Hacking your Smart Meter - Part 1 - Zigbee

by @edent | , , , | 8 comments | Read ~4,795 times.

I have a new Smart Meter to measure my electricity and gas usage. It's the Honeywell AS302P.

It's a SMETS2 meter, which means it has a number of interesting features.

But, most importantly to me, it is Zigbee certified.

The meter offers ZigBee Communications for tunnelling information to the Comms Hub and to provide Customer Information for use with Type 1 or Type 2 Devices.

This means it can connect to a HAN (Home Area Network) using the ZigBee Smart Energy Profile (SEP) Version 1.2. This is the thing which sends data to your in-home display hub.

So, can we connect anything to the Smart Meter?

Our first stop is the Honeywell AS302P Manual. The UI of the meter is dreadful. There are two buttons:

  1. A - the select button
  2. B - the scroll down button

In order to go "back" in the menu, you need to scroll down to the menu item which says back and then hit A.

Zigbee info from Honeywell manual.

There's lots of info in there. I've redacted the PAN, XPAN, Network Info, and EUID for privacy:
Zigbee menu items.

But here's the interesting one - the ability to leave the existing network!
Zigbee leave menu screen. Yes or No options.
I'm not yet brave enough to press it. First, I need to buy a Zigbee receiver and learn how the software works. Wish me luck!


8 thoughts on “Hacking your Smart Meter - Part 1 - Zigbee

  1. You will want to read this! (GBCS is the specification for SMETS2 meter communication): smartenergycodecompany.co.uk/download/15129/


  2. Quentin says:

    Splendid - I shall watch this with interest... though from the threads I've read I fear you may be in for some disappointment.

    This one, for example, isn't encouraging:
    https://www.reddit.com/r/homeassistant/comments/b65pdr/smart_utility_meters_zigbee/

    But I haven't been following it closely. I do have two Zigbee networks at home connected to Home Assistant, and I'm keen to try this in due course; I've been holding off on getting a smart meter in the hope that each successive standard will be more open and capable...

  3. Rob says:

    How did you find the PIN to access the engineering menu?

    1. @edent says:

      I didn't need a PIN to enter it.

    2. David says:

      Sorry to jump into an old post, has anyone tried opening up the display hub? I'm wondering if it has a serial port inside which I could just scrape the data off instead.

      1. @edent says:

        I've opened it - here's a photo of the debug port I found

        Some debug ports on a circuit board.
        https://twitter.com/edent/status/1183832067815235585

        I don't know how to get data off it.

  4. Sam Machin says:

    You won’t be able to join a device to the HAN (to read usage data) without whitelisting the device MAC in the hub and then putting into pairing mode, both of which can only be done remotely by the DCC/Your Energy Provider. It’s an encrypted network





Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: