Zigbee

Devices Overview #

Below are examples of used devices in this project

As in the above figure, I kept all the light with the hue gateway for a reliable function, and opted for zigbee2mqtt for all other non lighting devices.

For a detailed list of used devices and their documentation see the devices list section

Frameworks #

Philips Hue #

✅ Philips Hue have an open API that can run in a local network, therefore allowing third party apps integration. This API has been tested in this project, it is of professional grade and reliable.

Zigbee2mqtt #

✅ The most popular framework that enables DIY fans to use even non-standard devices on standard gateways

❌ as this project is diconnected from the devices vendors integration testing, some instabilities and interoperabilites issues might be expected for some devices

Useful commands #

> cd /opt/zigbee2mqtt
> ./update
> sudo systemctl restart zigbee2mqtt
> nano /opt/zigbee2mqtt/data/configuration.yaml
> nano /opt/zigbee2mqtt/data/database.db
> pub 'lzig/bridge/config/permit_join' -m 'true'
> pub 'lzig/bridge/config/force_remove' -m '0x00158d0012341234'

Standard #

Specification #

  • ZLL : Zigbee Light Link, Easy - No Coordinator 13001r00ZB_MWG-ZigBee_Light_Link_Standard.pdf
  • ZHA : Zigbee Home Automation 075367r03ZB_AFG-Home_Automation_Profile_for_Public_Download.pdf, see also Silicon Labs ZLL Fundamentals UG103.9
  • ZGP : Zigbee Green Power
  • HAP : Homekit Accessory Protocol
  • CLIP : Connected Light Internet Protocol
  • ZHA + ZLL + … webcom_zigbee_rg2017.pdf
  • Security us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf
  • Zigbee Pro 2015 : docs-05-3474-21-0csg-zigbee-specification.pdf
  • ZCL : Zigbee Cluster Library 07-5123-06-zigbee-cluster-library-specification.pdf
  • Zigbee 3 : Zigbee 3.0 Base Device Behavior Specification docs-13-0402-13-00zi-Base-Device-Behavior-Specification-2.pdf

For the latest version of the standard documents please refer to the Zigbee alliance official website

Layers Architecture #

In this Figure from the Zigbee Pro 2015 Page2, We see the multiple layers, mainly the physical, the MAC, the network and the application. It is therefore not appropriate to compare Zigbee with other networking protocols such as wifi given that the zigbee includes standardisation of the Application layer (APL)

Firmware #

ZBOSS #

ZBOSS 3.0 and 2.1 are independent, portable, high-performance Zigbee® software protocol stacks

Nordic integration #

The ZBOSS is used in Nordic devices either as lower stack with the application running on the same SoC or used as a Network Coprocessor

TI Z-Stack #

This is the Stack used by Zigbee2mqtt

reference documents to be accessed through TI website

  • ressource guide
  • Z-Stack ZNP (ZNP Protocol)
  • Z-Stack Monitor and Test API

Wireshark sniffing #

  • Observing the network is mandatory for experiemnting with zigbee devices, as it’s sometimes not possible to identify the source of the issue (end device or coordinator) without looking at the air messages.

  • Note that an RF sniffer for 802.15.4 is enough to sniff zigbee as the zigbee higher layer protocol dissection is supported by wireshark

  • nRF Sniffer for 802.15.4

  • TI packet sniffer

Filters #

Scope Expression
Zigbee zbee_nwk
IEEE 802.15.4 wpan.src64
Zigbee Network zbee_nwk.src64
Short Address zbee_nwk.src
Short Address zbee_nwk.dst
zbee_nwk && (zbee_nwk.src64 != 00:12:4b:00:18:00:00:00) && (zbee_nwk.src64 !=
zbee_nwk && (wpan.dst16 != 0xffff) && !((wpan.src16 == 0x0000) &&(wpan.dst16 == 0xd9be))
zbee_zdp.ext_addr == 00:15:8d:00:02:00:00:00
wpan.dst_pan == 0x35ad
!(wpan.src_pan == 0x1a62) && !(wpan.dst_pan == 0xffff) && !(wpan.dst16 == 0xffff)
!(wpan.src_pan == 0x2c52) && !(wpan.dst_pan == 0x2c52) && !(wpan.dst_pan == 0xffff) && !
ack (wpan.frame_type == 0x2)
exlude broadcasts (wpan.dst16 != 0xffff)
no route no bcst zbee_nwk && (wpan.dst16 != 0xffff) && (wpan.src16 != 0xd9be) && (wpan.
coord to router !((wpan.src16 == 0x0000) &&(wpan.dst16 == 0xd9be))

Coloring rules #

MAC, wpan.src64 == 00:15:8d:00:00:11:22:33

Devices List #

TI MCUs #

Chip Feature
CC2531 USB, 8051, IEEE 802.15.4 & Zigbee
CC2530 No USB, 8051
CC2591 range extender
CC2592 range extender
CC2533 remote control
CC2538 datasheet USB, ARM M3, + 6LoWPAN
CC2630 datasheet ARM-M3, ARM-M0, No USB
CC2652R ARM-M4F, ARM-M0, No USB

TI Dongles #

TI based dongles #

GB2530 #

This dongle has an additional amplifier chip.

  • GBAN GB2530-S = CC2530 + RFX2401
  • GBAN GB2530-H = CC2530 + CC2591
  • Aliexpress

required config for zigbee2mqtt

advanced:
  rtscts: false

CC2652 based #

This dongle is based on the 2nd generation chips that are more powerful (including ARM-M4F and ARM-M0) also has more memory to handle more zigbee paired devices.


Nordik Dongle dev kit #

Unfortunately not supported by Zigbee2mqtt, but there’s chance in case they move to a ZBOSS common stack. Nevertheless, it’s possible to use it as a sniffer give the zigbee being the stame standard in the air physical layer.


Eurotronics Heating #


  • User Manual including details about the used clusters and attributes

usefull commands

> pub 'lzig/office heat/set' -m '{"current_heating_setpoint": 9}'
> pub 'zig/living heat/set' -m '{"current_system_mode": 16}'
> pub 'zig/living heat/set' -m '{"current_system_mode": 32}'

Provided measures

  • current_heating_setpoint
  • occupied_heating_setpoint
  • unoccupied_heating_setpoint
  • eurotronic_system_mode
  • pi_heating_demand
  • eurotronic_error_status
  • battery
  • linkquality
  • local_temperature

Used in applications

❌ Unresolved mystery : it happened few times in 2 years that a device starts spontaneously heating with full power after a sort of connection loss or self reset. Not funny when this happens in summer, especially when someone is not at home. No answer from the support.