New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QUESTION] Zone Expander #64
Comments
Hi! I hope, I will test a zone expander (dsc5108) next week, but I think, it’s easy to use, for example in homebridge config.json just you have to write the zone number. |
Thank you for your answer Zippair, but I think might has been a misunderstanding. I meant to use the ESP8266 (for example) as a zone expander. Meaning that you can use it as a panel and also, to use the GPIO of the ESP8266 as new zones of the system. |
Hi @jpmartin-gicom - in theory this is possible, I picked up a 5108 module to decode its protocol quite a while ago but haven't gotten around to it. It would be a matter of checking out the data in the KeybusReader sketch before adding the 5108 and then seeing the changes after it is connected. It'd be great if anyone is able to break down the protocol - it'd make implementation much quicker. I'll leave this issue open for all interested in this feature request to comment. |
I am also looking at a way to create "virtual" zones I could trigger over MQTT. Google led me here. Specifically, I was to use cameras as motion sensors. |
Nikhil, I'm currently working on adding zone expander and relay module emulation to the library. I have a bit of the protocol decoded currently so will start coding up some test functions soon. I will post a pull request to your repository when I have something working, unless you want to code it yourself. No problem with me. It's an interesting project. Either way, I believe it will be a great addon on to this great implementation you have here. The relay module should also be fairly simple to add once the zone expander is done as the framework should be there. There are a few more commands to add that are used to retrieve the zone statuses from the board, such as 0x28, 0x33,0x39 and E6 subcommands 0x08,0x0A,0x0C,0x0E depending on what zone range the panel is requesting (what module has requested to send), Supervision is the same as a keypad, the panel sends cmd 0x11 and the module sends it's address in the appropriate slot 9,10,11,12,13,14,16 (depending on the zone range selected) where 9 = 9 -16 . ( Slot 15 is used for the PC510x module. ) As far as the channel updates are concerned, the module sends it's changes in groups of 4 channels (low ,high) . The first byte is current state and 2nd byte is previous state. There is a checksum (last byte), that adds the nibbles of each 2 byte groups and does a modulo % 10 and sends it in the appropriate nibble of the last byte of the response. Terminated is 11, open is 00, and a short is 01. Th initial request to send occurs on the 0x05 command. The module will send it's programmed zone slot by setting a bit to 0 in either byte4 for slots 9,10,11 and byte5 for slots 12,13,14 and 15 (in this case device 16 sets zone slot 15). Bit0=first zone slot, bit2=2nd and so on. The panel will respond with either 0x28,0x33,0x39, 0xE6 depending on the zone slot. The module will then send it's channel status update. The panel will then respond with a general zone update message to update the bus. I think that covers most of it. I did see why you needed that 250us delay before bit sampling. I'm using pulseview to capture the raw bits and it sometimes misses some delayed bits because the decoder I use triggers on rising/falling edges of the clock and I don't have a setting to delay the sampling. What analyzer do you use? I was contemplating cobling up a decoder for sigrok but didnt think it was worth it as your code does a very good job decoding the raw data. |
I did some tests using hard coded values to test the logic and everything seems good. I can respond to a supervision requests with a emulated zone. Also can request a zone update for zone 9, have the panel respond with cmd 0x28, where I then send back the fault response back on that cmd. It accepts it fine. So looks like the logic above is on right track. |
Relay modules are easy. They are represented for supervision on slot 15 on the 0x11 command and are controlled via cmd 0x87 byte 2. Each channel is one bit. 1 for on and 0 for off. Ok I have zone emulation working for all ranges on my test system. I'll push a pull request soon once I clean it up a bit and merge the code to the current dev branch. The system should support modules for all slots. Of course the true test is how many simultaneous zone events can it process at once from multiple emulated boards. That would need to be tested further. I'll add the relay emulation too since it's a fairly easy add on. |
Hi Alain, this is fantastic work, thanks for sharing the expander logic! And PRs are always welcome, but no worries if it's even just test code - I wouldn't be surprised if adding the expander code will require restructuring the code (for example, I'll be splitting off some functionality for Arduino). Getting the protocol decoded is great, it's been on the TODO list for a long time.
Are you referring to the PC5100 addressable zone expander, PC5208 programmable output module, or a different module?
How many bytes is the 0x11 command on your PC5010 with the zone expander installed? I'm curious how slot 24 is represented, as normally 0x11 has 5 data bytes, with 2 bits per keypad slot = 20 slots (unless the expander and other modules use 1 bit per slot). Also, is your PC5010 using firmware 2.x or is it one of the apparently few that shipped with 3.x firmware? I'm curious if there's a difference at the Keybus level for the different configuration modes of the PC5108 - per the PC5108 documentation:
I used an Arduino as an improvised logic analyzer with sigrok, it was a quick hack but enough to bootstrap the interrupt-driven code to be reliable enough that a real logic analyzer wasn't necessary. Since then, I've only used the library code - the goal is for
Sounds great - I've added a new branch -Nikhil |
That's interesting on the length of your 0x11. Mine has 7 data bytes. My test panel version is 4.60 (according to the sticker on it) and the zone expander is a pc5108 version 2.0. The relay board I have is pc 5208. I'm sure there is a version differential with how the zone panels work as you noted. Some panels do not support the higher zone ranges. Here's a sample of the slot 16 interactions. First group is the supervisory, 2nd is a channel update from the zone expander. My main system is an older panel but I'd rather not test on that one yet and upset the family :) As to collisions, that should not happen hopefully as I am using a queue based update process so that only one update can be sent at a time, first in , first out type thing. I'll post a link to my github dev branch shortly with the latest updates. ''' slot 24 (for range 16) range 57-64 uses slot 15 for the request to send update |
Here's a dump of the 0x05 responses to a request to send command from the module for various slot ranges. |
I've been using a Salae clone for most bus work. It's great when you want to check your timings, etc. It was really handy with the honeywell vista bus since the protocol decoders did a great job decoding the uart traffic. With the DSC bus, it's different since you have the rising/falling clock data differenatial so you need two separate synchronous decoders decoding traffic on both clock phases. Unfortunately, the timing of the module/keypad data is delayed from the rising/falling and the decoders fail to capture all bits. I'd have to cobble up a delay with those. Like, you I just used the keybusreader code to analyze the bus and it worked awesome. Great work you did on that. |
Here's a link to my current development code. https://github.com/Dilbert66/esphome-dsckeybus/tree/dev This is the ESPhome version but the code in the folder dsckeybusinterface should be the same as your dev version (plus a couple other changes that I did a previous pull request for ie debouncing ). There were a few changes to the both ISR functions for sending responses.etc. I've tried to minimize the time and memory impact of having the ISR routines call functions (in IRAM) by trying to setup many variables outside of the ISR first and storing within a structure with the module info. The function to add a module are addModule(address). address is any slot address 9-16 I'll copy this code to a clone of your expander branch then create a pull request on it later today. |
For the relay module, you add it using addRelayModule() and view channels looking at relayStatusChanged and relayChannels eg: |
ok, PR created on the expander branch. |
Still needs work to make it configurable for different systems such as those that only support up to 32 zones. Would be nice to see dumps on those systems. |
As you mentioned, it's 5 data bytes on older panels before 64 zones was designed into the firmware, this was based on the logs in
Merged and thanks for the contribution! It'll be a month or so until I can get hands on hardware to test but will make sure this gets into the next release. |
The 05 command differs as well. Mine has 8 data bytes while the older panels as seen in your dumps, show 4 bytes. My pleasure for the contribution. It was a good project. Code still needs tweaking and work to support older/smaller panels correctly. I put a basic config setting called maxZones with a default of 32. This adjusts all the responses to fit within the older command sizes. If the setting is set higher than 32, then the code will use the larger versions. This needs checking for sure. |
Another note. Module supervision is not required for the expander to function normally. In the emulation code, I added a config to control this. This makes it easier for testing as by default I do not set the cmd11 supervision flags for the module (controlled by the flag). This way the panel will not set a trouble condition when new firmware is pushed since the delay will cause the module to disappear temporarily (and alert the monitoring provider if monitored) . There really is no need to supervise an emulated expander . We just need the functionality of setting /clearing zone faults. If users want to have it supervised they can just set the flag. |
…decoding #162, consolidate code, update Keybus documentation
Hi Alain, do you have
Here's what I currently have for module responses to 0x05/0x1B - the mask you have for the relay module matches the module tamper notification bit:
For the response to 0x11 supervision, you mentioned that the PC5208 uses slot 15, logs of this would be handy as well - for earlier generation panels, I'm curious if it uses 4 bits like the zone expanders or if it's only using 2 bits like with later panels. By the way, can you confirm the relay module mask in
Current decoding for module response to 0x11:
And finally, I'm looking at the 0x87 PGM command layout in Current 0x87 decoding - the "Bell on" command is likely wrong, 0x87 is probably purely about the PGMs and not related to the siren at all:
Thanks, |
Not a problem Nikhil, I'll hook up the modules and get some logs. That's one thing I have not tested much is the tamper since I wasnt planning on emulating that :). Interesting about the slot arrangement conflict there. As to the cmd87, I'll get you more info on that too. I have to get some paying work done too :) I"m contract software developer as well! C++ though i'm very rusty at since it's not my primary tool! |
Yeah, Byte2 certainly isn't Bell status. See my logs #166.
I've checked data output for PGM outputs 3-14. Tamper decoding for PC5208 is still pending though. BTW: There are some minor issues while more than one module tamper is present. While RF5132 was in tamper condition, I restored tamper on PC5204 and 0x4C responded saying RF5132 tamper and restore in same message.
|
My testing agrees with krikon on the 0x87 pgm outputs. ie pgm1-14. As far as the dscalarm.h decoding goes, I was more concerned with the pc5208 relay board channel decoding so focused only on byte2 where I numbered the channels 1-8. which in actuallity correspond to PGM3-10. I will change the decoding to do the full range of pgm1-14. For the pc5208 supervisory slot, it is indeed 16, not 15 so the mask of 0xfc is correct. I probably stated the wrong slot in a previous comment. From my testing, it looks like the pc5208, pc5108 and rf5132 ( i will post logs later), all use the same 05 slot to indicate a tamper and the resultant 0x4c response will hold all devices tamper statuses . Basically they all respond on the same command but different response slots. I should remove the pc5208 relay board from the getupdatemask code group as it's really a tamper update and not a status update like the pc5108 expander. The pc5208 has no two way communications (that i've seen anyways) except for supervision and tamper. I put it there really for a placeholder. That tamper update mask is shared with other devices as noted. Krikon has done a great job posting the device logs and mine match what he has. We just need versions from older panels (version 2.0 ) as you indicated. My older panel is my main house panel so it's bit tricky to get to for logging so that will take me some time. |
Examples. All are done by first pressing the tamper switch then release. These were all from a pc1832 ver 4.6 panel
|
@kricon Thank you! I've updated 0x87 to reflect PGM output 1-14. As far as PGM 15/16, it seems reasonable to be byte 3 bits 2-3, but I've left these bits undecoded pending confirmation.
I've reworked the module tamper response decoding - it looks like
@Dilbert66 Thank you! Added the the PC5208 tamper and the 0xA5/0xEB status commands:
Thanks for confirming, I've updated the 5208 supervisory to slot 16 (byte 5 bits 0-1) - this is synthetic data but hopefully matches the panel output:
I'm curious about what module is reporting in slot 15, I've seen a few logs with that supervisory slot populated (this is from a PC1864 in #2):
Yep, this is still very much a hobbyist project so it's been great to have contributions like yours. By the way, feel free to point out any/all bad coding practices that you notice here, I'm not a developer by trade so I'm sure there's quite a bit to optimize. |
No problem. I'm glad I can help. I will check if PGM15-16 are indeed byte3 bits2-3 as soon as I get PK5500 available (should be in few weeks).
Look like tamper decoding now works fine. PC5204 respond with setting byte6 bit6-7 low (slot17?)
PC5132/RF5132/any keyboard with RF module integrated (byte5, bit2-3): BTW, just as note: keypad tampers seem to have same quirk as for disabled zone faults, if keypad tampers are disabled keybusreader will still log the keypad in tamper condition. Which is somewhat expected, as keypad report tamper condition but the panel just ignores it (as its disabled in programming), and its communicated thru keybus. With RF5132, you can disable tampers directly in [804] wireless expander programming so it doesnt send it thru keybus. And I suppose that panels which have only 1 partition (like PC585) sometimes send 0x27 cmd bytes 4&5 with 0x00:
|
…how redundant data by default, update 0xCE
Thanks! I've updated the supervisory for the 5204 and RF wireless, as well as disabled partitions.
Good to know, yep it does seem like the modules (at least the keypads) aren't getting any data from the panel to disable their tampers if not in use. |
Guys, you've done a great job! I'm trying to test the branch expander, but I wasn't able to make any progress. Sorry for my luck of knowledge of the protocol. If you could provide anything (a very simple example would be great) to test the expander functionality would be great. If so, I could make it better to publish it as another example bundled with the library. Once again, thanks a lot! |
For those coming here like I did, note that the expander branch is deprecated. There is a #290 (comment) pull request outstanding with revised code. |
GREAT WORK!
Did anyone found the way to also act as a zone expander? Would be very nice to add "virtual" sensors or zones. I couldn't find any reference/information on how zones expanders work. If someone has any guess we might work on it! Thanks in advance.
The text was updated successfully, but these errors were encountered: