curl --silent --basic --user USERNAME:PASSWORD --header 'Accept-Encoding: gzip, deflate' --header 'X-Requested-With: com.tigoenergy.smart' --header 'Origin: file://' --header 'Connection: keep-alive' --header 'Accept: application/json, text/plain, */*' http://YOUR_TIGO_IP/cgi-bin/mobile_api -d 'cmd=DEVICE_INFO&dev=2&ver=1'
Host YOUR_TIGO_IP
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
Ciphers +aes128-cbc,aes256-cbc
HostKeyAlgorithms +ssh-rsa,ssh-dss
User root
PubkeyAcceptedAlgorithms +ssh-rsa
inSTART_SSH=n
(/etc/rc.defaults should have that set to "y" already, and normally system.conf overrides those settings as part of the inittab flow.)/mnt/ffs/etc/system.conf
mv /mnt/ffs/etc/rc.d/S800_StopAccessPoint /mnt/ffs/etc/rc.d/disabled/
make a new directory, my one -Bash:mkfs.vfat /dev/sda1
/mnt/ffs/bin # mkdir USB1
mount /dev/sda1 /mnt/ffs/bin/USB1
cp-r /mnt/ffs/data/daqs /mnt/ffs/bin/Usb1
ln -s /mnt/ffs/bin/Usb1/daqs /mnt/ffs/data
#!/bin/sh
# mount sda1 (usb drive to Usb1)
mount /dev/sda1 /mnt/ffs/bin/Usb1
First of all, thank you for the write-up. It got me quite far along.Mine was connected for days before I got control of it.
DOING THE FOLLOWING MAY VOID YOUR WARRANTY
First thing is to connect toUsername:Code:http://[cca ip address]/cgi-bin/shell
Password:Code:Tigo
I had to try several browsers before that worked.Code:$olar
Then you should be able to ssh into it using
Username:Password:Code:root
Code:gW$70#c
Then you want to remount the file system:
Code:mount -o remount,rw /
The device is locked down to only respond to certain IP addresses. So we need to fix that.
Code:echo "/usr/sbin/iptables -t nat -D INPUT -p tcp --dport 80 -j SNAT --to 10.11.1.1" >> /etc/rc.httpd
Code:echo "/usr/sbin/iptables -t nat -I INPUT -p tcp --dport 80 -j SNAT --to 10.11.1.1" >> /etc/rc.httpd
Reboot.
Then you should be able to accesswhich as all the info.Code:http://[cca ip address]/cgi-bin/gwfwupui
I then added a bash script to push the information to Home Assistant using curl and added this as a cron job.
Mine still has access to the internet, though I have disabled OpenVPN.
iptables v1.8.7 (legacy): unknown option "--dport"
/sbin # iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 67320 packets, 9964K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 45776 packets, 6596K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1165 packets, 85516 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1165 packets, 85516 bytes)
pkts bytes target prot opt in out source destination
Have you tried :-First of all, thank you for the write-up. It got me quite far along.
Where I get stuck is the iptables stuff.
I seem to have an old firmware: 3.3.0-ct-5 -- it uses the user/tigo1 username/password combination.
When I try to run the iptables command in the shell, it doesn't find iptables. OK, I looked, it's in /sbin instead of /usr/sbin. Still, any of the two commands I try to run responds with:
Code:iptables v1.8.7 (legacy): unknown option "--dport"
iptables -t nat -L -v -n responds with:
Code:/sbin # iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 67320 packets, 9964K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 45776 packets, 6596K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1165 packets, 85516 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1165 packets, 85516 bytes) pkts bytes target prot opt in out source destination
Without running the iptables commands, I can access the /summary page at my CCA IP, but I cannot access the /cgi-bin/gwfwupui page. I get "Access Denied".
Note that there is also no version if iptables in the /mnt/ffs directory structure.
Any ideas how I can proceed? I'm thinking something is weird with my version's iptables setup, but I'm not experienced enough to understand it.
Hey, curious if anyone has found a way to SSH into Tigo CCA running latest firmware. They killed the /cgi-bin/shell script, in the german forum somsone posted the latest shell.cgi script, which just waits a random number of seconds, then outputs "done".
So the shell trick doesn't work on 3.7.7 or 3.7.8.
Does anyone have a new trick for enabling SSH on Tigo?
Circling back around to the original question, though, someone has reverse engineered the RS485 protocol!Hi all,
I am wondering if I can get the data from a Tigo TAP from it's RS485 interface straight into a Raspberry Pi or similar ?
It seems to me that the Tigo simply sends the Data into a Tigo Gateway and sends the data out to the cloud, so I guess it's all about knowing the format of the RS485 data. Oh, bring back RS232, it was so much easier to see data streaming !!!
Ultimately, I want to get the data rom the TAP into Node-Red running on my Raspberry Pi
Yup. Amazing progress and as a final 'f*ckyou' to the community, Tigo has shutdown their community forum because the rising number of complaints from the community about their cloud instability and loss of data.Circling back around to the original question, though, someone has reverse engineered the RS485 protocol!
I haven't tried it yet, but with some work, this could probably be converted to an ESPHome device: https://github.com/willglynn/taptap
I just had a Tigo system installed last week. It is on my list of things to do to examine this RS485 stream, but I haven't gotten around to it yet. My plan was just to use an RS485<->USB adapter and log some of the data (should show up as a serial port). There are a few SW tools around that will attempt to parse it if it is MODBUS, but I'm not sure how useful that will be.
It seems like the more common method is to get inside the CCA and embed a script that dumps the data out of it instead: https://www.photovoltaikforum.com/thread/149592-details-protokolle-zugang-auf-tigo-cca/?pageNo=1
(I haven't tried this either yet).
I'm also not quite sure what to do with it in HA as far as visualizing it (even if I get it in with MQTT).
Oh, I don't speak any German, I use the translation built into Chrome.For those of us who don't speak german, can you give us a gist of how that works? I'd like to have local monitoring functioning
There' a HomeAssistant Integration already that pulls from cgi-bin/summary : https://github.com/mletenay/home-assistant-tigo It works pretty good.How to do it largely depends on what FW version you are running. The old methods of access included getting ssh access to the device, but have been blocked by forced FW updates. I incompletely blocked my device from getting updated and now can't use my old method so I'm debating new ones.
I've now 100% blocked the CCA from accessing the internet through my router.
Probably the most powerful option is actually decode the RS-485 comms between the TAPs and the CCA. Someone has created a Github project to do just that: https://github.com/willglynn/taptap/tree/main. The only problem for me is that it is written in Rust and I don't have something convenient to run that on near the CCA.
Another option is to just decode the status page. Here is a Github project for that: https://github.com/ther3zz/TigoCCAParser/tree/main. I think I'm going to try to run this Python script directly on my Home Assistant device.
T
There' a HomeAssistant Integration already that pulls from cgi-bin/summary : https://github.com/mletenay/home-assistant-tigo It works pretty good.
What was your mistake when blocking device from accessing internet? Is there any guide how to safely install it without letting firmware update slip in? Does it randomize MAC? Search for local proxies?How to do it largely depends on what FW version you are running. The old methods of access included getting ssh access to the device, but have been blocked by forced FW updates. I incompletely blocked my device from getting updated and now can't use my old method so I'm debating new ones.
Mine was updated, I can't get root anymore, but I can still use that integration.it looks like it would only work with CCA that wasn't updated, right?
but then you won't get home assistant integration work anymore, will you?Regardless, all of these feel a bit flimsy to me - I plan on replacing it with the RS485 TapTap solution, then I'll just remove the network to the CCA Altogether.
True. I was thinking taptap could publish mqtt, but it seems I'm wrong. Hmm.but then you won't get home assistant integration work anymore, will you?