[Feature request] Intergrating with E-Byte E800-DTU #4248
Comments
|
Tried to flash the stock firmware back, and it still does not come alive. I may have to buy another module and a CC debugger. |
|
I ripped the module apart, and I am confused about the design: The module pin 12 goes to the base of a transistor, and the collector of that transistor goes to last third of the pin header on the left, so when pin 12 is LOW (according to stock firmware, normally running), pin 5 of the daughter board is HIGH (assume it has pull-up somewhere). Then that pin goes two ways: one is the cathode of the RUN (actually RUN ERR) LED, when it's running the LED should not light up, and this is correct. But it also goes to the 13 of a 74HC14 on the back of the board, which is a schmit trigger with inverter. and the pin 12 of that 74HC14 (corresponding to pin 13 which is input, 12 is output) directly goes to the MAX485 duplex pin. When the pin 5 of the daughter board is HIGH, the pin 12 of the 74HC14 should be LOW, and the MAX485 is in receiving state (host -> module). But I am not sure if the module wants to send something to the host, how will it control the pin 12? I destroyed the E18 module for now so I am not able to try it out, but from my memory the RUN led only light up when it's not ready, and won't light up when the module is transmitting data to the host. |
|
Cracked open the metal cover of the E18 module, there are two chips inside: one is the expected CC2530, another is a mysterious QFN16 chip that has silkscreen printing as: I assume it's an PA chip (the metal can under the daughter board is actually a DC-DC module), but I am not able to find any information in any way about this chip. |
|
Tried interfacing with the E18 module directly, flashed stock and N-Stack firmware, no activity on serial port at all. Seems like I completely killed it, and now it's going to the dustbin. Although the price and specification looks tempting, I wouldn't recommend purchasing this device unless you are very experienced with CC25XX chipset. Better just go with one of the devices that this project already supported officially. |
|
Have anyone tried using ethernet version? http://www.ebyte.com/en/product-class.aspx?cid=4&pid=101 It looks like it currently uses their cloud. |
|
EBYTE just responded to my question
with
but looking at Koenkk/zigbee-herdsman#168 I see that EFR32 is not yet supported? I think I will order E180 and research their MQTT support. |
I think the -ETH version is just -DTU with a MCU that interfaces ethernet port to UART. The firmware inside wireless module should be the same. |
I have contacted the customer service of EBYTE (which apparently has a strict management code, I just wrote an honest review that mentions it cannot be used with other devices except their own ZigBee module, not negative review or something, which after he politely requested me to "try to remove" the review (which is not possible from both buyer and seller) or he will face a penalty), and confirmed that this module has its own firmware inside, can be only used with EBYTE's ZigBee module, and they won't disclose hardware design into. The E180 is pretty much the same, which means it's not possible to use them to interface to smart home appliances, until someone reverse engineered the module hardware and transplant the ZStack firmware for it. |
|
I just bought a CC Debugger clone and another E18-2G4Z27SI module. Hope this time I can at lease dump the original firmware out successfully. Also seems like this chip CAN be used for user applications. Not sure why the ZStack firmware for CC2530 not working. Datasheet (Chinese): C411295_E18-2G4Z27SI_2019-08-12.PDF |
|
Bad news: the stock firmware is protected
|
|
I erased and flashed the CC2530 firmware to the module, and nothing on UART0 of that module (P1.4/P1.5), which is the E800 used for RS485. But when I connected the UART to another set of pin for UART0 (P0.2/P0.3), I got something on reset: Seems like we are progressing here. |
|
I connected the module to a fresh instance of ZigBee2MQTT, and packet sniffed the serial port, seems like a LOT of communication is going on! And seems like ZigBee2MQTT recognized the device: So, the first challenge of supporting this device, is that the E800 uses another optional pin set of UART0 (P1.4/P1.5) rather than the default pins (P0.2/P0.3). |
|
I think there are still two challenges: first is that the RS485 half duplex will require a direction control pin to control the data direction, which I have not analyzed which pin is doing that. As I am using standalone module for testing we can ignore this for now. Another is that the datasheet states that P1.0 and P1.1 controls the internal PA. When you receive you put P1.0 (LNA_EN) on HIGH, and when you transmit you put P1.1 (PA_EN) on HIGH. When doing nothing you put both pins on LOW. However I just tried a MiJia pushbutton, and seems like it works. I don't have any ZigBee devices that allows me to try coordinator to device communication for now, but seems like device to coordinator communication is fine. So I am not sure the PA_EN and LNA_EN really need to be set to work, or it does not matter. |
|
Thank you for your insights. If I understand correctly, you have RS-485 version. Last week I ordered E180-DTU (ZG120-ETH), eager to see which interface is used there - hoping for UART using original set of pins + some useful SoC for ethernet. I will probably receive it in the middle of November. I also ordered Eport Pro-EP20 which could be, in combination with CC2530+CC2591 module, good alternative to achieve E180-DTU (ZG120-ETH) functionality by using more open SDK. |
Yep the one I got is the E800-485-27 which uses RS485 (although I already destroyed it). It's a pity that E180 uses the the EFR32 chipset that ZStack firmware does not currently support. As what I can see, their DTU products are really meant to use with their own modules since they will have the same firmware. If you want to use it with other brand products then you will have to reflash it with something else. |
|
I traced and double checked the wires regarding to RS485 duplex switching, and it really goes like this:
The direction of MAX485 transceiver is solely controled by the RUN_LED pin of the module (negated by NPN transistor, and negated again by 74HC14D Schmitt inverter). However I don't even think the RUN_LED should light up during device to host transmission. This pin should only be toggled when the software encounter an error for the stock firmware. Anyone have any idea about that? |
|
Just found that the |
1.Enable PAHAL\Target\Config\hal_board_cfg.hchange to *After enabling HAL_PA_LNA, compiling may result in error about segment XDATA is too long. Go to Project Options (right click on project name then options) -> General Options -> Stack/Heap -> Stack XDATA size, should be 0x4D0 or something, decrease it by the required space (should not be too large, in my case just 1 byte). MAC\Low Level\System\mac_radio_defs.c -> macRadioTurnOnPower()Code between comments "...during sleep." and "For any RX...", only keep MAC\High Level\mac_pib.cField before "/* phyTransmitPower */", change to 2. Switch UART0 from DMA mode to ISR mode (for RS485 direction control)HAL\Target\Config\hal_board_cfg.hChange both to DMA=0 ISR=1 HAL\Target\CC2530ZNP\Drivers\hal_dma.cComment the two lines about 3. Switch UART0 from P0.2/P0.3 to P1.4/P1.5HAL\Target\CC2530ZNP\Drivers\hal_uart.c -> _hal_uart_isr.c -> HalUARTInitISR()Comment all but the line setting bit 0 of 4. Toggle RUN_LED (P1.3) according to UART state, also disable NWK_LED since we are not using itHAL\Target\Config\hal_board_cfg.hChange LED1 definition to P1.2 active low, modify code as below. Add some code to HAL\Target\CC2530ZNP\Drivers\hal_uart.cHAL\Target\CC2530ZNP\Drivers\hal_uart.c -> _hal_uart_isr.c -> halUartTxIsrTransmitting to host = H Receiving from host = L Add some code (according to this article). Pay attention to the lines with comment "Add: ..." HAL\Target\CC2530ZNP\Drivers\hal_uart.c -> _hal_uart_isr.cHAL\Target\CC2530ZNP\Drivers\hal_uart.c -> _hal_uart_isr.c -> HalUARTWriteISRHAL\Target\CC2530ZNP\Drivers\hal_uart.c -> _hal_uart_isr.c -> halUartTxIsr |
|
Tested the 2G4Z27SI along with the CC2531 USB stick with MiJia pushbutton, it appears that the 2G4Z27SI does not have a significant improvement regarding to signal reception distance (even a little worse in some cases). I wonder if it's because the LNA is not working correctly. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days |
|
Contacted EByte again and they still does not want to disclose any design detail about E800. Gonna buy another one and do some testing with stock firmware. Now the only thing that's uncertain is about the relation of RS485 direction and RUN LED. |
|
The new unit arrived, and sure enough, the RUN LED blinks when the unit is sending data to the host. Just updated the ZStack code modify tutorial for RS485 direction switch. Gonna rip the new E800 apart and flash the firmware later. |
|
Measured RUN_LED and TX pin on original firmware. Not sure why the logic seems to be inverted. One useful information is that seems like the RUN_LED pin toggles ~5.5ms before and after transmitting. Modifying the ZStack code corresponding to that.
|
|
Note for myself: 7P header from daughter board to main board: |
|
\ Seems like it worked!!! / Some problems: I am aware that this issue is kept open for way too long, so I'm gonna close it for now, and later refine the writeup of firmware modify steps a bit and put it along the compiled firmware into a new repository. Also I think tests are still needed, since I only have the E800 and a MiJia pushbutton. Anyone have this please try it if you'd like, and look for any problems. Thanks everyone for the supporting process. |
|
Anyone willing to test it here is the compiled HEX file: https://github.com/whc2001/zigbee2mqtt_E800 |
I just bought an E800-DTU (Z2530-485-27) from E-Byte for 160 CNY (~25 USD). As what the model number implies, it is based on the E18 ZigBee module (also from E-Byte), which has an CC2530, communicate via RS485, and has a maximum of 500mW (27dBm) of transmit power. Seems like someone in #2633 and #4128 is also interested in it. After got it and fiddled around, I found that it has a proprietary firmware that is designed to automatically communicate with E-Byte's modules, has proprietary software protocol (confirmed by PCAP, which from the E18-2G4U04B I bought together, that is a clone of the CC2531 USB dongle with sniffer firmware, which worked great), and won't work for our home automation devices. After teardown, I found the E18-2G4Z27SI module, the PA (metal box under the E18 module daughter board) and the RS485 daughter board:
I immediately noticed the pin header row on the main daughter board. After poking with multimeter and referring to their E18 module's pin number:
I am able to figure out the pinout of the debugging port (it has SPI, UART and CC-Debugger at the same time, but seems like flashing only needs the CC port):
So I tried the Tutorial for CC2530 module since they are both based on CC2530 and serial interface, I don't have CC debugger so I used the flash-cc2531 with RPi method, which I also dumped the proprietary firmware from E-byte (change extension to HEX after downloading):
<Removed since I found out later that the dumped data is completely blank>
The flashing process went smoothly, but after flashing, I am not able to make it work. The serial interface at pin 10 and 11 always has TX=LOW and RX=HIGH, and sending anything from host over serial port will get a 0x00 back. The RS485 module is based on MAX485 or some clone, and has the manual half-duplex switch pin to control the data flow direction, but I am not able to trace where it goes, and it's always HIGH (enables module->host) even when I am sending data over from host. I am pretty much stuck here.
Update: Seems like the duplex pin of MAX485 is inverted by a 74HC14 on the back of the board, which input is related to pin 7 of the module, that also controls the RUN LED at the bottom.
The text was updated successfully, but these errors were encountered: