Development of V2G sniffer

[pempat888]

hello everyone, I just started to develop a V2G sniffer to trace TCP/UDP during a charging process by using QCA7000 Development Board buy from aliexpress (https://www.aliexpress.com/item/1005005242422853.html), but the seller have a 4 different model (i don't what's the different) my question is
1.how is it different between each model?
2.Is it suitable to use this product to develop my project and which model is suitable for this application (pev or evse or anything else)
3.for the next, any can explan me,I want to understand a process how to get CCo and NMK form SLAC process (ref form this github: https://github.com/FlUxIuS/HomePlugPWN)

thank.

[elsamuse]

https://github.com/ChargePoint/wireshark-v2g
V2G software sniffer based on wirsharke

[uhi22]

The message flow is described here https://github.com/uhi22/pyPLC?tab=read ... ample-flow
In checkpoint155 you find the NMK.
If you find a way to convince the QCA7005 to play the "listener" role, this would be highly interesting.

[pempat888]

In my last experiment. I try to set the new NMK and NID by using CM_SET_KEY.REQ (NMK and NID get from SLAC_MATCH.CNF) to a sniffer module. after that on board LED bright up to indicating that it already join a network but I still didn't see any UPD and TCP traffic but I just see only CM_BRG_INFO.CNF continuity sent from SECC. Did I do the right steps? Is there anything else that should be done?
Is it possible a QCA7000 that it can't achieve this application because I never see any commercial sniffers that use QCA7000 and 7005.

Thank.

[uhi22]

Using the AR7420 and the same strategy I was able to see the SDP request (because it is a broadcast). Is the QCA7005 even worse?

[pempat888]

Have you ever read "AR7420 HomePlug Green PHY Programmer's Guide document" I don't know if it will be useful or not. it may explain how to enable promiscuous mode of homeplug chipset.

[uhi22]

A link to this document could be very helpful.

[pempat888]

https://download.csdn.net/download/baid ... 001.6616.2
You can download it in the link above but it need to pay first before download a full document (I haven't bought it yet either).
If anyone has it, please share it with us.

[elsamuse]

I have this manual, can I send it to your email?

[jrbe]

Maybe we can get a spot in the wiki that isn't crawled by bots and only shows up and only shows up in search if you're logged in. Not sure how much of a pain that would be though..

We could keep things like this in there.

[uhi22]

I have this manual, can I send it to your email?

Great, just attach it to a personal message, we will find a save place.

[elsamuse]

Great, just attach it to a personal message, we will find a save place.

Can you give me your email? I'll send you your email. I'm not very good at using forums. Sorry.

[uhi22]

(Sent a private message including an explanation how to use the button to add an attachement)

[uhi22]

Still hoping that someone was able to get this document and could share it.
An other interesting discussion regarding sniffing is ongoing on GitHub: https://github.com/uhi22/pyPLC/issues/39

[uhi22]

Breakthrough.
Sniffing of a Tesla at the Supercharger worked.
https://github.com/uhi22/pyPLC/issues/39
(I was personally not involved, only in the discussion, but, fun fact, the guys are from the same town like me, so let's call it the "Ingolstadt Leak" )