blackfish

Nothing as involved as a hardware hack. I mentioned ROM meaning the fixed or at least 'firm' ware that runs the show and controls the way it interprets key presses. Brute force - yes, a sequence of codes, but not necessarily in numerical order. By loopholes I mean that the code of the ROM is not written well enough, so I didn't have to enter too many codes before it coughed up. In fact I accidentally found the user code first (though I already knew that). I was also able to get round the code tamper lockout, so that sped things up. I shouldn't elaborate further on an open forum.

I have the engineer code now. I was surprised to find two loopholes in the M-Series ROM that meant I got in by brute force attack in about an hour. Now then, what if the same code was used on all the new-build properties in the 50-odd that the contract covered?

Thank you for swift and concise answers to my questions; interesting to see the various points of view. I wouldn't necessarily expect the owner to have full access during a warranty period in case they poked around and messed it up causing extra expense for the installer. However, at the end of the warranty, I think it is reasonable for the owner to have full access to something that they bought if they decided not to have an on-going maintenance contract (it's their lookout if they then mess it up). That's why I suggested reversion to default should be at no extra cost. I wouldn't expect a dedicated call-out; maybe something like "when we're in the area". That said I can see why no-one would be in a rush to give away potential business. Anyway, thanks again for taking the time to answer and add valuable comment. If pushed, I'll try a factory reset and hope the NVM isn't locked.

I've been asked to look at a panel (presumed for now to be M-Series). It's five years old and has started generating alerts for panel battery low. I can fit a new battery but am reluctant to take the panel lid off as I don't know if I'll need eng code to reset tamper. It was a new build house and a contractor installed alarms in all the properties. There was no maintenance contract as far as I know. The default eng code (1234) has no effect (assuming you just enter the code from normal unset state) so presume installer changed it. Lots of questions here so any help from professionals is welcome. Q1: Is it incumbent on the installer to tell the owner the eng code on request; i.e. does the eng code belong to the owner? Q2: If installer says the eng code is some sort of master that they use for other alarms, can the owner insist that the installer revert the code to default 1234? (at no cost to owner for site visit). Q3: Am I right in suspecting that by default, a tamper will need eng reset? Q4: If so and I don't have the eng code, what's the consequence; e.g. is the system useless until reset? Q5: If I tried a factory reset and find the NVM is locked, are the two options (a) get the original installer to reset (with call-out cost) or (b) send panel to Menvier (with repair cost)? Q6: If Factory Reset did work, I know I'd have to sort out zones/wards/attributes, etc. I've got a list of zones from the user menus: 8 are straight off the panel. Two more are off the RKP (1011 PAB near front door, 1012 switch on front door). There's also a PAB in the bedroom, zone 2011 - how's that likely to be connected? Could there be a LEC2 expansion module and if so, where is it? (inside the main box?). Zone resistances are around 2.2k so I presume it's set up with FSL using 4K7/2K2 resistors.