Not working with 5816 Door/Window Sensors. 5811's are just fine.

[kayak01]

I just started with decode345 yesterday and can't seem to make it work with model 5816 door/window sensors.

I have no issues with the 5811 door/windows sensor or 5800PIR-RES Motion.

For this debug output you can see an attempt of a few 5816's then at the end a 5811. Waiting for FIFO data... Receiving data... String length ef: --------------------_------------------------------------------------------------------------------_---------------------- String length ef: ------------------_-_-----------------------------------------------------------------------------------------_------------ String length ef: ------------------_--_------------------------------------------------------------------------------_---------------------- String length ef: ------------------_-_-----------------------------------------------------------------------------------------_------------ String length ef: ------------------_--_------------------------------------------------------------------------------_---------------------- String length ef: ------------------_-_-----------------------------------------------------------------------------------------_------------ String length ef: ------------------_--_--_-----------------------------_-----_-_---------------------------------------------------_-------_----- String length ef: --------------------_----------------------_-_-------------_--_--------------------------------------------------_------------ String length ef: ------------------_-_-----------------------_---------_-_------_--------------------------------------------------_------------ String length ef: ------------------_--_--_-----------------------------_-----_-_---------------------------------------------------_-------_----- String length ef: --------------------_----------------------_-_-------------_--_--------------------------------------------------_------------ String length ef: ------------------_-_-----------------------_---------_-_------_--------------------------------------------------_------------ String length 78: ------------------------------------_-----------_--------------- String length 6f: ------------------------------------_-----------_------- String length 6c: --------------_------------------_--------------_-------- String length 73: ------------------------------------_-------_-_------------- String length 7c: --------------_----------------------_-----------_----------------- len 80: --------------------------------------------_---------_----------- Packet Received: 0xfffe8e8fa00412e2 DeviceID: 0x8e8fa0 Status: 0x4 CRC: 0x12e2 Device: Julie's Office Left Pulse-Check Closed Mosquitto Sending: /security/Office Left CLOSED to 127.0.0.1:1883 len 80: --------------------------------------------_---------_----------- Packet Received: 0xfffe8e8fa00412e2 DeviceID: 0x8e8fa0 Status: 0x4 CRC: 0x12e2 Device: Julie's Office Left Pulse-Check Closed Mosquitto Sending: /security/Office Left CLOSED to 127.0.0.1:1883 len 80: --------------------------------------------_---------_-----------_

Also I was wondering if anybody has figured how to map the sticker like: 095-4272 to the DeviceID? Thanks -Jason

[denglend]

It looks like the 5816 sensors you have are using a related, but somewhat different protocol. The bit strings you pasted are 15 bytes long, rather than the 8 bytes that the "normal" packets are. But they still use the same sync bytes, and use the same CRC (with a caveat; see below). I've seen 12 byte packets before as well (not from my own devices, but from stray RF from someone nearby), but haven't seen 15. Not owning or having seen any of the 15-byte devices before, I don't know the specifics of their protocol. If you figure it out, I'm happy to accept updated code to decode it.

The existing code doesn't convert the 15-byte packets to hex bytes, but I decoded them to see if I could make sense of the 15-byte packet structure. The two bit strings you included decode to: FF FE 1B 00 30 0C 08 8B 3B 0F A0 A0 A0 07 4A and FF FE 1B 00 30 1C 08 68 F8 0F A0 A0 A0 07 4A

There are only two unique bit strings you included for the 5816's (they repeat six times each, which is normal for the other sensor types too). Given the similarities between the two strings, I'm guessing they are from the same device --- perhaps one is an "opened" message and the other is a "closed" message. That said, I don't have any 15-byte devices to fiddle with to try to reverse engineer the protocol, but you may want to give it a shot. If you do, you could easily modify the python code to display the hex for the 15-byte packets for you by modifying this part of the python code:

        if len(curstr) == 127 or len(curstr) == 191:
            curstr = curstr + "_"           #add back an ending low if needed
        if len(curstr) == 192 and Settings["Show192"]:
            print("String length: 192")     # temp decoding 192 bit strings
            bytes = [0,0,0,0,0,0,0,0,0,0,0,0]
            for curbyte in range(0,12):

You'd want to change the 191 to a 239, the 192 to a 240, and the 12 to a 15 (and use the Show192 setting, and/or rename it to Show240).

If you haven't checked out https://denglend.github.io/decode345/part2.html yet, it has info on the packet structure which could prove helpful if the 15-byte is similar to the 8-byte.

One thing that I did notice was that the 2nd part of the packet seems to be "independent" from the first, in the sense that it has it's own CRC. In other words, in the 0F A0 A0 A0 07 4A part of your 15-byte packet, the 074A is a CRC of the 0FA0A0A0, which is probably either a weird "bug" (i.e. if it still only CRC's the last 4 bytes of the data even though the packet got longer) or is an indication that there are two independent pieces of data being sent together. The CRC type is still CRC-16/BUYPASS, the same type used in the 8-byte packet.

Regarding your other question, I haven't found any evidence that the sticker is at all related to the DeviceID.

[kayak01]

Thanks for looking at the issue. I will look at updating the code on my setup.

It would seem that the project would be better off if you had a 5816 for your use. If you are in the states I would be glad to have Amazon send you one of the 5816’s. If that’s of interest to you please setup an amazon wish list containing a 5816t and share the list, thus you would’t have to share your address. -Jason

On Jul 18, 2018, at 9:47 PM, Dan Englender notifications@github.com wrote:

It looks like the 5816 sensors you have are using a related, but somewhat different protocol. The bit strings you pasted are 15 bytes long, rather than the 8 bytes that the "normal" packets are. But they still use the same sync bytes, and use the same CRC (with a caveat; see below). I've seen 12 byte packets before as well (not from my own devices, but from stray RF from someone nearby), but haven't seen 15. Not owning or having seen any of the 15-byte devices before, I don't know the specifics of their protocol. If you figure it out, I'm happy to accept updated code to decode it.

The existing code doesn't convert the 15-byte packets to hex bytes, but I decoded them to see if I could make sense of the 15-byte packet structure. The two bit strings you included decode to: FF FE 1B 00 30 0C 08 8B 3B 0F A0 A0 A0 07 4A and FF FE 1B 00 30 1C 08 68 F8 0F A0 A0 A0 07 4A

There are only two unique bit strings you included for the 5816's (they repeat six times each, which is normal for the other sensor types too). Given the similarities between the two strings, I'm guessing they are from the same device --- perhaps one is an "opened" message and the other is a "closed" message. That said, I don't have any 15-byte devices to fiddle with to try to reverse engineer the protocol, but you may want to give it a shot. If you do, you could easily modify the python code to display the hex for the 15-byte packets for you by modifying this part of the python code:

  if len(curstr) == 127 or len(curstr) == 191:
      curstr = curstr + "_"           #add back an ending low if needed
  if len(curstr) == 192 and Settings["Show192"]:
      print("String length: 192")     # temp decoding 192 bit strings
      bytes = [0,0,0,0,0,0,0,0,0,0,0,0]
      for curbyte in range(0,12):

You'd want to change the 191 to a 239, the 192 to a 240, and the 12 to a 15 (and use the Show192 setting, and/or rename it to Show240).

If you haven't checked out https://denglend.github.io/decode345/part2.html https://denglend.github.io/decode345/part2.html yet, it has info on the packet structure which could prove helpful if the 15-byte is similar to the 8-byte.

One thing that I did notice was that the 2nd part of the packet seems to be "independent" from the first, in the sense that it has it's own CRC. In other words, in the 0F A0 A0 A0 07 4A part of your 15-byte packet, the 074A is a CRC of the 0FA0A0A0, which is probably either a weird "bug" (i.e. if it still only CRC's the last 4 bytes of the data even though the packet got longer) or is an indication that there are two independent pieces of data being sent together. The CRC type is still CRC-16/BUYPASS, the same type used in the 8-byte packet.

Regarding your other question, I haven't found any evidence that the sticker is at all related to the DeviceID.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/denglend/decode345/issues/11#issuecomment-406128151, or mute the thread https://github.com/notifications/unsubscribe-auth/AnQTyPeHB6N4F2At_36VPPjqUr5APZUbks5uH-UZgaJpZM4VNKLy.

[tiszavolgyi]

@kayak01 - Did you make any progress with this? I believe I have the same issue. Thank you!

[kayak01]

I didn't make progress on this. :-(

On Sun, Sep 8, 2019 at 7:10 PM tiszavolgyi notifications@github.com wrote:

@kayak01 https://github.com/kayak01 - Did you make any progress with this? I believe I have the same issue. Thank you!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/denglend/decode345/issues/11?email_source=notifications&email_token=AJ2BHSA6PUWQIRI2XAGDDB3QIWA6TA5CNFSM4FJUULZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6F3Z7Y#issuecomment-529251583, or mute the thread https://github.com/notifications/unsubscribe-auth/AJ2BHSHD33CIL3JITNFATYTQIWA6TANCNFSM4FJUULZA .

[rdfedor]

Have to say, great work on this and thank you for open sourcing your findings. I bought a house recently that has the Honeywell 5800 series sensors set up in it but no alarm pad. Seems the previous owners decided to take it with them. I was able to set up a Raspberry Pi Zero-W with the reciever and decoder set up as services, and was able to add mosquitto authentication by adding two more options to the decode345.c file.

The motion sensor works flawlessly and it's capturing the activations from it without a problem in the decoder, but then I have a few of these 5816 door sensors also which don't seem to be transmitting signals at all. I've taken one of the sensors w/ the magnet off the door to play with it, but whenever I pass the magnet over the sensor to trip it, nothing. I hear the click and even put new batteries in it but I can't get it squalk. Do you have to have sensor configured with an alarm panel for them to work? I see a bunch of pulse checks and low battery indicators coming from various unknown sensors, but don't know if they're from mine or some neighbors since I can't trip the sensor into activating when opening and closing a door.

Thanks in advanced.

[burmat]

@kayak01 - what modifications did you make to generate those results? I'm currently using an un-modified version of decode345.py and everything seems to be getting chopped (see below). I'm currently trying to re-work @denglend's earlier POC from his write-up to analyze it from scratch.

Sample output from a close on a 5816 switch:

Opening FIFO...                                                                                                        
_                                                                                                                      
String length: 1                                                                                                       
_                                                                                                                      

_-____
String length: 6
_-____
1: 10 2: 7 3: 3 4: 1 5: 1 6: 1 7: 2 8: 1 9: 1 11: 1
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2195: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2195: 1 2197: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2195: 2 2197: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2195: 3 2197: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 3 2197: 1 2198: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 3 2197: 1 2198: 1 2199: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 3 2197: 1 2198: 2 2199: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 3 2197: 2 2198: 2 2199: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 3 2196: 1 2197: 2 2198: 2 2199: 1 
_--
String length: 3
_--
1: 13 2: 11 3: 4 4: 2 5: 2 6: 1 7: 2 8: 1 9: 1 11: 1 2194: 1 2195: 4 2196: 1 2197: 2 2198: 2 2199: 1 
Writer closed