EEVblog Electronics Community Forum
Electronics => Projects, Designs, and Technical Stuff => Topic started by: SL4P on April 26, 2015, 09:29:06 am
-
I'm working on talking to an EM1000 mains power meter ( the type in your meter box )
re: IR protocol to EM1000 power / electricity meter
I have the IR interface working, and also the Landis+Gyr meter management software.
My problem is reverse engineering the serial protocol with the meter. My project is to create a new tool for local meter readers, but it seems the detail of the protocol are not openly available...
I have figured out and logged a simple session, and can 'connect' to the meter, but I believe there is a challenge-response pair that I have yet to work through before I get stuck into the next challenge.
in the samples I took, I can see some clear text ( model number / serial retc ), but the bulk of message transactions are in binary, prefixed with an 0xAA byte.
These seem to work as expected with the OEM software, but without a successful 'login' from my test code, they return either an empty string, or a recurring 'message' (not logged in?)
Any thoughts, ideas or pointers greatly appreciated.
-
Well, I don't have much feedback for you, other than 0xAA and 0x55 are often used as sync bytes because they're repeating strings of 1010...
Is there any consistency in the messages? Does the challenge/response pair change every time? How many bytes is it? If it's relatively simple, you might be able to collect enough sessions to just make a look-up table to work out the answer.
-
Thanks for responding.... I came to the same conclusions.
The AA is definitely a message sync/prefix char... both directions.
I'm expecting a byte count and/or a checksum in there as well...
Sadly the challenge (and response) do change each time, but as you said - if I take enough samples from the OEM software there may be a visible pattern... hoping!
Here is the dialogue I began with (know to work at that time)
AA 01 0F DE C2 >> send REQUEST A SESSION LOGIN
AA 09 FF 43 38 C8 44 64 22 32 11 C8 6C l << ?challenge from meter
FF FF << received not sure what these are... !
AA 06 01 03 BE 3B 3E 36 87 1C >> ?send login RESPONSE
AA 07 FF E8 03 02 00 18 00 73 6D << received ?login accepted
If I use the same response later (to a different challenge), it returns...
AA 01 FD 83 0D which I guess is saying - 'No soup for you!'
Then the two way conversation continues with requests and rsponse sfor specific meter registers / data bundles.
If you're working on similar challenges - I'm open to sharing knowledge!
-
If it's doing challenge-response stuff you're probably going to need to start disassembling the PC software to figure out what it's doing.
-
If it's doing challenge-response stuff you're probably going to need to start disassembling the PC software to figure out what it's doing.
I know - but please don't say that !
-
Here's a more complete dump of the dialogue between the OEM software and the meter...
This has a successful login to the meter, followed by a couple of other functions to dump specific data...
-> SEND TO METER
<- RECV FROM METER
--- START OF METER LOGIN / REPORT STATUS ---
-> AA 01 02 73 13
<- AA 01 FF C1 2D
-> AA 01 0F DE C2
<- AA 09 FF D9 1A 85 55 2B 72 FC 61 BC 16
-> FF
-> FF
-> AA 06 01 04 14 19 E2 F1 C9 E8
<- AA 07 FF E8 03 02 00 18 00 73 6D
-> AA 02 00 01 41 7E
<- AA 01 FF C1 2D
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 01 00 00 00 67 DB
<- AA 0F FF 0A 00 F4 01 00 00 00 00 00 00 00 00 00 00 68 6D
-> AA 05 03 02 00 00 00 BB 40
<- AA 63 FF 4E FF 01 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 02 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 3D 8B
-> AA 05 03 06 00 00 00 4A 8A
<- AA 4B FF 99 FF 11 11 11 11 FF 83 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF EF FF FF 46
<- AA
-> AA 05 03 07 00 00 00 FE FC
<- AA 4B FF 86 FF 00 00 00 00 FF 03 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 88 FF FD 48 A2
-> AA 05 03 80 00 00 00 EB 70
<- AA 23 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 C9
-> AA 05 03 81 00 00 00 5F 06
<- AA 23 FF E8 03 02 00 18 00 E8 03 60 09 64 00 E8 03 01 01 01 01 01 28 13 89 00 52 00 00 00 00 00 00 00 00 00 00 DA BB
-> AA 05 03 10 00 00 00 74 B6
<- AA 01 FA 64 7D
-> AA 05 03 23 33 00 01 95 8D
<- AA 02 FF 18 A6 FE
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 0E 00 0C 1B 04 0F 01 00 95 01
-> AA 05 03 11 00 00 00 C0 C0
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 01 02 73 13
<- AA 01 FF C1 2D
---- END OF LOGIN - STATUS ----
--- READ BILLING --- (ALL ZEROES) ---
-> AA 01 0F DE C2
<- AA 09 FF FE 30 7F 18 D6 54 6B 2A A6 FA
-> FF
-> FF
-> AA 06 01 04 C4 2B E4 32 86 A8
<- AA 07 FF E8 03 02 00 18 00 73 6D
-> AA 02 00 01 41 7E
<- AA 01 FF C1 2D
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 01 00 00 00 67 DB
<- AA 0F FF 0A 00 F4 01 00 00 00 00 00 00 00 00 00 00 68 6D
-> AA 05 03 02 00 00 00 BB 40
<- AA 63 FF 4E FF 01 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 02 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 3D 8B
-> AA 05 03 06 00 00 00 4A 8A
<- AA 4B FF 99 FF 11 11 11 11 FF 83 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF EF FF FF 46
<- AA
-> AA 05 03 07 00 00 00 FE FC
<- AA 4B FF 86 FF 00 00 00 00 FF 03 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 88 FF FD 48 A2
-> AA 05 03 80 00 00 00 EB 70
<- AA 23 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 C9
-> AA 05 03 81 00 00 00 5F 06
<- AA 23 FF E8 03 02 00 18 00 E8 03 60 09 64 00 E8 03 01 01 01 01 01 28 13 89 00 52 00 00 00 00 00 00 00 00 00 00 DA BB
-> AA 05 03 10 00 00 00 74 B6
<- AA 01 FA 64 7D
-> AA 05 03 23 33 00 01 95 8D
<- AA 02 FF 18 A6 FE
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 28 01 0C 1B 04 0F 01 00 57 42
-> AA 05 03 11 00 00 00 C0 C0
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 05 03 14 00 00 00 85 7C
<- AA 0D FF E1 00 02 00 04 00 0C 00 00 00 0C 00 0C FD
-> AA 05 03 15 00 00 00 31 0A
<- AA 13 FF F2 0A 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 34
-> AA 05 03 23 00 00 00 41 01
<- AA 35 FF D0 00 00 09 09 09 09 09 00 09 09 00 09 09 09 09 09 00 09 09 00 09 09 09 09 09 00 09 09 00 09 09 09 09 09 00 09 09 01 01 11 03 00 00 00 00 00 02 01 01 01 18 52 BD
-> AA 05 03 11 0A 00 01 20 17
<- AA 02 FF 00 9F 6D
-> AA 05 03 24 00 00 00 6C 50
<- AA 0D FF C8 00 00 0F 1E 00 05 05 00 00 00 00 BF 4F
-> AA 05 03 28 00 00 00 5E 1F
<- AA 33 FF 4A 00 06 01 01 00 00 00 2B 38 00 00 06 00 00 00 09 0C 00 0A 00 0B 00 00 00 00 00 08 07 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 AF C7
-> AA 01 16 C6 41
<- AA 83 7F 00 10 00 1B 04 0F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1B 04 0F 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D E3
<- AA 83 7F 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 AD 67
<- AA 83 7F 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E5 A1
<- AA 83 7F 80 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 51
<- AA 83 7F 00 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 FA
<- AA 83 7F 80 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5B 0A
<- AA 83 7F 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 CC
<- AA 83 7F 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 3C
<- AA 83 7F 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F2 4C
<- AA 83 7F 80 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 BC
<- AA 17 FF 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 C8
-> AA 05 03 96 00 00 00 D5 4C
<- AA 0D FF 05 00 00 00 00 00 00 00 05 00 00 00 B5 CA
-> AA 01 02 73 13
<- AA 01 FF C1 2D
--- END OF READ BILLING ---
--- READ ALL LOAD PROFILES --- 150402 to 150427 -- all null/zeroes at 30 min intervals
-> AA 01 0F DE C2
<- AA 09 FF DC 4D EE 26 77 13 52 51 4F 5C
-> FF
-> FF
-> AA 06 01 04 65 57 7A 8D FD F4
<- AA 07 FF E8 03 02 00 18 00 73 6D
-> AA 02 00 01 41 7E
<- AA 01 FF C1 2D
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 01 00 00 00 67 DB
<- AA 0F FF 0A 00 F4 01 00 00 00 00 00 00 00 00 00 00 68 6D
-> AA 05 03 02 00 00 00 BB 40
<- AA 63 FF 4E FF 01 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 02 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 3D 8B
-> AA 05 03 06 00 00 00 4A 8A
<- AA 4B FF 99 FF 11 11 11 11 FF 83 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF EF FF FF 46
<- AA
-> AA 05 03 07 00 00 00 FE FC
<- AA 4B FF 86 FF 00 00 00 00 FF 03 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 88 FF FD 48 A2
-> AA 05 03 80 00 00 00 EB 70
<- AA 23 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 C9
-> AA 05 03 81 00 00 00 5F 06
<- AA 23 FF E8 03 02 00 18 00 E8 03 60 09 64 00 E8 03 01 01 01 01 01 28 13 89 00 52 00 00 00 00 00 00 00 00 00 00 DA BB
-> AA 05 03 10 00 00 00 74 B6
<- AA 01 FA 64 7D
-> AA 05 03 23 33 00 01 95 8D
<- AA 02 FF 18 A6 FE
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 2F 02 0C 1B 04 0F 01 00 CD 5D
-> AA 05 03 11 00 00 00 C0 C0
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 05 03 32 00 00 56 61 56
<- AA 57 FF B5 01 FF 69 00 16 00 02 00 1E 01 02 E8 03 00 00 FF 34 FF 4A 00 00 00 1E 00 00 E8 03 00 00 00 00 F1 FF 00 00 00 1E 00 00 00 00 00 00 00 00 F1 FF 00 00 00 1E 00 00 00 00 00 00 00 00 F1 FF 00 00 00 1E 00 00 00 00 00 00 00 00 F1 FF 00 00 00 1E 00 00 00 00 00 00 D6 2D
-> AA 05 03 BE 00 00 60 FE 92
<- AA 61 FF 00 16 6F 17 02 00 00 0C 1B 04 0F 00 02 00 00 00 FF 4A FF 4A 00 35 16 0F 02 04 0F 00 00 00 1F 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 0F 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 07 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 03 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 32 00 49 00 AC E1
-> AA 05 03 BE 00 00 60 FE 92
<- AA 61 FF 00 16 6F 17 02 00 00 0C 1B 04 0F 00 02 00 00 00 FF 4A FF 4A 00 35 16 0F 02 04 0F 00 00 00 1F 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 0F 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 07 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 00 00 03 00 F1 FF F1 FF 00 35 16 0F 02 04 0F 00 32 00 49 00 AC E1
-> AA 05 03 BE 00 00 10 69 EC
<- AA 11 FF 00 16 6F 17 02 00 00 0C 1B 04 0F 00 02 00 00 00 73 85
-> AA 03 10 01 01 AF FB
<- AA 83 7F 00 16 CA 35 16 00 00 E5 16 1D EF C7 27 2F 00 00 E5 31 31 F0 C7 28 33 00 00 00 00 E5 14 02 F1 C7 13 11 00 00 E5 16 1D F1 C7 08 35 00 00 00 00 00 00 E5 37 23 F6 A6 02 C7 2E 08 00 00 00 00 00 00 00 00 00 00 00 00 E5 17 32 EE A6 16 C7 12 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B9 A7
<- AA 83 7F 80 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E2 09 2D F5 C4 01 2D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E5 00
<- AA 72 FF 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E5 2E 0C EB C7 2F 0C 00 00 00 00 A4 A7
-> AA 05 03 11 00 00 0E 0E 21
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 05 03
-> AA 00 00 7C 15 90
<- AA 0D FF 05 00 00 00 00 00 00 00 05 00 00 00 B5 CA
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 30 02 0C 1B 04 0F 01 00 BB B9
-> AA 05 03 03 00 00 00 0F 36
<- AA 63 FF 46 FF 04 08 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4C 28
-> AA 01 02 73 13
<- AA 01 FF C1 2D
--- END OF READ ALL PROFILES ---
--- SET TIME --- APPROX 12:03:xx on 2015-04-27
-> AA 01 0F DE C2
<- AA 09 FF A9 28 BD 4C B7 7E B2 67 FF A3
-> FF
-> FF
-> AA 06 01 04 01 0B 61 D3 C3 28
<- AA 07 FF E8 03 02 00 18 00 73 6D
-> AA 02 00 01 41 7E
<- AA 01 FF C1 2D
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 01 00 00 00 67 DB
<- AA 0F FF 0A 00 F4 01 00 00 00 00 00 00 00 00 00 00 68 6D
-> AA 05 03 02 00 00 00 BB 40
<- AA 63 FF 4E FF 01 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 02 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 3D 8B
-> AA 05 03 06 00 00 00 4A 8A
<- AA 4B FF 99 FF 11 11 11 11 FF 83 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF EF FF FF 46
<- AA
-> AA 05 03 07 00 00 00 FE FC
<- AA 4B FF 86 FF 00 00 00 00 FF 03 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 88 FF FD 48 A2
-> AA 05 03 80 00 00 00 EB 70
<- AA 23 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 C9
-> AA 05 03 81 00 00 00 5F 06
<- AA 23 FF E8 03 02 00 18 00 E8 03 60 09 64 00 E8 03 01 01 01 01 01 28 13 89 00 52 00 00 00 00 00 00 00 00 00 00 DA BB
-> AA 05 03 10 00 00 00 74 B6
<- AA 01 FA 64 7D
-> AA 05 03 23 33 00 01 95 8D
<- AA 02 FF 18 A6 FE
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 2C 03 0C 1B 04 0F 01 00 D9 2D
-> AA 05 03 11 00 00 00 C0 C0
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 04 07 35 03 0C A1 62
<- AA 01 FF C1 2D
-> AA 05 03 00 00 00 00 D3 AD
<- AA 1B FF 6E 00 53 32 31 33 30 37 37 39 20 20 20 20 20 20 00 02 13 07 79 01 58 01 99 89 8E 9E
-> AA 05 03 01 00 00 00 67 DB
<- AA 0F FF 0A 00 F4 01 00 00 00 00 00 00 00 00 00 00 68 6D
-> AA 05 03 02 00 00 00 BB 40
<- AA 63 FF 4E FF 01 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 02 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 3D 8B
-> AA 05 03 06 00 00 00 4A 8A
<- AA 4B FF 99 FF 11 11 11 11 FF 83 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF EF FF FF 46
<- AA
-> AA 05 03 07 00 00 00 FE FC
<- AA 4B FF 86 FF 00 00 00 00 FF 03 FF FF 7F FF C7 E1 FF 00 00 00 00 00 00 00 07 F0 C1 3F 07 2C F0 F3 80 00 00 00 00 00 00 00 18 80 0D 00 40 FE C3 61 FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 88 FF FD 48 A2
-> AA 05 03 80 00 00 00 EB 70
<- AA 23 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 C9
-> AA 05 03 81 00 00 00 5F 06
<- AA 23 FF E8 03 02 00 18 00 E8 03 60 09 64 00 E8 03 01 01 01 01 01 28 13 89 00 52 00 00 00 00 00 00 00 00 00 00 DA BB
-> AA 05 03 10 00 00 00 74 B6
<- AA 01 FA 64 7D
-> AA 05 03 23 33 00 01 95 8D
<- AA 02 FF 18 A6 FE
-> AA 05 03 8C 00 00 08 D1 BE
<- AA 09 FF 36 03 0C 1B 04 0F 01 00 11 81
-> AA 05 03 11 00 00 00 C0 C0
<- AA 0D FF FF 00 00 00 00 00 00 00 00 00 00 00 A3 45
-> AA 01 02 73 13
<- AA 01 FF C1 2D
-> AA 01 02 73 13
<- AA 01 FF C1 2D
--- END OF SET TIME ---
-
So here's another observation, if it helps:
<- AA 09 FF D9 1A 85 55 2B 72 FC 61 BC 16
AA = sync
09 = number of bytes
(9 bytes here)
BC 16 = checksum, crc-ccitt
To verify the checksum part, I installed https://pypi.python.org/pypi/crc16/0.1.1 and did:
>>> import crc16
>>> d = [0xaa, 0x09, 0xff, 0xd9, 0x1a, 0x85, 0x55, 0x2b, 0x72, 0xfc, 0x61, 0xbc, 0x16]
>>> '%x' % (crc16.crc16xmodem(''.join(chr(c) for c in d[1:-2])),)
'16bc'
So that's taking the crc16, ignoring the initial sync byte, but include the length value.
Maybe that'll help get you going?
(Note: it was a total fluke that that worked. I installed the crc16 module without realizing that it only implemented one of the many versions of CRC and luckily it had the right one!)
-
That's great - thanks
I was expecting a 16-bit CRC, from reading other loosely docs, but hadn't got around to pulling the whole sentence apart.... as you say it was incredibly lucky, but armed with your prior knowledge, you came through!
Now to identify the command format(s) - I'll parse them down and post some hints.....
Cheers
(Ths may be a great help to others looking at the interface if I can get past the challenge & response.)
-
Hmmm... http://forums.whirlpool.net.au/archive/1900793 (http://forums.whirlpool.net.au/archive/1900793) suggests that there's a 32-bit password with a 1hr lockout after 3 attempts. That will make things tricker, maybe.
-
Ya, that makes sense -
I locked myself out. but I'm now able to log in again with OEM software
... playing with CRC16 code in C now...
-
Those meters using a protocol from Ampy, from before the time when L&G bought Ampy (and Toshiba bought L&G). I think its only used in Australia, so its probably only people in Australia who might be able to help with it.
-
I know this is an old thread however, just wanting to know if you had any success reading the RS232 data?
Needing some assistance