Smart Meter Hacking: Difference between revisions
(added some images) |
|||
Line 23: | Line 23: | ||
* memonic3 radio net device to read, aggregate and upload data form multiple smart meters [[https://www.ista.com/fileadmin/twt_customer/countries/content/Arab/Documents/Memonic_3_Radio_net.pdf]] | * memonic3 radio net device to read, aggregate and upload data form multiple smart meters [[https://www.ista.com/fileadmin/twt_customer/countries/content/Arab/Documents/Memonic_3_Radio_net.pdf]] | ||
<gallery> | <gallery> | ||
Smart meter hacking.jpg|Ista domaqua m with radio net 3 module | Smart meter hacking.jpg|Water meter Ista "domaqua m" with "radio net 3" module | ||
Memonic_3_radio_net_board.jpg|Ista memonic 3 | Sensonic2.jpg|Heating meter Ista "Sensonic II" | ||
Memonic_3_radio_net_board.jpg|Basestation Ista "memonic 3" | |||
</gallery> | </gallery> | ||
Revision as of 00:20, 19 October 2018
Smart Meter Hacking Release status: experimental [box doku] | |
---|---|
Description | Trying to read radio signals from smart meters e.g. by using the CC1101 (low cost, low power sub-1GHz RF transceiver) |
Author(s) | Uli |
Download | http://www.ti.com/lit/ds/symlink/cc1101.pdf |
Introduction
Goal of the project is to do smart home stuff , especially reading smart meter data without having to buy proprietary, expensive, insecure devices from datahungry, privacy-ingorant and profitmaximizing companies. Therefore alternative hardware and open source "smart home"/"IoT" solutions such as [FHEM] [openHAB] or [Homegear] are preferred. Since Uli already has some smart meters installed in his flat from the energy billing company [Ista] who use the TI CC1101 in their metering devices. Reading the emitted radio signals from these (or similar) devices might be the first step to get a data source and therefore an overview of water, electricity and heating consumption in an open source smart home environment.
Hardware
- smart water meters (Ista istameter product brochure)
- bought an extra cold water meter for tinkering and will bring it to the space when it arrives (ISTA Wasserzähler, Kaltwasser, Istameter)
- heating meter (Ista sensonic II product brochure (german))
- smoke detectors (Ista fumonic 3 product brochure)
- raspberry pi with cc1101 to read 868 Mhz radio signals
- memonic3 radio net device to read, aggregate and upload data form multiple smart meters [[1]]
Approach
- Try to get the CC1101 to send and receive data
- Ideally mount it on an arduino nano which is then called a CUL (cc1101 USB lite) [DIY manual (german)]
- Alternatively use an SDR to record and analyze radio signals from smart meters and try to unterstand them
- Integrate it in a wireless home server such as FHEM
- Display the data on something like grafana
Status
- trying to build my own nanoCUL [as described here]
- first on a breadboard with arduino uno r3 ([pinout for nano here])
History (in reverse order)
- ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip
- ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [memonic 3 radio net] (Memonic_3_radio_net_board.jpg opened))
- collects and store radio signals from CC1101 and sends them regularly to Ista via GPRS
- contains a lot of Texas Instruments chips including CC1101 (of course) an [M430F417 microcontroller] and [Sierra Wireless AirPrime (Model Q2686RD)] GSM transceiver module together with a SIM Card and a 10 year battery
- recorded some smart meter radio signals with SDR (File:Smart meter signal.aup.zip)
- signal not yet analyzed since I did not succeed to make GNUradio run on my macbook (with homebrew which seems unfortunate in this case)
- soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [like this] and made it send test data [used software to send data from here] which could be seen with SDR (thx Paul) in a waterfall chart
- could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one
- ordered a CC1101 radio module
Links
[Detailed description of mbus protocol]