Smart Meter Hacking: Difference between revisions

From The Munich Maker Lab's Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 36: Line 36:
* ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip
* ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip
* ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [[https://www.ista.com/fileadmin/twt_customer/countries/content/Arab/Documents/Memonic_3_Radio_net.pdf memonic 3 radio net]] )
* ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [[https://www.ista.com/fileadmin/twt_customer/countries/content/Arab/Documents/Memonic_3_Radio_net.pdf memonic 3 radio net]] )
* recorded smart meter radio signals with SDR ([[File:Smart_meter_signal.aup.zip]])
* recorded some smart meter radio signals with SDR ([[File:Smart_meter_signal.aup.zip]])
* soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [[https://salmg.net/2017/09/20/cc1101-transceiver-raspberry-pi/ this]] and made it send test data which could be seen with SDR (thx Paul) in a waterfall chart
* soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [[https://forum.homegear.eu/uploads/default/optimized/1X/97721e10f8038570a310faf533379c43aedd8b7a_1_690x369.png like this]] and made it send test data  [[https://salmg.net/2017/09/20/cc1101-transceiver-raspberry-pi/ used software to send data from here]] which could be seen with SDR (thx Paul) in a waterfall chart
** could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one
** could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one
* ordered a CC1101 radio module
* ordered a CC1101 radio module

Revision as of 22:36, 18 October 2018

     
Smart Meter Hacking

Release status: experimental [box doku]

Smart meter hacking.jpg
Description Trying to read radio signals from smart meters e.g. by using the CC1101 (low cost, low power sub-1GHz RF transceiver)
Author(s)  Uli
Download  http://www.ti.com/lit/ds/symlink/cc1101.pdf


Introduction

Goal of the project is to do smart home stuff , especially reading smart meter data without having to buy proprietary, expensive, insecure devices from datahungry, privacy-ingorant and profitmaximizing companies. Therefore alternative hardware and open source "smart home"/"IoT" solutions such as [FHEM] [openHAB] or [Homegear] are preferred. Since Uli already has some smart meters installed in his flat from the energy billing company [Ista] who use the TI CC1101 in their metering devices. Reading the emitted radio signals from these (or similar) devices might be the first step to get a data source and therefore an overview of water, electricity and heating consumption in an open source smart home environment.


Hardware

Approach

  • Try to get the CC1101 to send and receive data
    • Ideally mount it on an arduino nano which is then called a CUL (cc1101 USB lite) [DIY manual (german)]
    • Alternatively use an SDR to record and analyze radio signals from smart meters and try to unterstand them
  • Integrate it in a wireless home server such as FHEM
  • Display the data on something like grafana

Status

History (in reverse order)

  • ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip
  • ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [memonic 3 radio net] )
  • recorded some smart meter radio signals with SDR (File:Smart meter signal.aup.zip)
  • soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [like this] and made it send test data [used software to send data from here] which could be seen with SDR (thx Paul) in a waterfall chart
    • could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one
  • ordered a CC1101 radio module

Links

[CC1101 Specs]

[Detailed description of mbus protocol]

[ista product brochure m-bus system (german)]

[ista protocol description mbus (german)]