FIXED: Generac will begin encrypting evolution 2.0 controllers starting with firmware 1.10. Will this block genmon use on Evolution 2. Also all new evolution 2 generators will be shipped with encrypted controllers.

[grsthegreat]

Use the template below if you have an issue or want to report a bug. If you have a question or a feature request you can ignore the questions below.

NOTE: If you are having issues with your serial connection, please read this page before posting:

https://github.com/jgyates/genmon/wiki/3.6---Serial-Troubleshooting

If you are having other issues, please see the following page:

https://github.com/jgyates/genmon/wiki/3.5---General-Troubleshooting

If you need to send you logs and registers to the developer, if you email is setup and working properly you can click send your logs on the About page in the web interface.

Expected Behavior

{Please write here}

Actual Behavior

{Please write here}

Steps to Reproduce (including precondition)

{Please write here}

Screenshot or Pictures relating to the problem (if possible)

{Please write here}

Your Environment

• Generator Model: {Please write here}
• Generator Registers: Submit via the About page
• Genmon Version: {Please write here}

[grsthegreat]

Liquid cooled as of right now do not have wifi ability, thats why they wernt targeted. As soon as they add wifi to those, they will be encrypted.

Honeywell units have same controllers as generacs guardian lines. The evolution 1 units will require a manual update. Ill be generac will add this to future evol1 updates. Thats why i will no longer update my own personal evol 1 controller. If a client wants an update, sure ill oblige.

[hokie21]

Lots of critical infrastructure is backed up by generators. These customers for the most part do not want and will not allow Internet connections to their generators due to their information security policies. They connect their generators to their own network monitoring centers over private networks. I would be surprised if Generac decides to alienate these industrial and critical infrastructure customers.

[liltux]

Generac is moving Mobile Link into the larger liquid cooled, industrial units later this year. They are just wanting to get into the monitoring market, being their units they can modify as that want to.

[gzebrick]

I wonder how hard it would be to just replace the controller completely in the smaller air-cooled generators. I'd have to see what the I/O list looks like but low cost single-piece programmable controllers (with displays, built-in web servers, data ports, high resolution analog and digital inputs and outputs) are pretty common now. It's not a nuclear reactor, so a full speed PLC may not be required. In fact, the Pi probably has more horse power than the Evolution controller built into my 17Kw.

That might be the next step - after-market full replacement controllers with integral data ports (232/485/IP) with web servers (for use after the warranty has expired). - and they's speak Modbus / BACnet / and other protocols as needed.

[UPS99]

Omnimetrix may already have a work-around. This install PDF for Generacs, dated Tuesday, 5/26, refers to encrypted and non-encrypted Modbus and has an alternate direct wiring diagram and pictures to bypass the plug-in interface:

https://www.omnimetrix.net/wp-content/uploads/2020/05/IM-1087-01-TG2-Nexus-EVO_4-Alarm-Modbus-Remote-Start-Install-Guide.pdf

[hokie21]

The work around leaves much to be desired and has no visibility to the detailed error information on the bus. Before I had Genmon I used the transfer indication and the relay closure output connected to my house alarm system. It looks like they are doing something similar to this.

[UPS99]

I don't have info on the capabilities of various Omnimetrix models. However the brand was specifically mentioned in Generac info as one that would be disabled by the new firmware. That doc may cover only an add-on device. All of their documentation may not be on line, but still, this might suggest a starting point, perhaps by direct connection to the evo2 board.

[ebovine]

I wonder how hard it would be to just replace the controller completely in the smaller air-cooled generators.

This was my first thought as well so I opened the controller that evening with the intent to begin an open controller project. It’s not too complicated, but certainly not a near term solution.

[grsthegreat]

I think a evolution 1 controller would also work in a evol 2 unit, lose the wifi cable.....i wish i could try it.

[jgyates]

@ebovine , can you make out what CPU is being used on the controller. Maybe post some photos is the board?

[ebovine]

It’s a PIC32MX575F-512L. No external flash. Yes, the code protect bit has been set.

[lakee911]

I have a copy of the Generac service manual for my generator (and others). It has a lot of good information in it including pinouts, voltage ranges, tolerances, etc. Be forewarned, though, that there are mistakes in the manual. Check and recheck if you decide to trust it. I can't attach it here because it's too big. Let me know how I can get it uploaded and I will.

When I had my fried controller opened up for repair, I did take some photos. They're not very clear. Looks like it has a PIC32 controller. Looks to also be conformally coated (or something), which doesn't help. This just MIGHT be a PIC32MX575F512L.

[lakee911]

Well, at least it seems to be consistent among controllers. @ebovine, it looks like you've got a newer controller there. Mine is circa 2013.

Info on bit protect for others: https://www.microchip.com/forums/m989482.aspx

[jonathanpisarczyk]

My 1st contact us form:

Questions/Comments: I would like to roll back the firmware on my generac generator. The encrypted modbus is affecting my business and monitoring of the generator. If this encyption change isn't reversed I will stop purchasing Generac.

Hello, Thank you for contacting Generac Power Systems, Inc. My name is Stephanie and I will be assisting you today. You will have to contact a dealer in your area to change the firmware on your generator.

If you have any further questions, please feel free to ask.

Stephanie Covarrubias Customer Support Rep II Generac Power Systems – Jefferson, WI Phone: 888-436-3722 Fax: 920-674-2128

[liltux]

@jonathanpisarczyk I don't think Stephanie knows what you are asking... Looks like an automatic response.

[lakee911]

I just sent the following comment

--snip-- Hello, I wanted to pass along a comment, and I'll keep this very short. I am very unhappy that Generac has elected to start encrypting communication with its latest firmware update for air-cooled generators. This is simply crippling an otherwise usable product in an effort to create an additional revenue stream. I would not expect this from a company of your caliber. This will cause you to lose business. Personally, I will not be purchasing or recommending another Generac branded (or relabeled) generator until this is stopped. I would appreciate it if this could be shared with the appropriate folks internal to Generac. Thank you, Jason V. Advani --snip--

[ebovine]

@lakee911 I'm not sure whether it can be attached here or posted on a site such as mega, but I'd like to take a look at that maintenance manual for the pinout tolerances.

[lakee911]

@ebovine, I just uploaded it to @jgyates Dropbox. Let's see if he can make it available. If not, just point me to a specific place where I can upload it and it's yours.

[jgyates]

FYI, I can not put copyrighted info on github.

[ebovine]

@jgyates Agreed - sorry about that!

[InertiaImpact]

I have a Pi 3b with a Evo2 Air cooled gen that updated on the 20th and locked genmon out..

I am willing to help if there is any testing or info that anyone needs to help try to figure out a workaround for this issue.

[boeingpilot]

Ok so here's my question (I probably already know the answer and am not going to like it....) When deciding on a generator I decided on a Generac based on GenMon. I really want something that would notify me if there was an issue or if the system was running while I was out of town. Plus with a little use of IFTTT, I could integrate into my Vera home automation for monitoring. My two vendors offered me either a Generac (Honeywell) and the other offered a Kohler.

So... didn't see this thread until the deed was done. Looking at the memo from Generac, sounds like if the data plate has a green or black dot, encrypted firmware is installed. (And mine has green dot) The installers are just finishing up, so the genmon is not yet installed. Unit is a Honeywell branded model G0070652

• Am I correct to assume modbus is encrypted?
• Assume (as of this moment in time) no good getting genmod to work?
• Any one looking (succeed?) for a work around?

Thx in advance

[jgyates]

I am doing some research now that I hope will allow a workaround.

Does you system have wifi built in? Evolution 2.0 has a wifi module. Evo1 does not.

You can also look at the firmware version in the menu. This will also indicate that the controller is V1 or V2. V2 firmware is at 1.10. Version lower than 1.10 does not have modbus encrypted. If you have this do not connect to wifi as your firmware will be upgraded automatically.

If you firmware version for Evolution 1.0 is 1.21. If you have Evolution 1.0 then you should not have encrypted modbus.

[boeingpilot]

I am doing some research now that I hope will allow a workaround.

Does you system have wifi built in? Evolution 2.0 has a wifi module. Evo1 does not.

You can also look at the firmware version in the menu. This will also indicate that the controller is V1 or V2. V2 firmware is at 1.10. Version lower than 1.10 does not have modbus encrypted. If you have this do not connect to wifi as your firmware will be upgraded automatically.

If you firmware version for Evolution 1.0 is 1.21. If you have Evolution 1.0 then you should not have encrypted modbus.

Yes it does have wifi internally. The installers are still hooking the thing up, so I have not done anything to it as of yet.

I do not plan on having the installers setup the wifi for now. Of course there is the 'activation' of the generator. Not sure if they are just going to submit for a code or do it via a cell phone tether. If they do, it may get a firmware upgrade. Can't really tell the guys installing to not do that (seeing as they are the warranty people!) But I will not let it be connected to the wifi for now.

[skipfire]

@boeingpilot don't let them install the firmware update via USB either. I'd guess there's a fair chance the unit doesn't have the firmware yet since it just went out over USB a couple weeks ago and they probably had the controllers flashed before that. And if they have a USB stick with the 1.09 firmware they may be able to downgrade you as well.

[boeingpilot]

@boeingpilot don't let them install the firmware update via USB either. I'd guess there's a fair chance the unit doesn't have the firmware yet since it just went out over USB a couple weeks ago and they probably had the controllers flashed before that. And if they have a USB stick with the 1.09 firmware they may be able to downgrade you as well.

I'll try. Hard to tell the dealer what to do.... I doubt they're going to update the firmware.

[InertiaImpact]

Is it a possibility to have the installer downgrade the firmware? Will it accept the lower fw when checking the USB? I have them coming out on Monday for its "yearly service".

[UPS99]

I wonder if there is any chance Honeywell branded units will not get the encrypted firmware? It may not be possible technically to avoid that, of course.

[ghost]

Hello all. I've been following this project for a while and was just getting ready to set it up and saw the posts about encryption...about 20 days too late. Sure engough, I have the new firmware on an EVO2. A little bummed and a lot angry that they did this. Anyway, I'm interested to see what @jgyates can come up with for a workaround on the comm. encryption issue.

Not that this helps but GENERAC's security argument is weak. They continue to maintain standard MODBUS RTU links with their industrial and commercial product lines. I frequently work with those products and have seen no indication that they plan on encrypting them. This seems to be a change isolated to the residential market.

There has been some talk of developing an open controller project. I'm actualy working on a controller replacement based on a small industrial PLC instead. My basis and test unit is a Guardian 22kw installed two years ago. I would be interested in comparng notes with anyone else attempting to go this route.

[jgyates]

@pridesleap and @InertiaImpact

If you have a moment contact me at generatormonitor.software(at)gmail

[grsthegreat]

Honeywell uses same controller as all evol2 units, just call it sync2. It is also encrypted. You do not have to link thru wifi in order to maintain your warranty. However if its a new generator its already encrypted from factory.

Im not sure if you can roll back the encrypted unit, but i doubt it can be done.

I just installed my LAST generac generator that ill ever install.it was from a signed contract last december. It had a green sticker and therefor encrypted. Owner does not have wifi so i left it off. Does not affect warranty.

[UPS99]

It is theoretically possible to not trigger the encryption on a particular of serial numbers, if Honeywell did not want it done - but would probably be impractical.

[boeingpilot]

Honeywell uses same controller as all evol2 units, just call it sync2. It is also encrypted. You do not have to link thru wifi in order to maintain your warranty. However if its a new generator its already encrypted from factory.

Im not sure if you can roll back the encrypted unit, but i doubt it can be done.

I just installed my LAST generac generator that ill ever install.it was from a signed contract last december. It had a green sticker and therefor encrypted. Owner does not have wifi so i left it off. Does not affect warranty.

Yes I know that... I doubt they will enable wifi (yes I know it's not needed for warranty). I also doubt they will update the firmware, as there's no reason to. Just hoping a reverse engineering solution is found. I bought he Generac because I wanted Genmon.

(The ironic thing is I was ready to do this back in feburary, then cancelled with the pandemic and they used that generator somewhere else. Good chance that one had the old firmware.)

[jgyates]

@lakee911 or @ebovine

Would either of you happen to be able to read the frequency of the crystal oscillator closest to the PIC23?

[lakee911]

@jgyates/genmon genmon@noreply.github.com, I don't have an o-scope, but I tried w/ my meter. I'm getting 59.94 Hz, which doesn't seem right at all. I'm wondering if it's picking up noise from the lights in my shop or something... Do you know what this is for, by any chance? Is it possible that because the controller isn't actually installed in the gen that its not active?

On Thu, Jun 11, 2020 at 5:46 PM jgyates notifications@github.com wrote:

@lakee911 https://github.com/lakee911 or @ebovine https://github.com/ebovine

Would either of you happen to be able to read the frequency of the crystal oscillator closest to the PIC23?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jgyates/genmon/issues/374#issuecomment-642943449, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIKY4JZLDNIDMH2T34OHO5LRWFGETANCNFSM4M4HDO5Q .

[jgyates]

I am trying to determine the frequency on the OSC1 (pin 39)and OSC2 (pin 40) inputs. This is the base frequency input pins. All other frequencies are derived off of this value.

[lakee911]

I flipped through the data sheet and I think it is 10MHz which is inline with the "10" on the chip. Just an educated guess, though...

On Thu, Jun 11, 2020, 6:40 PM jgyates notifications@github.com wrote:

I am trying to determine the frequency on the OSC1 (pin 39)and OSC2 (pin 40) inputs. This is the base frequency input pins. All other frequencies are derived off of this value.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jgyates/genmon/issues/374#issuecomment-642966696, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIKY4JYKN5KM2IF3OVL5KATRWFMM7ANCNFSM4M4HDO5Q .

[jgyates]

Thanks, that helps. I will assume 10MHz for now.

[ebovine]

Hey! Sorry I missed this. On the rev G board I have on my workbench, it is a 16 MHz part. From the photos of the Rev H that is installed, I believe it is also 16MHz.

[boeingpilot]

Ok - going to start building the genmon box tonight. Realize that it will not work with my controller. However, jgyates, I can give access if anyone has an idea to make it work.

[grsthegreat]

Ok - going to start building the genmon box tonight. Realize that it will not work with my controller. However, jgyates, I can give access if anyone has an idea to make it work.

Are you sure your controller is encrypted.....maybe it was old stock. At any rate dont enable wifi if you use genmon

[jmone1]

I hope this works out. Just got my Generac commissioned and I have the new Firmware. The MobileLinkGen app is next to useless.

[ghost]

I hope this works out. Just got my Generac commissioned and I have the new Firmware. The MobileLinkGen app is next to useless.

@jmone1 , check your controller. Look for for green or black dots. If they are there then my understanding is that these controllers contain a bootloader that will not allow for the firmware to be rolled back (maybe someone can correct me). If not then you may have a newer generator with an older EVO 2 controller which can be. Again, this is my understanding but not sure and maybe someone else can correct me. This being said I'd be cautious about voiding warranties. I found that Generac is pretty aggressive about pushing back on warranty claims and they may now tie future firmware updates and MobilLink connectivity with warranty support. I've kissed my warranty goodby due to the difficulty of getting my original installer back on site to do even basic service work (only interested in installing, not servicing) and now the controller encryption update.

I agree, the app is absolutely useless. I think this is by design. Most users just want to know if their generator has started and transfered after a utility failure and dont care for anything else. The fact that you are even looking at GenMon puts you in the minority of users (and in the same boat as the rest of us). I Wiresharked the traffic out from the generator to Generac after I enabled MobilLink last year. It's pretty chatty. I suspect that the controller is transferring a lot more data than what Generac is making available to its users. I say "suspect this" based only on the volume of traffic, but I didnt continue with further testing to confirm. I have since disconnected from MobilLink and have no plans to reconnect to Generac's network. So further testing for me is out.

Keep checking back. You never know if somone is going to figure out how to get around this problem.

[boeingpilot]

I'll 2nd, hoping this can be worked out. I have not finished building my GenMon, but once up will make available to developers as will my generator.

If I'd known this I would've not installed the Generac.

On Fri, Jul 17, 2020 at 12:22 PM pridesleap notifications@github.com wrote:

I hope this works out. Just got my Generac commissioned and I have the new Firmware. The MobileLinkGen app is next to useless.

@jmone1 https://github.com/jmone1 , check your controller. Look for for green or black dots. If they are there then my understanding is that these controllers contain a bootloader that will not allow for the firmware to be rolled back (maybe someone can correct me). If not then you may have a newer generator with an older EVO 2 controller which can be. Again, this is my understanding but not sure and maybe someone else can correct me. This being said I'd be cautious about voiding warranties. I found that Generac is pretty aggressive about pushing back on warranty claims and they may now tie future firmware updates and MobilLink connectivity with warranty support. I've kissed my warranty goodby due to the difficulty of getting my original installer back on site to do even basic service work (only interested in installing, not servicing) and now the controller encryption update.

I agree, the app is absolutely useless. I think this is by design. Most users just want to know if their generator has started and transfered after a utility failure and dont care for anything else. The fact that you are even looking at GenMon puts you in the minority of users (and in the same boat as the rest of us). I Wiresharked the traffic out from the generator to Generac after I enabled MobilLink last year. It's pretty chatty. I suspect that the controller is transferring a lot more data than what Generac is making available to its users. I say "suspect this" based only on the volume of traffic, but I didnt continue with further testing to confirm. I have since disconnected from MobilLink and have no plans to reconnect to Generac's network. So further testing for me is out.

Keep checking back. You never know if somone is going to figure out how to get around this problem.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jgyates/genmon/issues/374#issuecomment-660201909, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACEOO2XQUGUNIXTGDMRDYZTR4B3FRANCNFSM4M4HDO5Q .

-- Scott Grillo

Better Connect Systems P.O. Box 6032 Lancaster, PA 17607 717-842-4414 www.bcslancaster.com

[grsthegreat]

Generac does not require wifi signup or activation for warranty and most likely never will as they understand not every install has internet capabilities. But they di offer a free 5 year parts and labor extended warranty if you do hook it up to wifi. Again, i think their mobil link is useless compared to the genpi unit.

[boeingpilot]

Generac does not require wifi signup or activation for warranty and most likely never will as they understand not every install has internet capabilities. But they di offer a free 5 year parts and labor extended warranty if you do hook it up to wifi. Again, i think their mobil link is useless compared to the genpi unit.

Ok, I'm going with the better lucky than good! Finally finished the Genmon box and got it hooked up. Connectivity via Cat 5, and power via PoE adapter. Connected and voila, it works! I guess Generac / Honeywell (mine is Honeywell branded) are playing games. When it was installed noted a green sticker on the controller, assumed it would be encrypted. Guess mine either got missed (or was built before the change over), or Honeywell is not getting encrypted (which may not be far fetched, as Honeywell may not want the headaches of customers bitching over lack of third party monitoring).

In any event, This generator will NEVER be connected to wifi, so I think I'm safe with respect to firmware. I may add a sticker to the control panel so that if I'm not around and its serviced, that firmware is not to be changed / updated.

For what its worth - hardware version is V1.00 and Firmware is V1.09 according to Genmon

BTW - there was a harness already plugged into the 8 pin molex, I assume that is for the factory wifi, and that it can stay disconnected?

[grsthegreat]

you lucked out. V1.10 update included the encrypted controller.

[boeingpilot]

Don’t I know it!

Sent from my iPhone

On Jul 20, 2020, at 3:54 PM, grsthegreat notifications@github.com wrote:

 you lucked out. V1.10 update included the encrypted controller.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[ajsomething]

Okay guys, I have the dreaded new firmware. I have thought of making a controller for the generac because of this encryption thing. I have the engine running using a megasquirt and have had it running from a speeduino. One major problem is the output voltage is controlled by the evolution controller, however it seems to operate independently. I have a large selection of tools at my disposal.

I have originality purchased my unit brand new, damaged for the gen-head only and paid less than 700 for it. Info: Model # G0070432 Description: 22KW/999 GUARD+200A SE T/SW AL Running Hours: 2 Protection Hours: 1056

So if there are any potentially destructive items/guesses needed to make progress please feel free to ask. Currently the unit is fully operational with less than 5 hours of run time. I was building the exact thing genmon is before I knew it existed. In the mean time i will continue making a open source controller.

If anyone needs parts after I break it hit me up. (Generator Head Not-for sale)

[ajsomething]

Sent. If the encryption would e able to be bypassed. What are the legal implications for providing the meas to bypass it to the public? I re-read the things i agreed to and no mention of encryption is made..... Furthermore, when i bought the unit there was no agreement made that i wouldn't reverse engineer any portion of it. (Only the mobile app has such an agreement)

Basically, Can Genmon Bypass it, and avoid legal actions.....