Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address Scanner ? #112

Open
Tomlb78 opened this issue Sep 13, 2022 · 2 comments
Open

Address Scanner ? #112

Tomlb78 opened this issue Sep 13, 2022 · 2 comments

Comments

@Tomlb78
Copy link

Tomlb78 commented Sep 13, 2022

Hi all,

Because it is often difficult to find usefull address on the many kind of Viessman product and because we could not find any documentation from Viessmann,

has anyone aver made an address scanner to parse every address possible from 0000 to FFFF ?

Seeing what each address gives would permit reverse deduce what it is about.

For example today I have to communicate with a Vitotronic 300-K MW2B (Ref ID : V300KMW2A, Dev ID : 20BC) but it deosn't exist any vito.xml for this product, I'll will have to create it myself.

Do you see any other way to find revelent address of a product ?

Thanks !

@deep-e
Copy link

deep-e commented Sep 14, 2022

It's not a big deal to retrieve the complete 64k memory blob, but I think it's impossible to interpret the data. I did that for a Vitoligno 300-C already and got a lot of 0xff values plus a few non-0xff's. But which address contains which value at which length?
I'll try to perform some kind of real protocol analysis in a really strange way. My approach is as follows:
Linux:

  • Optolink USB connected to a RPI3 --> /dev/ttyUSB0
  • socat /dev/ttyUSB0 <--> /dev/ttyVito: socat will write a trace of the complete communication between those two ttys
  • ser2net /dev/ttyVito <--> TCP: ser2net will give me remote access to the Optolink adapter.

Windows:

  • hub4com TCP <--> COM3: hub4com communicates with ser2net. All data is available via COM3:
  • com0com COM3: <--> COM4: installs a null modem. COM4: may be used by any application
  • e.g. Vitosoft 300 Free Trial uses COM4: to contact the Vitoligno's Optolink interface

So the resulting communication path is
Optolink <-> socat <-> ser2net <-> hub4com <-> com0com <-> Vitosoft.

I'm already using this solution (without socat) to control a Resol solar controller: it simply works!

I hope the analysis of socat's trace will lead to a deeper understanding on protocol, addresses and so forth.

Update: I just installed the current version of ser2net and - surprise, surprise - ser2net is able to write a trace file directly. socat is no longer needed.

@deep-e
Copy link

deep-e commented Sep 25, 2022

See [https://github.com//issues/111] for updates

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants