ebikarimi
commented
6 years ago unfortunately, your solution does not work. Yes the module is always visible in BabyWare
Open renzorlive opened 6 years ago
ebikarimi
commented
6 years ago unfortunately, your solution does not work. Yes the module is always visible in BabyWare
nezmogus
commented
6 years ago Try use this tool: http://www.homesecurity1st.co.za/wp-content/uploads/%20IP%20Exploring%20Tools/ParadoxIP_Locate_V1.66.exe
i'd recommending use DHCP server until firmware will be fully recovered
elkur
commented
6 years ago Thank you for your effort nezmogus. Unfortunately my downgrade process stops at random place. DNS record is modified and downgrade starts nicely. Farthest I got, was about 411 of 448 packets transferred, then process freezes and eventually module drops network connection.
Firmware: 4.30 Bootloader: 2.13.001 Trying to downgrade: 1.32.001
nezmogus
commented
6 years ago I'm guessing, that only internet problems can cause firmware update process stop somewhere in a middle. Keep trying. If you have C# skills, you can modify TVPfwd code and add longer timeouts. Also, analyzing TVPfwd log files you can write your own update server. Then you can run this server in same network as IP150 and avoid slow or non stable internet problem. Only first few packets necessary to understand all communication protocol. You need just replicate them in your server. All other packets are only bytes from firmware file. At the moment i don't have time to write this server. Maybe in a future i will do, maybe... :) Sorry, but I already spent too much time on this project
mioke77
commented
6 years ago elkur, I had the same problem and assumed it was a congestion of the internet, but the problem was the size of the MTU package on the Windows virtual machine where I installed InField, maybe is the same case for you and it helps. I'm fully agree with nezmogus the upgrade proccess is stoped if there are any connectivity issues between the paradox server and the machine where running the proxy.
ebikarimi
commented
6 years ago Hi nezmogus thanks for your info, but any solution you told me does not work. i dont now what am i to do :((
nezmogus
commented
6 years ago ebikarimi, what is current IP150 configuration. Send screenshot of BabyWare config or ParadoxIP_Locate_V1.66 windows if possible to my email. Also, do you know how to use Wireshark?
gattuso8
commented
6 years ago ""Set your own DNS record on router upgrade.insightgoldatpmh.com and redirect to your_computers_IP. Unfortunately, not all routers can do this. In this case you should set external DNS server in your routers DHCP server and then set DNS record in this external DNS server and then restart IP150""
Hello i have Zte ZXHN H108N V2.5 and i don't have any idea how to do this step on my router.If you know how to do it please anserw me or if there is another way around please tell me. Thank you and sorry for bad English
nezmogus
commented
6 years ago You can use an example http://maradns.samiam.org/ to set up your own DNS server on your computer with upgrade.insightgoldatpmh.com record, then you can use IP150 WEB interface, BabyWare or http://www.homesecurity1st.co.za/wp-content/uploads/%20IP%20Exploring%20Tools/ParadoxIP_Locate_V1.66.exe tool to manually set DNS server on your IP150 module (DNS Address must be your computers IP)
yozik04
commented
6 years ago @nezmogus I have another problem. IP150 module has successfully received all 448 packets from the proxy, then it reboots and starts to pull firmware again and again. Does not stop.
Packet: 446 of 448
Packet: 447 of 448
Packet: 448 of 448
Packet: 1 of 448
Packet: 2 of 448
Packet: 3 of 448Initial firmware version: 4.10 Current firmware version: 4.30 Bootloader: 2.13.002
Link LED is flashing. I/O 2 is lit.
Command:
TVPfwd.exe 192.168.5.218 10000 54.165.77.37 10000 IP150_V1_32_001_ENG.PUF
Any ideas?
powerwade
commented
6 years ago I had this too. I was pinging my device and after the 448 packet it was no longer pingable for about 15-20 seconds (it was rebooting I suppose) so what I did basically just ctrl+c TVPfwd.exe . The IP150 come back to life in about 5 seconds and done. It stayed online and it was pingable, accessible through Babyware and InField. What I noticed that the password has changed for 'paradox' for some reason - but maybe that was just a side effect of something else :)
ebikarimi
commented
6 years ago Dear nezmogus what is your mail address? i want to send you screenshots of my IP150 configuration. thanks
nezmogus
commented
6 years ago My nick name @gmail On Jul 2, 2018 10:46 PM, "Ebrahim Karimi" notifications@github.com wrote:
Dear nezmogus what is your mail address? i want to send you screenshots of my IP150 configuration. thanks
nezmogus
commented
6 years ago Off-topic: look at www.paradox.com source code. It is made from 2 frames
/Header.asp
and
/Homepage.asp?cb=2301
Then look for interesting script function GetSwanKeyPass in /Homepage.asp?cb=2301 source code... :)
I informed Paradox about this bug on 8th of May an they still didn't fixed it! Sorry paradox, this is YOUR OWN fault! You had almost two month to fix that, but as i see, you care only about how to get more money from your customers and you don't care about your customers safety and privacy. Maybe after this message you will fix at least this bug.
ebikarimi
commented
6 years ago Dear nezmogus, Did you get my email?
nezmogus
commented
6 years ago No On Jul 6, 2018 10:44 PM, "Ebrahim Karimi" notifications@github.com wrote:
Dear nezmogus, Did you get my email?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Tertiush/ParadoxIP150v2/issues/22#issuecomment-403129180, or mute the thread https://github.com/notifications/unsubscribe-auth/AkrOSkgyGC5DvWM9XsA1JwTSTBCXJ4e0ks5uD74LgaJpZM4PpuhG .
ebikarimi
commented
6 years ago Hi agin dear Nezmogus this is my email sent to you:
"Hi dear nezmogus
thanks for help
I've sent to you screenshots of my IP150 configuration, yes i know Wireshark and can work with it, So tell me what am i to do.
in additionally the LED of the IP150 status is: if LAN cable is not connected to the device, only I/O 2 LED is lit, when LAN cable is connected the I/O2 LED regularly turns off and on and Link LED is flashing.
thanks again my bro"
jjmhiram
commented
6 years ago Dear nezmogus I have tried your solution but when connecting with infield the download stops at 0% with the Following content in the txt file. 2018.07.09 13:14:51 163 START: 2018.07.09 13:14:51 2018.07.09 13:17:08 937 Connected: 54.165.77.37:10000 2018.07.09 13:17:09 160 Received : 54.165.77.37 -> 192.168.1.21 : 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 Am i wrong somewhere? For information when I ping upgrade.insightgoldatpmh.com I received the answer on my computer ip 192.168.1.21 so the dns forwarding seems to work OK May I add the Following comment : the cmd prompt where tvpfwd is launched should be run as an administrator otherwise the txt file is not created. Regards
nezmogus
commented
6 years ago @ebikarimi : using wireshark, filter all traffic from IP150 to your network and send this file to my email. my_nick_name @gmail.com
@jjmhiram : what is your IP150 firmware version? Maybe Paradox already did some changes.... 72 00 00 00 ... is like HELLO message to IP150 and IP150 should respond to it but looks like your IP150 doesn't. Try telnet to your computers 10000 port from any other computer in your network while tvpfwd is running, maybe your firewall does not allow IP150 to connect...
nezmogus
commented
6 years ago Downgrade tool: TVPfwd_v2.zip
Downgrade firmware: IP150_V1_32_001_ENG_downgrade_from_v4.xx.zip
Downgrade tool source: TVPfwd_source.zip
LeifSbr
commented
5 years ago @nezmogus, i just want to thank you for this! I naively upgraded my IP150 to the latest firmware. Newer equals better right? Apparently not according to Paradox! ...agree its really dodgy of them to cripple features the unit originally shipped with. Sadly latest firmware is basically ransomware. Paradox should be on everybody's evil companies list! Regretfully I'm too invested in their system already.
andres1to
commented
5 years ago Hello all,
I tried to upgrade IP150 from 1.32 to 4.20 and now the module does not even get an IP address... I tried to reset it with no luck. LINK led is lighted up, IO 2 blinks and then goes off, this is the behavior. Do you know any workaround or should I buy a new module?....
Thanks, Andreas
nezmogus
commented
5 years ago @andres1to if you know how, use WireShark to monitor IP150 module activity on network after power on. Maybe it will reveal any information, what can be done to fix firmware
andres1to
commented
5 years ago @nezmogus I followed the instructions with DNS and the IP150 got an IP and everything went as described. Thank you very much!
plouis7
commented
5 years ago Hellow. Last 2 day I was caught with these things on this topic.. I started with an IP150 with unknown pass so I did a hard reset (pinhole). After that i started using baby..infield and figure out how to connect to module. Also did that stupid (me not reading) update to latest firmware! So from what I remember now.. I never managed to use Panel S/N with Ip password with infield. Maybe it was the Reset procedure nezmogus told that it glued the firmware. (Maybe it by design to do a hardware reset to stick the firmware! perhaps otherwise the procedure it's considered unfinished.) So after update to the latest firmware..I didn't also succeeded to connect even with Static IP method until I found a post in which a user speaks about ...connecting the IP module to power holding down the reset button. In this way with the latest 4.3 firmware I was able..in the first minute to access it (randomly) with infield 5.011 (the IP module only) and apply the firmware downgrade as described.
No I can access it with infield Static Ip tab and it shows me also the Panel module. Evo48 firmware 1.11 which I want to upgrade. (suspected that poor connectivity with infield and other is due to old pannel firmware**).Ie:
Now that I downgraded I can't connect to it with infield using Panel S/N (internet tab)...but as I said..I never succeeded that. I did a hardware reset after downgrade (5 sec btton pressed, release and push once while the leds still flashing) and the firmware stays fine with no domain blocked inside the router :)
Can somebody tell me, if we brick the IP module...307USB connected to the panel would be a better solution?
pedromrg
commented
5 years ago great info here.
I'm out of luck... my in-field can't even connect to IP150 panel S/N giving me an error saying it's wrong ( panel SN is in the SP5500 white sticker with a bar code right?
Web interface is working, I can find it with babyware but can only change ports, everything else gives me an error and parameter turns RED.
EDIT: when I try to set DNS to myt computer with babyware...configure. IP150 reboots.
any ideas ?
plouis7
commented
5 years ago Supports TCP/IP connections through the IP100
(I assume that Ip150 is not supported,, I get also that error and I uninstalled winload)
rebooting seems normal after a change to internal ethernet interface. I also tried my IP150 with ParadoxIP_Locate_V1.66.exe..and DNS edit boxes turn to red. (the latest firmware 4.3) What are you doing... downgrade, upgrade?
LE. Winload works with IP150!! See this movie after seing that I inspected my Panel Id and PC password (sections 3011 and 3012 under Control Panel Settings), and it waren't 0000; what is strange is that Neware connected to the Panel using 0000/0000...despite the values I found in the Panel!!
plouis7
commented
5 years ago @nezmogus, could you tell us how to transform other puf's into something TVPfwd could use? cut the first 0xF7 bytes and the last 4 and then?
nezmogus
commented
5 years ago You are right about F7 and last 4 bytes. Also in some cases last about 32 bytes can be important. They depends from what do you want to do? On Aug 8, 2018 10:40 PM, "plouis7" notifications@github.com wrote:
@nezmogus https://github.com/nezmogus, could you tell us how to transform other puf's into something TVPfwd could use? cut the first 0xF7 bytes and the last 4 and then?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Tertiush/ParadoxIP150v2/issues/22#issuecomment-411527419, or mute the thread https://github.com/notifications/unsubscribe-auth/AkrOSjDKuTzPGS-14uHWKLxCaskApIT0ks5uOz61gaJpZM4PpuhG .
vilnele007
commented
5 years ago labas nezmogus
plouis7
commented
5 years ago Today tried about one hundred times to flash evo48 1.11 using downgraded module.. IP150. First attempt erased the panel firmware. Mostly the progress ended between 1-6%. I succeeded somwhere in the beginning, one time, the only .pef I found..1.10 which was in fact a downgrade. This gave me currage that it could work without direct serial 307USB device After many..many attempts (like in cuantic mechanics) version 2.2 .puf is on my panel. The last one in series is 2.5 but Infield says it's not compatible when selecting the firmware file. I found somewhere that starting with evo 2.5 they have another CPU architecture. IP150 webface doesn't load (timeouts at login) if the panel firmware it's broken.
Im happy because now I can upload floor plans onto K07C grafica keyboard. I can control also the keyboard settings from winload. In the web interface...log window shows the date and time now..instead 000000. It was fixed in firmware..or the old 1.11 firmware was somehow broken a little.
During all this madness I powered IP150 with reset pushed which cleared the downgraded firmware. So I had to flash it again. I was tempted to try other firmware versions for the IP Module...but found that your proxy needs a custom version of the files.
nezmogus
commented
5 years ago @vilnele007 labas :) @plouis7 depending on my free time tomorrow i will explain more about formware files for TVPfwd or i will upload already ready to use firmware files.
yozik04
commented
5 years ago Guys, who successfully downgraded. Does Babyware let you connect via IP/Static method? It managed to make two steps during connection "Opening Socket" and "Connecting to Panel", but times out on "Identifying Panel".
Babyware v5.1.0 EVO 192 v6.80.006 IP150 v1.32.001 (which @nezmogus provided)
yozik04
commented
5 years ago Great!!! One more successful story.
I've managed to downgrade the latest IP150 firmware to v1.32.001 and glued it. Removed all DNS overrides from the router. Rebooted and firmware stayed. Initial firmware on the IP module was like 4.1~
Some keynotes:
nezmogus
commented
5 years ago @yozik04, nice to hear your success story and thanks for the perfect key notes. Yes, i have PP on this same email address, which i mentioned a lot of times in this thread.
@plouis7 Sorry, that not posted any info how to prepare other firmware versions for downgrade, I'm little bit to busy. If shortly: compare these two firmware files decrypted.firmware.zip and you will see, that footer in FW 4.x is duplicated (FOOTER_IP150 string is two times in FW 4.xx and only one time in older FW). If firmware 4.xx updater finds, that footer is with single FOOTER_IP150, it rejects file. What i did, i put FW 4.xx footer in FW 1.32 file and that's all. Because encryption is very weak, you can take original firmware file lower than 4.xx, cut off first 7F (HEX) bytes and last 4. Then do this same with latest firmware or just take firmware provided together with TVPfwd (first 7F and last 4 bytes already cutted off in this file). Then copy last 48 (DEC) bytes from firmware 4.xx to your firmware file, save and pass this file to TVPfwd. I'm not tested this method, but I think it should work.
erokoder
commented
5 years ago Dear @nezmogus
I tonight Try downgrading my new IP150 v 4.20.008 I make fake DNS on my mikrotik router. Turn InField and connect to IP150. After that I run: TVPfwd.exe your_computers_IP 10000 54.165.77.37 10000 IP150_V1_32_001_ENG_downgrade_from_v4.xx.PuF And Start Upgrade. Packet transfer good in start but stop when arrived 62/448 packet. When I reboot IP150, It again transfer packet from zero but same stop in some number under 100. So I cant login to IP150, I try factory reset and disable dns. And Now I have version 4.30 XD
erokoder
commented
5 years ago New information
@nezmogus
I try 4.30 downgrading and I success. I have now 1.32.001.
One question. Can I leave fake dns for upgrade.insightgoldatpmh.com on mikrotik or?
yozik04
commented
5 years ago @nezmogus Why you picked 1.32.001 for downgrade. Is there any reason? Why not later 1.x version 1.39? or 3.x ?
nezmogus
commented
5 years ago @erokoder if you did reset procedure and glued firmware as i mentioned in this post (https://github.com/Tertiush/ParadoxIP150v2/issues/22#issuecomment-398857139) then you can remove fake DNS, otherwise you should have DNS record and TVPfwd running every time, when your IP150 is powered on.
@yozik04 thanks for your donation. By FW release notes i found on the internet, later versions does not have any important updates. All updates later than 1.32 are made only for insigtgold app. This is why i choosed 1.32.001 version for downgrade
mioke77
commented
5 years ago @nezmogus @erokoder It seems that the DNS record is needed there not only when you powered on IP150, but also when ethernet cable is disconnected or if you reboot your switch or router where is connected this IP150, this of course if you don't glued the firmware.
sirs2k
commented
5 years ago Hey guys,
Luckily I was still on bootloader 2.12.001 so I just downloaded the FW linked above and uploaded it through In-Field and it worked. Now my IP-150 is on 1.32.001.
I would like to ask though, how do I make it so it NEVER auto updates FW?
yozik04
commented
5 years ago 
itsgabraf
commented
5 years ago I'm really confused by the whole process. First, I don't know how to set up the DNS. I have a Netgear router if that helps with figuring it out? Then, when I try to even open the exe file you provided, nothing happens? The instructions are sooo confusing to me!
tebloid
commented
5 years ago @nezmogus Hello I appeal to an intelligent man. I have a problem with IP150 firmware 4.30 I want to roll back (downgrade). There are no problems with DNS. This is made easy in Mikrotik in the Static DNS function. But IP150 does not connect. In his settings, only IP and Mask. How to be? someone knows the solution. Or throw it in the trash. But this is stupid. @erokoder I have exactly the same situation.
yozik04
commented
5 years ago @tebloid Please be specific does not connect to what and what settings are you talking about. For settings, screenshot will be helpful.
toaderv
commented
5 years ago Hello, I'd like to think that I followed instructions however when I launch TVPfwd.exe nothing happen. What am I doing wrong? What screenshots will be helpful to guide me trough this process?
thank you!
nezmogus
commented
5 years ago @itsgabraf if all instructions in this thread are confusing to you, ask any local IT guy for help. @tebloid do you start IP150 firmware update process using InField? What is your InField version? @toaderv to tell you what are you doing wrong, we need more information.
Bottom of this screen should look like this:
tebloid
commented
5 years ago 
All settings are correct.
The only request that makes the integrated Google DNS 8.8.8.8. There is a screen.
Firmware 4.30.0 in ParadoxIP_Locate_V1.66
I tried
In-Field 5.0.11
In-Field 3.9.3
nezmogus
commented
5 years ago Great screenshots.
First picture, use Internet tab instead Static IP. Static IP tab works only when IP150 firmware lower than 4.00.
Search "Static IP" string in this thread to find more details if you need. On Oct 3, 2018 1:56 AM, "tebloid" notifications@github.com wrote:
[image: 1] https://user-images.githubusercontent.com/43791986/46381462-15ac7400-c6af-11e8-9357-bb1f542816d8.png [image: 2] https://user-images.githubusercontent.com/43791986/46381468-1cd38200-c6af-11e8-992b-2412b6d75289.png [image: 3] https://user-images.githubusercontent.com/43791986/46381503-42f92200-c6af-11e8-96b8-58ea7ecae49e.png [image: 4] https://user-images.githubusercontent.com/43791986/46381518-4be9f380-c6af-11e8-8f10-f346152f32df.png [image: 5] https://user-images.githubusercontent.com/43791986/46381522-4db3b700-c6af-11e8-8a53-714490644dd6.png All settings are correct. The only request that makes the integrated Google DNS 8.8.8.8. There is a screen.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Tertiush/ParadoxIP150v2/issues/22#issuecomment-426457572, or mute the thread https://github.com/notifications/unsubscribe-auth/AkrOSmPYXc5-eD-bDdnssyX7h4QpuivAks5ug-8bgaJpZM4PpuhG .
tebloid
commented
5 years ago @nezmogus
I tried Serial Number or IP not work...
I use the password "paradox"
Hello Tertius, First of all, thank you for your work and developing this software. After managing to configure the MQTT server this is what I am getting when trying to connect to my control panel.