Difference between revisions of "Silver Spring Networks Protocol"

From RECESSIM, A Reverse Engineering Community
Jump to navigation Jump to search
(Created page with "Data capture from a Silver Spring Networks smart meter that was initially powered on. <br /> |---------------------- Sync Bits ----------------------------| |--Sync Word---...")
 
(Added more information about the Itron/SSN traffic)
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Data capture from a Silver Spring Networks smart meter that was initially powered on.  
+
Data capture from a Silver Spring Networks smart meter that was initially powered on. The text is very wide so open the file in a text editor, it won't look right in the browser most likely.
  
 +
 +
'''Initial capture of data - small file'''
 +
 +
[https://wiki.recessim.com/w/images/2/24/Silver_Spring_Networks_Smart_Meter_00135005008C900A.txt Silver_Spring_Networks_Smart_Meter_00135005008C900A.txt]
 +
 +
 +
'''170 samples sorted by "Mask" column, notice the data appears similar for each mask, need to figure out how it's being transformed.'''
 +
 +
[https://wiki.recessim.com/w/images/4/40/Silver_Spring_Networks_Extended_Parsed_02-22-2022_00135005008C900A.txt Silver_Spring_Networks_Extended_Parsed_02-22-2022_00135005008C900A.txt]
 +
<br />
 +
 +
===Capturing Itron/SSN traffic===
 +
In 2012 a permissive change was filed at the FCC to certify and document an RF mode not initially supported.  Specifically, it uses 2-FSK over 64 channels from 902.4MHz to 927.6MHz (inclusive) and a data rate of 150kbps.  This appears to be the predominantly used mode today among such devices.  A summary of all modes of FCC ID SK9AMI7 are shown below.
 +
{| class="wikitable"
 +
|+
 +
!Modulation
 +
!Frequency range (MHz)
 +
!Number of channels
 +
!Channel separation (kHz)
 +
!Data rates supported (kbps)
 +
|-
 +
|FSK
 +
|902.25 - 927.75
 +
|52
 +
|500
 +
|19.2
 +
|-
 +
|FSK
 +
|902.25 - 927.75
 +
|52
 +
|500
 +
|152.3
 +
|-
 +
|OOK
 +
|909.6 - 921.8
 +
|50
 +
|200
 +
|16.4
 +
|-
 +
|FSK
 +
|902.4 - 927.6
 +
|64
 +
|400
 +
|150.0
 +
|}
 +
The following capture file was created using this gnuradio file.  It has the 64 channels explicitly listed within the Center Freq Estimation block.  It uses a syncword of 0xAAAAAAAA (which is probably too short) and makes the assumption that data is transmitted most significant bit first, but this is an unverified guess.  No checking is done of the packets, so there are very likely to be many packets with errors.  In looking through this capture file, the majority of packets start with <syntaxhighlight>
 +
aa aa aa aa aa aa aa aa de 9d 27 27 16 66 f0 6c
 +
</syntaxhighlight>For that reason, it's likely that those packets are probably mostly correct, while the others should be viewed with suspicion.
 +
<br />
 +
[[File:Meter data capture.grc.txt|left|thumb|capture grc file (rename from txt to just .grc to run)]]
 +
 +
 +
[[File:Raw itron packet dump.zip|left|thumb|Raw dump of an Itron/Silver Springs Networks network.]]
 +
<br />
 
<br />
 
<br />
|---------------------- Sync Bits ----------------------------| |--Sync Word---| |-Mask-| |--Sync Word---| | --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data --------------------------- Data -------------------------|    |-- Checksum --|
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10001001 1111111110011101 1001001001010010011100010111100010010001011001101111101111111100011000111111011111100000011010000100011001110101101111110100110111101101110101001101101100000010000011110011100110001011010101011010000111001000001011011101110111101100100011100000101000000011001001111010011010101011101101110011111011000101110110011011001011101010111010011100000011110000000000000010100110000010101101101110001110101001100110100000010000110010 00 0001101010011011 010
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11111111 1111111110011101 1111100100111000011110001010000110110111011000011011001100011110011000010011000001000001100101100000010011101010111010110111111100011111000110000110010001111011101101001010110010100011110000110010110100101111101000000101100110110001111101010111011000110111111100010111001010111000000001010111001011001011010010000111011011101111011001101000001100001100100001010000110100001011111111110011011000110000111001001111011101000100 00 0111110101010001 110
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11100011 1111111110011101 1110000110010100101100110101011000101100110110001110000110010111000010011111111000111001010011100100000100111101010111001100100110100000011101010010010101000000100100000110110001001010110111110110110101110111010101000110011001111001101001101001110010001111110000000010101100101111111010100100010110111001111011010110010000111110111110100111001010111100000011100101010000101000010111110111111011101010011001101000000100001100 00 1110111101110001 010
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10100111 1111111110011101 1011110011101111110011110110001011111010000011001111001000100101010001011111000010101000100010100100010010110010000111100101101110010111010010111000111011000011100001011111010100110100001011000001101001011101000001010100101101100000011010011000011110000111011110101101110111010111100000111110100000010001110010100000000010100110111001110101000100110100000001001001000011111101011110101000110010010111001100011000011100100110 00 1000001111100001 0000
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11011111 1111111110011101 1101010101000010011001110100010110011110100101001110111100000110110011011111101110110110000011011011110110111000011000100001111001111001011000001011110000111110011000110001101101100000100011100100000001101110100110110111110101110001000111000110101001110111101010011000011010000111110011010010000100100001111100000100011110110110111100010110110000111011111101101010101010111111010000001101001011000001010101000111110011101010 00 1001100001110111 1111
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 01100111 1111111110011101 0101010111110011100011110011101000001110001100110011101001110110101011110100100010011001110100111101001101011101001010001100110000110100010110010101111101011111011101000100010110111111100000110111010111011011100111111001000111100010000111111100111000000110101010001110010101010111001100100000000001101110010110101010011101110011100101110011001110000111001010100010011100100100100110101010101010110010100100101011111011000100 00 0011111001100101 0111
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 01100101 1111111110011101 0101001010111011011011010011100011001001100100101100010000110100001100000001110101011000010110010001111111100010010100001110110010000001011100011100100111010011100100111100100000111011110111100000111010100111101010110100011100110110000011000111110001001010101001100111010010010011001101111000111100101101101001100010001001001101001111001011000010010010101100111111100011000100100010101010100011100011101111111010011100001010 00 1000110110011011 0011
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10110001 1111111110011101 1011010100110110111010010110010110110010111011101111000011100010111001000000111011101010000101010001000101110011100101000111001001000100001100100011010101010110101011010110001110111000110010111001011111011001010110000011000000011100010111010101000101010011011010010110111110011011100011010111100111010101110011111000111111100101000110111101010000001010101011101000100100010111111100100110000001100100010001101010110101110110 00 0100111101111010 110
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11110011 1111111110011101 1111011110101001101111001010010000111000001000100100111110011011010111111001101111000010100000111001110110010100000110010001101001011011010010010100100101100010011110111011011110101011011110011101101111010111110010011111010000011001110100100001001010101111111011000101000100110000000011100110110001001100101100010111110010010010001100011000010100100111101101101100011101001011111100100100010010010010101111101100010011011010 00 0011100000010001 000
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10000001 1111111110011101 0100101000010111101001101100111101010010001010111001011010111101010110001101001100100000100000010101101000110101111001111100100000100100000111001000100011101000101101110000100011010010110000100100111011111111010111110111100011111110010111111001011011110010100101110010110100000100110110001011100001011111000000110011000010011100101000000100000100100010001110001010110101011001011001001010001000111001001111011101000101000010 00 1100000100111000 010010
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10110101 1111111110011101 1010110110011010001000101001001000101001010101111010001001101011100011001100000010010010110011010101010010100100001000111010010010001101010111110111010001101101100010011010001101010001110101111101011110000001101011000000111111010100000011101011101111101011010110000011011000001100011000100100111010100111011010101001110100110100100001110010010110111010001001010011100110001010001001110100000010111110110001001101101100111110 00 1010101111011000 1000
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 01111111 1111111110011101 0100100011010000000001110011000100010000101101001100001101111100110100100001111110011111111110001110000110100000110011101001101101010100111110110000010101101100111010100111001110101110111101101001100000101011010011001100101010110010010100010000011100110110100100101010001001000111001001000011110101100001101010001011001110001001001110010011111111010001010011100101100101110000010011100110110111110110001001101101100111111000 00 0010100001111010 1101
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10101111 1111111110011101 1011011111110001010010001001101111110000011100011010010100100011011011101100001001010101011011001010101011100110101111000001000000100110110101011011100011010010111100000001100011000100111111110100000100001101010010111000001001010000010100111100000010010111011011001110000011011000011100011111110011101011011001000000110011110000100000101010101011111001110110000011111100010001000011001101001110101011010111011010010111001100 00 1110111101100110 0011
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11111101 1111111110011101 1111111001110000100110101010001101110000110000000100110101011100111111100110010110000000000111001100100001010101100100101100001010100100001100001111001011110111010100110010000100100111100111100101011001010011100101001000111101100101111001101100010001111011111111111110001101111100000000001111110110001000101101001111001111010001110011010000000000011001000111011101011111111011111000101011101001100001110010011110111010001010 00 1110010011110100 0011
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11111001 1111111110011101 1111000011100001010111101010011011111111100000111011000111011001110000001100111000000011000010010101000100101011011000011001011110001010011000011101111111101110100111000011101000101111001001001010000010101011111111010010001011001101110000011010000011100011111000101100000011110100000010111110001100001111010011011111100110101100100110100000011000110010001011110110111001111011010010010001001011000011100100111101110100010100 00 1011101101000100 000
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10011001 1111111110011101 1000010001101111011111101000101010000101100111000101010111110000001101011001001000011011101001011001101011011100111110101001011100111100111010001011011100100000111001001110001001101010111100110001011101101000101100000100111110001100111110101000010000100011000010111101110010110100010100110001011100110000100001011010101001000110001000100011011101101011101110010111011110100000000110000000100111010001010000100100000111100100 00 1110001011011101 011
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10111111 1111111110011101 1010000111001100010001110110100111100100100010110000101100101111001110001010011110101110101000010111011001001111111110010100010100111001111010011101010011110000000110111100001100100101010110011111011110101101110101100001000000110000001001110100111010110111010000001001101011000111100101011101010100011110001110000001010001011100010010010101110101100010011000010110010110101101010000111101100111010011100001011110000000011010 00 0111011101110001 0011
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 10110111 1111111110011101 1010101011010010110000001001000011101110111101100101110000101001000100111001010101010011010001111001100000011011010110101000110100111100011101111110001011100001011011100010111011010101100010101010110011111101100110001101100100000000000111010000100110100111010101101010011111001000011001111100000111100100100101100001100000001010001011001010011010101111101111010001100000010110110101110110010011101111111010011100001011110000 00 0001011011111111 1000
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 01011101 1111111110011101 0110001111100010111110101101011111111110111000000110000100100110111000011000000110101001111010011001010001001101001111100000111101100001101010110100101110100101110110100100100111101001111001101000111000010110010000110011100010100110101010111010100100111010110001001100011110111100111010011110000111001000111011000000011111101110000001010101001111110011101001010111000101001010001011010011101101010110101110110100101110011000 00 0000001101100011 010
 
010101010101010101010101010101010101010101010101010101010101010 0001100010111111 11100111 1111111110011101 1110010000011011111100001010101010101001111001100100101000010100000111000110011101000111101111010011011000010111000011010000111110000101101110100011111001001000001010101001101010110010101101101100000011011111011100110000001011100001101110111011111100000111110010110011010110101000000100110100111111000100101110100110001000010101110010001000111101011010111000000011101100010111011011011110111101110100010100001001000001111000 00 1010101000011101 001
 

Latest revision as of 18:14, 11 June 2022

Data capture from a Silver Spring Networks smart meter that was initially powered on. The text is very wide so open the file in a text editor, it won't look right in the browser most likely.


Initial capture of data - small file

Silver_Spring_Networks_Smart_Meter_00135005008C900A.txt


170 samples sorted by "Mask" column, notice the data appears similar for each mask, need to figure out how it's being transformed.

Silver_Spring_Networks_Extended_Parsed_02-22-2022_00135005008C900A.txt

Capturing Itron/SSN traffic

In 2012 a permissive change was filed at the FCC to certify and document an RF mode not initially supported. Specifically, it uses 2-FSK over 64 channels from 902.4MHz to 927.6MHz (inclusive) and a data rate of 150kbps. This appears to be the predominantly used mode today among such devices. A summary of all modes of FCC ID SK9AMI7 are shown below.

Modulation Frequency range (MHz) Number of channels Channel separation (kHz) Data rates supported (kbps)
FSK 902.25 - 927.75 52 500 19.2
FSK 902.25 - 927.75 52 500 152.3
OOK 909.6 - 921.8 50 200 16.4
FSK 902.4 - 927.6 64 400 150.0

The following capture file was created using this gnuradio file. It has the 64 channels explicitly listed within the Center Freq Estimation block. It uses a syncword of 0xAAAAAAAA (which is probably too short) and makes the assumption that data is transmitted most significant bit first, but this is an unverified guess. No checking is done of the packets, so there are very likely to be many packets with errors. In looking through this capture file, the majority of packets start with

aa aa aa aa aa aa aa aa de 9d 27 27 16 66 f0 6c

For that reason, it's likely that those packets are probably mostly correct, while the others should be viewed with suspicion.


File:Meter data capture.grc.txt


File:Raw itron packet dump.zip