Hacking the Vista ICM e-mail notifications

February 18, 2010 20:07 by docbliny 

Another great post by our guest blogger Richard Perlman:

I hacked at the VistaICM email process and here is what I found:

Part 1: The information for the email is sent, via HTTP, to outgoing.in2myhome.com. So, If you are running a local DNS server, you can enter a record for that host/domain and resolve it to some other HTTP server.

Part 2: The information is sent as a GET request. I.e. It’s ALL in the URL. Really simple (and insecure). For example, here is an “Armed” notification:
GET /email.aspx?address=alarm%40foo.com&subject=Security+Alert&message=System+Armed&mac=00%3A0e%3A70%3A00%3A35%3A7d&time=02-16-2010+01%3A03%3A33+PM

So, all that would need to be done is to write a simple cgi-bin script to handle requests for /email.aspx to parse the GET request and create an email or do whatever you wanted.

Richard


Comments (5) -

10/7/2011 1:04:08 PM #

Louie

Here is a page example of above.  Check the ICM to see what URL it is sending the email too. in2networks ICM sends to in2networks own page.

email.aspx

<% @Import Namespace="System.Web.Mail" %>


<script language="vb" runat="server">

    Sub Page_Load(sender As Object, e As EventArgs)
  Me.lblText.Text = Request.QueryString("address")
        Me.lblText1.Text = Request.QueryString("subject")
  Me.lblText2.Text = Request.QueryString("message")
  Me.lblText3.Text = Request.QueryString("mac")
  Me.lblText4.Text = Request.QueryString("time")
    End Sub

Sub btnSend_Click(sender as Object, e as EventArgs)


  'Create an instance of the MailMessage class
  Dim objMM as New MailMessage()

  'Set the properties - send the email
    objMM.To = " Your email Address "
    objMM.From = lblText.Text

  'Send the email in text format
    objMM.BodyFormat = MailFormat.Text

  'Set the priority - options are High, Low, and Normal
    objMM.Priority = MailPriority.High

  'Set the subject
  objMM.Subject = "" & lblText1.Text & " - " & lblText2.Text & "."

  'Set the body
    objMM.Body =   "Event: " & lblText2.Text & "." & vbCrLf & _
      "" & vbCrLf & _
      "At: " & lblText4.Text & "." & vbCrLf & _
      "" & vbCrLf & _
      "---------------------------------------" & vbCrLf & _
      "" & vbCrLf & _
      "MAc: " & lblText3.Text & "." & vbCrLf & vbCrLf & _
                   "---------------------------------------"

  
  'Specify to use the default Smtp Server
    SmtpMail.SmtpServer = " SMTP Server Address here "
  
  'Now, to send the message, use the Send method of the SmtpMail class
    SmtpMail.Send(objMM)


  panelSendEmail.Visible = false
  panelMailSent.Visible = true
End Sub



</script>

<html>
<body>
  <asp:panel id="panelSendEmail" runat="server">
    <form runat="server">
      <h2>HNI Alarm send Test Page</h2>

  
      <b>Email Address:</b>
      <asp:Label id="lblText" runat="server" />
      <p>

      <b>Subject:</b>
      <asp:Label id="lblText1" runat="server" />
      <p>
      <b>Status:</b>
      <asp:Label id="lblText2" runat="server" />
      <p>
      <b>MAC:</b>
      <asp:Label id="lblText3" runat="server" />
      <p>
      <b>Date Time:</b>
      <asp:Label id="lblText4" runat="server" />
      <p>
      <b>Message:</b><br>
      <asp:Label id="Body" runat="server" />
      <p>

      <asp:Label runat="server" id="btnSend" Onload="btnSend_Click" />
    </form>
  </asp:panel>


  <asp:panel id="panelMailSent" runat="server" Visible="false">
    An email has been sent to the email address you specified.  Thanks!
  </asp:panel>
</body>
</html>

Louie United States

10/21/2011 5:22:31 PM #

Joe

Great post.  It seems simple what you are talking about.  I'm sure I'm not the only one looking for alternate solutions now that in2networks has turned on their access lists.  If posible could you post some of the further instructions on what the email.asp might look like?

Thanks again!!

Joe United States

3/7/2012 5:39:08 AM #

Sam

Richard -

Many thanks for your posts, they were instrumental in me getting past the discontinuation of email notifications service by Honeywell!

I wrote replacement ASP.NET pages for email.aspx and default.aspx that I plan to make available to the community to allow anyone to run their own notification system.

I do have one question: My ICM's clock has really wicked time drift, it falls behind maybe 8-10 seconds every 5 minutes after I set the correct time. I'm guessing that's why they keep calling time.aspx every 5 minutes to sync time. I have no clue what the correct return value for this page is to the ICM. I tried to return a string time or a time offset in seconds, but that does not correct the problem.

By any chance, do you know what time.aspx is supposed to return?

Sam United States

10/31/2012 3:38:36 PM #

Aaron

I'd echo Sam's request. Can someone who's figured out time.aspx's output please provide some insight? I've tried dozens of date/time string permutations using a simple php script, and I can see my ICM requesting the file, but not updating. The two most promising formats, I though, were a string formatted the way the timestamp is formatted in the logs (m-d-Y+h:i:s+A) or the format required by the date shell command when accessing the ICM via telnet (mdHiY).

Aaron United States

2/16/2013 6:36:14 AM #

Antonio

Sam,

I am interested to see if you could share your ASPX pages you created.  I am a novice when it comes to programming, however I would love to get that email functionality, but would love to get that email functionality back.

Antonio

Antonio United States

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading