Wednesday, February 08, 2017

The Very Chatty Gas Meter

I tend to think of Software Defined Radio as a dirt cheap, and extremely portable way to listen to radio chatter. However, it's far more generic than that: it can pick up a whole range of radio signals, and with the right decoding software, pull useful data out pf thin air. For example, you can pull down real time flight info or weather satellite imagery. And my latest discovery: you can discover your home's power usage.

There's a catch to this, though. You need the right type of power meter, specifically one that broadcasts your usage data to anyone who's listening. While this sounds like an esoteric requirement, it's actually quite sensible. Power companies use this style of meter to replace walking house-to-house to collect data, with a driving through your neighborhood instead. This strategy of using low power transmitters as a way to streamline data collection is a brilliant hack in its own right. It's far cheaper than hooking up every meter to the Internet (though, I assume we'll get there), and far less labor intensive than going door to door.

If you have such a meter, you just need the right software to tune your SDR dongle and interpret the data being sent over the air. Here's just such a tool. I spent about 20 minutes trying to get this setup on Windows and then gave up. I then grabbed my Linux box and had it running in a few minutes.

You kick off rtl_tcp in one terminal, rtlamr in another, and then you wait.

After a minute or two, it spat out a Standard Consumption Message (SCM) to the screen. Whoo! Over about an hour, it issued all of these lines:

$ ./util/go/bin/rtlamr | tee ~/tmp/x.out
11:14:47.876424 decode.go:82: CenterFreq: 912600155
11:14:47.876562 decode.go:83: SampleRate: 2359296
11:14:47.876576 decode.go:84: DataRate: 32768
11:14:47.876587 decode.go:85: ChipLength: 72
11:14:47.876600 decode.go:86: PreambleSymbols: 21
11:14:47.876611 decode.go:87: PreambleLength: 3024
11:14:47.876621 decode.go:88: PacketSymbols: 96
11:14:47.876630 decode.go:89: PacketLength: 13824
11:14:47.876640 decode.go:90: Preamble: 111110010101001100000
11:14:47.876649 main.go:93: GainCount: 29
{Time:2017-02-08T11:18:17.611 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:18:32.111 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:19:18.164 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:19:47.163 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:21:02.161 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:21:35.106 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:21:47.161 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:22:47.106 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:23:32.659 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:25:48.156 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:26:50.601 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:26:59.101 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:29:05.098 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:30:47.650 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:31:02.150 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:32:17.149 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:33:32.147 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:34:17.146 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:36:02.644 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:36:02.644 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:37:19.588 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:38:18.142 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:41:50.583 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:43:17.636 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:43:32.136 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:44:47.135 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:46:02.135 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:46:47.132 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:48:32.630 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:50:48.127 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:52:47.126 SCM:{ID:XXXX6390 Type:11 Tamper:{Phy:00 Enc:00} Consumption:   47785 CRC:0xFA19}}
{Time:2017-02-08T11:55:47.621 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:56:02.121 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:56:32.120 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:57:17.119 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:58:32.118 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T11:59:17.117 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:01:02.615 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:03:18.112 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:08:17.606 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:09:47.104 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:11:02.103 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:11:47.102 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:13:32.600 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:15:48.098 SCM:{ID:XXXX2860 Type:12 Tamper:{Phy:01 Enc:00} Consumption:    5068 CRC:0x0C70}}
{Time:2017-02-08T12:16:53.985 SCM:{ID:XXXX3239 Type:11 Tamper:{Phy:00 Enc:03} Consumption:    3082 CRC:0xCFC1}}
{Time:2017-02-08T12:16:55.151 SCM:{ID:XXXX3808 Type:11 Tamper:{Phy:02 Enc:03} Consumption:   17074 CRC:0x8213}}
{Time:2017-02-08T12:16:58.039 SCM:{ID:XXXX1202 Type:13 Tamper:{Phy:02 Enc:00} Consumption:   20251 CRC:0x315C}}
{Time:2017-02-08T12:16:58.652 SCM:{ID:XXXX0624 Type:11 Tamper:{Phy:00 Enc:03} Consumption:   23587 CRC:0x1B9F}}
{Time:2017-02-08T12:17:01.540 SCM:{ID:XXXX8036 Type:11 Tamper:{Phy:00 Enc:03} Consumption:   26157 CRC:0xA931}}
{Time:2017-02-08T12:17:02.818 SCM:{ID:XXXX6800 Type:11 Tamper:{Phy:00 Enc:03} Consumption:    7179 CRC:0xE748}}
{Time:2017-02-08T12:17:03.984 SCM:{ID:XXXX3239 Type:11 Tamper:{Phy:00 Enc:03} Consumption:    3082 CRC:0xCFC1}}

Using the protocol and meter docs I see that I'm picking up Gas and Water meters.

The meters bolted to the side of my home have various identifier looking values, none of which appear to match up those I've discovered. That may mean I'm looking at the wrong identifier on the side of the house, or more likely, it means I'm hearing my neighbor's smart meters.

Perhaps if I let this run long enough, I'll pick up some data associated with my home. And then it's only a quick shell script away from tracking and graphing this data.

I have to say, this is a truly eye opening experience. Your utility usage data is just floating out there, waiting to be grabbed and analyzed. All you need is a $20 USB dongle and some basic hacking skills. That's both cool and terrifying, no?

No comments:

Post a Comment