Open Saentist opened 1 year ago
Do you have this setup working (with the app)? Have you logged the bluetooth traffic from the app?
Do you have this setup working (with the app)? Have you logged the bluetooth traffic from the app?
Yes I have Bluetooth compatible inverter. But for second part accept any suggestions how to do it. I can connect to inverter with standard PIN 123456 under Linux/Windows, but no COM port emulation is enabled on it as on phones.
Guess something as this. https://support.honeywellaidc.com/s/article/How-to-capture-Bluetooth-traffic-from-and-to-an-Android-Device
Yep thats the way - then post the log and/or try to decode it yourself It takes a lot of trial and error to reverse engineer the ble log, but I am building a new battery at the moment and have a similar inverter, so will take a look once i get it running
Its not so human readable, but ID55355535553555
is inverter
Great. Did you do anything in the app or is it just receiving data? Can you grab a screen shot of the data
Ps you need wireshark to be able to read it and even then it takes a lot of guess work
On Mon, 9 Jan 2023, 10:02 pm Saentist, @.***> wrote:
btsnoop_hci(1).zip https://github.com/jblance/mpp-solar/files/10371745/btsnoop_hci.1.zip
Its not so human readable, but ID55355535553555 is inverter
— Reply to this email directly, view it on GitHub https://github.com/jblance/mpp-solar/issues/293#issuecomment-1375292342, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJVKNTPUNJCD4YOCDPCIKTWRPH2ZANCNFSM6AAAAAATNYASLI . You are receiving this because you commented.Message ID: @.***>
I try to analyse via Wireshark but no success yet not see values. capture is made with very low spec android 6 phone (Alcatel Pixi 4) Will try to make new capture with screen recording, to be more easy to compare actions and responses.
there is some long repeating string in peyload with lenght 671 Event 0x13
806001060002428000000000059cbd357d0000000000000000007776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db9cbd357d0000000000000000007776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db9cbd357d0000000000000000007776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db9cbd357d0000000000000000007776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db9cbd357d0000000000000000007776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db7776db6eedb6dbbbb6db776db6ddddb6dbbb6db6eeedb6dddb6db
guessing by repeating logic can be something as this
806001060002428000000000059
cbd357d000000000000000000
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db9
cbd357d000000000000000000
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db9
cbd357d000000000000000000
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db9
cbd357d000000000000000000
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db9
cbd357d000000000000000000
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
7776db6eedb6dbbbb6db
776db6ddddb6dbbb6db6eeedb6dddb6db
repeating segments aka possibly not changed setting from report
first 8 symbols are growing ... guess time or timer.
one more log with video for comparsion hci_snoop20230109214525.zip
it looks like an encrypted setup
but some info is clearly visible in the trace, eg product info in frame 396 response on handle 0x0017
There is a encryption key after connecting.
response on handle 0x001d might have basic info
There is a encryption key after connecting.
yes, but the encryption will make connecting with python harder
No battery connected to inverter.
adding *0.1 for correct values needed
No battery connected to inverter.
yes, just trying to see the same values (after decode) in the log file
first log have PV voltage, MPPT make it flat ~120Vdc
handle 0x0023 rated info
handle 0x0023
fc08d900fc08f401d90088138813e00101000000
fc08 2300
d900 217
fc08 2300
f401 500
d900 217
8813 5000
8813 5000
e001 480
0100 1
0000 0
0x0023 inverter rated specs 0x0017 firmware versions 0x001a serial number 0x001d ??? 0x0020 ??? 0x0026 ??? 0x0029 ??? only zeros 0x002c ??? 0x002f ??? 0x0035 ??? 0x0038 ??? small changes 0x003b ??? 0x003e ??? zeros 0x0042 ??? 0x0045 ??? 0x0048 ??? 0x004b ???
I try some ble scan tool and this is strange results.
hci_snoop20230109214525 (2).zip hcisnoop20230109214525 (2).zip
sniffing is larger and in two parts
Interesting if inverter s paired via android /not app/ it cannot be scanned
Interesting if inverter s paired via android /not app/ it cannot be scanned
Wonder if this the encryption?
I thought the inverter I just got was one of the ble ones, turns out it's just wifi
On the git repo there is a ble-scan.py can you try running that somewhere in range of the inverter (you'll need pip install bleak
if you don't have it)
Yes will try
TI recommend this tool https://www.ti.com/lit/an/swpa234/swpa234.pdf?ts=1673270553469 https://github.com/Hari-Nagalla/BT-HCI-Logging
Wondering how many time will take to "close source payed monitoring" made from "free software" to monetize your code Enable donations in repo ;)
The log capture is the easy part, the hard bit is figuring out what the data corresponds to.
I don't think there's money in this code. Helpful for some maybe but that about it
ble-scan.py
Can you post link to this file?
Is there any information how to read status over Bluetooth in Voltronics / Axpert and clones All they are controlled by WatchPower app on android Mostly all Inverters with this control panel.
![image](https://user-images.githubusercontent.com/16975883/210156692-ee8e45c6-cfb9-462b-bf70-7fb01feae38e.png)