V7/V13 UDP protocol client in python

[barbaz]

I've mikrotik access point and I run dump directly on them. I've tried sniffing using the mac of the phone as a filter, then I sniffed all traffic... no broadcast at all In fact the app didn't find the boiler on local lan but only as "remote".... It will find the boiler only if connected on the wifi lan "generated" by the boiler itself (RTB-XXXXX)
In the meantime I'll try to dump the traffic when attached to this SSID.

[motoz]

I'm still waiting for some info from NBE about what changed in the protocol... not much we can do without that.

[barbaz]

I'm still waiting for some info from NBE about what changed in the protocol... not much we can do without that.

By my side i'm not able to connect to the RTB-XXXXX wifi network
do you know the default password?
They told me that it's written on the boiler itself but it doesn't work....

[motoz]

Barbaz, can you test the nbetest client from this branch https://github.com/motoz/nbetest/tree/testing/v13 ?

Seems as the v13 controller flips out when it receives a valid frame with a source port higher than 9999, in the testing/v13 branch the source port is set to a free port between 8483 and 9999. The v13 also requires a correct serial number to respond so this is also set in the discovery frame. Would be good to know if this works as I can't test it myself.

[barbaz]

Barbaz, can you test the nbetest client from this branch https://github.com/motoz/nbetest/tree/testing/v13 ?

Hi motoz! sorry for delay but I didn't have the possibility to test it.... it works! that's fine!
Thank you very much, it seems that you find the problem and now the boiler didn't disconnect anymore.

Some examples:

Kode: [Vælg]

osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxxx get
settings/
operating_data/
advanced_data/
consumption_data/
event_log/
sw_versions/
info/
osmc@osmc:~/nbetest-testing-v13$

osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxx get  info
Traceback (most recent call last):
  File "client.py", line 81, in <module>
    args.func(args, proxy)
  File "client.py", line 27, in getfunc
    l = proxy.get(args.path)
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 135, in get
    response = self.make_request(9, '')
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 176, in make_request
    self.response.decode(data)
  File "/home/osmc/nbetest-testing-v13/frames.py", line 171, in decode
    raise IOError
IOError
osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxx get  settings
settings/boiler/
settings/hot_water/
settings/regulation/
settings/weather/
settings/weather2/
settings/oxygen/
settings/cleaning/
settings/hopper/
settings/fan/
settings/auger/
settings/ignition/
settings/pump/
settings/sun/
settings/vacuum/
settings/misc/
settings/alarm/
settings/manual/
osmc@osmc:~/nbetest-testing-v13$
osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxx get sw_versions
Traceback (most recent call last):
  File "client.py", line 81, in <module>
    args.func(args, proxy)
  File "client.py", line 27, in getfunc
    l = proxy.get(args.path)
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 129, in get
    response = self.make_request(10, '')
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 176, in make_request
    self.response.decode(data)
  File "/home/osmc/nbetest-testing-v13/frames.py", line 171, in decode
    raise IOError
IOError
osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxxx get sw_versions
Traceback (most recent call last):
  File "client.py", line 80, in <module>
    with Proxy(args.password, PORT, args.address, args.serial) as proxy:
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 75, in __init__
    data, server = self.s.recvfrom(4096)
socket.timeout: timed out
osmc@osmc:~/nbetest-testing-v13$
osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxxx get advanced_data
Traceback (most recent call last):
  File "client.py", line 80, in <module>
    with Proxy(args.password, PORT, args.address, args.serial) as proxy:
  File "/home/osmc/nbetest-testing-v13/protocol.py", line 75, in __init__
    data, server = self.s.recvfrom(4096)
socket.timeout: timed out


as you can see it gives IOerror getting info, advanced_data and sw_versions ... sometimes it returns socket timeout instead

settings seems to work correctly:

Kode: [Vælg]

osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxx -p xxxxx set settings/regulation/boiler_power_min 30
OK
osmc@osmc:~/nbetest-testing-v13$ python client.py -a 192.168.12.22 -s xxxx get settings/regulation/boiler_power_min
30
osmc@osmc:~/nbetest-testing-v13$

thank you a lot!!!!

[skovfyr]

Newbie question - do the use of get commands in the python client affect the data collected to StokerCloud or will that run unhindered despite using the client ?

/Allan

[motoz]

It won't affect stokercloud. The connection to stokercloud uses a completely different way of communicating.

[skovfyr]

Great - thank you for the answer - confirms my belief, I think (I expected the Stokercloud to be some kind of push from the controlbox) - it was the mentioning of seqnum (or noseqnum) in some of the client calls that got me a little worried that something might not be stateless ...

[motoz]

Yes there is a sequence number, as far as I know the controller doesn't use this field in any way apart from returning it in as is in the response.

PellMon checks that the returned sequence number is the same as the one sent and regards the frame as invalid if not (see https://github.com/motoz/PellMon/blob/3e2511ada9e2cd5715c5c9ad67f45a41ef8d82f3/src/Pellmonsrv/plugins/nbecom/nbeprotocol/frames.py#L177 ), but the nbetest client doesn't check the returned seqnum at all. It's up to the client to increase the sequence number for each request or not, nbetest sends a random number since it is a stateless client.

The protocol is not completely stateless in the controller. Setting changes are rsa encrypted (since they require the password to be transmitted), and that takes a long time to process in the controller (seconds for each frame). To make this work there is an option to set a client specific key for the much simpler xtea protocol. The key is set using rsa encryption, and then the controller remembers the key for that client and can use it to decrypt xtea encrypted setting changes much faster. Due to this the controller only supports a limited number of clients, four or five maybe as I remember it. I think it just drops the key for the oldest 'connection' when the table if full.

The nbetest client doesn't support xtea encryption at all since it is stateless, supporting it would require the xtea key to be stored somewhere. Pellmon sets an xtea key when it connects to the controller and periodically changes it here: https://github.com/motoz/PellMon/blob/3e2511ada9e2cd5715c5c9ad67f45a41ef8d82f3/src/Pellmonsrv/plugins/nbecom/nbeprotocol/protocol.py#L320

The stokercontrol protocol is actually only the controller polling stokercloud with http GET with current data in the query string and commands and setting changes in the response payload.

[skovfyr]

Hi Motoz

Thank you - very comprehensive answer 

/Allan