The following are two scripts I created to solve needs I had for Honeywell Vista Alarm installations.
- Bypass All Zones - Sends a single bypass command to the panel which includes all zones in fault.
- Find installer code - This scripts will find your installer code by looping through a user defined range of possible four-digit codes.
Bypass All Zones
Objective: Create a script which generates a numeric string to bypass all active (triggered) zones on a Honeywell alarm panel, using the Envisalink integration via envisalink.alarm_keypress service.
Why: Honeywell panels donât support a single command to bypass all zones like DSC, but multiple zone ids can be bypassed with a single command.
I read that the Envisalink.keypress service is limited to 6 characters, but I have not found that to be the case.
Steps:
- Query all binary_sensors with âzoneâ as a secondary attribute, and identify those with a state of âonâ
- Create a numeric string concatenating the alarm code, followed by the number â6â, followed by a list of zone idâs from the sensors in âonâ state (zone id is an attribute for Envisalink sensors). Single digit zone idâs are appended with a â0â prefix so they are entered as two digits in the string.
Considerations
- Confirm that you donât have any other entities with the zone attribute besides those that belong to Envisalink sensors.
- Change the notify service and alarm_control_panel entity name with values for your instance.
- Because scripts canât read the secrets.yaml file, this script uses a template sensor whose state =
!secrets alarm_user_code. You will nee to add your alarm_user_code into your secrets.yaml and create a similar sensor, or replace the secret reference with your user code directly. - The notify service operations arenât necessary, but they are helpful when initially testing to ensure each step is working as expected.
alias: Bypass All Faulted Zones
sequence:
- service: notify.notify
data:
message: "Generating zone string..."
- variables:
zone_numbers: []
sensor_index: 0
- repeat:
until:
condition: template
value_template: "{{ sensor_index >= states.binary_sensor | selectattr('attributes.device', 'eq', 'envisalink') | selectattr('state', 'eq', 'on') | list | count }}"
sequence:
- variables:
sensor: "{{ states.binary_sensor | selectattr('attributes.device', 'eq', 'envisalink') | selectattr('state', 'eq', 'on') | list | [sensor_index] | first }}"
- choose:
- conditions:
- condition: template
value_template: "{{ sensor.attributes.zone is defined }}"
sequence:
- service: notify.notify
data:
message: "Adding zone {{ sensor.attributes.zone }} to the list."
- service: variable.set
data:
variable: zone_numbers
value: "{{ zone_numbers + [sensor.attributes.zone | string] }}"
- service: variable.set
data:
variable: sensor_index
value: "{{ sensor_index + 1 }}"
- service: notify.notify
data:
message: "Generated zone numbers: {{ zone_numbers }}"
- service: envisalink.alarm_keypress
data:
entity_id: alarm_control_panel.home_alarm
keypress: {{ [states('sensor.alarm_user_code'), '6', zone_numbers_str] | join('')
}}
â
Brute Force Installer Code
Objective: To gain access to programming mode through brute force attempts, where the user is in possession of the disarm code.
Why: Typically Honewell users can use the backdoor method to gain access to programming mode, but in edge cases this is not possible. The backdoor method requires the user to press * and # simultaneously on a keypad during the first 45 seconds after power cycling the panel. In my case, all the keypads at this location were Tuxedo touch keypads which are powered by the panel, and take > 45 seconds to boot up themselves, making it impossible to use them for this purpose. I didnât want to purchase another keypad, and I donât know if the keypress service can submit and hold two presses simultaneously (if you know, please tell us how!).
Overview:
- This script attempts to enter programming mode by trying four-digit codes in a range of your choosing (0-9999) and submits them in a string followed by 800 (eg. 0000800).
- It then waits the number of seconds specified in your delay helper before reading the state of the keypad which will indicate whether programming mode has been accessed (e.g. Installer Code 20), if the state has changed to something else, or if nothing has happened.
- If nothing happens, then the script will try the next code. After every three tries it will submit a disarm command to prevent the keypad from going into a 15 minute lockout after too many (~30) keypresses without a valid code.
- If the state of the alarm changes to anything other than âReady to Armâ or message about a zone âfaultâ, then it will stop the script and notify you of the new state of the alarm. This is to avoid triggering an alarm or changing a setting on either the alarm or the keypad.
- If programming mode is accessed, the script will then notify the user of itâs success and include the last code tried. It will then automatically exit programming mode with *99.
Requirements:
- Three input_number helpers and one input_boolean.
- Code Finder Start (0-9999)
- Code Finder End (0-9999)
- Code Finder Delay (seconds)
- Code Finder Stop (boolean used to indicate loop status and stop the loop)
- Change notify service to your preference
- Add your alarm user code to your secrets file and reference it with a template sensor.
Considerations
- The script will stop as soon as the keypad displays anything containing anything other than âReady to Armâ or âFaultâ, so the alarm must be in a disarmed state when this runs. Iâd recommend bypassing any triggered sensors to be safe.
- All the keypads function differently WRT how and when they make noise. I found that whenever the keypad was locked out it would chime loudly. Youâre more likely to run into this if you use a lower delay threshold. The keypads also beep when a successful disarm command is sent, so one or more keypads will beep after every three failed attempts (several times per minute) to access programming. Typically you can turn these chimes off, but the processes is different for each model.
alias: Brute Force Installer Code
sequence:
- service: notify.pushover
data:
message: Starting loop code entry...
- service: input_boolean.turn_off
entity_id: input_boolean.stop_code_loop
- repeat:
count: >-
{{ (states('input_number.code_finder_stop') | int) -
(states('input_number.code_finder_start') | int) + 1 }}
sequence:
- condition: state
entity_id: input_boolean.stop_code_loop
state: "off"
- service: envisalink.alarm_keypress
data:
entity_id: alarm_control_panel.home_alarm
keypress: >-
{{ '%04d' | format(states('input_number.code_finder_start') | int
+ repeat.index - 1) }}800
- delay:
seconds: "{{ states('input_number.code_finder_delay') | int }}"
- choose:
- conditions:
- condition: template
value_template: >-
{{ 'installer code' in
states('sensor.home_alarm_keypad')|lower() }}
sequence:
- service: notify.pushover
data:
message: >-
Installer code found: {{ '%04d' |
format(states('input_number.code_finder_start') | int +
repeat.index - 1) }}
- service: input_boolean.turn_on
entity_id: input_boolean.stop_code_loop
- delay:
seconds: 4
- service: envisalink.alarm_keypress
data:
entity_id: alarm_control_panel.home_alarm
keypress: "*99"
- conditions:
- condition: template
value_template: >-
{{ not 'ready to arm' in
states('sensor.home_alarm_keypad')|lower() and not 'fault'
in states('sensor.home_alarm_keypad')|lower() }}
sequence:
- service: notify.pushover
data:
message: >-
Alarm state changed: {{ states('sensor.home_alarm_keypad')
}}
- service: input_boolean.turn_on
entity_id: input_boolean.stop_code_loop
- condition: template
value_template: "{{ repeat.index % 3 == 0 }}"
- service: alarm_control_panel.alarm_disarm
data:
code: "{{ states('sensor.alarm_user_code') }}"
target:
entity_id: alarm_control_panel.home_alarm
- delay:
seconds: 3
- service: notify.pushover
data:
message: All codes tried or loop stopped.