Integrating wmBus devices into iobroker

Integrating wmBus devices into iobroker

Since I’ve replaced ioBroker with Home Assistant, I also wrote an article about integrating M-Bus devices via MQTT with HASS. Another post, doing the same with wmBus can be found here.

After my quite expensive MH-Collector (identical with the easy.MUC from solvimus) died (it survived just a little longer that warranty protects), I decided to collect my wmBus devices‘ data with some home brewn solution. I’m also the owner of a Ubiquity US-24-250W, so the descision to go with PoE supply is quite an easy descision. So what lies closer than using a Raspberry Pi 3B+ with PoE hat and an USB-wmBus stick?

No sooner said than done, I bought the parts, installed raspbian and an iobroker slave. The iobroker master ist now running on a Debian 10 buster VM on my tiny HP Proliant server… How to install the iobroker slave can be found here.

wmBus Hardware

For me, the appropriate hardware was the IMST iM871A-USB (you can buy it directly from IMST or from tekmodul). This wmBus stick provides a serial interface (e.g. /dev/ttyUSB0), is quite cheap and supported by most open source wmBus software. But here comes the tricky part. There are quite some paths you can go, but for me, using the Messhelden heat cost allocators, I found myself in a very frustrating situation.

EDIT: As I found out a few days ago, libmbus seems to not pad the encrypted data correctly, so that decryption is wrong, when data is not aligned. In newer versions it seems, that they have zeroed the encrypted data buffer before use and that did the trick. At least, wmbusmeters now works correct in recent versions (checked 2021-07-10).

These devices stick to the OMS standard for most of the telegram, but unfortunately do some very shitty stuff at slot 2 and 3, so many decoders fall out of sync just after the first data slot.

wmBus Software

After trying different iobroker adapters (like iobroker.wm-bus) and also deamon solutions (like wmbusmeters), sending the data to some MQTT broker (a server is easy to rise up in iobroker), I ended with the iobroker.wmbus (beware of the dash, it is not the same as above). Somehow the author of this adapter managed to come up with the inconsistencies, I even could not decode manually, looking at each single bit and byte of the wmBus telegram.

EDIT: Yes, because decryption produced crap and crap can not be decoded 🙁

After attaching the iM871A-USB stick to the Pi and placing it at some location where it can receive all meters you are interested in, you need to install and configure the iobroker adapter iobroker.wmbus.

Adapter Configuration

The configuration is also quite easy and should look like the following:

It could also be, that your slaves need other modes to be received. One widespread mod for battery driven devices is also mode C. Unfortunately, a single stick can not receive multiple modes. But usually you only run devices with a single mode. Another important setting is the baud rate. For the IMST device, it needs to be 57600. The stick contains some serial converter that attaches the IMST module with a real serial connection.

Add Encrypted Meters

After finishing configuration and starting up the adapter, it is time to have a look into the log. There you will see, if the adapter started up correctly. If it did, you soon should see a line that says „Updated device state:<MANUF>-<ID>“ or an error saying, that it could not decrypt a telegram due to missing decryption key. If this occurs, go to the adapter configuration again. There you should see a new entry with a key „UNKNOWN“. Place the correct key there and push „Save“.

The follwoing telegram of that device should be decrypted correctly and a new state will be created within the object tree of iobroker.

If you see other unencrypted devices that pollute your object tree or your log with encryption failed messages, simply put them below „Blocked Devices“ tab in the adapters configuration. My Pi can see at least 20 unencrypted Techem water meters and heat cost allocators.

Let’s encrypt (also on wmBus)

I don’t know, how they can survive in a time of GDPR (General Data Protection Regulation), but they still have no hurry to encrypt their telegrams with a device-unique key. I think it is a security issue, when burglars can easily find people that do not heat in wintertime or have no water demand currently. But at least, Techem sticks closely to the OMS. If you rent a flat, that still has unencrypted wmBus meters, I would definitely claim to get encrypted meters. Even if encryption of wmBus has some weaknesses, it is by far better than plaintext.

themole

4 Kommentare

themole Veröffentlicht am14:37 - 26. Juni 2020

Hi Gabriel,

as I already replied by Email, I can not provide some raw telegrams easily. But when I inspect the data in iobroker, it seems plausible. Some hot water meter shows 21 m³ for the current billing period and heat meters show Wh in a range that makes sense… I guess, your client does simply not interpret the data correctly. My experience is also with some of my own meters, that I could not decode it manually after decryption (when I tried to write some client code), but the wmBus library seems to do a better job here. It extracts even data that never made sense when I looked at the raw values.

Hope that helps a bit.

Regards,
Daniel

Gabriel Veröffentlicht am13:48 - 9. Juni 2020

Hi, why would you say the encryption of wmBus has some weaknesses?

    themole Veröffentlicht am20:12 - 16. Juni 2020

    Hi Gabriel,

    here you will find a very detailed analysis on the weaknesses:
    https://hackinparis.com/data/slides/2014/CyrillBrunschwiler.pdf

    BUT: The main weakness of wmBus lies not in the specification. It is quite some effort to break the encryption, if possible at all. Many property management companies tend to use unencrypted transfers (I see at least 100 unencrypted water meters around my home from Techem) or use a single encryption key for all of their meters or one for a house to save some effort during installation/configuration. I think, they simply lag an automated process for key deployment 🙂

    Hope this is what you asked for.

    Regards,
    Daniel

      Gabriel Veröffentlicht am13:37 - 25. Juni 2020

      Thanks for your answer. Techem is quite weird because the telegram that they send has a header that specifies the data is not encrypted, but just by looking at the data….it looks encrypted. Do you have some telegram examples from Techem? You can send them to arnautug7@gmail.com.

      Thanks,
      Gabriel

Schreibe einen Kommentar