#100 Monitoring A Line UPS Remotely
Modernizing the old UPSilon 2000 application was a daunting task my first thought was to read the serial output but unfortunately the UPS is listed as a HID device and not a simple COM port. So I went down the rabbit hole of trying to communicate with hid devices which have strict security to combat keyloggers. I tried to use kernel32 and the create file read and write file methods but I got access denied. Looking closer I could read some of the inputs of the ups hid device but it was going to take too long to figure out direct communication to the ups without an SDK or a good example app using USB HID to communicate with a UPS.
Some details of my ups hid were:VID = 0001 PID = 0000 Path = \?\hid#vid_0001&pid_0000#6&7efa158&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} SerialNumber = Manufacturer = MEC Product: MEC0003
So after wasting 2 days I went back to the drawing board this time instead of using Wireshark to catch the USB packets I decided to take a closer look at the upsilon 2000 application. unfortunately the .dll's
don’t show any useful functions in dependency viewer so I can’t call C++ functions from them in C#. So next I switched Wireshark to local monitoring and I found some very useful traffic.
tcp.port == 2570
connect as a client and get datatcp.port == 8652
read the data from the sms serverudp.port == 11541
udp data
Port 8652 allows me to read alerts sent to the SMS server but instead I re-direct them to my C# application.
GET /smssend_hide.cgi?$sms_recptmobile=0123456789&$sms_content=DESKTOP-294DAYV: This is a test message!&$sms_code=1 HTTP/1.1
User-Agent: RUPS2K SMS
Host: 127.0.0.1
Connection: Keep-Alive
Port 2570 allows me to TCP connect as a client with no auth and now I get all the stat report strings every 1 second.
(238.7 238.7 238.7 007 50.1 27.4 --.- 00001000
The UDP port 11541 always receives upsXXXcnt001
for constant monitoring and I haven’t observed any other use besides this.
ups000cnt001
– connected upsupsdiscnt001
– not connected
The exe files communicating between themselves are
Monw32.exe 11541 udp listner
RupsMon.exe 2570 tcp listner
UPSilon.exe connects as client
So after finding this info I was able to build a C# app that works in conjunction with UPSilon 2000 but the C# app offers more flexibility such as remote messaging via Telegram or forwarding the stats to a webserver for remote viewing.
The application checks the cd key every time it starts it connects to an IP in Taiwan http://upsilon.icv99.net
on port 80 however is you go to port 8080 you get a webpage cd key checking form.http://59.124.238.71:80
http://upsilon.icv99.net:8080/download_sys/
http://upsilon.icv99.net:8080/download_sys/keycheck.php?cdkey_check=testkey
The only thing I couldn’t do was send commands directly to the ups because that communication link is done within the upsilon app itself however I am happy with the overall outcome.
Source code of my application can be found on GitHub