Difference between revisions of "Landis+Gyr GridStream Protocol"

From RECESSIM, A Reverse Engineering Community
Jump to navigation Jump to search
Line 5: Line 5:
 
</gallery>
 
</gallery>
  
=== Sample Meter Data ===
+
===Captured Meter Data Analysis===
 +
There have been two packet types observed thus far, a 0x55 and a 0xD5 packet.
 +
 
 +
* 0x55 appears to be broadcasts from the meters and happen frequently. They have been observed multiple times per minute from a single meter.
 +
 
 +
* 0xD5 appears to be a packet for transporting data across the mesh network. Each D5 packet will contain two meter ID's, Meter ID #1 and Meter ID #2. There are many 0xD5 packet length and types that have been observed, some are shown below.
 +
 
 +
==== 0x55 Meter Data ====
 +
<br />
 +
 
 +
==== 0xD5 Meter Data ====
 
<code>1)      2)  3)  4) 5)      6)      7)  8)  9)    10)      11)  12)</code>
 
<code>1)      2)  3)  4) 5)      6)      7)  8)  9)    10)      11)  12)</code>
  
Line 18: Line 28:
 
<code>4) Unknown Identifier #1 = 0x21</code>
 
<code>4) Unknown Identifier #1 = 0x21</code>
  
<code>5) Meter #1 ID = F05FCB84</code>
+
<code>5) Meter ID #1 = F05FCB84</code>
  
<code>6) Meter #2 ID = F0FC4DB1</code>
+
<code>6) Meter ID #2 = F0FC4DB1</code>
  
 
<code>7) Unknown Identifier #2 = 0xE288</code>
 
<code>7) Unknown Identifier #2 = 0xE288</code>
Line 34: Line 44:
 
<code>12) Trailing byte = 0x00</code>
 
<code>12) Trailing byte = 0x00</code>
 
<br />
 
<br />
 +
 +
<code>00FF2A D5 0016 21 F073B577 F062363D FA88 0100 1F6C04 14E93E70 CF80 04</code>
 +
 +
<code>00FF2A D5 0017 29 8073AEAC F0F28D56 1288 0100 1F3204 041CBB1930 2D2A 04</code>
 +
 +
<code>00FF2A D5 001B 21 F10679E2 8073CE7D F498 0100 106C02 0A15F9055F06571A80 37C5 00</code>
 +
 +
<code>00FF2A D5 001C 29 8073ADB3 8073CE7D 9088 0100 106C02 040A99CF055F3A4B1170 A696 04</code>
 +
 +
<code>00FF2A D5 0021 22 F05A1A60 8073CE7D D8010100106C020520301D81800A99CF055F3ADD1410 A560 04</code>
 +
 +
<code>00FF2A D5 0047 51 F05A4BCC F03D4CD7 5A6032F37F0001DA2E00022BE9 A483 010150D075D9E2E0 F03D4CD7 000103240403030806080801000000036EE8001F6C0401E9203020818018C22930 9294 00</code>

Revision as of 00:48, 22 February 2021

Captured Meter Data Analysis

There have been two packet types observed thus far, a 0x55 and a 0xD5 packet.

  • 0x55 appears to be broadcasts from the meters and happen frequently. They have been observed multiple times per minute from a single meter.
  • 0xD5 appears to be a packet for transporting data across the mesh network. Each D5 packet will contain two meter ID's, Meter ID #1 and Meter ID #2. There are many 0xD5 packet length and types that have been observed, some are shown below.

0x55 Meter Data


0xD5 Meter Data

1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12)

00FF2A D5 0016 21 F05FCB84 F0FC4DB1 E288 0100 273205 00781930 CB72 00

1) Header = 0x00FF2A

2) Packet Type = 0xD5

3) Packet Length = 0x0016

4) Unknown Identifier #1 = 0x21

5) Meter ID #1 = F05FCB84

6) Meter ID #2 = F0FC4DB1

7) Unknown Identifier #2 = 0xE288

8) Unknown Identifier #3 = 0x0100

9) Unknown Data #1 = 0x273205

10) Unknown Data #2 = 0x00781930

11) Checksum = 0xCB72

12) Trailing byte = 0x00

00FF2A D5 0016 21 F073B577 F062363D FA88 0100 1F6C04 14E93E70 CF80 04

00FF2A D5 0017 29 8073AEAC F0F28D56 1288 0100 1F3204 041CBB1930 2D2A 04

00FF2A D5 001B 21 F10679E2 8073CE7D F498 0100 106C02 0A15F9055F06571A80 37C5 00

00FF2A D5 001C 29 8073ADB3 8073CE7D 9088 0100 106C02 040A99CF055F3A4B1170 A696 04

00FF2A D5 0021 22 F05A1A60 8073CE7D D8010100106C020520301D81800A99CF055F3ADD1410 A560 04

00FF2A D5 0047 51 F05A4BCC F03D4CD7 5A6032F37F0001DA2E00022BE9 A483 010150D075D9E2E0 F03D4CD7 000103240403030806080801000000036EE8001F6C0401E9203020818018C22930 9294 00