OMFG; I am in Perth, I have the same system, the very same problem and solved it almost the same way and was in the process of writing it up.
The system uses RS422, with a base64 encoded AES key in the aaservice binary, and I was contemplating building an esp32 based open source implementation of the controller.
Tiny QOL change without too much work, you could install something like teamviewer on the tablet, and now you're able to control your AC remotely from your PC, your phone, or anywhere!
The MyAir (or e-Zone) app can already be accessed remotely. You install the app on your phone and pair it with your system by connecting to the same LAN. After the initial pairing it can be used from everywhere.
Hey - As the owner of a similar system I have a question for you - do you use their phone app to control your system from your phone in/out of the house, and did it still work after this?
Cool, that's all I needed to know, I'll be following in your footsteps at some point, thanks for taking the leap and doing all this :)
Now back to connecting an orange-pi zero to the petcube cam someone bought me for Christmas. I've found TTL pins on there and I want to know what's going on...
This is from my earlier notes, hope it helps some.
Pin 1: RS422 +/B
Pin 2: RS422 -/A
Pin 3: ? - appears to be unused; connected to unpopulated pad on PCB
Pin 4: GND
Pin 5: ~14.2v DC unloaded
Pin 6: GND
Pin 7: ?
Pin 8: ?
Shield: GND
Note: the RS422 protocol has a basic bus arbitration built-in to allow both ends to communicate. The control unit sends <U>Ping</U=xx> messages, after which it opens a slot for the Tablet to communicate back to it. At least on my system xx represents a simple CRC value that can be used to validate message authenticity. I haven't seen any AES encryption in use, messages I've seen are all plaintext, maybe the AES encryption was introduced in a later revision.
Interesting, not sure what's going on there then.. how recently was your system installed? Maybe they have updated the pinout on newer models? I'll go back and check though.
I got inspired, and have plugged in my scope, and then an RS422 to serial adapter, and I'm getting XML encoded (weird) CAN messages, which I presume are the same as what's on the CAN bus exposed on some of the control box's ports. I'll get out the can analyser tomorrow and check.
Now the trick will be to reverse engineer this protocol. Here's a tiny sample:
The AES encryption might be related to the android intent messages that are sent to the AAservice. I recall they had an encrypted mode and a "signed app" mode that AAservice will respond to
I have decompiled the apk and it produced a somewhat useful (but incomplete) package of Java source files, which can be useful for reverse engineering the serial protocol. For example:
<string name="parse_block_tag_ping"><U>Ping</U=db></string>
...
private static final byte[] f2305f = "getCAN ".getBytes(Charset.defaultCharset());
private static final byte[] g = MyApp.a().getString(R.string.parse_block_tag_ping).getBytes(Charset.defaultCharset());
private static final byte[] h = MyApp.a().getString(R.string.parse_block_tag_startu).getBytes(Charset.defaultCharset());
private static final byte[] i = "<request>Unknown</request>".getBytes(Charset.defaultCharset());
You can do the same, or alternatively ping me if you'd like me to email you the source package.
I have reached out to your email address (as described in your profile) with some additional information that I've been putting together. Let me know if you didn't receive my mail.
What the hell, why does a control system need an AES-secured control channel at all? The only possible intention is to make interop more difficult. If they wanted security then they wouldn't use a hard coded AES key.
The biggest maker of garage door openers in the U.S. has done the same thing. For a button that goes on the wall to open the door, now it sends an encrypted code instead of just shorting two wires so that you have to use their button instead of a regular doorbell button like people have been doing for decades.
I can't recommend ratgdo (Rage Against the Garage Door Openers) project highly enough. It implements the protocol and allows you to interact with the door: https://paulwieland.github.io/ratgdo/
The protocol itself is crazy, with obfuscated ternary data (instead of binary). People who reversed it are heroes.
Chamberlain and Liftmaster do this. They’re both owned by Chamberlain group and I believe they are the two most popular brands.
It’s caused tons of headache for people doing home automation stuff, especially since Chamberlain has cut off API access to home assistant. Then the home assistant people figure they’ll just rig a raspberry pi or something to short two wires, but then they hit this encryption nonsense.
I was looking into replacing the old unit with a new one with myq but then read about all the problems and decided to give this a shot. 3 years in and it's been a good decision.
so if the company has established they're willing to go that far to lock customers into their ecosystem and milk for $$$... it's not inconceivable that they also engineered (or chose not to fix) the cheap flash + chatty logging hardware failure for the same purpose.
I would switch brands instantly. This is a company that has no customer orientation and I have never seen a company recover from that (they might have financial success, but they will never create good products again). They probably will sell you expensive crap. This time the device was fixable, but the manufacturer worked against the user on that.
Shouldn't have to replace the aircon/heat-pump components, only the controller hardware. OP indicated that a new control system would be about $1700 (I assume AUD), or 14-17% of their 10k-12k estimate for the whole build.
Unless this scummy manufacturer also works with the aircon makers to lock those to their controllers. (That would be a great lawsuit to watch.)
They made the analysis, how long the flash will live and saw, that it will make it out of the warranty period. Thus they did not opt for more durable and expensive flash and/or software change.
I've seen this myself before. One process step before release of the control module was a write cycle analysis to make sure the unit will live for at least 10 years (i think) before the guaranteed write cycles of the flash memory were consumed.
You're both missing one of the more likely explanation.. that nobody gave much thought about how long the device would last. "It's solid state electronics, it'll probably outlast the warranty anyway".. I can imagine an aircon company puts a lot of effort into analyzing the air-conditioning unit itself to make sure it lasts at least as long as the warranty, with good margin. But I can totally see them winging it on an external control device, which was perhaps even a project they outsourced anyway.
I don't think actual malicious planned obsolescence is as prevalent as many believe. A device breaking right after warranty is not a good strategy to get repeat customers. It's also a huge risk if you miscalculated and you suddenly get a lot of warranty cases. You want a lot of margin there.
I've been involved in the design of a thing myself, where something the manufacturer hadn't clearly communicated - and we just barely caught - could have made the device die just around a typical warranty period for such a device. When we found out, of course we worked on this problem to make sure it didn't die prematurely.
Advantage Air doesn't produce ACs. They produce smart home solutions, including AC controllers. They're not winging it on an external control device, they're cheaping out on their main product.
Also, their claim is that they're not outsourcing. If you check their website, it claims everything is designed and manufactured in Australia.
Nevertheless, I'd have given them the benefit of the doubt if it were not for:
1. The only option being a full system replacement.
2. Communication protocol being encrypted.
3. App being locked down to certain hard-coded models.
None of these give me any hope that this is a well-meaning company that just has some issues.
Also, I think a company that sells a product most customers would only buy once or twice in their lives is not a company that expects many repeat customers.
> Also, their claim is that they're not outsourcing. If you check their website, it claims everything is designed and manufactured in Australia.
Looking at pictures like [1] and [2]
I suppose it's possible they're making their own generic android tablet control panel,
designed and manufactured in Australia
and they just happened to add a camera, side-mounted USB charging connector, a headphone socket, microsd card slot, and a battery charge level indicator, loads of space for a battery that isn't present, a connector named VBAT
and also a chinese-language bootloader
but accidentally forgot to include the power and data connector they need, poking out the back of the device
so they had someone bodge it on afterwards by hand with a soldering iron
but IMHO it's more likely they mean
"manufactured in Australia from components sourced internationally"
and one of those components is a generic android tablet.
Should've added a bit more snark to that line to properly communicate that I absolutely don't believe their claims that everything is designed/made in Australia.
It's very obvious they just went for the cheapest bottom-of-the-barrel tablet Alibaba has to offer on one of their main products. I wouldn't trust this company to do anything competently.
Locking in the model numbers for me is particularly icky. They are leveraging the Android and therefore Linux and open source communities efforts to make this custom display which would have cost them an arm and a leg to have custom built with half the features - then turning around and sticking two fingers up at those communities.
I generally treat my tablets and phones very well. I wouldn't trust a tablet, at scale, to last much beyond three years. By "at scale" that means, say, a replacement rate of less than 10%.
By contrast ACs are on the decadal scale.
Integrating a tablet can't work. It's a dumb idea from the outset.
Similar hardware can work. There are touchscreen UIs that do last for a long time, especially on an AC unit where they're not getting used all the time. But they aren't tablets. In particular I'd finger the lithium ion batteries optimized for tablet-style usage as something you don't put into a system you want to last about ten years. Most of my tablets "die" when the battery just becomes unusable.
And you probably want an LCD chosen for robustness rather than being the cheapest possible high resolution display... again, plenty of LCDs can last for a long time, but the trifecta of "high resolution", "cheap", and "lasts a long time" is asking an awful lot for a fleet of systems. ("Cheap" and "lasts a long time" is, by contrast, readily available; it just won't be pretty. But it'll work fine.) And by "high resolution" I don't mean "retina display", just anything suitable for a tablet. Ye Olde 640x480 is plenty for an AC display, even in monochrome.
You want something pretty, give it a way for a real app to access it on the network. Except don't bother, really, because there's no way you're going to maintain that for 10 years either.
> I don't think actual malicious planned obsolescence is as prevalent as many believe.
I've been saying this for a while.
Consumers are insanely price-sensitive while also short-sighted. They'll buy a $20 blender that will die in a year rather than the $100 blender that will last a lifetime.
Manufacturers know this and there's a race to the bottom on pricing. To get pricing as low as possible, quality and durability take a hit.
> They'll buy a $20 blender that will die in a year rather than the $100 blender that will last a lifetime.
One problem for consumers is that often it's very hard to tell which is which. There is no guarantee that a $60 item won't just be overpriced garbage which is as bad (or worse if they spent much of that money on unnecessarily complex features that reduce reliability) as the $20 one, so always picking the cheaper item that superficially might seem good enough is not necessarily irrational.
(of course this doesen't necessarily apply to all brands yet)
> Consumers are insanely price-sensitive while also short-sighted. They'll buy a $20 blender that will die in a year rather than the $100 blender that will last a lifetime.
It's so much worse than that... They'll buy a $500 blender that lasts 6 months if it comes with sufficient "smart" technology integration to make them feel like they're buying into a futuristic lifestyle that others can be jealous of.
Hence, home AC units controlled by fancy tablets (which are actually shit) instead of thermostats (analogue or even monochrome LCD digital units) on the wall. Because tracking down wherever your family members wandered off to with the control tablet is so much easier than simply turning a knob or pushing a button that never moves because it's screwed into place... It must be better, it's new and expensive....
Having worked with clients who apparently have little clue about technical details of what’s supposed to be their core tech, I’ll attribute to laziness or stupidity unless there’s ample evidence suggesting otherwise.
>I don't think actual malicious planned obsolescence is as prevalent as many believe.
Working in the electronics industry, I have never once heard anyone talk about this. Engineers love engineering, and if it was real their would be a whole field devoted to it. But there isn't.
Also, since this board is stacked with software guys...
Planned obsolescence is way easier to implement in software. How many of you have been asked to put a time bomb in a warrantied product?
Planned obsolescence is a term that lay people use to describe unfortunate breaking of things that are sufficiently complex to be considered "a magical black box". In reality it is just another apparition of Murphy's law.
Last time this topic came up on HN an engineer whose job it is to do these calculations and then re-engineer products not last as long popped into the thread
I'm pretty sure what happens in reality is that someone makes a crappy product and then the warranty claims keep coming and because warranty claims cost them money, they keep improving the quality until the warranty claims stop coming. It's not that they wouldn't improve the quality, it's that the bean counters don't see it in their spreadsheets and thus no time is allocated to engineers building the next revision.
In other words, _Never attribute to malice that which is adequately explained by stupidity._
This device should not need to write to storage. It has to save settings when the user manually changes them, which can't be more than a few kilobytes per year. Any other writes are likely an oversight on the developer's part.
Companies don't encrypt anything unless required. Except for code and databases...they encrypt and obfuscate those to keep people running back to them.
Anti circumvention laws don’t require good locks to provide the manufacturers a legal cudgel to use against anyone with the temerity to think they have the right to use and fix things they have paid for. The law (DMCA in the US, it looks like something called the Digital Agenda Act in Australia) is the real lock, not that AES key.
In theory, connected devices that control large energy loads ("large" on a household level of energy consumption) can be coordinated at scale to "attack" the power grid via instantaneously switching 1000's of units on and off at the same time.
That being said it's more likely the hardware mfg is just trying to claw in more margin.
I've got one of these systems too. Mine hasn't died yet, touch wood, but I was concerned enough about the possibility that I went as far as documenting the comms protocol and starting to design a pi hat to talk to the main control board.
Do it!
I don't live in Australia or have on of these systems, but I was intrigued by how the OP had gone around the company to save themselves 1500! I'm curious to see how people are resolving things like this, so that if I have issues myself sometime, I have ideas on where to start or what is necessary :)
sounds like the memory storage is failing on some sort of logging systems for these to be going down at the same time-ish (same number of logs per day written etc over cheap flash).
It is a conversation I have had with many a jr dev. 'ok you are logging this how much space is that going to take? how long do you want to keep it? what is your rotation schedule?'
I usually get the 'oh did not think of that' because logging is a serious afterthought in many cases. It is boring and you just drop in log4j and log away right?
Reading the original post, wouldn't be a super cool idea to make a little ESP or RPI based system which acted as a controller for the airco and a network bridge? Then literally anything could interface with it. You wouldn't even need to wire it up. No need to install some shitty app from a company who are quite clearly c*ts.
I'm sure that they made things more difficult by employing proprietary hardware wherever they can (also to discourage competition), but yes, there are a bunch of sensors and actuators in there and any board with the appropriate i/o capabilities should be able to interface to them, however writing a working firmware would be next to a nightmare: how do you find developers who want to spend months reverse engineering an AC and also know enough about ACs to put together something that works?
Replacing household appliances brains with open counterparts would be a heck of a business opportunity to revive or prolong the life of dead/obsolete products, however I guess finding people who are interested enough to do that with FOSS, essentially selling only hardware and installation services would be really hard.
It's just a pin out interface controlled via software to turn things on or off. Its trivial. Get a raspberry pie, lookup the pinout docs stuffed away in your home manuals drawer, and write the measly logic required. The most difficult part is whipping up a UI and building the scheduling logic, if want/need it.
Timezone effect, I think. Just us and the whole of East Asia online now. The Poms and Europeans are just about to wake up, and the Americans have logged off for the night.
At least there's EU legislation that's slowly improving as well ensuring longer term warranties and the like. I hope that for household appliances like aircon or solar panels this warranty or support is set to its expected lifetime of 15-20 years. In this case, it should be mandatory that the control system can be easily swapped out by an aftermarket replacement, just like central heating thermostats are.
(in fact, replacing basic central heating thermostats with a tablet device has been very successful for one energy company in my country, see https://www.eneco.nl/energieproducten/toon-thermostaat/; it wouldn't have been possible if the thermostat data thing was some complicated / encrypted nonsense)
My own aircons are just simple individual items that are interchangeable between rooms.
There is no single control for the whole house but on the other hand I never let it run when I am away and I am never in 2 rooms at the same time so I just close the door so I only have to keep one room cool. I fail to see the need of an aircon I could control remotely with a smartphone or any smart bullshit system that control every room at the same time. And I think if I ever needed that I would probably just control the individual aircon via small esp32 with irtransmitter driven by a home server. That way the individual remotes would still be usable in case of an individual failure.
I have two separate aircons in our apartment. They both plugin to the wifi and I can control them locally from my home assistant instance. When hass detects nobody is at home, it will just automatically turn off both aircons with all the lights.
It is also handy if it is extremely hot like now and we're both out to monitor if it gets over 30 inside, so we can remotely get it cooler so the plants, cats or server will not suffer too much.
It's that golden hour where AU/NZ are up, Californian nerds are up and chilling and EU/UK are getting their first (or second) dose of caffeine. Just missing our East-Coast buddies :-)
They skimped on the tablet, grabbing a <$100 device for cheap. It should be a ruggedized / semi-industrial device with an expected lifetime as long as the device it controls, so at least 15-20 years.
That would set them back at least $800 (2021 prices: last time I had to spec a ruggedized tablet), which probably means $1200 out of the customer's pocket.
OTOH, they can find an industrial display + a Linux SoM (system-on-module) that can run linux or Android for under $200 in quantity.
Same diff though: no one cared, so they got what was cheap.
The system uses RS422, with a base64 encoded AES key in the aaservice binary, and I was contemplating building an esp32 based open source implementation of the controller.
That's a crazy weird coincidence.