EVL4 Local Webservice Tricks and Hacks

[GrandWizard]

For a while now DIY users have been "hacking" the local interface on the Envisalink to operate like a simple webservice.

The 1.4.X firmware on the EVL4 extends some of the known "services" and gives home IoT tinkerers a few more options. Below is a list I received from Envisacor engineering this week. I have tried most of them on our bench DSC system but I haven't tried them on UNO or Honeywell.

I used the common command-line program "curl" to test. The Envisalink's HTTP server uses basic AUTH for authentication so all requests require the username and password, in my example the default password of "user" is still used. You should always change your local password in a real-world setting. As well, the Envisalink does not support TLS so DO NOT use these HTTP calls over the Internet. Only use them on your private LAN.

As this is really a hack of a webpage on the Envisalink, the format of the calls are somewhat cryptic. My user code on my test panel is 1234 and my IP is 192.168.0.177. To arm your DSC system with a code you can issue this curl command:

Code: Select all

curl -s --user user:user 'http://192.168.0.177/2?A=3&p=1&X=1234' > /dev/null

So what is happening here is we have invoked curl using "basic AUTH" with the username and password user:user. The URL contains the IP address of the Envisalink followed by the page name which is "2". The Envisalink is passed three arguments (A, p, and X).

A = 3 means ARM option with code
p = 1 means partition 1
X = 1234 is the user code

All the arguments are case sensitive and MUST appear in the order listed.

The list of known options are:

1 - DSC, UNO - No code options (PGM Toggle, Arm Stay, Arm Away and Zero Entry Delay Arming)
3 - Arm Away with code, DSC, Honeywell, and UNO
4 - Disarm with code, DSC, Honeywell, and UNO
A - Arbitrary keystoke, DSC, Honeywell, and UNO

Option 1 - Special DSC and UNO options without a code requirement

Example

Code: Select all

curl -s --user user:user 'http://192.168.0.177/2?A=1&P=1&p=1' > /dev/null

The above example toggles Programmable Output (PGM) 1 on DSC and UNO. The two arguements are "P" and "p" where the latter is the partition number. The "P" can be one of 7 options

1 - Toggle PGM 1
2 - Toggle PGM 2
3 - Toggle PGM 3
4 - Toggle PGM 4
S - Arm partition without code in STAY mode
A - Arm partition without code in AWAY mode
Z - Arm partition without code in Zero Entry Delay mode

Option 3 - Arm Away with code

Example

Code: Select all

curl -s --user user:user 'http://192.168.0.177/2?A=3&p=1&X=1234' > /dev/null

The "p" is for partition and the "X" is a valid user code

Option 4 - Disarm with code

Example

Code: Select all

curl -s --user user:user 'http://192.168.0.177/2?A=4&p=1&X=1234' > /dev/null

The "p" is for partition and the "X" is a valid user code

Option A - Send arbitrary keystroke up to 10 digits.
This options allows you to queue and transmit a string of keystrokes as if you were at the keypad.

Example

Code: Select all

curl -s --user user:user 'http://192.168.0.177/2?A=A&p=1&X=123456789*#' > /dev/null

The "p" is for partition and the "X" a string from 1 to 10 characters long of only numbers and the * and # keys

[homediy]

Wow, this is awesome breakdown. I too observed this and it's quite handy!

[guinness]

Would it be possible to add an new option for getting system status? Currently all commands just return the raw HTML from the internal web page which is of limited use. Could it instead just return status as "Not Ready", "Ready", "Armed" etc? That would also be useful for the other options to acknowledge the command was successful.

[GrandWizard]

As it says, these are just some hacks that happen to work, it isn't a proper webservice.

You will need to parse the HTML to see the status.

[guinness]

That's unfortunate, but I suppose that was to be expected with the limited resources available to a RTOS.

Anyway I was able to achieve what I needed with a regular expression. Below is an example using Apple Shortcuts.

shortcut.png (75 KiB) Viewed 45630 times

It allows me to ask my Apple Watch what the alarm status is and it will read the response back to me.

I have a reverse proxy setup using Nginx with a Let's Encrypt SSL certificate so I can access it remotely.

If anyone is interested I can go into more detail on how to secure the Envisalink for external access.

[JoelSnyder]

This is super-useful, but "your mileage may vary" because it's not working quite for me.

My Envisalink4 has the latest firmware 1.5.230A, but when I execute a "http://alarm.example.com/2?A=3&p=1&X=1234" command, my keypad says that this is a "stay arm" and not an "away arm."

The code-less arm, which does work on the keypad, doesn't work using the commands "http://alarm.example.com/2?A=1&P=A&p=1", I just get an error.

Anyway, I'm working with the stay arm (coded) and disarm, but I'm just reporting that it's not exactly as reported. Or perhaps this is a firmware difference.

Anyone out there have any other experiences?

[GrandWizard]

Certain features may not be available to Ademco users and I'm pretty sure "arm without code" is one of them.

[othersirate]

This breakdown is great. I saw this too—very useful!

[sgen1313]

This is super-useful, but "your mileage may vary" because it's not working quite for me. Drift Boss

[Braydearver]

Is it feasible to include an additional method to check the state of the system? At the moment, all commands simply output the internal web page's raw HTML, which isn't very useful. Might it be possible to simply have the status returned as "Not Ready," "Ready," "Armed," etc.? That would be helpful for the other choices as well, so they can recognize when the order was effective.