I own a Alpha Innotec heatpump and wanted to integrate it into my Smart home. As a natural born tinkerer It was clear that I'm going to reverse engeneer what ever possible in order to achive my goal 🤓
You can find the latest firmwar files here:
The url is https://www.heatpump24.com/DownloadArea.php?layout=1&lang=5
and by changing the layout=
GET parameterfrom 1 to 2 or 3 you get the download menu for one of the three manufacturers.
See MODELS.md
Generated by heatpump_models.py
Can be done using luxtronik_firmware.sh
. Results in an extracted firmware in the ./firmware
subfolder, except for software 0
(see MODELS.md for reference).
You get this:
firmware
├── appl
├── appl.cfg
├── bootloader.lin
├── Defines.txt
├── index.html
├── lang_cz
├── lang_dan
├── lang_de
├── lang_ee
├── lang_en
├── lang_es
├── lang_fr
├── lang_hr
├── lang_it
├── lang_lt
├── lang_lv
├── lang_mag
├── lang_ned
├── lang_nor
├── lang_p
├── lang_pol
├── lang_ro
├── lang_sk
├── lang_slo
├── lang_suo
├── lang_sve
├── lang_tr
├── LWD.lin
├── LWDRev.lin
├── SWPH291.lin
├── SWPH.lin
├── SWP.lin
├── timezone
├── udhcpc.script
└── Webserver
├── base.css
├── base.jpg
├── index.html
├── jquery.js
└── Lux.js
Or this:
firmware
├── appl
├── appl.cfg
├── ASB.bin
├── ASB_BL_Switch.bin
├── ASB_bootloader.bin
├── bootloader.lin
├── Defines.txt
├── HZIO.lin
├── index.html
├── LD2AG.lin
├── LWD45.lin
├── MSW_15.lin
├── MSW_Inverter.lin
├── RBE.bin
├── SEC.bin
├── share
│ ├── localtime
│ ├── passwd
│ └── shadow
├── timezone
├── udhcpc.script
└── Webserver
├── base.css
├── index.html
├── jquery.js
├── Lux.js
├── LuxSim.jpg
└── saveIcon.png
😎 Yes, you can get the root password for your heatpump from a firmware update! I'm not sure if that's true for every firmware update but at least a couple I've tested.
- Download and extract the firmware using
luxtronik_firmware.sh
- Run
root_password.sh
The heatpumps run a fairly old version of Dropbear SSH server which does not support state of the art crypto cyphers. Therfore you have to specify a weak cipher in order to login.
Use ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-cbc root@192.168.178.100
to get to the login prompt, be sure to replace 192.168.178.100
with the IP of your heatpump.
⚠ ATTENTION ⚠ You are logged in as root which mean that you can easily destroy your heatpump. Be careful with waht you do!
Edit April 2022:
The on my system installed OpenSSH client OpenSSH_8.9p1, OpenSSL 1.1.1n 15 Mar 2022
does no longer support the SSH protocol v.1
and therefore the command from above does no longer work.
But I've added a Dockerfile together with a ssh config file and a stript to start the container and drop you in a shell within that container. From there you can ssh into the heatpump.
make sure to adjust the IP address in the config file before you attempt log into your heatpump.
cd ssh
./legacy-ssh.sh
# You'll see a bash prompt saying
# bash-5.0#
ssh luxtronik
#Enter ssh passwort for root user and you're logged in
See FILETREE.md