Radiocrafts MBUS Series User Manual Download Page 26 | Manualshive

Page: 26 / 61

background image

Page

25

of

60

©

2019 Radiocrafts AS

MBUS User Manual (ver 2.01)

MBUS USER MANUAL

6 Encryption and decryption

The module supports AES-128 encryption for both extended link layer (ELL) encryption and transport layer (TPL)
encryption.

6.1 Key exchange

When a slave is produced, it is normally programmed with a unique ID and a corresponding unique key. These ID-
key pairs must be kept in a central database.

When a slave requests to be installed at a gateway, the gateway host MCU must request the encryption key from
the central utility data base. This is done over a secure connection. The host MCU then programs the key for the
slave into the same register location number as is used for installing the slave ID. The

‘K’-command is used for this.

The slave must have its own key installed at register location number 0x01.

Figure 13

– Encryption key lookup

6.2 Enabling Encryption and decryption

When the key is registered on the master side, the slave and master can start using encryption.

Two conditions needs to be met for encryption and decryption to take place:

1. Encrypt or decrypt flag (or both) needs to be set in the flag register for each slave that requires encryption.

For the gateway the flag register corresponding to that particular slave needs to be used. On the slave side
register number 1 must be used.

2. Encryption needs to be defined in the packet header when sending the packet to the RC1xxx-MBUSx

module. Here there are two options, and how encryption is defined is slightly different for the two options.

o

Link Layer Encryption

o

Transport Layer Encryption

6.3 The flag register

There are two configuration parameters in NVM named ENCRYPT and DECRYPT. These will set the
encrypt/decrypt flags in the flag registers for all register location numbers when the device is booted. The flag
registers are in RAM and are also referred to as auto-message flag register

s. They can be edited with the ‘A’-

command.

6.4 Link Layer Encryption

If you want to use Link Layer encryption, you need to use the Extended Link Layer (ELL).

If both Link Layer encryption and Transport Layer Encryption is defined

– LinkLayer encryption will be used.

The ELL encryption mode 1, uses the counter mode (AES-128-CTR) and does not need any padding of data.

«
...
24
25
26
27
28
...
»

Summary of Contents for MBUS Series

Page 1: ...MBUS User Manual RC11xx MBUS3 RC1701HP MBUS4 Important note This User Manual contains patented technology See page 6 for more information ...

Page 2: ...RS 22 5 2 THE INSTALLATION AND BINDING PROCESS 22 5 3 EXAMPLES 24 6 ENCRYPTION AND DECRYPTION 25 6 1 KEY EXCHANGE 25 6 2 ENABLING ENCRYPTION AND DECRYPTION 25 6 3 THE FLAG REGISTER 25 6 4 LINK LAYER ENCRYPTION 25 6 5 TRANSPORT LAYER ENCRYPTION 26 6 6 MAILBOX PRE ENCRYPTION 26 6 7 EXAMPLES 27 7 TWO WAY COMMUNICATION 30 7 1 MAILBOX REGISTER 30 7 2 FLAG REGISTER AUTO MESSAGE FLAG REGISTER 31 7 3 MAIL...

Page 3: ...erface packet transmission RXD pin 11 Figure 5 UART interface packet reception TXD pin 11 Figure 6 State diagram State transitions for autosleep is not shown 16 Figure 7 Timing definitions from RESET or SLEEP to IDLE 17 Figure 8 Timing definitions in and out of CONFIG 17 Figure 9 Timing definitions in and out of MEMORY_CONFIG 18 Figure 13 Timing definitions commands with arguments but no response ...

Page 4: ...h companion standard EN13757 4 2013 Wireless M Bus Standard OMS Open Metering System companion standard NVM Non Volatile Memory LBT Listen Before Talk SML Short Message Standard please see EN13757 4 for details DLMS Please see EN13757 4 for details VIF Value Information Field please see EN13757 4 for details DIF Data Information Field please see EN13757 4 for details ...

Page 5: ...must contain the message length sent over UART The maximum lengthbyte is 0xF6 since link layer header is added automatically The module will transmit the data when the whole packet is received See page 11 for details about the frame format for transmitting data Details about sending and receiving packet data is found in chapter 2 3 How do I receive data Any received RF data packet with correct Wir...

Page 6: ...des C1 S1 S2 T1 T2 N1 N2 Encryption AES mode 4 and 5 and ELL encryption mode 1 AES mode 4 and 5 and ELL encryption mode 1 Installation mode Yes according to OMS Yes Number of installed meters Up to 64 256 internally unlimited externally 1000 meters per concentrator Filter function Master only receives messages from installed registered meters optional Master only receives messages from installed r...

Page 7: ...nd MBUS4 to meet the T2 and N2 timing requirements for a master using an address register a flag register an encryption key register combined with an auto message generator for standard messages and its combination with a mailbox with pre generated messages or templates and a given message priority depending on incoming messages are subject to patenting Any infringements of patents and IP rights h...

Page 8: ...eceive Wireless M Bus data The UART packet content like the addition of RSSI CRC and start stop bytes can be changed in the configuration mode When the module receives a Wireless M Bus packet over RF it will send the packet over the UART interface on the TXD line When the host MCU wants to transmit a Wireless M Bus packet over the RF it must send the packet through the UART interface on the RXD li...

Page 9: ...ecuted the module responds with the prompt character again indicating it is ready for a new command Do not send a new command before the prompt is received The time required to execute a command can vary depending on the command see the Timing Information section There is no prompt after the X exit command The parameters that are set by dedicated configuration commands C P and so on take immediate...

Page 10: ... Install K 0x4B Key register L 0x4C List binding M 0x4D Memory configuration N 0x4E Access Number O 0x4F Read Auto message flag register P 0x50 Output power Q 0x51 Quality Indicator R 0x52 Read mailbox S 0x53 Signal Strength RSSI T 0x54 Destination address U 0x55 Temperature monitoring V 0x56 Voltage monitoring W 0x57 Write to mailbox X 0x58 Exit command Y 0x59 Memory Read one byte Z 0x5A Sleep mo...

Page 11: ... of bytes from the UART add packet information according to module configuration and transmit The maximum length of the message sent to the module is 0xF6 the minimum length is 0x01 The maximum length corresponds to 255 bytes including the link layer as transmitted on the air The length byte values 0xF6 have been given some special meaning in the RC modules and are referred to as softcommands sinc...

Page 12: ...on mode To transmit only a HEADER without Application data CI APPL_DATA a L 0xFE can be sent to the module UART without additional bytes Frame format when receiving data The data frame for the UART TDX pin Output for received Wireless M Bus packets is built like this Figure 5 UART interface packet reception TXD pin Data in blue and yellow are optional output parts of the UART message and can be en...

Page 13: ... Slave is installed and the Master is configured for filtering it will decode the message and send the data on its serial interface TXD pin In two way communication modes the battery operated meter slave will keep the receiver on for a short time During this time slot the master can acknowledge the received message in order to open the communication channel NTA 8130 or send a command OMS and there...

Page 14: ...ormat used for transmission of messages is set by the PREAMBLE_LENGTH parameter as described below The number of channels in mode N were extended in the 2018 revision of EN13757 4 This revision also added a new data rate at 6 4 kbps The channel and data rate settings to support this is shown below The MBUS4 support both Application Layer i e Transport Layer encryption and the new Link Layer Encryp...

Page 15: ...ing a Slave NETWORK_ROLE 0 or a Master NETWORK_ROLE 1 and change according to receive transmit It will override any setting in the RF_CHANNEL configuration register T2 master MBUS_MODE 2 NETWORK_ROLE 1 R2 RF_CHANNEL 1 10 MBUS_MODE 4 The data rate 4 8 kchip s and preamble length are set internally in the module according to the R mode C1 MBUS_MODE 9 C2 MBUS_MODE 8 C1 T1 MBUS_MODE 10 The RF channel ...

Page 16: ...n data as soon as the whole packet is received based on the packet length first byte of the application frame The module also has a timeout feature that will empty the input buffer in case of false data packets The default timeout is 2 seconds Max total payload is 246 bytes giving 255 bytes when including the header in the first block ...

Page 17: ...ode and needs to be woken up by sending 0xFF on UART RXD to enter IDLE state IDLE This is the normal state where the module both searches for preamble on RF if enabled and wait for a character to be received on the UART RXD The state when receiving characters on UART from the host filling up the internal buffer TX When the data is transmitted on the air RX When data is received from the air after ...

Page 18: ...sent without delay from Sleep to Config For higher UART baud rates add 2 ms delay before setting Config mode 3 3 Timing in and out of CONFIG mode For tCONFIG_PROMPT it is recommended to Figure 8 Timing definitions in and out of CONFIG Table 7 Timing numbers in and out of CONFIG Symbol MBUS3 MBUS4 Description Note tCONFIG PROMPT Wait for prompt Time from 0x00 on UART RXD or CONFIG pin is set low un...

Page 19: ...d out of MEMORY_CONFIG Symbol MBUS3 MBUS4 Description Note tMEMORY CONFIG 31 ms 31ms In this period the internal flash non volatile memory is programmed Do not reset turn the module off or allow any power supply dips in this period as it may cause permanent error in the Flash configuration memory After the last command parameter byte the host should wait for the prompt before any further action is...

Page 20: ...T_BYTE Varies with UART datarate B K TWAIT_1 3 9 ms 7 8ms 50us B K TWAIT_2 45 ms 55 ms In this period the internal flash non volatile memory is programmed Do not reset turn the module off or allow any power supply dips in this period as it may cause permanent error in the Flash configuration memory After the last command parameter byte the host should wait for the prompt before any further action ...

Page 21: ...configuration settings and RAM values are retained during SLEEP 4 2 MBUSx Automatic Sleep It is also possible to configure the module to enter SLEEP automatically after a message has been transmitted SLEEP_MODE 1 With this setup the module has to enter TX mode transmit a message after power on before entering SLEEP mode first time The Slave has special support for automatic sleep after data transm...

Page 22: ...ing Slaves 4 4 Power cycling It is not recommended to turn off the module as an alternative to using SLEEP mode The combination of very low SLEEP current and fast startup gives a lower overall current consumption Current vs time for Auto sleeping slaves 2 4 kbaud UART SLEEP TX SLEEP Slave MODE Slave RXD UART UART Wake up IDLE Slave TXD UART UART TX data RX Master ACK on Slave UART I mA t 37 20 1 7...

Page 23: ...4 RAM based address key flag numbers that can be used to set up two way communication to any slave You can read more about this in chapter 7 9 The table below shows an overview of address register numbers key and flag registers Address register Key register Flag register 1 MBUS3 MBUS4 NVM MBUS3 MBUS4 NVM MBUS3 MBUS4 NVM 64 65 MBUS4 NVM MBUS4 NVM MBUS4 NVM 128 129 MBUS4 RAM MBUS4 RAM MBUS4 RAM 132 ...

Page 24: ...rafts AS MBUS User Manual ver 2 01 MBUS USER MANUAL A typical sequence for installing a slave is shown in Figure 12 Figure 12 Installation and binding process Get slave address from message Find next available address register ...

Page 25: ... can be issued here X 0x58 none Exit CONFIG mode Module returns to IDLE state Example 2 Binding a slave to a master Example Before you run the code below Set module in configuration mode Set installation mode I command In this example a slave with the following address will be bound to address register 2 MAN_ID1 MAN_ID2 ADDR_ID1 ADDR_ID2 ADDR_ID3 ADDR_ID4 ADDR_VER ADDR_DEV 0xAB 0xCD 0x12 0x34 0x56...

Page 26: ... encryption and decryption to take place 1 Encrypt or decrypt flag or both needs to be set in the flag register for each slave that requires encryption For the gateway the flag register corresponding to that particular slave needs to be used On the slave side register number 1 must be used 2 Encryption needs to be defined in the packet header when sending the packet to the RC1xxx MBUSx module Here...

Page 27: ...re set When using 0x05 the application must add the two encryption verification bytes 0x2F after the header The Initialization Vector for the encryption is extracted from the long header for CI fields 0x5B 0x60 0x64 0x6C 0x6D 0x72 0x7C 0x7E 0x80 and 0x8B For the short header CI field fields 0x5A 0x61 0x65 0x7A 0x7D 0x7F and 0x8A the Initialization Vector is partly from the link layer header destin...

Page 28: ...ed automatically Set value in configuration mode during initialization U_ID4 U_ID3 U_ID2 U_ID1 0x12 0x34 0x56 0x78 Unique ID MSB first Added automatically Set value in configuration mode during initialization VER 0x01 Version Added automatically Set value in configuration mode during initialization DEV 0x04 Device Type 0x04 Heat meter Added automatically Set value in configuration mode during init...

Page 29: ...0x44 C field 0x44 SND NR Added automatically Set value in configuration mode during initialization MAN_ID1 MAN_ID2 0xAB 0xCD Manufacturer ID MSB first Added automatically Set value in configuration mode during initialization U_ID1 U_ID2 U_ID3 U_ID4 0x12 0x34 0x56 0x78 Unique ID MSB first Added automatically Set value in configuration mode during initialization VER 0x01 Version Added automatically ...

Page 30: ...r data DATA 0x08 User data PAD2 0x2F 0x2F 0x2F 0x2F 0x2F 0x2F Padding to fill block 16 bytes RSSI Optional Controlled by RSSI_MODE CRC Optional Controlled by DATA_INTERFACE Based on the above this translates to the following packet when sent over UART 0x1D 0x72 0x78 0x56 0x34 0x12 0xCD 0xAB 0x01 0x04 0x01 0x00 0x10 0xC5 0x2F 0x2F 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x2F 0x2F 0x2F 0x2F 0x2F 0x2...

Page 31: ...ox Two Level Auto Message for handling a sequence of commands The options that come into play and the different modes of two way communication are discussed in the following subchapters 7 1 Mailbox register The MAILBOX configuration register is used to set certain features of the Auto message Generator 7 6 5 4 3 2 1 0 RR TLAM ACSM ACMB MBSM DFC A Where Acronym Description Default Value RR Reserved...

Page 32: ...ssage flags are set the most significant bit flag has the highest priority The Mailbox has priority above the standard messages Single level scheme In the single level scheme MAILBOX TLAM 0 the message is sent from the master without regard to the previous message or Access Number of the incoming message By default settings MAILBOX ACSM and MAILBOX ACMB are set and then the auto message flag is au...

Page 33: ...hall not be altered by the user If MBV was not set it means that a Standard Message was sent SMV 1 means the message sent was a response to RSP UD and msb of 0x38 in SSSSSSSS will be cleared SMV 0 means the message sent was a response to RSP UD or ACK and msb of 0x07 in SSSSSSSS will be cleared MBV Mailbox Valid See SMV description R Reserved for future use MB2 Mailbox level 2 0000 1111 Only the l...

Page 34: ... mailbox cannot be used Note If the Encryption flag is not disabled the message will be encrypted again when transmitted 7 4 Automatically reply with a standard message The table below show what slave messages and replies that can be set up using standard message autoreply Other replies needs to be set up using mailbox Table 10 Standard message autoreply codes Slave Master C Name CI Name Automessa...

Page 35: ...tion as determined by the signature and the Encryption enable flag is set the time to encrypt the message on the fly might violate the 2 3 ms response time in T mode Templates with more than one block to be encrypted can only be used for S mode up to 50 ms response time In this case the pre encrypted mailbox message must be used 7 7 Two level auto reply Using the two level Auto message handler TLA...

Page 36: ...rect response time as handled by the module An infinite number of slaves can be supported in the host only limited by the memory and processing power of the host controller interacting with the module over a special protocol The master module is still handling the response timing and message encryption The same protocol can be used for the 122 slaves without flag registers When a slave message is ...

Page 37: ...Page 36 of 60 2019 Radiocrafts AS MBUS User Manual ver 2 01 MBUS USER MANUAL Figure 14 Key challenge diagram ...

Page 38: ...ompt Alternative Assert CONFIG pin De assert CONFIG after prompt W 0x57 W command entered Wait for prompt 1 0x01 none Write to mailbox 1 0x43 0x1D 0x6D 0x04 0x03 0x02 0x01 0xAE 0x0C 0x01 0x07 0x7D 0x00 0x10 0xC5 0x2F 0x2F 0x01 0x32 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x2F 0x2F 0x2F 0x2F C field SND UD2 Length excluding C field and Length byte CI field Address Address Address Address 16 bytes t...

Page 39: ...for prompt A new command can be issued here X 0x58 none Exit CONFIG mode Module returns to IDLE state Example 7 Encrypt mailbox 1 Example To encrypt the contents of mailbox 1 make sure that destination address in message matches a message that is bound to the master Also make sure that encryption methode and number of bytes to be encrypted is set in the message itself Command Hex Response Comment ...

Page 40: ... The Repeater supports repetitions using the ELL or the TPL short and long The Repeater generates a SND NR management message every 240 minutes This message indicates that the Repeater is alive and working The Repeater can be set in Installation mode by activating setting low the Install button input pin 25 Development Board S5 for 1 second The LED driver output pin 29 Development Board D1 red LED...

Page 41: ... for details If PA_TABLE_EXTENDED 0 the module is backward compatible using the 5 steps in RF_POWER The LBT feature is enabled by setting LBT_ENABLE 0x01 The following parameters configure the LBT LBT_RSSI_THRESHOLD LBT_MAX_ATTEMPT LBT_BO_PERIOD LBT_BO_FLAT LBT_MAX_DELAY These parameters should be set according to CIG recommendations The host controller may send 0xFA to override LBT for the follow...

Page 42: ... 3 bytes of flags See chapter 7 for details on the flags Prompt B 0x42 Bind Argument Options Returns Register 1 64 MBUS3 1 128 133 254 MBUS4 none M_ID2 M_ID1 0x00 0x7F 0x00 0xFF none U_ID4 U_ID3 U_ID2 U_ID1 0x00 0xFF 0x00 0xFF 0x00 0xFF 0x00 0xFF none VER 0x00 0xFF none DEV Please refer to MBUS standard for defined device types Prompt This command is used on the master side to bind slaves to this ...

Page 43: ... the mailbox to look up the correct key and encryption methode Therefore the message in the mailbox must be a properly formed MBUS message F 0x46 C field This command is used to change the volatile paramter C_FIELD in RAM The C_FIELD config parameter is added to the outgoing message and must not be included in the message set over UART Argument Options Returns C field 0 255 Prompt There is no rest...

Page 44: ...eys k 0x6B Key RAM based installation addresses Argument Options Returns Register 129 132 MBUS4 none Key 16 byte key Prompt L 0x4C List Binding This command returns the address of the slave stored at the given register number Argument Options Returns Register 1 64 MBUS3 1 128 133 254 MBUS4 8 byte address to slave installed at this register number Prompt This command is used as a part of the Instal...

Page 45: ...lso has a limited number of writecycles 10000x and we therefore strongly recommend that you do not use the M command in field only when configuring and testing your module as part of your production test N 0x4E Access Number This command sets new specific access number Argument Options Returns Access 0x00 0xFF Prompt Note Access number is normally auto incremented O 0x4F Read Auto message Flags Th...

Page 46: ...t Options Returns none none 1 byte quality number Prompt The module provide a digital Received Signal Strength Indicator RSSI through the S command or attached to the received messages RSSI_MODE configuration parameter The RSSI value appended to a received message is the signal strength of that received packet The RSSI value is an 8 bit character one byte indicating the current input signal streng...

Page 47: ...x00 0xFF 0x00 0xFF 0x00 0xFF none VER 0x00 0xFF none DEV Please refer to MBUS standard for defined device types Prompt U 0x56 Temperature monitoring Argument Options Returns none none 1 byte temperature Prompt The module provides readings of a digital temperature monitoring sensor TEMP through the U command The module returns an 8 bit character one byte indicating the current temperature in degree...

Page 48: ...30 mV step The power supply voltage is given by V VCC dec 0 030 V example VCC 0x68 equals 3 12 V W 0x57 Write to Mailbox Argument Options Returns Mailbox 1 16 Prompt Message Message in accordance with standard Prompt The format for writing to the mailbox is Mailbox number C field Length CI field followed by the rest of the message The mailboxes are typically used for setting up automatic two way c...

Page 49: ...riting to NVM flash and this operation must not be interrupted by for example a reset or powercycle Interrupting the NVM update may leave the configuration memory corrupted Caution The NVM also has a limited number of writecycles 10000x and we therefore strongly recommend that you do not use the RC command in field only when configuring and testing your module as development or as part of your pro...

Page 50: ...e none Prompt 3 0x33 RX mode TX off Argument Options Returns none none Prompt 4 0x34 IDLE Argument Options Returns none none Prompt 7 0x37 Antenna Tuning This test mode is an antenna tuning function It will scan frequency range 2 MHz around the centre frequency 5 seconds between transmissions and 200 kHz separation between test frequencies Argument Options Returns none none Prompt MBUS 4 only The ...

Page 51: ...MBUS3 1 10 MBUS4 1 41 Default RF channel See data sheet for channel frequencies Only used for R mode MBUS3 and N mode MBUS4 MBUS3 0x01 MBUS4 0x03 RF_POWER 0x01 1 5 Default RF output power See data sheet for output power levels RC1180HP 0x03 Others 0x05 DATA_RATE 0x02 RF data rate MBUS3 MBUS4 1 0x01 2 4kbps 2 0x02 4 8kbps 3 0x03 NA 4 0x04 19 2kbps 5 0x05 6 4kbps MBUS4 0x01 MBUS_MODE 0x03 M Bus mode...

Page 52: ...03 Enable sleep after TX and RX 5 0x05 Enable sleep after TX sleep timeout 7 0x07 Enable sleep after TX and RX sleep timeout 0x00 RSSI_MODE 0x05 Append RSSI to received data When enabled the RSSI value is appended to the received data 0 0x00 Disabled 1 0x01 Enabled 0x00 PA_TABLE_EXTENDED 0x06 0 Disables 1 20 is on See Data Sheet for output power levels 0 0x00 Extended table disabled RF_POWER apply...

Page 53: ...e 0x10 Auto Clear standard message flag 0x08 Auto Clear mailbox flag 0x04 Use mailbox only for special messages 0x02 Check DFC bit before transmission 0x01 Check Accessibility before transmission Special messages are SND NR RSP UD and ACK LBT_ENABLE 0x18 0 0x00 Disabled 1 0x01 Enabled 0x00 M_ID1 0x19 0x00 0xFF Manufacturer ID first byte 0x0C M_ID2 0x1A 0x00 0xFF Manufacturer ID second byte 0xAE U_...

Page 54: ...e effect until module is re booted reset 0 0x00 Not used 1 0x01 2400 2 0x02 4800 3 0x03 9600 4 0x04 14400 5 0x05 19200 6 0x06 28800 7 0x07 38400 8 0x08 57600 9 0x09 76800 10 0x0A 115200 11 0x0B 230400 0x05 UART_FLOW_CTRL 0x35 UART flow control 0 0x00 None 1 0x01 CTS only 3 0x03 CTS RTS 4 0x04 RXTX RS485 0x00 DATA_INTERFACE 0x36 Data interface Sets receiver data format First byte is always packet l...

Page 55: ...n transferring accepted received message on UART 0x00 CONTROL_FIELD 0x3B 0x00 0xFF C field Use F command to change value in volatile memory only 0x06 RX_TIMEOUT 0x3C 0x00 0xFF Delay before Sleep mode n x 0 6 ms Minimum 3 ms 6 in T mode minimum 50 ms 86 in S mode 0x08 8 4 8 ms 0x56 86 50 ms 0x08 Do not change INSTALL_MODE 0x3D 0 0x00 Normal mode accept installed MBUS meters only 1 0x01 Install mode...

Page 56: ...dr 0x6F Addr 0x70 Y Addr 0x71 Z Example RC11xx MBUS3 Minimum HW 1 00 Addr 0x6E 0x6F 0x70 0x71 Hex 0x31 0x2E 0x30 0x30 ASCII 1 0 0 FW_REV_NO See appendix C 0x00 0x09 FW version Format X YZ Addr 0x73 X Addr 0x74 Addr 0x75 Y Addr 0x76 Z Example RC11xx MBUS3 FW 3 16 Addr 0x73 0x74 0x75 0x76 Hex 0x33 0x2E 0x31 0x36 ASCII 3 1 6 SERIAL_NUMBER See appendix C 8 bytes reserved for serial number for traceabi...

Page 57: ... 00 00 00 00 00 00 0x58 00 00 00 00 00 00 00 00 0x60 00 52 43 31 31 38 30 2D Area used for device name minimum HW version and current FW version Value varies between modules 0x68 4D 42 55 53 33 2C 32 2E 0x70 30 30 2C 33 2E 31 37 00 0x78 00 00 00 00 00 00 00 00 0x80 FF FF FF FF FF FF FF FF 0x88 FF FF FF FF FF FF FF FF 0x90 FF FF FF FF FF FF FF FF Area used for serial number 0x98 FF FF FF FF FF FF F...

Page 58: ...3 93 93 73 03 5E 03 0x68 0D 07 06 07 10 10 10 10 0x70 0E 0E 0E 0E 10 10 10 10 0x78 01 00 00 00 09 9A 8C 9A 0x80 3A B0 A0 B0 30 2F 2E 2C 0x88 00 52 43 31 37 30 31 48 Area used for device name minimum HW version and current FW version 0x90 50 2D 4D 42 55 53 34 2C 0x98 31 2E 31 30 2C 31 2E 30 0xA0 35 20 20 20 20 20 20 20 0xA8 20 00 00 00 00 00 00 00 0xB0 00 FF FF FF FF FF FF FF Area used for serial n...

Page 59: ...anging MAN_ID Example To change the MAN_ID at address 0x19 and 0x1A and set it to 100 200 0x64 0xC8 send the following sequence Command Hex Response Comment Note Enter 0x00 Enter CONFIG mode Wait for prompt Alternative Assert CONFIG pin then deassert CONFIG pin after prompt M 0x4D M command entered Wait for prompt Module ready to receive address 0x19 0x19 none Address 100 0x64 none Value 0x1A 0x1A...

Page 60: ...hapter included for MBUS2 SLEEP_MODE TIMEOUT and LED CONTROL update for MBUS2 1 40 MBUS3 new features for FW 3 09 8 Byte serial number reservations in configuration memory 1 byte frequency tolerance calibration value in configuration memory SLEEP_MODE TIMEOUT and LED CONTROL update 1 50 Correction of SERIAL_NUMBER location Correction PART_NUMBER HW_REV_NO and FW_REV_NO location info about only HEA...

Page 61: ...point to multipoint and peer to peer network topologies All other trademarks registered trademarks and product names are the sole property of their respective owners Life Support Policy This Radiocrafts product is not designed for use in life support appliances devices or other systems where malfunction can reasonably be expected to result in significant personal injury to the user or as a critica...

Reviews:

No comments

Related manuals for MBUS Series

Brand: zipwake Pages: 12

Brand: Watts Pages: 2

Brand: jbc Pages: 12

Brand: Samson Pages: 78

Brand: Rachio Pages: 16

Brand: Eaton Pages: 166

Brand: K&K Pages: 6

Brand: HandyTrac Pages: 14

Brand: TA Pages: 6

Brand: Paradox Pages: 2

Brand: Paradox Pages: 44

FOUNDATION 3730-5

Brand: Samson Pages: 132

Brand: Samson Pages: 68

Brand: Samson Pages: 128

Brand: Samson Pages: 68

Brand: X-POWER Pages: 24

Brand: Samson Pages: 80

Brand: Haehne Pages: 44

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands