Lupusec

Alhambra · August 9, 2017, 11:11am

Hello,

I’m trying to read the
Can someone help me?

Chrisssss · January 26, 2019, 12:34am

Did anyone find a solution?

NCO · February 19, 2022, 4:09pm

I know this thread is old, but did you see this option:
GitHub - lkn94/Lupusec-Connector: Connector for the Lupusec XT1 Plus

(I am looking into security systems at the moment as well :-D)

NCO · May 7, 2022, 7:10am

Finally I am able to read the sensor state and trigger a motion from Lupus to OH.
But I still did not figure out how to change the Mode of the XT1 Plus (Arm/Disarm/Home)

According to the python connector this should work (where 1=Arm and 0=Disarm):

def setstate(stateid):
    session = requests.Session()
    session.get("http://{}/action/panelCondGet".format(lupusIp), verify=False, auth=HTTPBasicAuth(username, password))
    response = requests.post("https://{}/action/panelCondPost".format(lupusIp), headers={"content-type": "application/x-www-form-urlencoded", "x-token": xtoken}, data={"area": 1, "mode": stateid}, verify=False, auth=HTTPBasicAuth(username, password))
    return "{}".format(response.text)

The browser development view shows this while activating the Lupus XT1 Plus:

https://192.168.68.31/action/panelCondPost

Method: POST
and the payload:

area=1&mode=1

I tried this without success:

curl -X POST -d '{"area": 1, "mode": 1}' 'admin:pwd@192.168.68.31/action/panelCondPost'

and

curl -X POST -v 'admin:pwd@192.168.68.31/action/panelCondPost?area=1&mode=1'

Maybe it’s obvious for more experienced people…
Any suggestion would be greatly appreciated.

NCO · May 8, 2022, 5:38am

This one returns: HTTP/1.1 401 Unauthorized

curl -v -X POST -d 'area=1&mode=1' -u 'admin:pwd' 'http://192.168.68.31/action/panelCondPost'

In this case is seems I get: HTTP/1.1 302 Moved Temporarily

curl -v -X POST -d 'area=1&mode=1' 'admin:pwd@192.168.68.31/action/panelCondPost'

Using https (automatic redirection to encrypted port on XT1 Plus) and ignoring the SSL errors with “-k”:

curl -v -X POST -k -d 'area=1&mode=1' -u 'admin:pwd' 'https://192.168.68.31/action/panelCondPost'

leads to:

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 192.168.68.31:443...
* TCP_NODELAY set
* Connected to 192.168.68.31 (192.168.68.31) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=DE; ST=RP; O=LUPUS Electronics GmbH; emailAddress=info@lupus-electronics.de
*  start date: Oct  8 08:25:27 2019 GMT
*  expire date: Oct  5 08:25:27 2029 GMT
*  issuer: C=DE; ST=RP; O=LUPUS Electronics GmbH; emailAddress=info@lupus-electronics.de
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> POST /action/panelCondPost HTTP/1.1
> Host: 192.168.68.31
> Authorization: Basic xxx
> User-Agent: curl/7.68.0
> Accept: */*
> Content-Length: 13
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 13 out of 13 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Moved Temporarily
< Transfer-Encoding: chunked
< Location: /

EDIT:
This seems to work to a certain extend (following redirects):

 curl -v -k -X POST -d 'area=1&mode=1' -u 'admin:pwd' -L 'https://192.168.68.31/action/panelCondPost'

→

<!DOCTYPE html><html><head><title>Welcome</title><script type="text/javascript">document.location="/action/login"</script></head><body><noscript>JavaScript must be enabled.<br>However, it seems JavaScript is either disabled or not supported by your browser.</noscript></body></html>

but how to deal with the JAVASCRIPT requirement?

I am lost, especially because this stuff works to get the alarm systems state flawlessly:

curl -v 'admin:pwd@192.168.68.31/action/panelCondGet'