[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: Brinks BHS2000D Hack



I found this intersting bit of information:

http://forum.homesecuritystore.com/index.php?topic=10195.0;wap2


Aynyone ever used a brinks handheld programmer?

(1/1)

newdude:
Hi guys,

I purchased a home with a brinks panel already installed from the
previous owner about 2 yrs ago. At one point I tried to get
the panel activated and to no one elses surprise, brinks monitoring fee
and required comittment was discouragement to me.

Recently, I found a board talking about a hackers version of a brinks
programmer on ebay.

(See here)

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&rd=1&item=190001185359

I took a chance and purchased it. It pretty much does everything he
claims it will. I can change zone types, attributes, master code, aux
codes, all of the important stuff no problem. But the designer of this
device makes no claim to know anything about brinks panels or other
products other than what he's learned from his own BHS2000. Now that I
have my panel set up and the eprom data backed up to disk I want to
experiment with the device programmer. Some of the data on the chip is
obvious what its purpose is. Other data is not so obvious. This brings
me to my question....

Can anyone that's ever used a Brinks/Scantronics handheld programmer
tell me some other things that it is capable of doing on a BHS2000 panel?


Thanks,

Eric

newdude:
I'd like to adjust the amount of time the siren stays on, and the
entry/exit delay time. How is this set with a brinks handheld, or is it?

Eric

Security Monitor:
Quote from: newdude on July 23, 2006, 11:07:54 AM

Can anyone that's ever used a Brinks/Scantronics handheld programmer
tell me some other things that it is capable of doing on a BHS2000 panel?


Eric,
All the Brinks programmer does is change the numeric value of a field.
In order to use and change the information, you must know what each
field represents (what it controls) and what numeric values equal what
function (what each number represents).

With that said, I add the following cautions:
1. Brinks use a layer approach to programming.  Unlike typical
programming where you toggle things on & off, or change what you want
that field to do, each of their field may control a critical function
that has nothing to do with the fields name.  So adding a one to a
default can enable the chimes, while adding another 2 on top of the 1
and default could make the system a silent alarm and subtracting 4 could
disable fire reporting.
2. The Letter of the panel signifies revision changes.  So a 2000A has
different programming features than a 200D.  I believe they had 6
revision of the 200panel alone.  Unlike typical programming where they
add field to make changes, Brinks system used any available value open
within any field.  So on a A panel field 101 means one thing and on a C
panel that 101 field could be do something else on top of what you
thought it did.  If your using a D programming on a B panel you could
end up with a system that goes haywire when powered up or worst, fail to
sound an alarm.
3. As mentioned, they use hidden values, so a system may have a default
of 5 in a field but no where does it explain what that 5 represents.
Accidentally leaving that value out of programming could result in a
critical failure of your alarm.  Also the default value could be
different between revision numbers.  As an example, lets say the field
states it's for phone reporting, it could also hold an embedded value to
allow first digit master code changes.  If your unaware of the whole
function of each field, you can change that field to the numeric value
that enables an event to make a report of an alarm and without knowing
it, enabled anyone to enter the first digit of your master code to shut
the alarm off.
4. You also need to know when to use a single digit "1" or a double
digit "01" to represent the same value.
5. Some systems have a burned in system check if any phone number is
entered.  That means that at some point the panel will automatically
start dialing that number to check in.  I do not believe you can disable
that function. You can turn off the daily test, but not the embedded
panel checks.  Unless your only using a revision number that support
paging, entering any number into the receiver number fields will cause a
communications failure to be displayed on the keypads.
6. Don?t forget you, must tell the panel to accept the numeric value
change.  Just entering it will not make the change.  If not done
correctly, if you go to field 50 and make it a 10 and next go to field
60 and make it a 5, if you didn?t use the accept key, what you did was
go to field 50 and next went to field 10 and next to field 60 without
making the changes.  Watch each step, as entering a value does not
change the field until you tell it to accept it as a change.
7. DO NOT use the Load Brinks Defaults unless you must default
everything and do not use the Auto Programming as it will create all the
values as Brinks wants them, not the way you want them. (see #5 above)

I'm not a fan of anyone ever fiddling with the Brinks programming since
with so many embedded hidden values, if you make a mistake, you could be
dead in the waters requiring a full system default or loading back the
old values.  But if you don't know what mistake was made, you'll
probably make it again.

Good luck.
==
Just wanted to add one more thing.  Make sure you KNOW the exact model
and revision number of the panel.  Don't only go by the decal in the
can.  Since it's common for them to just change the chip to add features
to an older system, the can could say 2000X but it's really a 2000Y.
And, make sure you do have a 2000 series panel and not an older 1000
(the board and keypads look alike), or the modified 1200 series that
used the same keypads as the 2000 but is a streamlined panel.

Navigation

[0] Message Index




Slob wrote:
> Jim Rojas wrote:
>> What? No hack? No back doors? What fun is that then? If you look hard
>> enough, there are back doors into everything.
>>
>> Just like that 16 year old kid that found the back door to the Apple
>> iPhone. The iPhone is probably 1000 times more complicated than any
>> Brinks panel. Wouldn't you agree?
>
> yea but it disabled the phone on the next software upgrade.


alt.security.alarms Main Index | alt.security.alarms Thread Index | alt.security.alarms Home | Archives Home