anything I can try.

[lpaolini]

I'm thinking, how can a panel running firmware 7.50+ work with an old IP150 running outdated firmware? This makes me think the panel somehow recognizes it and switches to unencrypted communication over serial. Would that make sense?

[yozik04]

I see, but when it says "the serial output will be operational only with Paradox devices (IP150/+, PCS250/260/265/265LTE, USB307)" I think it means that 307USB will handle the encryption/decryption, as the IP150 does. Doesn't it?

307USB can not handle encryption/decryption. It is just an USB to serial cable.

[yozik04]

I'm thinking, how can a panel running firmware 7.50+ work with an old IP150 running outdated firmware? This makes me think the panel somehow recognizes it and switches to unencrypted communication over serial. Would that make sense?

Maybe they had that serial encryption in the firmware for a long time and made it default just now. You can be right as well, makes sense.
You can try to connect with Babyware using your PL2303 cable and capture the traffic. But I won't have time to dig it myself.

[yozik04]

This maybe related #334

[lpaolini]

I see, but when it says "the serial output will be operational only with Paradox devices (IP150/+, PCS250/260/265/265LTE, USB307)" I think it means that 307USB will handle the encryption/decryption, as the IP150 does. Doesn't it?

307USB can not handle encryption/decryption. It is just an USB to serial cable.

Yeah, that's what I thought, but I'm not convinced anymore, as that changelog is quite unclear.
I think I'll get a 307USB and give it a shot. If anyone has already tried that please let me know.

[lpaolini]

I'm thinking, how can a panel running firmware 7.50+ work with an old IP150 running outdated firmware? This makes me think the panel somehow recognizes it and switches to unencrypted communication over serial. Would that make sense?

Maybe they had that serial encryption in the firmware for a long time and made it default just now. You can be right as well, makes sense. You can try to connect with Babyware using your PL2303 cable and capture the traffic. But I won't have time to dig it myself.

I really doubt they had encryption ready in old IP150 firmware versions... Instead, I think it's one of following options:

• the panel exchanges version information and then it drops encryption if the IP150 version doesn't support it
• the panel forces IP150 firmware upgrade over serial connection

I would almost exclude the second one. It would be very risky as it could break TCP/IP connection with the panel should anything go wrong during the firmware update.
I'll try to get an old IP150 with outdated firmware and capture serial traffic.

[lpaolini]

@yozik04

I've captured a full conversation, from connection to disconnection, with a test panel v.7.70.01 running factory configuration.
I would be grateful if you could have a quick look, at least at packet lengths, and see if you notice anything different from a cleartext conversation with an older firmware version.

Actually, It doesn't look properly encrypted to me, as there's a lot of repetitions. If packet lengths match, they might be just scrambled, like XOR'd with a key.

In any case, I've ordered an IP150. With a simultaneous packet capture, using Wireshark on the IP side and Logic on the serial side, it should be easy to spot the differences.

[yozik04]

Looks like same story as with #334.

[yozik04]

I agree that having regular serial connection and an IP150 connection captures it will be easier to decrypt.

Let's continue in #337 PR.