Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system
Posted by jpluimers on 2022/02/23
A follow-up on Source: Some links with notes on WoonVeilig/Egardia security system communications, protocols and support by 3rd party home automation apps:
- [Wayback] Egardia – Home Assistant (source at [Wayback/Archive.is] home-assistant.io/egardia.markdown at current · home-assistant/home-assistant.io)
Instructions on how to setup Egardia / Woonveilig within Home Assistant.
…
If the system support XMPP, disable XMPP by invalidating the configuration in the XMPP menu (for example by changing the user name). This is required for recent firmwares of the GATE-03 system as it does not use the Reporting server at all in the case of a valid XMPP configuration.
- [Wayback/Archive.is] jeroenterheerdt/python-egardia: Python library to interface with Egardia / Woonveilig alarm
This is the actual Woonveilig/Egardia plugin that Home Assistant can use. It is integrated through [Wayback] pythonegardia · PyPI via [Wayback/Archive.is] core/requirements_all.txt at dev · home-assistant/core
- [Wayback/Archive.is] python-egardia/README.md at master · jeroenterheerdt/python-egardia
Python library to interface with Egardia / Woonveilig alarm. Tested with WV-1716, GATE-01, GATE-02 and GATE-03 version of Egardia / Woonveilig. Other versions might work, but unsure. Originally written for integration with Home Assistant it can also by used to integrate with these alarms in other solutions.
- [Wayback/Archive.is] python-egardia/README.md at master · jeroenterheerdt/python-egardia
Notes on the Woonveilig/Egardia GATE-03 model alarm hub (where 192.168.x.y is the IPv4 address that hub):
- It still uses the plain-text insecure http to communicate, so it is wise to try and put it in a separate LAN apart from other systems.
- Logon is done using HTTP Basic access authentication.
- Woonveilig/Egardia by now prefers the XMPP prototol over the CID protocol (the CID protocol is still used by jeroenterheerdt/python-egardia.
- You can find the configuration at
http://192.168.x.y/setting/xmpp.htm. - XMPP protocol uses
xmpp01.egardia.comas primary andxmpp01.alt.egardia.comas secondary server on port 443.arg-####-authwhere######are the last 6 *lowercase* hexadecimal digits of the MAC address of the GATE-03.- a long password you can find in the plain-text of the
http://192.168.x.y/action/xmppGethttp GET request fired byhttp://192.168.x.y/setting/xmpp.htm.
- You can find the configuration at
- CID protocol address is
ip://######@ics.alt.egardia.com:52010/CIDwhere######are the last 6 *uppercase* hexadecimal digits of the MAC address of the GATE-03. - User PIN-codes are not visible at the Woonveilig/Egardia alarm site, but they are at
http://192.168.x.y/setting/userCode.htmtogether with their user names. - Special PIN codes for Installer/Duress/Guard/Master/Temporary are at
http://192.168.x.y/setting/codeSetting.htmand obtained viahttp://192.168.x.y/action/areaListGetandhttp://192.168.x.y/action/codeSettingGet - On the CID protocol:
I got all of the above via: [Wayback/Archive.is] GATE-03 system does not report to Egardiaserver · Issue #26 · jeroenterheerdt/python-egardia (which by coincidence used the same firmware I had: HSGW 0.0.2.18.1 HPGW-L2-XA35H).
Which brings me to some Google search with some remarkable results:
- [Wayback] HSGW 0.0.2.18.1 HPGW-L2-XA35H – Google Search
- [Wayback] XT2 – Firmwareupdates
- [Wayback] Examination of LUPUS-Electronics devices – Embedded Lab Vienna for IoT & Security
…
LUPUSEC simply re-branded a Climax HPGW-G2 system and loaded some of their custom firmware on it.
…
- [Wayback] “HPGW-L2-XA35H” – Google Search
So I did a quick look at LUPUS XT* based products:
- [Wayback] Lupus Shop – Overview Alarm & Smarthome: Centrals
- [Wayback] Lupus Shop – Overview Alarm & Smarthome: Classic XT1 Sensoren
- [Wayback] Lupus Shop – Overview Alarm & Smarthome: Control Unit
- [Wayback] Lupus Shop – Overview Alarm & Smarthome: Alarm Sensors
Then at the Woonveilig/Egardia and Climax shops:
- [Wayback] Online Shop – WoonVeilig
- [Wayback] Egardia Shop: Alarm
- [Wayback] Climax: Smart Home Alarm Systems
- [Wayback] Climax: RF Accessories
Conclusions:
- Egardia/Woonveilig sensors look remarkably similar to the LUPUS ones
- LUPUS is a re-brand of Climax with slightly different firmware
Side note on open ports
- Open ports on the [Wayback] GATE-03 alarm device:
PORT STATE SERVICE VERSION 9/tcp filtered discard 25/tcp filtered smtp 80/tcp open http 445/tcp filtered microsoft-ds - Open ports on the [Wayback] CAM-06 outdoor camera:
PORT STATE SERVICE VERSION 9/tcp filtered discard 21/tcp open ftp oftpd 25/tcp filtered smtp 80/tcp open tcpwrapped 445/tcp filtered microsoft-ds 554/tcp open rtsp 711/tcp open cisco-tdp? 1935/tcp open rtmp? 6000/tcp open X11? 49152/tcp open upnp Portable SDK for UPnP devices 1.6.17 (Linux 3.4.35; UPnP 1.0)
The Wiert Corner - irregular stream of stuff 
Leave a Reply