Difference between revisions of "User:Ctag/Landis+Gyr Focus AXRe-SD"
Jump to navigation
Jump to search
(Added initial set of device info from OEM webpage.) |
m (→Device Info: Added remote disconnect idea.) |
||
| Line 3: | Line 3: | ||
My local utility company installed one of these doohickies on the house, and now I want to get realtime data from it after reading [https://pdx.su/blog/2024-03-17-reading-my-electric-meter-with-rtlsdr/ this article]. | My local utility company installed one of these doohickies on the house, and now I want to get realtime data from it after reading [https://pdx.su/blog/2024-03-17-reading-my-electric-meter-with-rtlsdr/ this article]. | ||
| − | === Device Info === | + | ===Device Info=== |
The smart meter in question: <code>Landis+Gyr FOCUS AXRe-SD FORM 2S CL200</code> | The smart meter in question: <code>Landis+Gyr FOCUS AXRe-SD FORM 2S CL200</code> | ||
| Line 10: | Line 10: | ||
From this page I gather: | From this page I gather: | ||
| − | * The base product is called FOCUS AX. The AX'''e''' is a product refresh with better specs. | + | *The base product is called FOCUS AX. The AX'''e''' is a product refresh with better specs. |
| − | ** Still no lead on the 'R' or '-SD' portions of AXRe-SD. I suspect 'R' is for reactive, as in it can meter [https://www.theelectricalguy.in/tutorials/active-reactive-apparent-power-easiest-explanation/ reactive loads]. | + | **Still no lead on the 'R' or '-SD' portions of AXRe-SD. I suspect 'R' is for reactive, as in it can meter [https://www.theelectricalguy.in/tutorials/active-reactive-apparent-power-easiest-explanation/ reactive loads]. Or it means Remote disconnect. |
| − | * Capable of remote disconnect. | + | *Capable of remote disconnect. |
| − | ** So as a consumer, I have an interest in these devices both giving me the data I want, but not being imminently pwnable. | + | **So as a consumer, I have an interest in these devices both giving me the data I want, but not being imminently pwnable. |
| − | * Built-in tamper detection | + | *Built-in tamper detection |
| − | * OTA firmware updates (Cell? Mesh?) | + | *OTA firmware updates (Cell? Mesh?) |
| − | * Some models have an optical port? IR? | + | *Some models have an optical port? IR? |
| − | * Two variations: Modular and Integrated. | + | *Two variations: Modular and Integrated. |
| − | ** Modular: with or without AMI comms (AMI is Advanced Metering Infrastructure, but I'm not sure if this means ZigBee, 802.15.4, or something else?) | + | **Modular: with or without AMI comms (AMI is Advanced Metering Infrastructure, but I'm not sure if this means ZigBee, 802.15.4, or something else?) |
| − | ** Integrated: With radio built-in (I assume radio != AMI comms?) | + | **Integrated: With radio built-in (I assume radio != AMI comms?) |
Hash sent this link in discord, showing that the 'e' variants should have increased microcontroller specs: https://documents.dps.ny.gov/public/Common/ViewDoc.aspx?DocRefId=%7BBE3EBED1-4973-440D-A2BD-A28ED46F9FC1%7D | Hash sent this link in discord, showing that the 'e' variants should have increased microcontroller specs: https://documents.dps.ny.gov/public/Common/ViewDoc.aspx?DocRefId=%7BBE3EBED1-4973-440D-A2BD-A28ED46F9FC1%7D | ||
Revision as of 03:23, 23 September 2024
ExecSum
My local utility company installed one of these doohickies on the house, and now I want to get realtime data from it after reading this article.
Device Info
The smart meter in question: Landis+Gyr FOCUS AXRe-SD FORM 2S CL200
Here is the official landing page for this family of products: https://www.landisgyr.com/product/focus-axe-axre-rxre-platform/
From this page I gather:
- The base product is called FOCUS AX. The AXe is a product refresh with better specs.
- Still no lead on the 'R' or '-SD' portions of AXRe-SD. I suspect 'R' is for reactive, as in it can meter reactive loads. Or it means Remote disconnect.
- Capable of remote disconnect.
- So as a consumer, I have an interest in these devices both giving me the data I want, but not being imminently pwnable.
- Built-in tamper detection
- OTA firmware updates (Cell? Mesh?)
- Some models have an optical port? IR?
- Two variations: Modular and Integrated.
- Modular: with or without AMI comms (AMI is Advanced Metering Infrastructure, but I'm not sure if this means ZigBee, 802.15.4, or something else?)
- Integrated: With radio built-in (I assume radio != AMI comms?)
Hash sent this link in discord, showing that the 'e' variants should have increased microcontroller specs: https://documents.dps.ny.gov/public/Common/ViewDoc.aspx?DocRefId=%7BBE3EBED1-4973-440D-A2BD-A28ED46F9FC1%7D
Packet Captures
| Pkt | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Not part of CRC calc | Data Packet | Trailing 6 Bytes | |||||||||||||||
| Start of
Frame |
Type | SubType | Length | Unknown | Unknown | WAN Address | Counter | Uptime | Unknown | LAN Address | Unknown | Unknown | Timing
(0.01 increments) |
Unknown | Checksum | Trailing | |
| Examples | |||||||||||||||||
| 1 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE5021D00500 | 7C | 0003FB20 | A403 | 5021D005 | 0100 | 072001 | 1E56 | 7E00 | 9032 | 04 |
| 2 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE5021D00500 | AE | 0003FB9E | A403 | 5021D005 | 0100 | 072001 | 0DA8 | 7E00 | 83E8 | 04 |
| 3 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE5021D00500 | B8 | 0003FBC1 | A403 | 5021D005 | 0100 | 072001 | 1B54 | 7E00 | 2924 | 04 |
| HVAC Running | |||||||||||||||||
| 6 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE40DA952B00 | 7E | 006D627B | A40B | 40DA952B | 0100 | 161505 | 147E | 7E00 | F2B5 | XX |
| HVAC Off | |||||||||||||||||
| 7 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE40DA952B00 | 3A | 006D6381 | A40B | 40DA952B | 0100 | 161505 | 052E | 7E00 | 0A80 | XX |
| Someone else's meter? | |||||||||||||||||
| 8 | 00FF | 2A | 55 | 0023 | 30 | FFFFFFFFFFFF | FE40DA235100 | 00 | 006D65A4 | A40B | 40DA2351 | 0100 | 161505 | 0B32 | 7E00 | 3FB7 | XX |
