Smart Meter Hacking: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
|status=experimental | |status=experimental | ||
|author=[[User:Uli|Uli]] | |author=[[User:Uli|Uli]] | ||
|image=Smart_meter_hacking.jpg | |||
|description=Trying to read radio signals from smart meters e.g. by using the CC1101 (low cost, low power sub-1GHz RF transceiver) | |description=Trying to read radio signals from smart meters e.g. by using the CC1101 (low cost, low power sub-1GHz RF transceiver) | ||
|download=http://www.ti.com/lit/ds/symlink/cc1101.pdf | |download=http://www.ti.com/lit/ds/symlink/cc1101.pdf | ||
| Line 28: | Line 29: | ||
* Integrate it in a wireless home server such as FHEM | * Integrate it in a wireless home server such as FHEM | ||
* Display the data on something like grafana | * Display the data on something like grafana | ||
== Status == | |||
* trying to build my own nanoCUL [[https://wiki.fhem.de/wiki/Selbstbau_CUL as described here]] | |||
** first on a breadboard with arduino uno r3 ([[https://www.smarthome-agentur.de/blog/diy-cul-arduino-stick-smart-home-bauen/ pinout for nano here]]) | |||
== History (in reverse order) == | |||
* ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip | |||
* ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [[https://www.ista.com/fileadmin/twt_customer/countries/content/Arab/Documents/Memonic_3_Radio_net.pdf memonic 3 radio net]] ) | |||
** collects and store radio signals from CC1101 and sends them regularly to Ista via GPRS | |||
** contains a lot of Texas Instruments chips including CC1101 (of course) an [[http://www.ti.com/lit/ds/symlink/msp430f415.pdf M430F417 microcontroller]] and [[https://source.sierrawireless.com/resources/airprime/hardware_specs_user_guides/airprime_q2686_product_technical_specification_and_customer_design_guidelines/ Sierra Wireless AirPrime (Model Q2686RD)]] GSM transceiver module together with a SIM Card and a 10 year battery | |||
* recorded some smart meter radio signals with SDR ([[File:Smart_meter_signal.aup.zip]]) | |||
* soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [[https://forum.homegear.eu/uploads/default/optimized/1X/97721e10f8038570a310faf533379c43aedd8b7a_1_690x369.png like this]] and made it send test data [[https://salmg.net/2017/09/20/cc1101-transceiver-raspberry-pi/ used software to send data from here]] which could be seen with SDR (thx Paul) in a waterfall chart | |||
** could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one | |||
* ordered a CC1101 radio module | |||
== Links == | == Links == | ||
Revision as of 23:53, 18 October 2018
| Smart Meter Hacking Release status: experimental [box doku] | |
|---|---|
| |
| Description | Trying to read radio signals from smart meters e.g. by using the CC1101 (low cost, low power sub-1GHz RF transceiver) |
| Author(s) | Uli |
| Download | http://www.ti.com/lit/ds/symlink/cc1101.pdf |
Introduction
Goal of the project is to do smart home stuff , especially reading smart meter data without having to buy proprietary, expensive, insecure devices from datahungry, privacy-ingorant and profitmaximizing companies. Therefore alternative hardware and open source "smart home"/"IoT" solutions such as [FHEM] [openHAB] or [Homegear] are preferred. Since Uli already has some smart meters installed in his flat from the energy billing company [Ista] who use the TI CC1101 in their metering devices. Reading the emitted radio signals from these (or similar) devices might be the first step to get a data source and therefore an overview of water, electricity and heating consumption in an open source smart home environment.
Hardware
- smart water meters (Ista istameter product brochure)
- bought an extra cold water meter for tinkering and will bring it to the space when it arrives (ISTA Wasserzähler, Kaltwasser, Istameter)
- heating meter (Ista sensonic II product brochure (german))
- smoke detectors (Ista fumonic 3 product brochure)
- raspberry pi with cc1101 to read 868 Mhz radio signals
- memonic3 radio net device to read, aggregate and upload data form multiple smart meters [[1]]
Approach
- Try to get the CC1101 to send and receive data
- Ideally mount it on an arduino nano which is then called a CUL (cc1101 USB lite) [DIY manual (german)]
- Alternatively use an SDR to record and analyze radio signals from smart meters and try to unterstand them
- Integrate it in a wireless home server such as FHEM
- Display the data on something like grafana
Status
- trying to build my own nanoCUL [as described here]
- first on a breadboard with arduino uno r3 ([pinout for nano here])
History (in reverse order)
- ordered some extra CC1101's to build a nanoCUL without having to de-solder the old wire from the chip
- ordered smart meter hardware for tinkering on ebay ("domaqua m" meter unfortunately without radio modules and a [memonic 3 radio net] )
- collects and store radio signals from CC1101 and sends them regularly to Ista via GPRS
- contains a lot of Texas Instruments chips including CC1101 (of course) an [M430F417 microcontroller] and [Sierra Wireless AirPrime (Model Q2686RD)] GSM transceiver module together with a SIM Card and a 10 year battery
- recorded some smart meter radio signals with SDR (File:Smart meter signal.aup.zip)
- soldered some wire to the cc1101 to use it with raspberry pi serial connection similar to [like this] and made it send test data [used software to send data from here] which could be seen with SDR (thx Paul) in a waterfall chart
- could not find proper firmware for reading ista radio signals though and don't have time and knowledge to build one
- ordered a CC1101 radio module
Links
[Detailed description of mbus protocol]
