Difference between revisions of "Gr-smart meters Setup Guide"

From RECESSIM, A Reverse Engineering Community
Jump to navigation Jump to search
Line 201: Line 201:
 
Follow instructions to make
 
Follow instructions to make
 
===Provide reveng four good packets===
 
===Provide reveng four good packets===
I find the easiest way to do this is to limit the '''Packet Type''' to 0x55 and '''Packet Length''' to 0x23. Edit the GridStream block and make those changes then run the flowgraph making sure '''CRC Enable''' is set to False. You will get data that looks like this below.
+
I find the easiest way to do this is to limit the '''Packet Type''' to 0x55 and '''Packet Length''' to 0x23. Edit the GridStream block and make those changes then run the flowgraph making sure '''CRC Enable''' is set to False.  
<code> 00FF2A55002330FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 </code>
+
 
 +
You will get data that looks like this below.
 +
 
 +
<code>00FF2A55002330FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286</code>
 +
 
 
You need to remove the first 6 bytes and provide the rest as inputs to reveng, CRC isn't calculated on those bytes.
 
You need to remove the first 6 bytes and provide the rest as inputs to reveng, CRC isn't calculated on those bytes.
<code> 00FF2A550023 <-- Discard | 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 </code>
+
 
 +
<code>00FF2A550023 <-- Discard | 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286</code>
 +
 
 
Now provide four samples to reveng
 
Now provide four samples to reveng
<code> ./reveng -w 16 -s 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 30FFFFFFFFFFFF50CF2DD9E560560065F5D5A483F0C000650100176C033FF77E901766 30FFFFFFFFFFFF50CF95D9E5E01A0065F5D9A483F0515A0201001E6C042A177E90BDA4 30FFFFFFFFFFFF50CF8DD9E6A0F00065F5EBA483F0EBFD4A0100206C0433A97E90B04C </code>
+
 
 +
<code>./reveng -w 16 -s 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 30FFFFFFFFFFFF50CF2DD9E560560065F5D5A483F0C000650100176C033FF77E901766 30FFFFFFFFFFFF50CF95D9E5E01A0065F5D9A483F0515A0201001E6C042A177E90BDA4 30FFFFFFFFFFFF50CF8DD9E6A0F00065F5EBA483F0EBFD4A0100206C0433A97E90B04C</code>
 +
 
 
You should get the following output below if you used this data to test
 
You should get the following output below if you used this data to test
 +
 
<code>width=16  poly=0x1021  init=0x5fd6  refin=false  refout=false  xorout=0x0000  check=0x139e  residue=0x0000  name=(none)</code>
 
<code>width=16  poly=0x1021  init=0x5fd6  refin=false  refout=false  xorout=0x0000  check=0x139e  residue=0x0000  name=(none)</code>
 +
 
The init value is what you enter into the GridStream block, you can now enable the CRC and know you have correct data!
 
The init value is what you enter into the GridStream block, you can now enable the CRC and know you have correct data!

Revision as of 16:41, 8 May 2021

The following install guide details the steps from a fresh Ubuntu 20.04 install to a fully running GNU Radio + USRP B200, HackRF and RTL-SDR frequency hopping spread spectrum setup needed to capture smart meter data.

Install Ubuntu 20.04

There is nothing special about Ubuntu, it was chosen because it works well across different computers and has a familiar interface. Likely these instructions can be used as a rough guide for what is needed with other distro's.

For now, this step is to install a base version of Ubuntu 20.04, mine was a minimal install. After finishing your install ensure you update everything.

sudo apt update
sudo apt upgrade

Install dependencies

The block at the top is standard from the GNU Radio install guide. The two additional below are vim so you get nice colors in your editor and liborc which is needed for the additional GNU Radio blocks that will be installed.

sudo apt install git cmake g++ libboost-all-dev libgmp-dev swig python3-numpy python3-mako python3-sphinx python3-lxml doxygen libfftw3-dev libsdl1.2-dev libgsl-dev libqwt-qt5-dev libqt5opengl5-dev python3-pyqt5 liblog4cpp5-dev libzmq3-dev python3-yaml python3-click python3-click-plugins python3-zmq python3-scipy python3-gi python3-gi-cairo gobject-introspection gir1.2-gtk-3.0

sudo apt install liborc-0.4-dev vim

Install GNU Radio 3.8

This guide and the blocks used here are all dependent on GNU Radio 3.8. As 3.9 has been released for a while more blocks and packages are getting support so this guide may be updated in the future to support 3.9.

sudo add-apt-repository ppa:gnuradio/gnuradio-releases-3.8
sudo apt update
sudo apt install gnuradio

For USRP B200 Support

This is specific to the USRP B200 software defined radio, if you are using another SDR this will not be necessary.

Install necessary packages

sudo apt install libuhd-dev libuhd3.15.0 uhd-host

Download firmware needed for different USRP devices

If this doesn't work your files may have been installed in /usr/local/lib instead of /usr/lib

sudo /usr/lib/uhd/utils/uhd_images_downloader.py

Configure USB and test USRP B200

cd /usr/lib/uhd/utils/
sudo cp uhd-usrp.rules /etc/udev/rules.d/
sudo udevadm control --reload-rules
sudo udevadm trigger
uhd_usrp_probe

For HackRF Support

Install necessary packages

sudo apt install build-essential cmake libusb-1.0-0-dev pkg-config libfftw3-dev

Install HackRF from source

git clone https://github.com/mossmann/hackrf.git
cd hackrf/host/
mkdir build
cd build
cmake ..
make -j8
sudo make install
sudo ldconfig

Install gr-osmosdr

git clone git://git.osmocom.org/gr-osmosdr
cd gr-osmosdr/
git checkout gr3.8
mkdir build
cd build/
cmake ../
make
sudo make install
sudo ldconfig

For RTL-SDR Support

Install gr-osmosdr

git clone git://git.osmocom.org/gr-osmosdr
cd gr-osmosdr/
git checkout gr3.8
mkdir build
cd build/
cmake ../
make
sudo make install
sudo ldconfig

Install Frequency Hopping Utilities

If you already have GNU Radio and your SDR setup you should start here to install the Sandia Laboratories out of tree (OOT) modules. Four different OOT modules are needed.

  1. PDU Utilities
  2. FHSS Utilities
  3. Timing Utilities
  4. Sandia Utilities

Create a folder to organize them

cd
mkdir FHSS_Utils
cd FHSS_Utils

Install PDU Utilities

git clone https://github.com/sandialabs/gr-pdu_utils.git
cd gr-pdu_utils/
git checkout maint-3.8
mkdir build
cd build
cmake ..
make -j8
sudo make install
sudo ldconfig
cd ..

Install FHSS Utilities

git clone https://github.com/sandialabs/gr-fhss_utils.git
cd gr-fhss_utils/
git checkout maint-3.8
mkdir build
cd build/
cmake ..
make -j8
sudo make install
sudo ldconfig
cd ..

Install Timing Utilities

git clone https://github.com/sandialabs/gr-timing_utils.git
cd gr-timing_utils/
git checkout maint-3.8
mkdir build
cd build
cmake ..
make -j8
sudo make install
sudo ldconfig
cd ..

Install Sandia Utilities

git clone https://github.com/sandialabs/gr-sandia_utils.git
cd gr-sandia_utils/
git checkout maint-3.8
mkdir build
cd build/
cmake ..
make -j8
sudo make install
sudo ldconfig
cd ..

Setup PYTHONPATH

gnuradio-companion will give you errors if it can't find your python libraries that were just installed. Also highly suggest starting gnuradio-companion from a terminal as opposed to the icon in Ubuntu. It gives you a nice way to see console output and you have to configure path variables in other places to run gnuradio-companion with the icon.

  1. Figure out where your dist-packages is located
  2. Open your .bashrc file and add that path
  3. close all open terminals and re-open them

Figure out where dist-packages is located

If your system is like mine they will be in:

/usr/local/lib/python3/dist-packages

You can easily confirm by using "ls" to show all the files there, if you see folder names corresponding to the packages installed above you have the correct folder. If not, try searching for other occurrences of "dist-packages" on your system where they may have been placed.

Edit .bashrc and add PYTHONPATH

Add the following to the end of your .bashrc if there is no PYTHONPATH variable.

export PYTHONPATH=/usr/local/lib/python3/dist-packages/

Finish up

Close all open terminal windows and then open a new one.

Setup gr-smart_meters

This contains the GridStream block that will be used to decode Landis+Gyr Smart Meter data along with pre-configured flowgraphs for USRP B200, HackRF and RTL-SDR and a script to decode GPS data transmitted in some cases.

Install gr-smart_meters

git clone https://github.com/BitBangingBytes/gr-smart_meters.git
cd gr-smart_meters/
mkdir build
cd build/
cmake ..
make -j8
sudo make install
sudo ldconfig

Start GNU Radio from a terminal window

gnuradio-companion

Open flowgraph for your SDR

In GNU Radio open a flowgraph and navigate to the gr-smart_meters/flowgraph folder. If you have installed everything above you should be able to run it and see smart meter data!

Determining your power providers CRC

CRC check is set to false in the sample flowgraphs so you will see data but can't be sure there aren't any errors. Every power provider is assigned a unique CRC so neighboring smart meter systems do not interfere with each other. To determine this you need to capture at least 4 good packets and use reveng to reverse the CRC.

Install reveng

It's on sourceforge: https://reveng.sourceforge.io/ Documentation is at: https://reveng.sourceforge.io/readme.htm Download the .zip in the latest releases folder: https://sourceforge.net/projects/reveng/files/2.1.1/ Follow instructions to make

Provide reveng four good packets

I find the easiest way to do this is to limit the Packet Type to 0x55 and Packet Length to 0x23. Edit the GridStream block and make those changes then run the flowgraph making sure CRC Enable is set to False.

You will get data that looks like this below.

00FF2A55002330FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286

You need to remove the first 6 bytes and provide the rest as inputs to reveng, CRC isn't calculated on those bytes.

00FF2A550023 <-- Discard | 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286

Now provide four samples to reveng

./reveng -w 16 -s 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 30FFFFFFFFFFFF50CF2DD9E560560065F5D5A483F0C000650100176C033FF77E901766 30FFFFFFFFFFFF50CF95D9E5E01A0065F5D9A483F0515A0201001E6C042A177E90BDA4 30FFFFFFFFFFFF50CF8DD9E6A0F00065F5EBA483F0EBFD4A0100206C0433A97E90B04C

You should get the following output below if you used this data to test

width=16 poly=0x1021 init=0x5fd6 refin=false refout=false xorout=0x0000 check=0x139e residue=0x0000 name=(none)

The init value is what you enter into the GridStream block, you can now enable the CRC and know you have correct data!