Echelon/NES Smart Meters – NES to the rescue

As mentioned in our previous post, we we stuck. We had a 3rd party module which were clearly communicating with the meter through RS232. We knew the hardware interface, but we had no idea about the protocol…

In pure desperation we opened a support ticket with the current owner of the technology – NES (Networked Energy Services). We did not expect any feed back – or at least no help. Surely they know the port and the protocol, but we did not expect us beeing able to reach out to them directly… We more or less expected that they would simply redirect to our power company or power grid/meter owner…

In fact they responded positively to our request, and soon setup a teams call between us and a Senior Vice President. During the meeting they simply wanted to know if we were tinkering or doing a commercial product, but as soon as it was established that this was in no way commercial, they were prepared to offer their full help.

Apparently NES is working on opening the reading part of the protocol up, so our timing was perfect. Unfortunately they were settled about how to do this and how to approach it. So they needed us to sign a Non-Disclosure Agreement (NDA) to get access to the full documentation. As the NDA only covered un-released documentation, they promised to work on figuring out how and what to release asap so the NDA could be lifted. While writing this, we have received the finished documentation for the IR-interface (which we cannot use for anything in Denmark as N1 claims it is fully encrypted, and N1 will NOT release the encryption keys due to security considerations). Also we have received a preliminary draft of the MEP documentation, so we trust this WILL in fact be released soon (according to NES the deadline is Q4 2021).

We can reveal a few things about the protocol – which is more complex than we expected. The meter has around 80 tables you can read and/or write to and around 30 procedures you can call (individually and/or as part of an atomic transaction). We are told not all tables and procedures will end up in the public documentation, but the full protocol supports stuff like: writing to parts of the meters display, report data from other meters via MEP and let the meter report it to the grid. Let the grid send firmware/files to you module. Read out all aspects of the power delivery – like consumption, quality, outages etc. The meter can even send and receive alarms if something unexpected happens or ask you for measures if you configure it to include data form other meters (i.e. water, heat etc.) in it’s reports to your net company…

If this was just a matter of only allowing reading from the meter it would be simple, but unfortunately some of the reading required setting up stuff and writing procedure calls to tables… And the reading the results from other tables. So it is far from simple and NES need to make sure that the parts released is just enough without beeing too much…

Note: although MEP is unencrypted a password is needed. There are 3 levels of security in the MEP protocol. The password is used as part of a digest (checksum) calculated on the data packages and reply. It is used to make sure the requester has the proper access, but also that the sent and received packages are not corrupted during transmission.

• No key required: The lowest level of security. Don’t give access to much
• MBK: MEP Basic Key (MBK), formerly also known as Base Encryption Key (BEK)
• MAK: MEP Advanced Key (MAK), formerly also known as Open Media Access Key (OMAK)

These keys should be provided by your power network operator (i.e. N1). Those are the ones owning your meter and the cable to you house.

Regarding N1 they are only willing to give us the MBK, but it is fine as it can be used to read most values from the meter. We were told that the MBK is shared between meters, while the MAK is a individual key per meter.

If your power network operator is N1, the procedure is to ask the power company (the ones you actually buy your power from) to ask N1 provide the read-only key for reading out power consumption electronically (they can do this by using a N1 webform created for this purpose. You also need to provide your name/address, and probably also installation no. and meter no. And off cause your e-mail address.

At the time of writing this is the current state of the project:

• We have a full documentation of the MEP protocol – which we unfortunately cannot share due to the NDA. NES is working on sharing part of this, which again will allow us to share our code!
• We have a partial documentation of the IR protocol. NES is working on publishing this too so we can link to it. According to N1 it has no use in Denmark as the IR communication is encrypted and they won’t release the keys.
• We have a working MEP-prototype hardware with an ESP32
• Although our software is still work-in-progress, we have all the pieces to the puzzle and are able to send requests to the meter (or at least most of them) and get meaningful replies back from it. Due to the NDA we are NOT able to share the software at this point in time

Rest assured that we will share the software and related knowledge/hints as soon as the NDA is lifted… Follow our blog to get notified when this happens…

In the meantime we could probably soon share our hardware… Stay tuned 🙂