[gstar]

OMFG; I am in Perth, I have the same system, the very same problem and solved it almost the same way and was in the process of writing it up.

The system uses RS422, with a base64 encoded AES key in the aaservice binary, and I was contemplating building an esp32 based open source implementation of the controller.

That's a crazy weird coincidence.

[gstar]

Incidentally, if you root your tablet you can just change the build.MODEL to "MyAir5" and everything will work on a third party tablet.

[gstar]

Oh, and you just need one of these and a TTL to RS422 converter off aliexpress to replicate the interface:

https://www.aliexpress.com/item/1005005918675239.html

The connectors on the small RJ45 daughter board are JST-SH 1.0

The yellow lead puts out 4.2v to replicate a Li-Ion battery (as far as I can tell). You can ignore this.

Red is positive

Black is negative

Green is usb d+

Blue is usb d-

[ranebo]

This is all fantastic info. I have included the details and a link to these comments at the bottom of the post. Great work!

[lucioperca]

Tip: Instead of soldering I use splicing connectors with levers for testing stuff like this out. For example:

https://www.wago.com/de-en/c/installation-terminal-blocks-an...

[dt3ft]

Wago has great stuff.

[saylisteins]

Tiny QOL change without too much work, you could install something like teamviewer on the tablet, and now you're able to control your AC remotely from your PC, your phone, or anywhere!

[selcuka]

The MyAir (or e-Zone) app can already be accessed remotely. You install the app on your phone and pair it with your system by connecting to the same LAN. After the initial pairing it can be used from everywhere.

[emilfihlman]

Using which reverse service, though?

[Nursie]

Hey - As the owner of a similar system I have a question for you - do you use their phone app to control your system from your phone in/out of the house, and did it still work after this?

[ranebo]

I use the home assistant plugin with it personally, but I have tried the apps and they still work fine both locally and remote.

[Nursie]

Cool, that's all I needed to know, I'll be following in your footsteps at some point, thanks for taking the leap and doing all this :)

Now back to connecting an orange-pi zero to the petcube cam someone bought me for Christmas. I've found TTL pins on there and I want to know what's going on...

[nehz]

Would you have the RJ45 pinout too? Thanks!

[FLT8]

This is from my earlier notes, hope it helps some.

  Pin 1: RS422 +/B
  Pin 2: RS422 -/A
  Pin 3: ? - appears to be unused; connected to unpopulated pad on PCB
  Pin 4: GND
  Pin 5: ~14.2v DC unloaded
  Pin 6: GND
  Pin 7: ?
  Pin 8: ?
  Shield: GND

Note: the RS422 protocol has a basic bus arbitration built-in to allow both ends to communicate. The control unit sends <U>Ping</U=xx> messages, after which it opens a slot for the Tablet to communicate back to it. At least on my system xx represents a simple CRC value that can be used to validate message authenticity. I haven't seen any AES encryption in use, messages I've seen are all plaintext, maybe the AES encryption was introduced in a later revision.

[binary_slinger]

Wouldn't RS422 need 2 TX and 2 RX?

[upofadown]

Normally, yes. Perhaps this could be more properly termed RS-485 operating in 2 wire (half duplex) mode:

* https://en.wikipedia.org/wiki/RS-485

[gstar]

I have something slightly different

1 is RS422 B

2 is RS422 A

3 & 5 - GND

4 & 6 - VCC

Not sure what 7 and 8 do.

[gstar]

Not always - if it's used as a bus, it's 2 wire.

[gstar]

No, sorry - I may be able to buzz one out of the a/c controller later on.

I do, have 2 spare USB-C to JST-SH adapters that suit the round advantage air circuit board if anyone wants one (Perth, Free). Email in profile.

[rpearce9]

In case it's helpful to anyone, I put this together to drive our Advantage Air system:

https://git.nethack.net/rob/aircon

Essentially it just talks to the android tablet API to do things so it's no help if (when) the tablet dies, but it means I can do things like:

- have the entire unit turn on/off as needed based on average zone temperatures

- open/close vents based on room owners' devices being online, or temperatures of nearby zones

- dump zone temperatures to influxdb

[lelandfe]

Nice use of Telegram as a cheap logging tool

[thrtythreeforty]

What the hell, why does a control system need an AES-secured control channel at all? The only possible intention is to make interop more difficult. If they wanted security then they wouldn't use a hard coded AES key.

[gstar]

It 100% is designed so that you have to use their hardware.

[cameldrv]

The biggest maker of garage door openers in the U.S. has done the same thing. For a button that goes on the wall to open the door, now it sends an encrypted code instead of just shorting two wires so that you have to use their button instead of a regular doorbell button like people have been doing for decades.

[cyberax]

I can't recommend ratgdo (Rage Against the Garage Door Openers) project highly enough. It implements the protocol and allows you to interact with the door: https://paulwieland.github.io/ratgdo/

The protocol itself is crazy, with obfuscated ternary data (instead of binary). People who reversed it are heroes.

[spikej]

Which company, and which product did you see this with?

[cameldrv]

Chamberlain and Liftmaster do this. They’re both owned by Chamberlain group and I believe they are the two most popular brands.

It’s caused tons of headache for people doing home automation stuff, especially since Chamberlain has cut off API access to home assistant. Then the home assistant people figure they’ll just rig a raspberry pi or something to short two wires, but then they hit this encryption nonsense.

[spikej]

That's nuts!

For what it's worth, I bought this for my old chamberlain. https://gotailwind.com

I was looking into replacing the old unit with a new one with myq but then read about all the problems and decided to give this a shot. 3 years in and it's been a good decision.

[rogerrogerr]

Heh, bet you can just short the contacts the button usually closes. Really hard to DRM a button.

[coupdejarnac]

Chamberlain devices do this. Genie devices do not.

[1-more]

Genie is nice; you can add Homekit with any of Meross's garage door doodads for $50ish

[WWLink]

I blame it on cybersecurity experts lol. They probably went all alarmist and decided that having that was a giant security risk.

[Arrath]

God that's just insane.

[Liquix]

so if the company has established they're willing to go that far to lock customers into their ecosystem and milk for $$$... it's not inconceivable that they also engineered (or chose not to fix) the cheap flash + chatty logging hardware failure for the same purpose.

[raxxorraxor]

I would switch brands instantly. This is a company that has no customer orientation and I have never seen a company recover from that (they might have financial success, but they will never create good products again). They probably will sell you expensive crap. This time the device was fixable, but the manufacturer worked against the user on that.

[tracker1]

So, you'd rather spend $12k+ to replace the entire system just to spite the manufacturer over making a minor patch to support a new tablet yourself?

[voyagerfan5761]

Shouldn't have to replace the aircon/heat-pump components, only the controller hardware. OP indicated that a new control system would be about $1700 (I assume AUD), or 14-17% of their 10k-12k estimate for the whole build.

Unless this scummy manufacturer also works with the aircon makers to lock those to their controllers. (That would be a great lawsuit to watch.)

[yuye]

Seems those tablets die not long after the warranty expires.

I'm willing to bet money on that it's planned obsolescence, especially considering their "technology keeps moving forward" bullshit.

[zeroflow]

I'm offering you a different viewpoint:

They made the analysis, how long the flash will live and saw, that it will make it out of the warranty period. Thus they did not opt for more durable and expensive flash and/or software change.

I've seen this myself before. One process step before release of the control module was a write cycle analysis to make sure the unit will live for at least 10 years (i think) before the guaranteed write cycles of the flash memory were consumed.

[audunw]

You're both missing one of the more likely explanation.. that nobody gave much thought about how long the device would last. "It's solid state electronics, it'll probably outlast the warranty anyway".. I can imagine an aircon company puts a lot of effort into analyzing the air-conditioning unit itself to make sure it lasts at least as long as the warranty, with good margin. But I can totally see them winging it on an external control device, which was perhaps even a project they outsourced anyway.

I don't think actual malicious planned obsolescence is as prevalent as many believe. A device breaking right after warranty is not a good strategy to get repeat customers. It's also a huge risk if you miscalculated and you suddenly get a lot of warranty cases. You want a lot of margin there.

I've been involved in the design of a thing myself, where something the manufacturer hadn't clearly communicated - and we just barely caught - could have made the device die just around a typical warranty period for such a device. When we found out, of course we worked on this problem to make sure it didn't die prematurely.

[yuye]

>Thus they did not opt for more durable and expensive flash and/or software change.

Opting out of a more durable solution when you know the device will break right after warranty is still planned obsolescence.

[muppetman]

Isn't that kinda the definition of planned obselence? You plan so that past you point you have to care, it could well die/become useless?

[WhyNotHugo]

In other words, _Never attribute to malice that which is adequately explained by stupidity._

This device should not need to write to storage. It has to save settings when the user manually changes them, which can't be more than a few kilobytes per year. Any other writes are likely an oversight on the developer's part.

[nikau]

I'd guess they just didn't think of flash wear, like Tesla did in the early model s , and they got lucky they failed outside the warranty period.

[foobarian]

Everybody forgets the noatime thing at least once in their career

[datavirtue]

Companies don't encrypt anything unless required. Except for code and databases...they encrypt and obfuscate those to keep people running back to them.

Source: my customers

[marcus0x62]

Anti circumvention laws don’t require good locks to provide the manufacturers a legal cudgel to use against anyone with the temerity to think they have the right to use and fix things they have paid for. The law (DMCA in the US, it looks like something called the Digital Agenda Act in Australia) is the real lock, not that AES key.

[c_o_n_v_e_x]

In theory, connected devices that control large energy loads ("large" on a household level of energy consumption) can be coordinated at scale to "attack" the power grid via instantaneously switching 1000's of units on and off at the same time.

That being said it's more likely the hardware mfg is just trying to claw in more margin.

[FLT8]

I've got one of these systems too. Mine hasn't died yet, touch wood, but I was concerned enough about the possibility that I went as far as documenting the comms protocol and starting to design a pi hat to talk to the main control board.

I should really write that up at some point too.

[jamesholden]

Do it! I don't live in Australia or have on of these systems, but I was intrigued by how the OP had gone around the company to save themselves 1500! I'm curious to see how people are resolving things like this, so that if I have issues myself sometime, I have ideas on where to start or what is necessary :)

[virtue3]

sounds like the memory storage is failing on some sort of logging systems for these to be going down at the same time-ish (same number of logs per day written etc over cheap flash).

Shame on this manufacturer.

[sumtechguy]

It is a conversation I have had with many a jr dev. 'ok you are logging this how much space is that going to take? how long do you want to keep it? what is your rotation schedule?'

I usually get the 'oh did not think of that' because logging is a serious afterthought in many cases. It is boring and you just drop in log4j and log away right?

[Suppafly]

>It is boring and you just drop in log4j and log away right?

log4j had big vulnerability a while back and it was a huge pain to contact all our vendors and find out if they had patched for it or not.

[sumtechguy]

I guess I should have added a /s :)

[radicalbyte]

Reading the original post, wouldn't be a super cool idea to make a little ESP or RPI based system which acted as a controller for the airco and a network bridge? Then literally anything could interface with it. You wouldn't even need to wire it up. No need to install some shitty app from a company who are quite clearly c*ts.

[squarefoot]

I'm sure that they made things more difficult by employing proprietary hardware wherever they can (also to discourage competition), but yes, there are a bunch of sensors and actuators in there and any board with the appropriate i/o capabilities should be able to interface to them, however writing a working firmware would be next to a nightmare: how do you find developers who want to spend months reverse engineering an AC and also know enough about ACs to put together something that works? Replacing household appliances brains with open counterparts would be a heck of a business opportunity to revive or prolong the life of dead/obsolete products, however I guess finding people who are interested enough to do that with FOSS, essentially selling only hardware and installation services would be really hard.

[datavirtue]

It's just a pin out interface controlled via software to turn things on or off. Its trivial. Get a raspberry pie, lookup the pinout docs stuffed away in your home manuals drawer, and write the measly logic required. The most difficult part is whipping up a UI and building the scheduling logic, if want/need it.

[stavros]

What evidence do you have that the company is composed of cats?

[selcuka]

Because cats love warm houses.

[dbetteridge]

For a small place there's a lot of sandgropers on HN somehow

[marcus_holmes]

Timezone effect, I think. Just us and the whole of East Asia online now. The Poms and Europeans are just about to wake up, and the Americans have logged off for the night.

[imp0cat]

This is exactly right! Good morning from Europe. :)

Also congrats to the OP! Sadly, european aircon appliances are usually built the same way (last only as long as the warranty).

[Cthulhu_]

At least there's EU legislation that's slowly improving as well ensuring longer term warranties and the like. I hope that for household appliances like aircon or solar panels this warranty or support is set to its expected lifetime of 15-20 years. In this case, it should be mandatory that the control system can be easily swapped out by an aftermarket replacement, just like central heating thermostats are.

(in fact, replacing basic central heating thermostats with a tablet device has been very successful for one energy company in my country, see https://www.eneco.nl/energieproducten/toon-thermostaat/; it wouldn't have been possible if the thermostat data thing was some complicated / encrypted nonsense)

[prmoustache]

My own aircons are just simple individual items that are interchangeable between rooms.

There is no single control for the whole house but on the other hand I never let it run when I am away and I am never in 2 rooms at the same time so I just close the door so I only have to keep one room cool. I fail to see the need of an aircon I could control remotely with a smartphone or any smart bullshit system that control every room at the same time. And I think if I ever needed that I would probably just control the individual aircon via small esp32 with irtransmitter driven by a home server. That way the individual remotes would still be usable in case of an individual failure.

[pimeys]

I have two separate aircons in our apartment. They both plugin to the wifi and I can control them locally from my home assistant instance. When hass detects nobody is at home, it will just automatically turn off both aircons with all the lights.

It is also handy if it is extremely hot like now and we're both out to monitor if it gets over 30 inside, so we can remotely get it cooler so the plants, cats or server will not suffer too much.

[yuye]

It's a nice and quiet time.

Why do work when you can read HN?

Hi from east Asia!

[iknowstuff]

Barely 11PM in California, prime reading time

[radicalbyte]

It's that golden hour where AU/NZ are up, Californian nerds are up and chilling and EU/UK are getting their first (or second) dose of caffeine. Just missing our East-Coast buddies :-)

[TechDebtDevin]

For those also wondering:

https://www.quora.com/Why-are-West-Australians-called-sandgr...

[gstar]

Speaking of sandgropers, I do understand Advantage Air are based in WA - so it's fairly likely they're reading this!

[TeMPOraL]

Hopefully. Shame on them.

Also, good morning from Poland, EU :).

[mst]

I'm sure the timezone will tick over to the sheepshaggers instead shortly.

[ranebo]

Oh wow, that is crazy! That sounds awesome so please still write it up and I will link. myreal.name@gmail

[ivraatiems]

Almost like all the tablets fail around the same time because they're made in the same shoddy way, forcing system replacements every so many years...

[Cthulhu_]

They skimped on the tablet, grabbing a <$100 device for cheap. It should be a ruggedized / semi-industrial device with an expected lifetime as long as the device it controls, so at least 15-20 years.

[HeyLaughingBoy]

That would set them back at least $800 (2021 prices: last time I had to spec a ruggedized tablet), which probably means $1200 out of the customer's pocket.

OTOH, they can find an industrial display + a Linux SoM (system-on-module) that can run linux or Android for under $200 in quantity.

Same diff though: no one cared, so they got what was cheap.

[f1shy]

Related: https://www.youtube.com/watch?v=WCpVGwSJoyQ

[fatcow]

another perthian! w00t