rs485 keypad reverse engineering

Got a hardware problem? ask for help

rs485 keypad reverse engineering

Postby acarminati » September 10th, 2016, 1:18 pm

I'm trying to recycle an Anti-theft system keypad.
My goal is use this keypad as my system peripheral.
This keypad is interfaced with its master device phisically using bus rs485.
The first step in order to exploit this keyboard, is understand the communication between this two devices, the master and its keypad.
My first idea have been tap the bus and sniff the traffic.
Doing this, I collected few dumps of estabilished dialogs between those two devices, but because the tap, I can't have any idea of the direction the bytes I logged.
So my second step have been play the man-in-the-middle game.
I setup a device to put between the master and its keypad cutting the bus and using two transceiver, one facing the master an another facing the keypad.
Then I wrote a simple program to forward everything from an interface to another.
In this scenario however, it seems keypad does not react to the messages sent by its master, received by my device ad forwarded to it.
Also, I tried to send sniffed traffic directly to the keypad, hoping in its reaction of any kind, but it remains silent. Maybe it's a matter of pauses in transmissions?
Having the feeling something in the transmission could be wrong, the rs485 chip on my usb dongle and the one on the keypad are different (sipex sp485ec keypad - st 485ecdr usb dongle), I tried to tap directly a logic analyzer to the serial pin on the microcontroller. Doing this I verified that sending bytes through my usbdongle I could receive them on the pins on the MCU.
Can someone give me any direction to step forward my project?
Posts: 14
Joined: April 30th, 2014, 8:21 am

Return to Help me! Hardware

Who is online

Users browsing this forum: No registered users and 1 guest