I have a zigbee2mqtt / home assistant setup working fine, and I'd like to try to make my own simple devices to connect to that network.
I got an xbee 3 board, and using micropython to start with I was able to connect to my network.
However the "interview" fails. The xbee receives a message with a cluster 0, profile 260 (home automation) and endpoint 230 (command). Not sure what the payload contains, that's not a string :
{'profile': 260, 'dest_ep': 230, 'broadcast': False, 'sender_nwk': 0, 'source_ep': 1, 'payload': b'\x10\x02\x00\x05\x00\x04\x00\x07\x00', 'sender_eui64': b"\x00\x12K\x00\x18\xe2I'", 'cluster': 0}
My question is what should I answer for the interview to succeed ?
I'm making only a basic sensor, I'd like to just report 1 weight reading periodically. I'm assuming I need to send back something saying I have one endpoint, on some cluster (not sure which, I guess something in the 400s) but I don't know what the format should be.
I couldn't find much info on this (baring how to use things like the Zigbee Cluster Library, which aren't python), any pointers or examples of end devices I could take a look at to understand how this interview process works ?
Unfortunately digi's examples all seem to involve xbee devices talking to each other, I couldn't find any examples of how to make a regular end device.
Thanks !
EDIT: Just found this great page which explains how this all works. Still need to figure out the exact bits I'll need and try it out, but now I know where to start !
This sounds a lot like the ZCL, and I'm not aware of an Open Source Python implementation of that protocol. Digi has an Open Source ANSI C Library that includes a ZCL implementation. If you can read C code, you might be able to decode that payload to see what it's asking. You might also need to handle some of the ZDO/ZDP (Zigbee Data Object/Device Profile) protocol on endpoint 0, by setting ATAO=3 (IIRC). There's also ZDO/ZDP code in that C library. (Full disclosure: I wrote most of the code in that library, including the Zigbee layer. But I haven't worked with Zigbee in a long time, so I'm rusty on protocol details.)
My recommendation would be to just hardcode hand-generated responses as much as possible. Figure out the expected format for requests, and determine what works as a response. If you can sniff the 802.15.4 traffic, or have your zigbee2mqtt gateway log activity with an existing device, you might be able to use its responses as a starting point for your implementation.
Related
I have an obsolete hardware level/pressure transmitter that communicate with mcu using custom protocol (it appear to be similar to modbus RTU), that hardware comes along with an old commissioning software that works perfectly fine under latest windows, that software contain all communication protocol components that I try to extract and use in something like Arduino to pull data out of transmitter, anyone can help out?
Update - Didn't mentioned above that form of communication here is half-duplex serial communication where master hardware/software query slave transmitter.
Now mentioned to program Arduino mcu to pool data out of transmitter.
What best way of getting readable data out of it?
Again many thanks for all your comments and help!
What you need is called a sniffer. Use that as a keyword and you should be able to find plenty of info here at SO and around the web.
To set the record straight it is actually possible to use Wireshark to sniff on Modbus RTU over serial, see my answer here. If your protocol is similar to Modbus I would start with SerialPCAP.
If you prefer more Windows-friendly solutions you can check these out: 1, 2.
Since Modbus is pretty simple I would say reverse engineering a similar protocol should be, maybe not a piece of cake but just manageable, even if you are not very experienced.
These days when almost everyone is a maker or at least a wannabe, you might want to first take a good look around, maybe somebody else already reverse-engineered that protocol and published it somewhere.
The best tool to analyze a protocol is Wireshark. Run it on the communication link between the Windows machine and the radar. First possibility: the protocol is actually something that Wireshark knows (some trials and errors with the "Decode as" menu may be necessary.) Second possibility, less funny: the protocol is indeed completely proprietary and unknown to Wireshark. At least, Wireshark will make it easier to examine the binary data.
This may not be in the right location, so tell me and I'll move it.
I am a recent EE grad and I was hired to build a system that exists on a SoC with a simple 32-bit processor. The system basically monitors several external devices and performs some DSP on it, and then is supposed to send the results using a WiFi device (in my case I have the ESP8266 using UDP) to an email server for logging/notification.
I have been trying to find a library that I can use, but my uC can only program in C and I have it set up for UDP, and everything is in C++ using some other protocol, or something else completely.
I am great at DSP, decent at SoC's and uC's, but when it come to this email server communication thing I am at a loss.
I have successfully configured everything for the sensors, the datapath, the DSP, and connected the system to my WiFi via UDP, but I have yet to figure out how to send data to any servers.
Could someone help me understand how I should go about this?
I have looked into some simple SMTP commands such as HELO, MAIL, RCPT, DATA, etc. but I cannot understand how I actually should implement them in my code.
When I send out the WiFi data via UDP what type of data do I send and how do I format it? Do I need to send any other kind of flags? How should I expect the response? I also know the data has to be transformed into base 64 which is confusing me further.
I am also not super familiar with UDP to begin with, I have been using libraries that are part of the SoC's default library to connect to my WiFi.
I know these may either seem like obvious or stupid questions but it is were I no longer have any knowledge, and everything I find online doesn't make sense, or doesn't attempt to explain it, just gives a pre-made solution
I have found the RFC2821 but it doesn't get any clearer.
I know that's a lot but any help at all would be a lifesaver!
Since you are asking this question, I'm assuming that you are not booting and running an OS suitable for micro-controllers such as an embedded variant of Linux or such. If you were, you would simply be able to take advantage of possibly built in applications or other existing code.
But you don't mention having written an Ethernet stack, so are you using some other library or operating environment which might have some of the functionality needed for an implementation of SMTP?
If you don't and really do need to write your own SMTP client to run directly on the processor you are using, then you should be able to find plenty of examples of source code for this. A quick google search of How To Write an SMTP client showed a few articles with some example code. One article seems to be an exact hit, but you need to look at it further.
However, I would highly suggest just sitting down with a telnet client and connect to an SMTP server you are allowed to use and try the commands you need to just send a message. If you only need to send text, you don't need to get involved in MIME encoding or anything like that.
I am trying to create a client in C that will talk with a BACnet server. This BACnet server is stored on an industrial device (CAN2GO) and I am not sure how I could talk with this device.
I spent quite some time reading documentation for BACnet and I never found a clear example for a BACnet client. I already did some server and clients using TCP and UDP but I don't know how to start this BACnet client and I must say I am getting quite desperate.
I found a library which seems to correspond to what I want which is called BACnet protocol stack but when I tried the whois exemple no device was found (I expected to found the bacnet server but maybe I shouldn't ?).
So my question is : could you give me an exemple in C, or another language but C would be better, that would communicate with a BACnet server (nothing complicated just a question and analysing response). This example could be using the library I just wrote about or if you prefer another library I am of course open to everything.
Thank you very much for your time and answers.
I have used that stack and it is the best open source one you are going to find. If you cannot see anything using the demo\whois\bacwi example from that library, then there is something wrong with your setup. In particular, are you using IP? Are your BACnet client and BACnet server on different machines (they cannot be on the same without some serious tweaking)? Are the two machines on the same IP subnet? (They must be, once again, unless you do some serious tweaking (in this case, setting up BBMDs (BACnet Broadcast Management Devices))).
You will also want to try the "Read Property" example (demo\readprop\bacrp.exe) to actually read a value from the server.
If you are still stuck, then post your detailed problem at the link on Sourceforge, Steve, the author, is very responsive to questions.
I am currently using the stack - just started. I had a little trouble at first, not sure if my problem is the same but.. I basically am using some BAC components made from Schneider Electric (UNC-500) and an old un-supported platform (Niagara R2). On my laptop I created a host server and addressed it to a private LAN network between it and the UNC. My laptop was also using wifi, which was utilizing DHCP, so I had two separate interfaces going. This was my problem. I couldn't read or get 'I-AM' responses back from the UNC. As soon as I turned the WIFI off, I got the 'I-AM' broadcasts. Make sure that you are on the same network as your device, and that there are not other interfaces active. Maybe there is a way to assign the interface to use, IDK. I just started using it.
I want to get in the middle of packet forwarding (Not routing). For example, the system is a layer 2 bridge between hosts and their gateway. I want to check the layer 7 for string or whatever "foo" and forward/drop/delay the packet based on the result. What I am having trouble with is intercepting the packet.
What I have read so far:
I know I can get the copy of packet from BPF device (Usenix paper by Steven McCanne and Van Jacobson http://www.tcpdump.org/papers/bpf-usenix93.pdf ). that's good for sniffing but not for me.
I can access the PF device and set the filtering rules which is good for forwarding or dropping decisions, but not for inspection. man pf (4)
I can get packets into the ALTQ queues, BUT I do not know how to access the individual packets located in the queue. man altq(9)
I have also looking into the source code for PF(/usr/src/sys/contrib/pf/net ), PFCTL (/usr/src/contrib/pf/pfctl) and ALTQ(/usr/src/sys/contrib/altq/altq).
On FreeBSD 9.1 machine
I am not C expert, but I am good with it.
Maybe I am getting tired today with all the reading and missed something trivial. Please forgive me if so. Plus, this will be a very good find fro those looking into the subject.
P.S. There is a way of controlling the flow of "foo", by detecting "foo" in packet and denying the answer to that from coming back by setting up the filter for answer to that request. This is NOT what I am trying to achieve. I do not want the packet to leave the system if it should not.
EDIT 2 P.S. There is a great way of doing this on Linux. I can achieve everything I mentioned here on Linux with libnetfilter_queue. I will not bother posting solution here because there are many many many tutorials on how to do it on Linux.
In conclusion, I am still looking for answer on how to do this on BSD. As far as I can understand, I need to write a wrapper/library based on pf (because there is no such thing on the net - otherwise I should have found it already), that does the same thing as libnetfilter with it's libnetfilter_queue library. Or I could somehow dig into libnetfilter and port it to FreeBSD, but since it is based on iptables, only thing I can get from digging into libnetfilter library is logic and algorithms not the actual code itself, which by itself could prove to be of no use to me.
FreeBSD 9.1 has an userspace framework for packet access called netmap. It was recently introduced and has an amazing performance scale. It does very simple but powerful thing - just mmaps the NIC buffers to userspace portion of memory and detaches the packet processing from host stack, this was exactly what I needed the rest is on me.
If anyone needs any goods reference for this, please refer to man netmap (4)
Have a look at OpenDPI or nDPI.
Check out the "Divert Sockets" in BSD implementation as well. Unlike Netmap, it is not zero-copy (IMHO) however it can work with ipfw in order to implement the necessary filters in order to filter packages you want to process.
TL;DR available at the bottom
I've been trying to figure out a way to get two laptops (both running Ubuntu) to be able to pass basic messages back and forth without the need for them to be connected via a wireless network,either by an AP or ad-hoc. I want to reiterate here that ad-hoc networking is not what I'm looking for, I've seen many similar questions here with that as the answer.
I guess what I'm asking is: how do I achieve this? All I really need is for one computer to be able to send a packet, and then for another to pick it up via a packet sniffer of some kind.
Currently: I have both laptops in monitor mode (via a mon0 interface created from aircrack-ng's airmon-ng)so that they can sniff nearby traffic (with Wireshark, tcpdump,tcpcump.org's sample libpcap code, and opening a raw socket and just printing out all the packets. I tried each just because I thought one could be doing something differently/leaving something out). I also have a very basic program that consists of opening a raw socket to send crafted ethernet frames out to the air, but I can't get my two machines to see the other's packets. The sniffer running on each machine can only see the packets going out of that machine (in addition to nearby beacons/control traffic from wifi in the area).
Some things to note that might be important are:
-the packets I'm sending out appear in Wireshark (only on the sending machine) as malformed 802.11 packets (probably because I'm just filling them with junk data for now). I was under the impression that my other laptop would also see them as malformed packets, but it gets nothing
-the sockets I'm using are from a call to socket(PF_PACKET,SOCK_RAW,ETH_P_ALL). Raw sockets are something I just recently was aware of, so I could be misunderstanding how they work, but my impression is that I can craft a layer 2 packet by hand and ship out straight out to the wire/air.
If you're curious as to why I want to do something like this, it's part curiosity, part research for a project I'm working on. I want to streamline / automate the process of setting up an ad-hoc network, and what I'm trying to do here is for the laptops to do a small exchange to figure out the specifics of the adhoc network they are about to create and then make/join that network automatically, instead of either one person explicitly setting up the network OR having both people pre-decide the name, etc of the network and have both computers constantly trying to connect to that specific one.
I'm more interested if I'm going about this process in the right way rather than if my code works or not, if someone thinks me posting my (very basic, taken from another post on Stack Overflow) raw socket code will help, I can.
Edit: I am more than happy to post a complete set of code with instructions if I can get this working. I couldn't find much helpful info on this topic on the internet, and I'd love to put it up for future people trying to do the same thing.
TL;DR I want to send out a packet from one laptop and pick it up on another via a packent sniffer of some sort. No wifi network or ad-hoc network involved. Something akin to spoofing an AP's beacon frame (or similar) for the purpose of sending small amounts of data.
Edit 2:After some thought, perhaps what I'm looking for is some kind of raw 802.11 use? Having direct control of the wifi radio? Is such a thing possible?
I found out I was able to send packets out through my monitor mode interface as long as I had correct 802.11 with radiotap headers. I think the problem I was originally experiencing (not being able to sniff the packets) was because they were malformed and thus not actually getting sent out.
I was able to accomplish this by adapting the example code found here, courtesy of someone named Evan Jones, except I did not need to use an Atheros based card or Madwifi drivers, everything worked fine with the mon0 interface created with aircrack-ng.
I am certain that Apple Mac do this. Apple call it 'bonjour'. There may well be a proper IETF spec for it. This is an Article on Bonjour this is Wikipedia on an open component of bonjour which might help get you moving.