Silver Spring Networks Protocol
Data capture from a Silver Spring Networks smart meter that was initially powered on. The text is very wide so open the file in a text editor, it won't look right in the browser most likely.
Initial capture of data - small file
170 samples sorted by "Mask" column, notice the data appears similar for each mask, need to figure out how it's being transformed.
Capturing Itron/SSN traffic
In 2012 a permissive change was filed at the FCC to certify and document an RF mode not initially supported. Specifically, it uses 2-FSK over 64 channels from 902.4MHz to 927.6MHz (inclusive) and a data rate of 150kbps. This appears to be the predominantly used mode today among such devices. A summary of all modes of FCC ID SK9AMI7 are shown below.
|Modulation||Frequency range (MHz)||Number of channels||Channel separation (kHz)||Data rates supported (kbps)|
|FSK||902.25 - 927.75||52||500||19.2|
|FSK||902.25 - 927.75||52||500||152.3|
|OOK||909.6 - 921.8||50||200||16.4|
|FSK||902.4 - 927.6||64||400||150.0|
The following capture file was created using this gnuradio file. It has the 64 channels explicitly listed within the Center Freq Estimation block. It uses a syncword of 0xAAAAAAAA (which is probably too short) and makes the assumption that data is transmitted most significant bit first, but this is an unverified guess. No checking is done of the packets, so there are very likely to be many packets with errors. In looking through this capture file, the majority of packets start with
aa aa aa aa aa aa aa aa de 9d 27 27 16 66 f0 6c
For that reason, it's likely that those packets are probably mostly correct, while the others should be viewed with suspicion.