2022 Project - Help Me Hack My Home Security System
December 17, 2021 8:27 AM Subscribe
I have a home security system that I have never used and don't know the security codes on. Help me hack the code and reset this thing! When I plug it back in it's currently in 'armed' mode.
Anybody have any ideas?
If the previous owners left us the code, we have long since lost the documentation. I currently have it unplugged and inactive and have replaced most of the windows and doors, so only a few zones will even work, and I have lived in this home for 11 years and not been a victim of crime, so this is just for fun.
Best as I can tell it's a DSC ProtectionOne model WSS51010 generally sold in 1997. The example codes in the manual are 4 digits, so I'm guessing it's 4 digits. Best as I can tell, I can input 3 wrong codes before the alarm goes off and I have to unplug it for at least 24 hours to reset it.
I'd also prefer not to have it professionally reset because I don't want a new security system, I don't want it monitored, and I can't deal with salesman pressure this time of year.
I of course have access to the inside panel and have a voltage tester, but my electrical engineering skills don't go much beyond that.
I'm open to inputting a few codes a week during 2022, and keeping a big list of numbers I have tried by it. But that would take approximately 500 weeks to figure it out if it is 4 digits. I'm not planning on moving so I've got the time, but anyone have a faster solution.
If the previous owners left us the code, we have long since lost the documentation. I currently have it unplugged and inactive and have replaced most of the windows and doors, so only a few zones will even work, and I have lived in this home for 11 years and not been a victim of crime, so this is just for fun.
Best as I can tell it's a DSC ProtectionOne model WSS51010 generally sold in 1997. The example codes in the manual are 4 digits, so I'm guessing it's 4 digits. Best as I can tell, I can input 3 wrong codes before the alarm goes off and I have to unplug it for at least 24 hours to reset it.
I'd also prefer not to have it professionally reset because I don't want a new security system, I don't want it monitored, and I can't deal with salesman pressure this time of year.
I of course have access to the inside panel and have a voltage tester, but my electrical engineering skills don't go much beyond that.
I'm open to inputting a few codes a week during 2022, and keeping a big list of numbers I have tried by it. But that would take approximately 500 weeks to figure it out if it is 4 digits. I'm not planning on moving so I've got the time, but anyone have a faster solution.
Best answer: WSS51010 or WSS5010?
If it's WSS5010, here's an Installation Manual that has a section on how to restore the unit to "factory default" settings which may wipe out any programmed passwords in it. Or maybe not. But maybe start here if you're poking around.
posted by JoeZydeco at 8:53 AM on December 17, 2021 [1 favorite]
If it's WSS5010, here's an Installation Manual that has a section on how to restore the unit to "factory default" settings which may wipe out any programmed passwords in it. Or maybe not. But maybe start here if you're poking around.
posted by JoeZydeco at 8:53 AM on December 17, 2021 [1 favorite]
Response by poster: I wonder if it might be more fun and productive to disconnect the sensors from the panel, and connect them to something else (a Raspberry Pi maybe?)
I am open to solutions like this as I have decent programming skillz, but I don't know much about removing the wires from the existing security panel [there are wires in a basic wiring setup for each zone, 9 zones - similar to a thermostat control board if that is meaningful to you], so if anyone has info on that it would be cool too! So I would need info on which Raspberry PI components to buy to plug those wires into.
posted by The_Vegetables at 8:54 AM on December 17, 2021
I am open to solutions like this as I have decent programming skillz, but I don't know much about removing the wires from the existing security panel [there are wires in a basic wiring setup for each zone, 9 zones - similar to a thermostat control board if that is meaningful to you], so if anyone has info on that it would be cool too! So I would need info on which Raspberry PI components to buy to plug those wires into.
posted by The_Vegetables at 8:54 AM on December 17, 2021
Best answer: For nearly all of that type of alarm system, the door and window sensors are little more than a switch, closed when the door/window is. Can be purely mechanical, or magnetic 'reed' switches, and the most elementary set up will just have a wire pair from each of the sensors to the controller. You may find that there's a resistor in series with the switch, inside the switch enclosure. This is to detect tampering: if someone gains access to the wire and shorts the pair to simulate the switch staying closed, that resistor gets bypassed. The controller will detect this change in resistance in that switch circuit and trigger its alarm. Of course, cutting the wire will be analogous to opening the switch, also tripping the alarm. For some sensors you may find there are four wires going there instead of two, one pair for the actual sensor, the other pair as a separate tamper detect for the sensor enclosure. To save on wiring you can find two or three sensors being connected in series, then hooked to a single input.
These 'resistor in the loop' sensors can fairly simply be incorporated into a new system. For that you need a resistor of the same value as those sensor resistors are, connecting it between the controllers' supply voltage and the wire to the switch, the other switch wire gets connected to ground. That point between the resistor and the switch will now carry half the supply voltage, and this can be fed into an analogue input for the new controller. When the loop opens that input voltage will change up to the supply voltage, if the loop gets shorted the input voltage goes to zero. So as long as the input voltage stays between 30% and 70% (to account for all kinds of interference) your sensor is closed. For each of the sensors you need such a resistor, and a separate analogue input to the controller.
Unfortunately, RasPis don't have analogue inputs, but ADC modules (Analogue-to-Digital Converters) for them can be had from Adafruit and SparkFun, including hookup instructions and code examples.
posted by Stoneshop at 10:50 AM on December 17, 2021 [1 favorite]
These 'resistor in the loop' sensors can fairly simply be incorporated into a new system. For that you need a resistor of the same value as those sensor resistors are, connecting it between the controllers' supply voltage and the wire to the switch, the other switch wire gets connected to ground. That point between the resistor and the switch will now carry half the supply voltage, and this can be fed into an analogue input for the new controller. When the loop opens that input voltage will change up to the supply voltage, if the loop gets shorted the input voltage goes to zero. So as long as the input voltage stays between 30% and 70% (to account for all kinds of interference) your sensor is closed. For each of the sensors you need such a resistor, and a separate analogue input to the controller.
Unfortunately, RasPis don't have analogue inputs, but ADC modules (Analogue-to-Digital Converters) for them can be had from Adafruit and SparkFun, including hookup instructions and code examples.
posted by Stoneshop at 10:50 AM on December 17, 2021 [1 favorite]
Best answer: I am sure you've tried it, but the default master pin is 1234.
I love this question so much, I've found this in a slightly different manual:
"Enter *8 followed by the 6-digit installer code to enter installer programming"
That lets you reset the lost master pin, and I bet the previous owners didn't change the installer pin - I would attack that first with the obvious 000000 and 123456. There is a ton of info in the other manual on how to program it once you make it in.
You can also just disconnect the siren if you are worried about making noise. There is a wiring diagram in that linked manual above - disconnect the wires on the terminals labeled "bell"
Word of caution - several of the systems I've seen have a silent alarm - every one I've seen is a line down the middle (2580). There is also high voltage running through the control box. Be careful!
posted by bensherman at 3:06 PM on December 17, 2021
I love this question so much, I've found this in a slightly different manual:
"Enter *8 followed by the 6-digit installer code to enter installer programming"
That lets you reset the lost master pin, and I bet the previous owners didn't change the installer pin - I would attack that first with the obvious 000000 and 123456. There is a ton of info in the other manual on how to program it once you make it in.
You can also just disconnect the siren if you are worried about making noise. There is a wiring diagram in that linked manual above - disconnect the wires on the terminals labeled "bell"
Word of caution - several of the systems I've seen have a silent alarm - every one I've seen is a line down the middle (2580). There is also high voltage running through the control box. Be careful!
posted by bensherman at 3:06 PM on December 17, 2021
« Older How to Equip a Shared Walking Desk Workstation? | Recommend me an iOS SMS spam filter Newer »
This thread is closed to new comments.
If you do decide to try to brute force the codes, you might start with a list like this one rather than just going sequentially.
posted by primethyme at 8:42 AM on December 17, 2021 [1 favorite]