srne-mqtt/Protocol.md

4.3 KiB

Protocol

The protocol checksum is litle-endian CRC16-MODBUS, but the data itself seems to be big-endian (network order). It is structured around 16bit words (read 4 returns 8 bytes).

I have seen the "Transfer ID?" field containing 0xFF and 0x01, I am not yet sure of the putpose of this field. Most transactions it is set to 0xFF.

Reading

Read request

   ┌──────────────┐
 ╔═╡ Transfer ID? │
 ║ └──────────────┘
 ║    ┌────────────────────┐
 ║  ╔═╡ Operation (3=read) │
 ║  ║ └────────────────────┘
 ║  ║      ┌───────────────┐
 ║  ║    ╔═╡ Start address │
 ║  ║    ║ └───────────────┘
 ║  ║    ║       ┌────────────────────────────────┐
 ║  ║    ║     ╔═╡ Number of 2-byte words to read │
 ║  ║    ║     ║ └────────────────────────────────┘
 ║  ║    ║     ║       ┌─────────────────┐
 ║  ║    ║     ║     ╔═╡ Transaction CRC │
 ║  ║    ║     ║     ║ └─────────────────┘
┌╨─┬╨─┬──╨──┬──╨──┬──╨──┐
│FF│03│00 0C│00 08│91 d1│
└──┴──┴─────┴─────┴─────┘

Read response

   ┌──────────────┐
 ╔═╡ Transfer ID? │
 ║ └──────────────┘
 ║    ┌────────────────────┐
 ║  ╔═╡ Operation (3=read) │
 ║  ║ └────────────────────┘
 ║  ║    ┌──────────────────────────┐
 ║  ║  ╔═╡ Number of bytes returned │
 ║  ║  ║ └──────────────────────────┘
 ║  ║  ║    ┌──────┐                    ┌─────────────────┐
 ║  ║  ║  ╔═╡ Data │                    │ Transaction CRC ╞═╗
 ║  ║  ║  ║ └──────┘                    └─────────────────┘ ║
┌╨─┬╨─┬╨─┬╨──────────────────────────────────────────────┬──╨──┐
│FF│03│10│20 20 20 20 4D 4C 32 34 32 30 20 20 20 20 20 20│FD 17│
└──┴──┴──┴───────────────────────────────────────────────┴─────┘

This particular memory section contains the device SKU: ML2420

Writing

Write request

   ┌──────────────┐
 ╔═╡ Transfer ID? │
 ║ └──────────────┘
 ║    ┌─────────────────────┐
 ║  ╔═╡ Operation (6=write) │
 ║  ║ └─────────────────────┘
 ║  ║      ┌─────────┐
 ║  ║    ╔═╡ Address │
 ║  ║    ║ └─────────┘
 ║  ║    ║       ┌──────┐
 ║  ║    ║     ╔═╡ Data │
 ║  ║    ║     ║ └──────┘
 ║  ║    ║     ║       ┌─────────────────┐
 ║  ║    ║     ║     ╔═╡ Transaction CRC │
 ║  ║    ║     ║     ║ └─────────────────┘
┌╨─┬╨─┬──╨──┬──╨──┬──╨──┐
│FF│06│01 0A│00 01│7C 2A│
└──┴──┴─────┴─────┴─────┘

The data at 0x010A is a boolean controlling the load output switch.

Write response

Seems to return exactly the same as the data written, presumably to allow verifying that the data did indeed get written.