domoticz auto add device (mysensors) even if disable "Accept new Hardware Devices"



  • in domoticz , i use a raspberry pi controller and use a windows controller , both.

    i use a serial gateway for raspberry pi and a serial gateway for domoticz windows .

    i disable " Accept new Hardware Devices" for both.

    i turn off one of two(for example domoticz windows) and i add mysensors device to domoticz raspberry pi . then turn on domoticz windows . Suddenly i see domoticz windows detect all device that added on raspberry pi (in domoticz windows!!!!!!!! so if i unplug power sensor and plug in again or reset sensor ! that sensor will add to windows domoticz.

    so this is very bad , if i use a domoticz controller and my Neighbor use a domoticz controller too , so he can control my devices and i can control her devices !!!
    are there any solution for this problem?



  • also this is risk to security.
    for example , suppose i use a relay switch for "electronic door lock" in my home.
    when i am out home , a thief can add my relay to her domoticz controller then open the door and . . .
    this is very weak in security!!!


  • Mod

    @Reza Yes. This is why you should use signing.



  • @mfalkvidd
    oh. site is updated and i didnt see 🙂 thank you .
    about other topic please help ! serial gateway stop working with unplug power and plug in power again domoticz raspberry pi !


  • Admin

    You should also report domoticz bugs at their bugtracker, as we can't solve them here.


  • Hardware Contributor

    @mfalkvidd
    Signing is indeed the solution for a door lock.

    I am changing all my NRF24L01 to RFM69 with AES (Hardware) support at the moment. This is enough for most of my use cases and nobody can see, what is going on inside my house. (Which would be easy with signing only.)



  • @tbowmo
    i report this to domoticz forum but they said this problem is related to mysenosrs...



  • @FotoFieber
    signing with rfm69 is more easy ?


  • Hardware Contributor

    @Reza said:

    Suddenly i see domoticz windows detect all device

    Domoticz will add all incoming connections until you disable "Accept new Hardware Devices" in the settings menu.
    Then you need to use the inclusion mode. "Accept new hardware for 5 min"



  • @sundberg84 said:

    Accept new Hardware Devices

    so this is a bug in domoticz ! is this right?
    because when i disable "Accept new Hardware Devices" , domoticz should not add any devices!!!


  • Hardware Contributor

    @Reza - Uf you disable this tickbox and save, yes - Domoticz should not add any new hardware in "devices" tab.


  • Hardware Contributor

    @Reza said:

    @FotoFieber
    signing with rfm69 is more easy ?

    No, but encryption is easy. And if it is encrypted, you can't add a controller without knowing the key.



  • @sundberg84
    my friend, i disable tickbox and save before for both controller , but now if reset or plug in power a new device, so domoticz detect it !!! and added

    0_1474802056296_oeorr.jpg

    0_1474802041652_Untitledjrjf.jpg



  • @FotoFieber

    i am reading "https://www.mysensors.org/about/signing" but i think this is very hard for me 🙂 i am trying to understand 🙂 for solve my problem with domoticz 🙂



  • @mfalkvidd
    i confuse . signing is a complicate issue for me . i am trying to learn this but ...
    please told to me "MY_SIGNING_SOFT" can help me ? i want my devices (sensors and actuators) just added to my gateway and also my gateway just detect and found my device. so any gateways (for example neighbor's gateway) Fails detect and find my devices !also my gateway can not detect and find neighbor's devices !
    if i use #define MY_SIGNING_SOFT and my neighbor also use #define MY_SIGNING_SOFT so my gateway can not detect neighbor's devices again ? or neighbor's gateway can not detect my device ?
    sorry for weak in english


  • Contest Winner

    Signing will not solve your domoticz issue in any way. It is between node and gateway. Domoticz is a controller so it will only see what a gateway sends to it. The same goes for encryption. It is also only between node and gateway. Neither signing nor encryption is in use between controller and gateway.
    And using encryption is just as easy or hard as using signing. Nodes and gateways have to be personalized no matter if you use signing, encryption or both. For version 2.


  • Hardware Contributor

    Encryption is easier to use with RFM69 as it is done in hardware. And for me the aspect of privacy is really important (and solved with encryption), which can't be solved with signing.

    Encryption with NRF24L01 (MY_SIGNING_SOFT) is not implemented to be secure (->IV) and therefore for me useless.


  • Contest Winner

    @FotoFieber it is no difference. The key has to be stored somewhere and even if the engine is in hw the key storage is not. So you still need to personalize the device and that procedure is identical no matter what radio you use. But yes, the sw variant is useless. But all in all, encryption is useless in a mysensors context as message contents can be easily be determined. Authenticity is more important than obscurity. We do not transmit video or audio streams with mysensors.



  • so , what am i do ? 😞 means that signing dont help me for my problem ?!
    in other forum (http://www.domoticz.com/forum/viewtopic.php?p=97403#p97403) told to me for gateway i must use a include button set !

    i have 2 problem and i dont know this problem is related to controller or gateway !
    first problem :
    you consider a vera controller or fibaro...
    in this controllers , there is a inclusion mode . just when controller is inclusion mode , can add devices ! also after add a device , until that device dont remove form controller ( controller in exclusion mode) , device can not add to other controller !
    In this way , device just work with their controller .
    i want use domoticz and mysensors gateway and device for a Two story house(Separate) , but despite this issue , i can not ....

    second problem is related to lost my gateway after unplug and plug in again raspberry power supply !! if power house have problem (each reason for example use solar panel and battery in cloudy day) after incoming power controller dont work unless disconnect usb cable and connect again (handy)

    sorry my friends for weak in english, i like society of mysensors convert to a great society . i am not a professional programmer . but i like very very internet of things .
    in the end i hope solve this issue (easy and understandable for me 🙂 ) and thank you very thank you my friends ❤
    @Anticimex @FotoFieber @sundberg84 @tbowmo @mfalkvidd @hek @TheoL
    and other dear friends .



  • what is :
    MY_INCLUSION_BUTTON_FEATURE
    MY_INCLUSION_MODE_BUTTON_PIN
    MY_INCLUSION_MODE_DURATION
    MY_INCLUSION_BUTTON_EXTERNAL_PULLUP
    ???
    can i use this for my serial gateway?????
    where i found explain about this functions?
    for example , if i want just when , i press and hold a button for inclusion , devices added . when release button so any device can not add to gateway .
    what am i do for this ?


  • Contest Winner

    Are they not self explanatory?
    The first enables the feature, the second decides what IO to use for the button, the third the duration of the mode and the last if you use a external pull up on the signal.
    Inclusion mode for a gw is to have the gw accept reporting new nodes to a controller. It can be used for any type of gw.



  • @Anticimex
    so can i use MY_INCLUSION_MODE_BUTTON_PIN for add my device? add a button to pin3 and just when press this devices add to my gatway.otherwise dont add any devices(auto add in domoticz)


  • Contest Winner

    @Reza please read replies carefully. You need to make sure you enable the feature. That is the first define. Most if not all defines have a default value. Just search the code.
    Press the button (assuming it is connected properly) and the gateway will accept new nodes for the duration specified by the third define. I am no specialist on how this works so someone else can probably give better details on how node-gw-controller handle additions of new nodes. But my Vera won't add devices unless I put my GW in inclusion mode and boot up nodes so they send their presentation data to the gw. But if it is the gw or the controller that decides if the device should be added or not based onthe gw inclusion mode I don't know, but it would seem to me pretty obvious that it would be the gw that decides that.
    In other words, inclusion mode is used to add new devices. And as far as I know it is the only way (once you enable that feature). I don't know if that is the solution to your problem as I don't fully understand what your problem really is, but it will not prevent any others from listening in on your sensors.
    Enabling encryption will obfuscate the data you transmit from eavesdroppers, but any reasonably intelligent attacker will anyway be able to guess what data you transmit.



  • @Anticimex said:

    please read replies carefully. You need to make sure you enable the feature. That is the first define. Most if not all defines have a default value. Just search the code.
    Press the button (assuming it is connected properly) and the gateway will accept new nodes for the duration specified by the third define. I am no specialist on how this works so someone else can probably give better details on how node-gw-controller handle additions of new nodes. But my Vera won't add devices unless I put my GW in inclusion mode and boot up nodes so they send their presentation data to the gw. But if it is the gw or the controller that decides if the device should be added or not based onthe gw inclusion mode I don't know, but it would seem to me pretty obvious that it would be the gw that decides that.
    In other words, inclusion mode is used to add new devices. And as far as I know it is the only way (once you enable that feature). I don't know if that is the solution to your problem as I don't fully understand what your problem really is, but it will not prevent any others from listening in on your sensors.
    Enabling encryption will obfuscate the data you transmit from eavesdroppers, but any reasonably intelligent attacker will anyway be able to guess what data you transmit.

    thank you my friend . i test serial gateway with vera . exactly. in vera there is inclusion button and dont add auto device... but in domoticz is not...
    so thank you for help. if you found any solution please help me.


  • Contest Winner

    @Reza This is the MySensors forum, not the Domoticz forum. If you have issues with Domoticz, I suggest you post your questions there. MySensors provide a set of features. It is up to the controllers to make use of them.



  • @Anticimex
    in domoticz forum told me this issue is related to mysensors gateway and here told me this issue is related to domoticz 🙂


  • Contest Winner

    @Reza Well, you said it yourself. It works with Vera. So it is obviously not a MySensors issue.



  • @Anticimex
    but in vera , there is a device(gateway) with inclusion button but in domoticz my gateway dont have a inclusion button , so this is related to domoticz?


  • Contest Winner

    @Reza Well, of course it is! MySensors cannot control what Domoticz UI shows.



  • @Anticimex said:

    Well, of course it is! MySensors cannot control what Domoticz UI shows.

    right 😞 so i must change my controller ? i want a open surce controller and a good controller 😞


  • Contest Winner

    @Reza Or you get the Domoticz people to fix their shit.



  • @Anticimex said:

    Or you get the Domoticz people to fix their shit.

    but they told me this problem is related to mysensors gateway ! 😐
    one more question. can i use static id between my device and gateway? and i disable feature inclusion mode ? so my gateway dont auto add other devices...


  • Contest Winner

    @Reza So convenient for them. But we at MySensors cannot change how domoticz works so I if they don't want to fix it, well, that is just too bad.



  • @Anticimex
    yes , also i explain to them that this problem is related to domoticz because mysensors gateway is working well with vera controller and there is a inclusion button in vera dashboard , but in domoticz...


  • Admin

    Another solution, could be to change the default rf channel, and have the two houses on different frequencies.



  • @tbowmo

    this is good . how do this ?


  • Admin

    Look in myconfig.h, if I remember right.. There should be some hints


  • Admin

    @Reza The community cannot focus all energy on supporting your case. Many if not all of your questions are answered in the howtos & forum - why don't you take advantage of the search function, enter "rf channel" and read some of the posts?



  • @tbowmo said:

    Look in myconfig.h, if I remember right.. There should be some hints

    thank you



  • @tekka
    this is a general issue . not just my problem ! if this issue resolved so can help to many people in future ! the reason of that i question this issue in this forum is after resolved , can help to many. so if you sad from this , ok i will silence in this forum.
    thank you


  • Hardware Contributor

    @Reza
    sad from this, is not needed 🙂
    the thing is : this is not a big bug!! generally the big bug is elsewhere 😉 Here you have two issues.

    You are using radios which are on the same frequency. Not a bug. That makes sense that a fresh node for your network can talk with others. If you don't want them on same freq, just change the freq/band using the right define (i don't remember).

    It also has been suggested encryption or signing. And that can help you too. Encryption can't help you for this. It just hides crypt the text if you want. It does not authenticate anything. Signing is authentication. But you would need this for all your nodes.

    Finally, the inclusion mode. That's mostly the feature you need, because it could help you to block new nodes. I think this is a feature that the controller has to implement. I don't use inclusion mode in mysensors (not tried yet),
    but in the controller I'm using (jeedom), it works well. There is one inclusion button (I don't advice you to use jeedom, it's french! and not 2.0 full compliant). As you can see this is possible to have a working inclusion button in controller 🙂

    On my side, I actually miss time to do tests or doc on this...but i'm pretty sure all is in main doc, or with the right keyword in the forum...i understand this is not an "out of the box" solution, but temporarily, and maybe with luck and spare time there might be a dedicated doc for inclusion even if it's quite simple..



  • @scalz said:

    @Reza
    Finally, the inclusion mode. That's mostly the feature you need, because it could help you to block new nodes. I think this is a feature that the controller has to implement. I don't use inclusion mode in mysensors (not tried yet),
    but in the controller I'm using (jeedom), it works well. There is one inclusion button (I don't advice you to use jeedom, it's french! and not 2.0 full compliant). As you can see this is possible to have a working inclusion button in controller 🙂

    You have to use whitelisting to block nodes. 'Signing' in GateWay does not work as it accepts non signed nodes. Signing primarily is used for nodes receiving info.



  • @scalz
    thank you my friend



  • @Nicklas-Starkel
    are you sure about whitelisting? this problem resolved with whitelisting???



  • @Reza
    From what I understand the GateWay will add all nodes even if you do not want them to. But not to the controller if you have "inclusion option" on the GateWay.
    There is a possibility that if you use the "inclusion option" maybe it will pick up all sensors not already added (ie your neighbour) if they are sending while inclusion is looking for new sensors.
    If you want to stop this you will have to use whitelisting on MAC adress. But this requires you to reprogram GateWay everytime you want to add new sensor (or maybe it is possibility to have same MAC for all?).
    And of course you will have to program a MAC adress for all sensors/per sensor the first time as well.
    I thought this problem would be solved with only using Signing, but because of backwards compability the creators did not enable this in the GateWay.
    If you only would want signing, you could make all nodes connect via a repeater node.
    Because between repeater nodes and regular nodes signing is enabled and no other nodes is accepted which aren't signed with correct signing 🙂
    And if you use Whitelisting only between GateWay and repeater node, you are set.

    Note: I could be wrong 😉


  • Contest Winner

    @Nicklas-Starkel repeater nodes will just forward signed messages. It will only verify messages addressed directly to it like all nodes. Signing is end to end.



  • @Anticimex yes. But since his neighbours nodes aren't signed (or with wrong signation), the repeater will not forward them to his gateway.
    Or am I totally wrong?


  • Contest Winner

    @Nicklas-Starkel repeater forwards what is sent to it. But if your gw is set to require signatures and your node has presented itself as a node that require signatures, gw will not accept unsigned messages from that node. If the message passes through a repeater or not does not matter.



  • This post is deleted!


  • @Anticimex

    can i use a specific range "node_id" for my gateway? for example my gateway just add device that range of node id is between 5000 until 5500 ? and out of range dont detect and add ?!


  • Admin

    @Reza

    The Gateways doesn't care at all by nodeId's. It only acts as a Gatteway, and retransmits the signal received on air, to the controller on the computer.

    There is no pairing mode, or inclusion mode, implemented in the gateway.

    The INCLUSION_FEATURE will send a command to the controller and instruct it to turn on inclusion mode (if implemented correct)

    That is, all inclusion mode specifics are made on the controller side (Vera, Domoticz, OpenHab etc). All the gateway are doing is sending the data from nodes, to the controller, and from the controller, to the nodes.

    The Gateway can not reserve a number of node ID's (and specially not id 5000, because mysensors only supports up to 255 nodes on the network, all with 255 child sensors attached). As the reservation is done on the controller level.



  • @tbowmo
    so this issue is related to domoticz Fully ! ok very thank you and i am sorry for this topic



  • @tbowmo
    one more question
    if we want , the node after add to one controller , node lock ! and dont add to other controller. this is related to controller or our sketch ?
    so my neighbor can not add my device


  • Admin

    If your neighbor knows your network frequency / network address, he can potentially add your nodes to his network. That is why signing is there for sensitive nodes, like locks etc.



  • @tbowmo said:

    If your neighbor knows your network frequency / network address, he can potentially add your nodes to his network. That is why signing is there for sensitive nodes, like locks etc.

    1.so with signing this problem can resolved? i use a signing for my WSN and i told to my neighbor that use a signing for his WSN . Will solve it?
    2.also suppose a thief come near my home door , and he has a domoticz with a mysensors gateway ! so if i use a mysensors relay (signing) for electric door lock , he can add my relay to his controller and open my home door ?

    please first told me about 1 , and about 2


  • Contest Winner

    @Reza Read the documentation please. https://www.mysensors.org/about/signing



  • @Anticimex
    thank you and just one question 🙂 i'm sorry.
    how to change frequency for my gateway and my sensors and devices?


  • Contest Winner

    @Reza I don't know. Signing does not care about frequencies. But a good guess would be to check in MyConfig.h as has already been suggested in this thread. Or search the codebase for "frequency" perhaps.
    We are not a living dictionary, you have to expect to do some searching yourself when you work with a project that is "DIY". The slogan for the entire site/community says it all: "IOT+DIY=MySensors".



  • @Anticimex
    in domoticz forum told me to "You should separate these two networks by using different frequency" so i want test this for Separation my WSN with neighbor WSN

    thank you my friend for help



  • If I'm reading the domoticz codebase correctly there is two problems:

    1. It will add the node in MySensors node/child listing even if the "Accept new hardware device" flag is disabled. But it wont create domoticz core/ui/..-devices from those.
    2. I_INCLUSION_MODE message is not supported by domoticz.

    @Reza can you update title of this topic also 🙂

    For reference: https://www.domoticz.com/forum/viewtopic.php?f=6&t=13481&start=20#p97600
    Please correct if I've provided misleading information.



  • @pjr
    my friend you are presence in all of forum 🙂 🙂 🙂
    i change also this title topic for you 🙂
    about domoticz forum i dont understand you mean (The last line )
    but generally , i have a network with Rpi (serial gateway) and my neighbor build also a network with Rpi (serial gateway) recently. but after the time , i noticed his devices added in my controller in devices panel ! so for check this issue i setup domoticz with windows (with a serial gateway) so i see devices added auto . . .
    you told me device are just in "setup->hardware->mysensors setup" but this is not true . after some refresh web and some push button "learn light/switch" without push reset button on devices !! ( please note without push reset button on sensors) devices are added in "setup->devices" !!!

    now i use 2 frequency for gateway (my Rpi and windows) and this is work true and thank you for this ❤ i change my all device frequency and i think solved problem between i and my neighbor . this is easy more for me (beginner) . i can not change codes of domoticz . but now i am trying to learn signing (this is hard for me also 🙂 )
    but i think signing is not useful ! until that domoticz have this bug , the theif just need my frequency for add and control my device ! so i must dont use my sensors(relay) for door lock and security!!

    in the end very thank you for help "using different frequency"


  • Contest Winner

    @Reza if your lock node require signing, nobody but you can use it. That is the whole point with signing. It does not matter if anyone else tries to send data to it. If it is not properly signed the node will ignore it. I suggest you read the docs on signing carefully (yes read ALL of it). It gives all you need to get going with signing.



  • thank you very very much my dear @Anticimex for help me .
    signing is a complicated issue for me but i am trying for learn this. . .
    thank you again



  • @Reza said:

    but i think signing is not useful ! until that domoticz have this bug , the theif just need my frequency for add and control my device ! so i must dont use my sensors(relay) for door lock and security!!

    No the "domoticz bug" is not a problem since it dont affect your sensor network or the way theif can use your mysensors network.
    Domoticz doesnt have anything to do with signing or encrypting. Its just listening and sending readable serial messages to your gateway.

    With signing you make thief not able to use(send messages to) your doorlock.
    With encryption you make it almost impossible for the thief read RF messages your nodes/gw are transmitting.

    There is good reading for you:
    https://www.mysensors.org/about/signing
    https://forum.mysensors.org/topic/1021/security-introducing-signing-support-to-mysensors



  • @pjr
    thank you, i am trying to learn signing for use 🙂


Log in to reply
 

Suggested Topics

  • 5
  • 2
  • 5
  • 4
  • 1
  • 4

11
Online

11.4k
Users

11.1k
Topics

112.7k
Posts