Gr-smart meters Setup Guide
The following install guide details the steps from a fresh Ubuntu 22.04 install to a fully running GNU Radio + USRP B200, HackRF, AirSpy and RTL-SDR frequency hopping spread spectrum setup needed to capture smart meter data.
This video shows the overall process but using a prior version of GNURadio. Instructions below are the latest.
- 1 Install Ubuntu 22.04
- 2 Install GNU Radio 3.10
- 3 SDR Hardware Support
- 4 Install Frequency Hopping Utilities
- 5 Setup gr-smart_meters
- 6 Determining your power providers CRC
Install Ubuntu 22.04
There is nothing special about Ubuntu, it was chosen because it works well across different computers and has a familiar interface. Likely these instructions can be used as a rough guide for what is needed with other distro's.
For now, this step is to install a base version of Ubuntu 20.04, mine was a minimal install. After finishing your install ensure you update everything.
sudo apt update sudo apt upgrade
Also install the following
sudo apt install libsndfile1-dev
For flavors other than Ubuntu or depending on your window environment you may need:
add apt-get install -y gobject-introspection gir1.2-gtk-3.0
Install GNU Radio 3.10
The version packaged with Ubuntu (3.10.1 as of 12-30-2022) works fine, has been tested up to 3.10.5
sudo apt-get install gnuradio
SDR Hardware Support
All support is now native in GNURadio 3.10.
- UHD can be used for Ettus USRP hardware
- Soapy Custom Source is used for HackRF, AirSpy, BladeRF and RTL-SDR
Install Frequency Hopping Utilities
If you already have GNU Radio and your SDR setup you should start here to install the Sandia Laboratories out of tree (OOT) modules. Four different OOT modules are needed.
Create a folder to organize them
cd mkdir FHSS_Utils cd FHSS_Utils
Install PDU Utilities
git clone https://github.com/sandialabs/gr-pdu_utils.git cd gr-pdu_utils/ git checkout maint-3.10 mkdir build cd build cmake .. make -j8 sudo make install sudo ldconfig cd ../..
Install Sandia Utilities
git clone https://github.com/sandialabs/gr-sandia_utils.git cd gr-sandia_utils/ git checkout maint-3.10 mkdir build cd build/ cmake .. make -j8 sudo make install sudo ldconfig cd ../..
Install Timing Utilities
git clone https://github.com/sandialabs/gr-timing_utils.git cd gr-timing_utils/ git checkout maint-3.10 mkdir build cd build cmake .. make -j8 sudo make install sudo ldconfig cd ../..
Install FHSS Utilities
git clone https://github.com/sandialabs/gr-fhss_utils.git cd gr-fhss_utils/ git checkout maint-3.10 mkdir build cd build/ cmake .. make -j8 sudo make install sudo ldconfig cd ../..
Close all open terminal windows and then open a new one.
This contains the GridStream block that will be used to decode Landis+Gyr Smart Meter data along with pre-configured flowgraphs for USRP B200, HackRF and RTL-SDR and a script to decode GPS data transmitted in some cases.
git clone https://github.com/BitBangingBytes/gr-smart_meters.git cd gr-smart_meters/ git checkout main mkdir build cd build/ cmake .. make -j8 sudo make install sudo ldconfig
Install python packages needed for Google Maps and Google Earth
pip install gmplot simplekml
Start GNU Radio from a terminal window
Open flowgraph for your SDR
In GNU Radio open a flowgraph and navigate to the gr-smart_meters/examples folder. If you have installed everything above you should be able to run it and see smart meter data!
Determining your power providers CRC
CRC check is set to false in the sample flowgraphs so you will see data but can't be sure there aren't any errors. Every power provider is assigned a unique CRC so neighboring smart meter systems do not interfere with each other. To determine this you need to capture at least 4 good packets and use reveng to reverse the CRC.
It's on sourceforge: https://reveng.sourceforge.io/ Documentation is at: https://reveng.sourceforge.io/readme.htm Download the .zip in the latest releases folder: https://sourceforge.net/projects/reveng/files/2.1.1/ Follow instructions to make
Provide reveng four good packets
I find the easiest way to do this is to limit the Packet Type to 0x55 and Packet Length to 0x23. Edit the GridStream block and make those changes then run the flowgraph making sure CRC Enable is set to False.
You will get data that looks like this below.
You need to remove the first 6 bytes and provide the rest as inputs to reveng, CRC isn't calculated on those bytes.
00FF2A550023 <-- Discard | 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286
Now provide four samples to reveng
./reveng -w 16 -s 30FFFFFFFFFFFF50CF5DD9E2C0B80065F5D1A483F0FBBC6F01001E6C043B517E90B286 30FFFFFFFFFFFF50CF2DD9E560560065F5D5A483F0C000650100176C033FF77E901766 30FFFFFFFFFFFF50CF95D9E5E01A0065F5D9A483F0515A0201001E6C042A177E90BDA4 30FFFFFFFFFFFF50CF8DD9E6A0F00065F5EBA483F0EBFD4A0100206C0433A97E90B04C
You should get the following output below if you used this data to test
width=16 poly=0x1021 init=0x5fd6 refin=false refout=false xorout=0x0000 check=0x139e residue=0x0000 name=(none)
The init value is what you enter into the GridStream block, you can now enable the CRC and know you have correct data!
CRC Prefix Calculator by L0scher
Enter a string of hex bytes in the box and hit the Find CRC init button searches for the initial CRC value which would make the calculated CRC equal to zero. It uses the 0x1021 polynomial value. If it cannot find such a value, it will leave the value unchanged.