Hacking Ademco BiDirectional Protocol
I want to interface into my Ademco alarm system, and the easiest way to do it is to intercept serial commands from the RF recieve module to the main unit. Here’s what a waveform looks like..
From the looks of it, the duration of each packet is the same, so each bit should represent the same unit of time. The first three transitions are the same for all packets, and the third transition is 2.5 bits long, so I would assume that’s a preable. The rest of the data are in multiples of 420us. I wrote a script to decode packets, and here’s a dump of a random capture. Each line represents one message, like the one above…
1000000001001010111010001111110110001110101010001101101010001
1000000001001000011010001010101011001101111011001110011010001
1111110110001111111111001101111110001111011110001111111111111
1100000000001110111000001011011010001001101011001011111011001
1000000001001101101010001010011011001010111010001110111011001
1000000001001010010111001111101011001101100011001010110011001
1000000001001001100010001001100010001111110110001101010110001
1000000001001111110110001100111010001011011010001101101010001
1000000001001010111010001111110110001110101010001101101010001
1000000001001000011010001010101011001101111011001110011010001
Next I get to try to find some sort of pattern to the above mess, and hopefully the data is not encrypted — which I doubt it would be.. If anyone has any ideas, please let me know!