Thanks Konstantin
I have posted a question regarding ZONE actions on the GITTER for PIA - so hopefully get a response.
I have looked at the Pytjon etc, but sadly beyond my capabilities.
So I have done a few traces on BYPASS and UNBYPASS using Babyware and then decoded using wireshark, so the payloads should be unencrypted.
The following is a BYPASS request to ZONE 1:
Request -
Frame 391: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}, id 0
Interface id: 0 (\Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516})
Interface name: \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}
Interface description: Ethernet 4
Encapsulation type: Ethernet (1)
Arrival Time: Dec 22, 2022 13:59:31.476719000 South Africa Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1671710371.476719000 seconds
[Time delta from previous captured frame: 9.696055000 seconds]
[Time delta from previous displayed frame: 9.696055000 seconds]
[Time since reference or first frame: 43.195331000 seconds]
Frame Number: 391
Frame Length: 102 bytes (816 bits)
Capture Length: 102 bytes (816 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:paradoxip]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: HewlettP_bf:12:bd (c4:65:16:bf:12:bd), Dst: ParadoxS_17:e4:ea (00:19:ba:17:e4:ea)
Internet Protocol Version 4, Src: 10.163.199.247, Dst: 10.163.199.226
Transmission Control Protocol, Src Port: 53433, Dst Port: 10000, Seq: 5553, Ack: 13409, Len: 48
Paradox Alarm IP message
Header fields
Start marker: 0xaa
Message length: 31
Message Type: Serial pass-thru Request (4)
Flags: 0x09 (installer_mode encrypted)
0... .... = bit8: False
.0.. .... = keep_alive: False
..0. .... = live_events: False
...0 .... = neware: False
.... 1... = installer_mode: True
.... .0.. = bit3: False
.... ..0. = upload_download: False
.... ...1 = encrypted: True
Command: Passthrough (0x00)
Sub-command: Unknown (0x00)
WT: 100
SB: 0
Encryption Type: aes_256_ecb (1)
Unused bytes: eeeeeeeeb1
SequenceID: 0x14
Command: Serial passthrough request
Encrypted payload bytes: 77cc1efb1b3c3168eeee0138b8b955f75ebd673d104355d79e548a1adb3d8ef6
Payload bytes: d01f0808000001000000000000000000000000000000000000000000000000
Paradox alarm serial message
Request: ReadEEPROM (0x50)
Unknown: 1f08080000010000000000000000000000000000000000000000000000
Checksum: 0x00
Response -
Frame 392: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}, id 0
Interface id: 0 (\Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516})
Interface name: \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}
Interface description: Ethernet 4
Encapsulation type: Ethernet (1)
Arrival Time: Dec 22, 2022 13:59:31.493857000 South Africa Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1671710371.493857000 seconds
[Time delta from previous captured frame: 0.017138000 seconds]
[Time delta from previous displayed frame: 0.017138000 seconds]
[Time since reference or first frame: 43.212469000 seconds]
Frame Number: 392
Frame Length: 86 bytes (688 bits)
Capture Length: 86 bytes (688 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:paradoxip]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: ParadoxS_17:e4:ea (00:19:ba:17:e4:ea), Dst: HewlettP_bf:12:bd (c4:65:16:bf:12:bd)
Internet Protocol Version 4, Src: 10.163.199.226, Dst: 10.163.199.247
Transmission Control Protocol, Src Port: 10000, Dst Port: 53433, Seq: 13409, Ack: 5601, Len: 32
Paradox Alarm IP message
Header fields
Start marker: 0xaa
Message length: 7
Message Type: Serial pass-thru Response (2)
Flags: 0x63 (keep_alive live_events upload_download encrypted)
0... .... = bit8: False
.1.. .... = keep_alive: True
..1. .... = live_events: True
...0 .... = neware: False
.... 0... = installer_mode: False
.... .0.. = bit3: False
.... ..1. = upload_download: True
.... ...1 = encrypted: True
Command: Passthrough (0x00)
Sub-command: Unknown (0x00)
WT: 0
SB: 3
Encryption Type: old_module (238)
Unused bytes: 00eeeeeec0
SequenceID: 0x0b
Command: Serial passthrough response
Encrypted payload bytes: 872022f54b16bbcbc196054f77483ac6
Payload bytes: d20708080000e9
Paradox alarm serial message
Response: PerformZoneAction (0xd0)
Status flags: 0x02 (winload)
.... 0... = reserved: False
.... .0.. = alarm_reporting_pending: False
.... ..1. = Winload_connected: True
.... ...0 = NeWare_connected: False
Unknown: 0708080000
Checksum: 0xe9
and UNBYPASS ZONE 1:
Request -
Frame 394: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}, id 0
Interface id: 0 (\Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516})
Interface name: \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}
Interface description: Ethernet 4
Encapsulation type: Ethernet (1)
Arrival Time: Dec 22, 2022 13:59:43.141219000 South Africa Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1671710383.141219000 seconds
[Time delta from previous captured frame: 11.603979000 seconds]
[Time delta from previous displayed frame: 11.603979000 seconds]
[Time since reference or first frame: 54.859831000 seconds]
Frame Number: 394
Frame Length: 102 bytes (816 bits)
Capture Length: 102 bytes (816 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:paradoxip]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: HewlettP_bf:12:bd (c4:65:16:bf:12:bd), Dst: ParadoxS_17:e4:ea (00:19:ba:17:e4:ea)
Internet Protocol Version 4, Src: 10.163.199.247, Dst: 10.163.199.226
Transmission Control Protocol, Src Port: 53433, Dst Port: 10000, Seq: 5601, Ack: 13441, Len: 48
Paradox Alarm IP message
Header fields
Start marker: 0xaa
Message length: 31
Message Type: Serial pass-thru Request (4)
Flags: 0x09 (installer_mode encrypted)
0... .... = bit8: False
.0.. .... = keep_alive: False
..0. .... = live_events: False
...0 .... = neware: False
.... 1... = installer_mode: True
.... .0.. = bit3: False
.... ..0. = upload_download: False
.... ...1 = encrypted: True
Command: Passthrough (0x00)
Sub-command: Unknown (0x00)
WT: 100
SB: 0
Encryption Type: aes_256_ecb (1)
Unused bytes: eeeeeeeed0
SequenceID: 0x15
Command: Serial passthrough request
Encrypted payload bytes: 43e6dc118cff6de680c144b1a5d89e8844b33eb5edbe0204ac5a6f7a7111a470
Payload bytes: d01f08000000010000000000000000000000000000000000000000000000f8
Paradox alarm serial message
Request: ReadEEPROM (0x50)
Unknown: 1f08000000010000000000000000000000000000000000000000000000
Checksum: 0x78
Response -
Frame 395: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}, id 0
Interface id: 0 (\Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516})
Interface name: \Device\NPF_{FCD2D00D-8F84-4466-AC8C-5E73DB79E516}
Interface description: Ethernet 4
Encapsulation type: Ethernet (1)
Arrival Time: Dec 22, 2022 13:59:43.162553000 South Africa Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1671710383.162553000 seconds
[Time delta from previous captured frame: 0.021334000 seconds]
[Time delta from previous displayed frame: 0.021334000 seconds]
[Time since reference or first frame: 54.881165000 seconds]
Frame Number: 395
Frame Length: 86 bytes (688 bits)
Capture Length: 86 bytes (688 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:paradoxip]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: ParadoxS_17:e4:ea (00:19:ba:17:e4:ea), Dst: HewlettP_bf:12:bd (c4:65:16:bf:12:bd)
Internet Protocol Version 4, Src: 10.163.199.226, Dst: 10.163.199.247
Transmission Control Protocol, Src Port: 10000, Dst Port: 53433, Seq: 13441, Ack: 5649, Len: 32
Paradox Alarm IP message
Header fields
Start marker: 0xaa
Message length: 7
Message Type: Serial pass-thru Response (2)
Flags: 0x63 (keep_alive live_events upload_download encrypted)
0... .... = bit8: False
.1.. .... = keep_alive: True
..1. .... = live_events: True
...0 .... = neware: False
.... 0... = installer_mode: False
.... .0.. = bit3: False
.... ..1. = upload_download: True
.... ...1 = encrypted: True
Command: Passthrough (0x00)
Sub-command: Unknown (0x00)
WT: 0
SB: 3
Encryption Type: old_module (238)
Unused bytes: 00eeeeeed5
SequenceID: 0x0d
Command: Serial passthrough response
Encrypted payload bytes: c233ff87fc38b292516b7f4852d4a1e7
Payload bytes: d20708000000e1
Paradox alarm serial message
Response: PerformZoneAction (0xd0)
Status flags: 0x02 (winload)
.... 0... = reserved: False
.... .0.. = alarm_reporting_pending: False
.... ..1. = Winload_connected: True
.... ...0 = NeWare_connected: False
Unknown: 0708000000
Checksum: 0xe1
I can do more if that would help?
Thanks So Much