Hi,
I'm trying to read Polish Apator meter via Gurux Director with no success. The meter is available via public ip address. Maybe anyone connecting via Gurux to this meter? Data to connect which provider send to me are:
Manufacturer identifier : APAESX30
Authentication: High
Password: 01234567
Can you read this with the manufacturer's software? If you can, record the messages with wireshark and send output to me by email. I can check the correct values for you.
There are so many different parameters and searching them might take a long time.
It's faster if you can get the correct parameters from the manufacturer.
Change interface from HDLC to WRAPPER. Then set the IP address and port and establish the connection.
Let me know if you succeeded to connect and default settings are added for the manufacturer so it's easier to connect in the future.
I believe that you need to connect using an authenticated connection.
You need the password and then you need to change the client address.
You should ask for this information from the manufacturer.
Hi,
I used authentication in High level with password from manufacturer. And I'm trying to connect using client address 10 and I get an error: connection is permanently rejected. Authentication error.
I ask manufacturer for proper client address but they said that communication should look like:
We are connecting with meter using public connection without password, after connection program should send password and authentication method and after that secured connection is set between program and meter.
That sounds strange. For all other meters, there is own client address for each authentication.
The client should also tell what authentication it's using when the connection is made.
After connection client sends a challenge for the meter and not the password, but maybe this is a misunderstanding.
Can you add a hex trace when you establish the connection from the meter? You can get it when you select "Edit" "Log" and "View Log..".
Those two lines are enough. Don't add reading association view, etc. I'll check what meter is returning on connection.
This will be enough? This is connection in public without authentication. Additionally they said that security policy in them meter are authenticated and encrypted.
Authentication means that you can do different things for the meter. Example update the clock.
Security policy means that messages are ciphered (encrypted and/or authenticated).
Meters returns normal reply when connecting without authentication.
Do you have authentication and block cipher keys? They are 16 bytes long values that are needed if ciphering is used. Each manufacturer has different keys. You need those if you want to connect with ciphering or using GMAC authentication.
No I don't have a authentication and block cipher keys. So I ask the manufacturer for that. Do you think that could be necessary for read load profiles? Now I get from them this:
<keys>
<key name="authentication" hexvalue="E614893AA64847A49559372A0BACC667" />
<key name="broadcast" hexvalue="30303030303030303030303030303031" />
<key name="unicast" hexvalue="274A85B933CC30361483972763CD81AB" />
</keys>
<password type="HLS_GMAC" hexvalue="706A5A586557794F" />
They said that they changed the password for 01234567 but they not sure that password is really change to that password.
Select "Secured connections" tab from meter settings and
Set authentication key to "Authentication key" and Unicast to "Block cipher key".
Then change Security from None to "AuthenticationAncryption".
Change Authentication from None to HighGMAC.
GMAC doesn't use passwords, so forget password hexvalue and try to connect.
If it fails, try to set 706A5A586557794F to "Secured connections" Challenge field.
You need to change your client address to something else than 0x10. You can try with 1 and 0x11.
Ask what client address should be used from the meter manufacturer if fails.
Finally I connected with this meter. I was changing client address as you mentioned and I finally hit it in address 0x02. Now I have got full access to the meter and can read Load profiles. Thank you for your help.
Hi,
Hi,
Can you read this with the manufacturer's software? If you can, record the messages with wireshark and send output to me by email. I can check the correct values for you.
BR,
Mikko
Unfortunately I don't have
Unfortunately I don't have manufacturer software, because it's licensed. I have contact to them so maybe I will try to get correct frame from them.
Hi,
Hi,
There are so many different parameters and searching them might take a long time.
It's faster if you can get the correct parameters from the manufacturer.
BR,
Mikko
I get this data from
I got this data from manufacturer:
IP WRAPPER, association public:
000100100001001f601da109060760857405080101be10040e01000000065f1f040000fc1fffff
Hi,
Hi,
Change interface from HDLC to WRAPPER. Then set the IP address and port and establish the connection.
Let me know if you succeeded to connect and default settings are added for the manufacturer so it's easier to connect in the future.
BR,
Mikko
Yes now working with this
Yes now working with this setting. But I cannot sea Load profiles on list. but there is a partial success.
Hi,
Hi,
I believe that you need to connect using an authenticated connection.
You need the password and then you need to change the client address.
You should ask for this information from the manufacturer.
BR,
Mikko
Hi,
Hi,
I used authentication in High level with password from manufacturer. And I'm trying to connect using client address 10 and I get an error: connection is permanently rejected. Authentication error.
I ask manufacturer for proper client address but they said that communication should look like:
We are connecting with meter using public connection without password, after connection program should send password and authentication method and after that secured connection is set between program and meter.
Hi,
Hi,
That sounds strange. For all other meters, there is own client address for each authentication.
The client should also tell what authentication it's using when the connection is made.
After connection client sends a challenge for the meter and not the password, but maybe this is a misunderstanding.
Can you add a hex trace when you establish the connection from the meter? You can get it when you select "Edit" "Log" and "View Log..".
Those two lines are enough. Don't add reading association view, etc. I'll check what meter is returning on connection.
BR,
Mikko
This will be enough? This is
This will be enough? This is connection in public without authentication. Additionally they said that security policy in them meter are authenticated and encrypted.
13:50:53 Send AARQ request.
00 01 00 10 00 01 00 1F 60 1D A1 09 06 07 60 85 74 05 08 01 01 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 20 1E 5D FF FF
13:50:54
00 01 00 01 00 10 00 2B 61 29 A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 00 A3 05 A1 03 02 01 00 BE 10 04 0E 08 00 06 5F 1F 04 00 00 12 14 01 80 00 07
13:50:54 Parsing AARE reply succeeded.
Hi,
Hi,
Authentication means that you can do different things for the meter. Example update the clock.
Security policy means that messages are ciphered (encrypted and/or authenticated).
Meters returns normal reply when connecting without authentication.
Do you have authentication and block cipher keys? They are 16 bytes long values that are needed if ciphering is used. Each manufacturer has different keys. You need those if you want to connect with ciphering or using GMAC authentication.
BR,
Mikko
No I don't have a
No I don't have a authentication and block cipher keys. So I ask the manufacturer for that. Do you think that could be necessary for read load profiles? Now I get from them this:
<keys>
<key name="authentication" hexvalue="E614893AA64847A49559372A0BACC667" />
<key name="broadcast" hexvalue="30303030303030303030303030303031" />
<key name="unicast" hexvalue="274A85B933CC30361483972763CD81AB" />
</keys>
<password type="HLS_GMAC" hexvalue="706A5A586557794F" />
They said that they changed the password for 01234567 but they not sure that password is really change to that password.
Hi,
Hi,
Select "Secured connections" tab from meter settings and
Set authentication key to "Authentication key" and Unicast to "Block cipher key".
Then change Security from None to "AuthenticationAncryption".
Change Authentication from None to HighGMAC.
GMAC doesn't use passwords, so forget password hexvalue and try to connect.
If it fails, try to set 706A5A586557794F to "Secured connections" Challenge field.
I hope that you can connect.
BR,
Mikko
I have one more question:
I have one more question: what set into a filed: system title?
Hi,
Hi,
The client system title can usually be any 8 bytes long value. I notest that in your settings password
length is 8. To this:
pjZXeWyO
It's 706A5A586557794F in ASCII format.
BR,
Mikko
I set all the paremeters that
I set all the paremeters that you suggested but I still cannot connect with the meter. When I try to connect with GMAC and client adress 10 I get error: Connection is permanently rejected The application context name is not supported. Meter Expects Logical Name Referencing.
I have set option for logical name referencing.
There is a response for client address 10 and authentication GMAC:
10:35:26 Send AARQ request.
00 01 00 10 00 01 00 57 60 55 A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 70 6A 5A 58 65 57 79 4F 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 0A 80 08 70 6A 5A 58 65 57 79 4F BE 23 04 21 21 1F 30 00 00 00 00 26 74 8B 20 D2 6F D5 EE AE 99 73 D8 C1 B1 FB 29 1E 44 ED 7F 47 B0 C0 E1 A3 AF
10:35:26
00 01 00 01 00 10 00 2B 61 29 A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 01 A3 05 A1 03 02 01 02 BE 10 04 0E 08 00 06 5F 1F 04 00 00 12 14 01 80 00 07
When I change client address for 14 the meter doesn't response. I attached the setting for secured connection.
Hi,
Hi,
You need to change your client address to something else than 0x10. You can try with 1 and 0x11.
Ask what client address should be used from the meter manufacturer if fails.
BR,
Mikko
Finally I connected with this
Finally I connected with this meter. I was changing client address as you mentioned and I finally hit it in address 0x02. Now I have got full access to the meter and can read Load profiles. Thank you for your help.
Hi,
Hi,
Thank you for this information. Sometimes it's pain to find the correct settings because only the manufacturer knows them. Now it should be easy.
BR,
Mikko
Hi, kuba245, can you write
Hi, kuba245, can you write the email address which you used to ask for these authentication details?