Archive for January, 2013


I think I may’ve just had that eureka moment!

As part of the almighty home automation project I have been seeking a mains plug/socket which both meters the power consumption of attached devices AND allows remote switching. I struggled to find anything that fit the bill (and was reasonably priced and/or "open") but ended up taking the plunge and buying a few AlertMe (aka IRIS) Smart Plugs (£25/each).

Knowing that the AlertMe products communicate using Zigbee, if I want them to talk to anything more than themselves I would need to do a little packet sniffing in an attempt to document the packet format.

I first found some software that looked up to the job: http://www.ubilogix.com/products/ubiqua Ubiqua by Ubilogix (although I’m just using the trial version, I doubt I can afford the hefty $999 license fee!) and then found a compatible USB dongle: http://uk.farnell.com/jsp/search/productdetail.jsp?SKU=1855261 Texas Instruments CC2531EMK Zigbee USB dongle (£46.68).

A few days later- everything’s delivered and I fire it up (I use a Mac with VirtualBox to run windows virtual machines. I couldn’t get the driver working in Windows 7, so settled for XP).

There is a ton of traffic and I have very little idea what any of it is!

My next thought was- maybe I can find figure out which device is which through the online portal / web interface (maybe the mac addresses will be listed). They weren’t directly, but clicking on "manage" and viewing the source they were there for the taking:

Ubiqua uses a short notation but you can easily find it:

So, what next? Well there is where I got a little stuck and found myself examining random packets and not really figuring anything out. Applying a filter to only see traffic from the current clamp / meter reader seemed sensible but I believe because the mesh like nature of the Zigbee protocol each message was being relayed by each device causing a lot of duplication. I removed the SmartPlugs, leaving just the hub and meter reader (the SmartPlugs have battery backup so I think it takes a while for them to stop transmitting, I held the power button which I think drained them quickly- the orange light was no longer appearing).

So now we’ve isolated some traffic we’re interested in from a lot of "noise"- but we’re still pretty clueless. Brainwave… let’s monitor a short period with normal consumption then a short period with high consumption (I put the oven on) then a short period with 0 consumption (I removed the current clamp from the mains cable). I made a note of the packet count in Ubiqua at each change so I could be sure to pick a packet from each of the phases.

The incoming packets still don’t seem consistent- so maybe there are more conversation taking place than simply "here’s my power consumption" but I found a fairly regular packet structure 116 bytes in length and decided to filter my packets to just those. I then took the ZCL payload data from one of the "normal", "high" and "zero" samples:

Normal:
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

01 DC 01 DC 01 DC 01 DD 01 DB 01 DD 01 DD 01 DD 01 DD 01 DA 01 DC 01 D4 01 D2 01 D5 01 D2

00 03 A8 FA

High Use:
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0E EE 0E FA 0E F4 0E F9 0E F7 0E F9 0E FB 0E FC 0F 13 0E E3 0E E9 0E E7 0E EA 0E 36 0B 33

00 03 A9 27

Zero Use:
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 03 A9 AE

You can see I chopped the payload into three logical sections. Now my hex isn’t great, but I could quickly see 2 hex digits (8 bits or 1 byte) didn’t really mean anything but when paired and converted to decimal the numbers started to look very much like my estimated power consumption (repeated a number of times- at a guess there are 15 samples in each packet?). Taking the first reading from each packet you end up with:

01 DC = 476 W
0E EE = 3822 W
00 00 = 0 W

Whilst this seemed very likely I wanted to try and confirm the value… So I did another capture and checked the "power now" value on the portal- bingo, spot on!

I still have a lot of work to do to try and determine:

  • What the other packets are?
  • How to decode the consumption packets from the SmartPlugs?
  • How to decode the on/off switching instructions to the SmartPlugs?

And then potentially attempt to build a little arduino circuit / sketch to facilitate communication. Meanwhile I will no doubt be having a poke around inside the devices :)

I didn’t previously mention that the Zigbee packets are actually encrypted- I’m not quite sure where it came from but there was already a key in Ubiqua which was able to successfully decrypt the AlertMe / IRIS packets: AD:38:19:32:6F:D5:C8:F9:F2:8D:78:F0:82:66:AE:57 – I don’t know if this is unique to my devices or the same for everyone.

An update on my latest project

Further to: https://tickett.wordpress.com/2012/12/31/a-new-year-a-new-project/ I have discovered quite a few things, and it looks like I’m not going to have to start from scratch (although I may still be designing some form of hardware, it’s hard to tell at this point).

Existing projects/products set out to do something similar:

NPlug- http://www.indiegogo.com/projects/283102/x/2060579

  • Consumption measuring (believed to be more accurate than existing devices)
  • Remote switching
  • WiFi connected (requires no bridge/gateway device)
  • Zigbee 802.15.4 for connecting to other devices
  • USB option (add 3G dongle, additional RF interface etc)
  • SoC running OpenWRT Linux
  • Open source
  • Lots more…
  • £100 (estimate)

This is really meant as a single device and not to be used with every appliance in the home. The device acts like a gateway itself and aims to connect to existing consumption/switching devices such as the IRIS / AlertMe suite.
I have pledged as a sponsor for this project, and hope to get my hands on a prototype- however, the funding has been a bit slow, so please help out :)

AlertMe (IRIS)- https://www.alertme.com/shopping

  • Consumption measuring
  • Remote switching
  • Zigbee
  • Requires the SmartEnergy pack as a bridge/gateway to the internet
  • £25

Ubiquiti mFi mPower- http://www.ubnt.com/mfi#m-Power

  • Consumption measuring
  • Remote switching
  • WiFi connected (requires no bridge/gateway device)
  • Comes in 3 flavours: Single, 3 socket extension cord and 8 socket extension cord
  • Only currently available with US / EU plugs
  • No EU stock currently available (when it is, I will try one with a UK plug adapter)

Belkin WeMo Switch- http://www.belkin.com/uk/c/WSWH

  • Switching only by the look of it
  • WiFi connected (requires no bridge/gateway device)
  • £40

Meter Polug- http://www.indiegogo.com/meterplug/x/2060579

  • Consumption measuring
  • Remote switching
  • Bluetooth only- so unless you’re within range and carrying a bluetooth equipped device, it’s not much good. This being said, the project has been fully funded, so there is clearly demand for such a device.
  • I have asked whether they’ve considered building a gateway device to enable internet connectivity but yet to hear back. Fingers crossed.

Other

  • I have purchased a USB Zigbee packet sniffer in the hope that I can make sense of some of the traffic floating around my house from various “smart” gadgets.
  • Still waiting on delivery of my EVE Alpha board- http://www.kickstarter.com/projects/ciseco/eve-alpha-raspberry-pi-wireless-development-hardwa this should allow me to start doing some cool stuff with a raspberry pi using the gpio pins rather than dozens of USB sticks!
  • The guys over at flukso have confirmed that they will be continuing work on their enhanced hexabus plug once they have another project out of the way: https://www.flukso.net/content/hexabus-plug
  • I sent some details to a few companies in an attempt to understand costings for PCB design, production and assembly. Just one company has responded to date: http://www.newburyelectronics.co.uk/ – for something like the Hexabus plug they’re suggesting (rough figures): £1,000 PCB design (£500 each of the 2), £80 PCB production (£40 each of the 2), £60 parts (excluding several parts they can’t source), £130 assembly & inspection. Bringing the total in at about £270/device (forgetting PCB design)- ouch!

That’ll likely be my last update for a few weeks, as I’m off to Thailand shortly :)

L

Not technically the best of the photos- but a few of my favourites for one reason or another:





I recently dropped my web hosting provider in favour of hosting my site at home (I already have the server infrastructure, and now I have a fairly reliable 80/20 internet service). However, I was not yet ready to host my own nameserver / DNS. So I went hunting for a free service. It took some time but eventually I found http://www.geoscaling.com

I got my A records, CNAME records and MX record configured with ease but couldn’t quite figure out the SRV records (I was trying to enter the port into the ttl/priority boxes, which looked ok in the records table but didn’t seem to function properly). I was able to check using NSLOOKUP.

Open a command prompt and type

nslookup
set type=all
_sip._tls.domain.tld

You should then see an answer as below:

If the SRV record isn’t configured correctly you will see a message: Non-existent domain as above.

Here is a screenshot of how you correctly enter the SRV record in the geoscaling web interface:

b797b185 c953 4bca a5aa 76b572ebbe17

fd7920c2 8599 4bf7 9d87 aa007925b548

872d86ce c5db 441d 9c22 e006e0ab498a

%d bloggers like this: