My small contribution to write a Sermatec-Ess CLI 光储一体机协议
Maybe one day:
``` $ ./sermatec-ess Usage: sermatec-ess [OPTIONS] [COMMAND]
Commands: get Get a specific things list Get listing of all things daemon Daemon mode use sermatec-ess as a MQTT client help Print this message or the help of the given subcommand(s)
Options:
-i, --inverter
```
$ ./sermatec-ess list
--===~ Sermatec ESS CLI AND MQTT PROXY ~===--
Asking to Sermatec Inverter 10.10.100.254:8899
listing commands:
sermatec-ess get --el 0a : Battery information display sermatec-ess get --el 0b : Control cabinet information display sermatec-ess get --el 0c : Equipment running status sermatec-ess get --el 0d : bmsMeter connection status sermatec-ess get --el 1e : BMS alarm information display sermatec-ess get --el 1f : System fault status display sermatec-ess get --el 64 : Control command settings () sermatec-ess get --el 66 : Operating mode setting () sermatec-ess get --el 67 : Working parameter setting 2 () sermatec-ess get --el 68 : Time Calibration Settings () sermatec-ess get --el 69 : Grid battery type setting () sermatec-ess get --el 6a : Operating mode setting 2 () sermatec-ess get --el 70 : reset () sermatec-ess get --el 71 : Set mandatory charging and discharging information () sermatec-ess get --el 94 : Set WIFI password () sermatec-ess get --el 95 : Set parameter query sermatec-ess get --el 98 : System Information Query sermatec-ess get --el 99 : total power data sermatec-ess get --el 9a : Grid power data sermatec-ess get --el 9b : Load power data sermatec-ess get --el 9c : Grid battery power data sermatec-ess get --el 9d : Set parameter information 2 sermatec-ess get --el 9e : Set router information () sermatec-ess get --el 9f : Set cloud server information () sermatec-ess get --el a1 : Query DRM status sermatec-ess get --el a2 : Forced charge and discharge information sermatec-ess get --el a3 : Local WIFI module network configuration () sermatec-ess get --el b0 : Set up routers and servers () sermatec-ess get --el b1 : Query routers and servers sermatec-ess get --el ba : Register settings () sermatec-ess get --el bb : Register query () () DO NOT USE! ```
./sermatec-ess get --el 98
--===~ Sermatec ESS CLI AND MQTT PROXY ~===--
Asking to Sermatec Inverter 10.10.100.254:8899
protocol version number: 609
Battery manufacturer number (code list): PYLON Low-voltage Battery 485
model code: 5kW
product_sn: STXXXXXXXXXXXXXXXXXXX
product_sn_ln:
All Working fluently with Home Assistant MQTT Discovery!
``` $ ./sermatec-ess daemon --help Daemon mode use sermatec-ess as a MQTT client
Usage: sermatec-ess daemon [OPTIONS] --host
Options:
-m, --host
$ ./sermatec-ess daemon --host 10.10.100.42 --port 1883 -k
--===~ Sermatec ESS CLI AND MQTT PROXY ~===--
Asking to Sermatec Inverter 10.10.100.254:8899
Detaching from terminal
$
I'm looking for 5K PCU firmware, specificly for PCU5KSL_609.bin please help me :)
You can dump payload exchanges beetween your phone and the inverter using PCAPdroid on f-droid to help.
BB is a special query to ask internal registers.
(we connect as a client on the Sermatec Interter)
When TCP Stream is open we can use OSIM protocol
(Sermatec Interter connects itself to the wifi access point)
Sermatec Interter try to connect to IP cloud server on default port 19042 every second.
* THIS IS A SECURITY ISSUE *
* THIS IS A SECURITY ISSUE *
Register query (BB) is a two messages parts! If you send only first message, you block state-macine forever and must reboot.
8.209.71.159 is Sermatec European Cloud server: you can try.
$ netcat -o 19042.txt 8.209.71.159 19042
...
cat 19042_2.bin
< 00000000 fe 55 64 14 98 00 00 4c ae # .Ud....L.
< 00000009 fe 55 64 14 98 00 00 4c ae # .Ud....L.
< 00000012 75 9a b0 f9 8a 06 68 85 fc # u.....h..
< 0000001b 75 9a b0 f9 8a 06 68 85 fc # u.....h..
Interesting, because I do not know "75 9a". Maybe for another hardware?