Dsc Serial Protocol Tutorial
ExacqVision can be integrated with DSC PowerSeries Neo intrusion systems. Configuration controls and realtime feedback have been added into the exacqVision. Communication link between the exacqVision recorder and the interface module can be established via Ethernet (IP/UDP) or Serial.
I am trying to understand this protocol that my DSC 1555 alarm uses between the base and the keypad, but issue is its propriatary of some sorts. There was another thread about it on this forums but it ended prematurely with the guy just checking one bit for stay or away mode.
From what I know about this protcol so far the clock line runs at 1kHz with 50% duty and oddly enough only does so for 41.6ms then it stays high for 5.4ms and starts all over again. The data line seems to transistion on either the falling or rising edge of the clock (or in the middle), which led Kortuk of chiphacker.com to belive that it is NRZ encoding which I'm not sure of yet but here are some OLS dumps of the data and clock lines hopefully with teamwork we can figure this out.
I'm pretty sure the data is the same as whats listed in the PC5401 pdf below just sent via some weird protocol, all I really need help with is figuring out whats a 1 and whats a 0. From there I'm confident I can figure out the rest. Thanks for your time :D
0 is the Data line, 1 is the Clock
DSC OLS Dump
ECP Patent
PC5401 Dev-PDF
Previous AVRFreaks Thread
I'm plan to interface a atmel avr with my alarm system in home but the issue is DSC has a propriatary protocol between the keypad and the base. So has anyone messed with this before or can give me a few beginners tips on how to reverse engineer this protocol?
The wiring is simple: Vcc, GND, Data, Clock
The Vcc is +12 volts and the data/clk lines are between +8-10 but work just fine through a voltage divider to the logic analyzer.
The Clock line is confusing tho, its a 1kHz clock at 50% duty but only runs for 41.600ms then it goes high for 5.400ms and then starts over again.
The Data line appears to change on on either rising or falling edge of the clock
(0 is the Data line, 1 is the Clock line)
Daniel Grillo5 Answers
$begingroup$There is no simple answer to decoding a protocol, if they have a good encryption scheme setup then you are probably going to be up &$%* creek. With some work and more questions you might successfully figure out the kind of encryption, and then, if it is poorly implemented, decode it.
Chances are that the keypad has a very simple protocol and the controller has some strict constraints on how many button pushes it will accept and such.
On the note of the synchronous protocol, chances are that the protocol is a NRZ protocol. That is my best informed guess based on your explanation. I cannot open the files right now, but I hope this helps.
The fact that it changes on both clock edges is just a sign that both clock edges represent a point that a 'bit' of data occurs. With NRZ you are just checking if there was a change or not.
Serial Interface Protocols
I hope this helped.
KortukKortukfollowing my web search on this topic, it seems that this protocol is using the CLK line and then rising edge of CLK is for keypad->panel and falling edge for panel->keypad communication. I plan on testing this tonight with this small arduino sketch:
I'll repost my findings after this...
s3cI went down this path, and found it was far, far easier to just buy one of the supported serial interface cards, such as the DSC 5401 or the newer IT-100.
For more info, see: http://www.payne.org/index.php/Product:DSC_5401
Note: if you had your alarm installed, your installer will have to come over and 'register' the interface card on your KEYBUS network. I suspect the protocol may have some security features (I'd hope so), and that will make reverse engineering even harder.
Dsc Serial Protocol Tutorials
$begingroup$It's starting to take shape. Here are a few results. Based on this post:http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&p=942340#942340I'm looking at status strings, here is what I get:
If you can help make sense out of this, I'd be happy!
$endgroup$$begingroup$Simple Serial Protocol
What model of alarm panel is it? I did a similar thing years ago with a DSC PC1550 (Classic series panel) - nor sure how much has changed with the newer panels.The statement about rising edge clock vs the falling edge clock is correct - then each bit of data represented a keypad button or an LED on the keypad depending on data direction.I'm not sure why Zone 1 and zone 2 are the same and Zone 3 and Zone 4 - I was getting a definate bit set for each LED - good luck if You are still working on it.