Open kricon opened 3 years ago
Command 0x94 seems to be used for requesting and getting data from RF module to panel. Probably similar to 0x8D. Note that this is mostly dump from notes of logs I took, taken from v5.0.
Byte2 - unknown, 0x11 when panel send, 0xFF when module send Byte3 - HEX data containing which section (0x41 for section 41 etc) - probably same as 0x8D byte3. Byte7 bit0 - option 2 Byte7 bit1 - option 3 Byte7 bit2-5 options 4-7 Byte7 bit6 - option 8 Byte7 bit7 - unknown Bytes7-10 also contains ESN, with first digit starting on Byte7 bit6 and sixth digit ends on Byte10 bit7. Same is for getting byte3 adress from 0x8D list above, offset with Byte7 startbit6 and Byte8 endbit7.
2800.42: 10010100 0 00010001 10010011 10000010 10111010 00001000 01100011 10001000 01100011 11000000 [0x94] Unknown data //trying to enter nonexistant section 93 byte3 0x93
2800.42: 11111111 1 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111100 [Module/0x94] Unknown data //section doesnt exist
2933.92: 10010100 0 00010001 10010001 10000010 10111000 00000000 00000000 00000000 01000001 01000000 [0x94] Unknown data //[804][91] byte3 contains which section (0x91)
2933.92: 11111111 1 11111111 11111111 11111111 11111111 11111111 10000010 11110111 00000000 01110111 [Module/0x94] Unknown data //section exist
2933.95: 01100100 0 00001000 01101100 [0x64] Partition 1 | Beep: 4 beeps //opening section [91]
2934.04: 10010100 0 00010001 00000101 00000000 10101010 00000000 00000000 00000000 01001100 11110111 [0x94] Unknown data //byte5 0xAA request section data from module?
2934.04: 11111111 1 11111111 11111111 11111111 11111111 11111111 10000000 00000000 00000000 01111101 [Module/0x94] Unknown data //Enabled options: none
3196.07: 11111111 1 11111111 11111111 11111111 11111111 11111111 10000011 10000000 00000000 00000001 [Module/0x94] Unknown data //Enabled options 1-2-3
3244.35: 11111111 1 11111111 11111111 11111111 11111111 11111111 10000001 10000000 00000000 01111111 [Module/0x94] Unknown data //Enabled options 1-2
3364.90: 11111111 1 11111111 11111111 11111111 11111111 11111111 10000000 10000000 00000000 01111110 [Module/0x94] Unknown data //Enabled options 1
4126.36: 11111111 1 11111111 11111111 11111111 11111111 11111111 11000000 00000000 00000000 00111101 [Module/0x94] Unknown data //Enabled options 8
4418.58: 10010100 0 00010001 00000011 10000010 00101010 00000000 00000000 00000000 01000001 01000000 [0x94] Unknown data //[804][03] request section
4418.58: 11111111 1 11111111 11111111 11111111 11111111 11111111 10100101 11110110 00000001 10011010 [Module/0x94] Unknown data //section exist
4418.61: 01100100 0 00001000 01101100 [0x64] Partition 1 | Beep: 4 beeps //opening section [804][03]
4418.70: 10010100 0 00010001 01001011 00000000 11110000 00000000 00000000 00000000 01001100 10011010 [0x94] Unknown data //request section data from module? 202020 ESN
4418.70: 11111111 1 11111111 11111111 11111111 11111111 11111111 10010000 00010000 00010000 00101101 [Module/0x94] Unknown data //byte7-8-9 contains ESN data?
4818.46: 11111111 1 11111111 11111111 11111111 11111111 11111111 11010101 01010101 01010101 01111100 [Module/0x94] Unknown data //confirmation above ESN data AAAAAA
4926.74: 11111111 1 11111111 11111111 11111111 11111111 11111111 11010101 01010101 01010111 11111111 [Module/0x94] Unknown data //confirmation above ESN data AAAAAF
4418.78: 00001010 0 10000001 11101100 00000010 00000000 00000000 00000000 00000000 01111001 [0x0A] Ready Backlight - Input 6 digits | Zone lights: 2
4418.87: 11100110 0 00100000 10000001 11101100 00000000 00000000 00000000 00000000 10000000 11110011 [0xE6.20] Status lights: Ready Backlight - Input 6 digits | Zone lights: none
4418.88: 11111111 1 11111111 10100101 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6] Unknown data
4418.96: 10010100 0 00010001 01001011 00000010 11110010 00000000 00000000 00000000 01000000 01000000 [0x94] Unknown data
4419.05: 10010100 0 00010001 01001011 00000010 11110010 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data
4419.05: 11111111 1 11111111 11111111 11111111 11111111 11111111 10010000 00010000 00010000 00101101 [Module/0x94] Unknown data //Byte7-10 probably contains ESN (202020)
4419.10: 01101110 0 00100000 00100000 00100000 00000000 11001110 [0x6E] Unknown data //ESN data: 202020 Byte3 bit4-7 digit1 (HEX 0x02), bit0-3 digit2 (HEX0x00) - Byte4 and Byte5 same.
4419.19: 10010100 0 00010001 01001011 00000000 11110000 01100111 00000000 00000000 01001111 01010000 [0x94] Unknown data
4419.28: 10010100 0 00010001 01001011 00000000 11110000 01100111 00000000 00000000 01001100 11111100 [0x94] Unknown data
4419.28: 11111111 1 11111111 11111111 11111111 11111111 11111111 10010000 00000000 00000000 00001101 [Module/0x94] Unknown data
Entering section [804][03] which contains 555555 as ESN:
1009.84: 11111111 1 00000000 11111111 11111111 11111111 [Module/0x05] Partition 1 Key: 0
1011.44: 11111111 1 00001111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x0A] Partition 1 Key: 3
1011.53: 10010100 0 00010001 00000011 10000010 00101010 00000000 00000000 00000000 01000001 00100000 [0x94] Unknown data //byte3 0x03
1011.61: 10010100 0 00010001 00000011 10000010 00101010 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data //byte3 0x03, bytes 9 and 10 different from above
1011.61: 11111111 1 11111111 11111111 11111111 11111111 11111111 10100101 01110110 00000001 10011010 [Module/0x94] Unknown data //offset byte7 starting bit6 - byte8 end bit7 is 0x4A - same used for byte3 later
1011.64: 01100100 0 00001000 01101100 [0x64] Partition 1 | Beep: 4 beeps
1011.73: 10010100 0 00010001 01001010 00000000 11101111 00000000 00000000 00000000 01001100 10011010 [0x94] Unknown data //byte3 is 0x4A which is correct for Zone 03 ESN input on v5.0 from 0x8D list above
1011.82: 10010100 0 00010001 01001010 00000000 11101111 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data //byte3 is 0x4A which is correct for Zone03 ESN input, byte10 different from line above
1011.82: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 11111111 11111111 10100111 [Module/0x94] Unknown data
1011.86: 00000101 0 10000001 11101100 10010001 11000111 [0x05] Partition 1: Ready Backlight - Input 6 digits | Partition 2: disabled
1011.94: 00001010 0 10000001 11101100 00000101 00000000 00000000 00000000 00000000 01111100 [0x0A] Partition 1: Ready Backlight - Input 6 digits | Zones 1-32 lights: 1 3
1012.08: 11111111 1 10100101 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x0A] Partition 1 Key: Receive data
1012.17: 10010100 0 00010001 01001010 00000010 11110001 00000000 00000000 00000000 00111110 00100000 [0x94] Unknown data
1012.25: 10010100 0 00010001 01001010 00000010 11110001 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data
1012.25: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 10101010 10101010 11111101 [Module/0x94] Unknown data
1012.31: 01101110 0 01010101 01010101 01010101 00000000 01101101 [0x6E] LCD display: 55555500
1012.40: 10010100 0 00010001 01001010 00000000 11101111 00110110 10000000 00000000 01001111 01010000 [0x94] Unknown data
1012.48: 10010100 0 00010001 01001010 00000000 11101111 00110110 10000000 00000000 01001100 11111100 [0x94] Unknown data
1012.48: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 11111111 11111111 10100111 [Module/0x94] Unknown data
0x52 aswell seems to be related to wireless expansion, something for keyfobs?
10233.39: 11111111 1 11111111 11111111 11111111 00111111 11111111 11111111 11111111 11111111 [Module/0x05] Wireless key notification
10233.49: 01010010 0 11111111 11111111 11111111 11111111 [0x52] [CRC Error]
10233.49: 11111111 1 10101010 11111111 11111111 10101000 [Module/0x52] Unknown data
10233.79: 01010111 0 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [0x57] Wireless key query
10233.79: 11111111 1 10101011 10101010 10101010 10101010 11111111 11111111 11111111 11111111 10100101 [Module/0x57] Wireless key battery restored: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
0xE6.25 after exiting installer programming:
5223.40: 11101011 0 00000000 00100000 00110011 10000000 10000000 00000001 10101100 00000000 11101011 [0xEB] 2020.12.28 00:32 | Exit installer programming
5223.61: 11111111 1 11111111 11111111 11111111 11111101 11111111 11111111 11111111 11111111 [Module/0x1B] Wireless notification //decoded in pull request for easier tracking in log
5223.67: 00100111 0 10000001 00000001 10000001 00000001 00000000 00101011 [0x27] Partition 1: Ready Backlight - Partition ready | Partition 2: Ready Backlight - Partition ready | Zones 1-8 open: none
5223.68: 11111111 1 11111111 00101101 11111111 11111111 11111111 11111111 [Module/0x27] Partition 2 Key: #
5223.79: 01001100 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x4C] Module tamper query
5223.79: 11111111 1 11110000 11111111 11111111 00000000 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x4C] Keypad tamper: Slot 2 7 8
5223.90: 01011000 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x58] Module status query
5223.99: 11100110 0 00100101 11111111 11111111 11111111 11111111 11111111 [0xE6.25] [CRC Error]
5223.99: 11111111 1 11111111 11111111 11111111 11111111 11111111 11111100 [Module/0xE6.25] Unknown data
Does anyone have panel version v4.60
or above with an PK5500 keypad? They include new section [898]
for automatic Wireless enrollment without manually enetering ESN. Hopefully, you can enter it and took first status message even without having RF module. It brings "Wireless enrollment mode", "Confirm ESN?", "Press (*) or Zone #:" and "Press (*) or Zone Type:" new partition status messages not yet decoded.
EDIT: as per DSC bulletin panels have Fire Alarm Bells Silenced message. Probably, it is shown when zone defined as [07] or [87] is silenced/delayed but I wasn't able to trigger that message on PC1832 v4.2 with PK5500 v1.1. It will be nice to have that message decoded as well. It could be only keypad-related thing, that keypad itself check if no partition is in alarm and fire alarm is going on but I doubt it as EOL setting would not change that status.
Also, it would be interesting to see output from v4.60 with an RFK keypad v1.30 or up, because it uses 3 digits for [804] installer programming subsection and it includes Receiver Placement Test for RF Interference. RFK5564 likely have 0x8D/0x94 byte3 differences for 64 zones.
I would put help wanted label on this issue. 0x94 can also be used for other module subsection-programming such as PC5100 2-wire adressable or PC5936 audio interface as it get send after trying to enter their sections but I dont have the modules to verify it: 0x94 send byte2 0x14 when trying to enter [801] for PC5400 printer module with corresponding subsection on byte3. 0x94 send byte2 0x15 when trying to enter [802] for PC59XX VOX module with corresponding subsection on byte3. 0x94 send byte2 0x19 when trying to enter [805] for PC5100 programming with corresponding subsection on byte3.
I suppose 0x8D and 0x94 cmds waits to be included in new development branch, after merge of current development branch into master, because as of now, there is no space left for Arduino Uno with KeybusReader.ino sketch.
This is an example of entering subsection [20] of section [804] on v5.0 RF module, changing zone 20 ESN from 555555 to 999999:
7378.09: 00010001 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x11] Module supervision query
7378.09: 11111111 1 11111111 11111100 11111111 11110011 11111111 11111111 11111111 [Module/0x11] Keypad slots: 8 | PC/RF5132
7379.64: 11111111 1 00001010 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x0A] Partition 1 Key: 2
7380.03: 11100110 0 00101100 00000001 00000000 00000000 00000000 00000000 00010011 [0xE6.2C] Partition 1 | Enabled zones 33-64: none
7380.12: 10110001 0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 10110001 [0xB1] Enabled zones 1-32 | Partition 1: none| Partition 2: none
7380.21: 11111111 1 11111111 00000000 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: 0
7380.30: 10010100 0 00010001 00100000 10000010 01000111 00000000 00000000 00000000 01000000 01000000 [0x94] Unknown data
7380.38: 10010100 0 00010001 00100000 10000010 01000111 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data
7380.38: 11111111 1 11111111 11111111 11111111 11111111 11111111 10111110 11110110 00000001 10110011 [Module/0x94] Unknown data
7380.42: 01100100 0 00001000 01101100 [0x64] Partition 1 | Beep: 4 beeps
7380.50: 10010100 0 00010001 01111101 00000000 00100010 00000000 00000000 00000000 01001100 10110011 [0x94] Unknown data
7380.59: 10010100 0 00010001 01111101 00000000 00100010 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data
7380.59: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 11111111 11111111 10100111 [Module/0x94] Unknown data
7380.67: 00001010 0 10000001 11101100 00000101 00000000 00000000 00000000 00000000 01111100 [0x0A] Partition 1: Ready Backlight - Input: 6 digits | Zones 1-32 lights: 1 3
7380.75: 11100110 0 00100000 10000001 11101100 00000000 00000000 00000000 00000000 10000000 11110011 [0xE6.20] Partition 1: Ready Backlight - Input: 6 digits | Zones 33-64 lights: none
7380.83: 00000101 0 10000001 11101100 00010000 11000111 00010000 11000111 00010000 11000111 [0x05] Partition 1: Ready Backlight - Input: 6 digits | Partition 2: disabled | Partition 3: disabled | Partition 4: disabled
7380.91: 11111111 1 10100101 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x0A] Partition 1 Key: Receive data
7381.00: 10010100 0 00010001 01111101 00000010 00100100 00000000 00000000 00000000 00111110 01000000 [0x94] Unknown data
7381.09: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 10101010 10101010 11111101 [Module/0x94] Unknown data
7381.09: 10010100 0 00010001 01111101 00000010 00100100 00000000 00000000 00000000 01001100 11111100 [0x94] Unknown data
7381.14: 01101110 0 01010101 01010101 01010101 00000000 01101101 [0x6E] LCD display: 55555500
7381.23: 10010100 0 00010001 01111101 00000000 00100010 00110110 10000000 00000000 01010000 11010001 [0x94] Unknown data
7381.32: 10010100 0 00010001 01111101 00000000 00100010 00110110 10000000 00000000 01001100 11111100 [0x94] Unknown data
7381.32: 11111111 1 11111111 11111111 11111111 11111111 11111111 10101010 11111111 11111111 10100111 [Module/0x94] Unknown data
7382.05: 11111111 1 11111111 11111100 11111111 11110011 11111111 11111111 11111111 [Module/0x11] Keypad slots: 8 | PC/RF5132
7382.05: 00010001 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x11] Module supervision query
7386.04: 00010001 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x11] Module supervision query
7386.04: 11111111 1 11111111 11111100 11111111 11110011 11111111 11111111 11111111 [Module/0x11] Keypad slots: 8 | PC/RF5132
7386.45: 11111111 1 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x0A] Partition 1 Key: Menu navigation
7386.62: 11111111 1 11111111 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: Menu navigation
7386.79: 11111111 1 11111111 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: Menu navigation
7387.04: 11111111 1 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0x05] Partition 1 Key: Menu navigation
7387.21: 11111111 1 11111111 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: Menu navigation
7387.63: 11111111 1 11111111 11110111 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: Menu navigation
7387.80: 11111111 1 11111111 10101010 11111111 11111111 11111111 11111111 11111111 11111111 11111111 [Module/0xE6.20] Partition 1 Key: Submit data
7387.85: 01110000 0 11111111 11111111 11111111 11111111 11111111 [0x70] LCD keypad data query
7387.85: 11111111 1 10011001 10011001 10011001 00000000 11001011 [Module/0x70] LCD keypad data entry: 99999900
7387.97: 10001101 0 00010001 01111101 00000010 10011001 10011001 10011001 11111111 11100111 [0x8D] Wls programming key response
7388.00: 01100100 0 00000100 01101000 [0x64] Partition 1 | Beep: 2 beeps
7388.03: 01100100 0 00001000 01101100 [0x64] Partition 1 | Beep: 4 beeps
7388.09: 01011101 0 00100000 00000000 00000000 00000000 00000000 01111101 [0x5D] Partition 1 | Status lights flashing: Program | Zones 1-32 flashing: none
7388.17: 11100110 0 00011000 00000001 00100000 00000000 00000000 00000000 00000000 00011111 [0xE6.18] Partition 1 | Status lights flashing: Program | Zones 33-64 flashing: none
7388.25: 00001010 0 10000001 11110111 00000000 00000000 00000000 00000000 00000000 10000010 [0x0A] Partition 1: Ready Backlight - *8: 2 digit subsection entry | Zones 1-32 lights: none
7388.34: 11100110 0 00100000 10000001 11110111 00000000 00000000 00000000 00000000 10000000 11111110 [0xE6.20] Partition 1: Ready Backlight - *8: 2 digit subsection entry | Zones 33-64 lights: none
7388.42: 00000101 0 10000001 11110111 00010000 11000111 00010000 11000111 00010000 11000111 [0x05] Partition 1: Ready Backlight - *8: 2 digit subsection entry | Partition 2: disabled | Partition 3: disabled | Partition 4: disabled
7390.04: 00010001 0 10101010 10101010 10101010 10101010 10101010 10101010 10101010 [0x11] Module supervision query
7390.04: 11111111 1 11111111 11111100 11111111 11110011 11111111 11111111 11111111 [Module/0x11] Keypad slots: 8 | PC/RF5132
I've found out that on PC5010 v2.00 panels you can have multiple users having same access code - event buffer will log only the lowest one.
Update for 0x94 panel command, byte 4 is always 0x82 when byte 3 contains subsection which was requested to be accessed.
More info on Byte4: when its 0x02 it contains HEX data on bytes 5-7. It's way to differ RF5132 v3.x/v5.x versions for 0x8D cmd. However, I'm not so sure that you can differentiate v5.0/v5.1 even for 0x8D. For 0x94 cmd it seems impossible to be sure for which version it's from just single line.
Command 0x8D seems to be used for programming RF module, and it sends data from panel to RF module after programming entry is done. Note that PC5102 and RF5108 RF modules have onboard PGM1 and PGM2 outputs and have more programming sections. Also, there is some difference between versions, earlier only supports 2 partitions and use section 59-60 for assigning function keys to partitions1-2, RF5132 v5.0 assign function keys per partitions1-8 (61-69) and RF5132 v5.1 assign function keys per key1-16 (61-76). It seems that RF module also save and have record of user codes 17-32 used for keyfobs 1-16. After changing Wls key assign user codes [017][1], you need to enter/remove associated user codes otherwise you wont be able to disarm system. It's interesting how panel send different Byte3 data for different RF module versions (sample log outputs below), but with checking Byte2 or comparing Bytes6-7 you should be able to differ for what action/section is command send. This is mostly copy-paste from dump of notes I took thru last days, maybe not nice sorted or labeled out but I've verified byte3 data and sections several times on v3.14, v5.0 and v5.1 rf modules.
Unknown ones can be for earlier versions which supported 4 handheld keypads with 4 function keys per partition (each section for each function) [57]-[64]. [65]-[72] for partition 1/2 function keys 1-4. [90] for handheld keypads partition assingment