I recently installed a Nest thermostat. The basic Nest thermostat would not work based on the attached wires on our old thermostat unless I bought a extra harness with a small box attached to it. The Nest Learning Thermostat would work so got one for $50 off back in November. Given the cold temperatures I waited since if the Nest thermostat would not I at least had a working dumb thermostat.
I did not get a chance to install it until this past Friday. I misconfigured and put electric instead of gas. I bound it to our Wi-Fi and adjusted the configuration from smartphone app. Very simple to use and you can lower thermostat far lower if you are on vacation or something. Our old Braeburn one was a simple one that you could hold temperature only. I know the new Braeburn one have Wifi connected ones as well now. > On Feb 1, 2022, at 12:08, Chuck Hast <wch...@gmail.com> wrote: > > Tomas, > Now that I know how to deal with it, I think it > is worth it. I do not have to get up and go to > the tstat to make a temperature change, I just > grab my phone or computer and do it, If I want > to reach it from the outside that is what VPN's > are for. > > Most of the IoT devices (thermostats) are > cloud based only. My first experience was with > Honeywell. While I was living in Kalama WA, > I purchased a wireless Honeywell thermostat. > At that time I did not know better. I followed the > instructions and connected it, I was able to > access it from anywhere. Fast forward to > moving to a place east of Kelso WA, just over > the ridge that parallels I-5 in that area. the place > was an RF black hole. The only way you could > get anything was via satellite. We had Hughes- > net, (never again, anything but Hughesnet). > The latency was so high that the Tstat would > not work. I called Honeywell and asked them > about being able to connect direct to it, they > told me no way, that it only worked through > their cloud service. I explained the latency > issue with satellite, they said you are out of > luck. I have since found out that folks have > hacked the devices and there is a workaround > for it. I left the device on the wall as I had no > interest in using it elsewhere. > > One of the selling points of the Radiothermostat > is the fact that it does not require a cloud > connection to operate, turns out my mistake > was purchasing a WiFi module off of ebay. It > still had the old customer key in it and it would > try to call home. Changing the "call home URL" > took care of it. Now been over 2 days since I > did that and it is still reporting correct time. > >> On Tue, Feb 1, 2022 at 11:17 AM Tomas Kuchta <tomas.kuchta.li...@gmail.com> >> wrote: >> Thanks for sharing this journey Chuck, >> This is like inviting some real nasty individual home, who tries to get >> more of his friends in all the time. >> Put aside the network engineering challenge, I am rhetorically asking, is >> this worth the hassle, risk, time to even consider these devices? >> Diy sure smells like a lot of work, but, maybe not in the hind sight. >> -T >>> On Tue, Feb 1, 2022, 11:51 Chuck Hast <wch...@gmail.com> wrote: >>> The actual fix was even easier, there is an advanced >>> page on the thermostat web page, you go there and >>> it has the address it is to aim its queries at, all I did was >>> change it to a local IP on my network and that cooked >>> it's goose. I now have had not time changes for almost >>> 2 days, whereas before the longest I got was maybe 4 >>> hours before it finally got a reply from an address I had >>> not blocked. Now it tries to connect to a Weather sensor >>> aggregator and of course gets nothing and drops the >>> connection. >>> I have tried to clear out all of the user settings they gave >>> me instructions on how to "factory" the thermostat but it >>> never worked. All I needed was to get it to quite obtaining >>> enough of a connection to change the clock and all else >>> is good. >>> The author of the home automation software told me that >>> there used to be a command that could be sent to the >>> thermostat to clear it but the manufacturer removed it. >>> Anyhow it is taken care of, I have full control over it and >>> that is what I needed. Rogue devices can make life mis- >>> serable, or end up in the board grinder. >>> On Mon, Jan 31, 2022 at 8:55 AM Ben Koenig <techkoe...@protonmail.com> >>> wrote: >>>> Based on what I've seen there are usually 2 ways to do that. >>>> The first is to perform a factory reset of the device itself. After it >>>> reboots it will dial home and tell the cloud that it has been reset, >>>> clearing the association with a customer's account. >>>> However, some devices are more "user friendly" and will download >> settings >>>> from the cloud after a manual factory reset. In this case it will >>> retrieve >>>> the customer's account the moment it connects to the internet. Kind of >>> like >>>> how you can't just reset a phone that your friend gave you... >>>> If it really is pulling that info from their cloud then it's possible >> the >>>> only way to resolve this is to have them remove it on the cloud side. >> If >>>> their customer server team is competent then you should be able to >>> explain >>>> what happened and get it cleared. >>>> -Ben >>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>>> On Saturday, January 29th, 2022 at 11:50 AM, Chuck Hast < >>> wch...@gmail.com> >>>> wrote: >>>>> UPDATE. >>>>> I replaced the thermostat, the screen was somewhat >>>>> ugly (according to wife, it had some pixels dark) so >>>>> that was the excuse to get a replacement. Installed, >>>>> it worked just fine so I installed the radio (wifi) module. >>>>> I am expecting to go through the hoops of having to >>>>> connect to it directly and give it the proper commands >>>>> and directives so it will then go and connect to my >>>>> WiFi AP. Low and behold, appears that the WiFi module >>>>> has some memory and it retained all of the connection >>>>> info. BUT it turns out that the connections were also >>>>> being requested by the WiFi module. Indeed the author >>>>> of the Home Automation software told me to go into the >>>>> thermostat and try to pull the cloud status: >>>>> http://IpAddress/cloud. So I did and I got the following: >>>>> {"interval":300,"url":" >>> http://my.radiothermostat.com/filtrete/rest/rtcoa >>>>> ","status":3,"enabled":1,"authkey":"dfcf7d03","status_code":-1} >>>>> The device still has the authorization key, which I have >>>>> highlighted above. Now to figure out how to clear it out. >>>>> It appears that it is going out and connecting, getting >>>>> enough back to change the clock. I have blocked those >>>>> IP addresses but I think it is trying another one because >>>>> I see it again changing the time, I know what is going on >>>>> so I am not going to sniff it again. Just have to find out >>>>> how to clear the data out of the radio module. >>>>> Ain't IoT fun, I have someone's cloud access and did not >>>>> even know it... >>>>> On Sun, Jan 9, 2022 at 5:43 PM Chuck Hast wch...@gmail.com wrote: >>>>>> Well I had to go in and change some directory settings, >>>>>> still not sure what happened. But was able to save the >>>>>> file. >>>>>> On Sun, Jan 9, 2022 at 5:27 PM Chuck Hast wch...@gmail.com wrote: >>>>>>> Folks, I have a great transaction capture on Wireshark, >>>>>>> when I went to save it I get a bitch screen that says >>>>>>> You don't have permission to create or write to the file: >>>>>>> test.pcapng >>>>>>> Funny thing is I have been doing these captures now >>>>>>> for several days, but this was the best one. I just am >>>>>>> not sure why this is happening. I started Wireshark with >>>>>>> elevated access, and I have not stopped it since I saved >>>>>>> the last file. Never seen this before. I have seen it when >>>>>>> something did not get started with a needed permission >>>>>>> level but never seen something change without shutting >>>>>>> it down and restarting. >>>>>>> On Thu, Jan 6, 2022 at 10:58 AM Chuck Hast wch...@gmail.com >> wrote: >>>>>>>> I have a batch of Chinese security cameras, one day I was >>>>>>>> sniffing my LAN and saw these packets that should not have >>>>>>>> been there, started tracing them down and they were coming >>>>>>>> from the cameras, they were trying to connect to 4 chinese >>>>>>>> web sites and AWS. The now are on an island network which >>>>>>>> routes to nowhere and the only other thing on there is the port >>>>>>>> that sends all of the camera data to ZoneMinder. Crazy cameras >>>>>>>> were trying to call home constantly. I cleaned some of it up by >>>>>>>> giving them all static IP's and getting rid of any DNS info. >> Some >>>>>>>> of them still try but a lot less. >>>>>>>> That was before I started seeing comments on line about the >>>>>>>> cameras doing the "call home" thing. >>>>>>>> On Wed, Jan 5, 2022 at 11:56 PM Tomas Kuchta < >>>>>>>> tomas.kuchta.li...@gmail.com> wrote: >>>>>>>>> Like with all other "smart things" you are the product, that >>>> thing is >>>>>>>>> just >>>>>>>>> the bait to connect to you .... I had the same thing with >>>> environment >>>>>>>>> sensors this summer. I returned them and got bunch of half >>> price >>>> 433MHz >>>>>>>>> sensors + SDR to receive their signals. >>>>>>>>> There are still 433MHz remote controlled relays + $5-$10 >>>> transmitters to >>>>>>>>> turn them on/off if you do not want to use SBC or Arduino. >>>>>>>>> What sorry state of affairs, these things could be supper >>>> useful, only >>>>>>>>> if >>>>>>>>> the would hot call home. >>>>>>>>> -T >>>>>>>>> On Thu, Jan 6, 2022, 00:00 Chuck Hast wch...@gmail.com >> wrote: >>>>>>>>>> Well folks here is the capture. This is when the device >> does >>>> the >>>>>>>>>> time change. >> -------------------------SoF---------------------------------------------- >>>>>>>>>> No. Time Source Destination Protocol Length Info >>>>>>>>>> 1416 6995.707153289 192.168.7.45 192.168.7.1 DNS 129 >>>>>>>>>> Standard query 0x011d A my.radiothermostat.com >>>>>>>>>> 1417 6995.743011679 192.168.7.1 192.168.7.45 DNS 283 >>>>>>>>>> Standard query response 0x011d A my.radiothermostat.com >>> CNAME >>>>>>>>>> rtcoa-load-balancer.energyhub.net CNAME >>>>>>>>>> prod-ext-2-397343966.us-east-1.elb.amazonaws.com A >>>> 3.214.34.120 A >>>>>>>>>> 54.209.187.172 A 107.21.255.187 >>>>>>>>>> 1418 6995.744228645 192.168.7.45 107.21.255.187 TCP 125 >>>>>>>>>> 35222 → 80 [SYN] Seq=0 Win=2896 Len=0 MSS=1460 WS=1 >>> SACK_PERM=1 >>>>>>>>>> TSval=23065200 TSecr=0 >>>>>>>>>> 1419 6995.795424653 107.21.255.187 192.168.7.45 TCP 121 >>>>>>>>>> 80 >>>>>>>>>> → 35222 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 >>>> SACK_PERM=1 >>>>>>>>>> TSval=1316753308 TSecr=23065200 WS=256 >>>>>>>>>> 1420 6995.796759302 192.168.7.45 107.21.255.187 TCP 113 >>>>>>>>>> 35222 → 80 [ACK] Seq=1 Ack=1 Win=2896 Len=0 TSval=23065200 >>>>>>>>>> TSecr=1316753308 >>>>>>>>>> 1421 6995.797280360 192.168.7.45 107.21.255.187 TCP 204 >>>>>>>>>> 35222 → 80 [PSH, ACK] Seq=1 Ack=1 Win=2896 Len=91 >>>> TSval=23065200 >>>>>>>>>> TSecr=1316753308 [TCP segment of a reassembled PDU] >>>>>>>>>> 1422 6995.851194008 107.21.255.187 192.168.7.45 TCP 113 >>>>>>>>>> 80 >>>>>>>>>> → 35222 [ACK] Seq=1 Ack=92 Win=26880 Len=0 TSval=1316753363 >>>>>>>>>> TSecr=23065200 >>>>>>>>>> 1423 6995.853333530 192.168.7.45 107.21.255.187 HTTP 579 >>>>>>>>>> POST /filtrete/rest/rtcoa HTTP/1.1 >>>>>>>>>> 1424 6995.905205495 107.21.255.187 192.168.7.45 TCP 113 >>>>>>>>>> 80 >>>>>>>>>> → 35222 [ACK] Seq=1 Ack=558 Win=28160 Len=0 >> TSval=1316753417 >>>>>>>>>> TSecr=23065300 >>>>>>>>>> 1425 6995.912865908 107.21.255.187 192.168.7.45 HTTP 585 >>>>>>>>>> HTTP/1.1 200 200 >>>>>>>>>> 1426 6995.935820827 192.168.7.45 107.21.255.187 TCP 113 >>>>>>>>>> 35222 → 80 [FIN, PSH, ACK] Seq=558 Ack=473 Win=2424 Len=0 >>>>>>>>>> TSval=23065300 >>>>>>>>>> TSecr=1316753424 >>>>>>>>>> 1427 6995.986668924 107.21.255.187 192.168.7.45 TCP 113 >>>>>>>>>> 80 >>>>>>>>>> → 35222 [FIN, ACK] Seq=473 Ack=559 Win=28160 Len=0 >>>> TSval=1316753499 >>>>>>>>>> TSecr=23065300 >> ------------------------EoF----------------------------------------------------- >>>>>>>>>> It is during this transaction that the time change takes >>> place. >>>>>>>>>> I never signed up for their cloud service. This took place >>>> betwen >>>>>>>>>> Sept when I turned off the A/C and Nov when I turned on the >>>>>>>>>> heat. Thermostat was on all of the time. And as far as I >> know >>>> it >>>>>>>>>> was talking to the local HA server. >>>>>>>>>> On Wed, Jan 5, 2022 at 6:56 PM Chuck Hast wch...@gmail.com >>>> wrote: >>>>>>>>>>> I am going to start the logging I tested yesterday back >> up. >>>>>>>>>>> I had enabled packet sniffing streaming to a remote >> server >>>>>>>>>>> (Wireshark on another machine) so I had it running indeed >>>>>>>>>>> I thought I had saved that file but when I went to look >> at >>> it >>>>>>>>>>> this a.m. somehow I sent it down the bit toilet... Ohh >> well >>>> it >>>>>>>>>>> is just bits, be a good exercise to get it going again. I >>>> need >>>>>>>>>>> to trace things every once in a while knowing how to get >>>>>>>>>>> the bit stream out of the router to wireshark can be very >>>>>>>>>>> handy (I am looking these chinese cameras that call home) >>>>>>>>>>> Now if I can get the manufacturer to do more than respond >>>>>>>>>>> with scripted replies... >>>>>>>>>>> On Wed, Jan 5, 2022 at 6:17 PM Ben Koenig < >>>>>>>>>>> techkoe...@protonmail.com> >>>>>>>>>>> wrote: >>>>>>>>>>>> Whoops looks like I hit the wrong reply button and >> moved >>>> this off >>>>>>>>>>>> the >>>>>>>>>>>> PLUG list. >>>>>>>>>>>> In my experience time sync issues are generally always >>> the >>>> result >>>>>>>>>>>> of one >>>>>>>>>>>> of 3 different root causes. For embedded devices its >>> often >>>> simpler >>>>>>>>>>>> since >>>>>>>>>>>> you have no control over the software, it just does >>>> whatever it was >>>>>>>>>>>> coded >>>>>>>>>>>> to do. >>>>>>>>>>>> #1 is the CMOS battery. If the firmware isn't holding >> on >>>> to certain >>>>>>>>>>>> settings (such as battery failure) then the clock will >>>> revert. >>>>>>>>>>>> Normally >>>>>>>>>>>> this sends you back to 1970 but I've seen more recent >>>> devices >>>>>>>>>>>> behave >>>>>>>>>>>> differently. In your case it looks like the time zone >> is >>>> not being >>>>>>>>>>>> held >>>>>>>>>>>> properly. >>>>>>>>>>>> #2 is buggy software on the device that is resetting >> the >>>> time. >>>>>>>>>>>> Could be >>>>>>>>>>>> a >>>>>>>>>>>> y2k22 style bug ( hi microsoft! ) or something else >> that >>>> it hit. >>>>>>>>>>>> #3 is the server. Since blocking the IP at the router >>>> prevents this >>>>>>>>>>>> issue >>>>>>>>>>>> then it might just be something stupid on their server >>> end. >>>>>>>>>>>> IMO it's a combination of #2 and #3. This type of >>>> unexpected >>>>>>>>>>>> behavior is >>>>>>>>>>>> not uncommon on E.T. devices since they ALWAYS phone >> home >>>>>>>>>>>> regardless >>>>>>>>>>>> of >>>>>>>>>>>> whether or not you set up an account. It's entirely >>>> possible that >>>>>>>>>>>> it >>>>>>>>>>>> spent >>>>>>>>>>>> the last 2 years dialing home for your timezone but in >>> the >>>> past few >>>>>>>>>>>> months >>>>>>>>>>>> the server gave a different response. If you had a >>> history >>>> of all >>>>>>>>>>>> web >>>>>>>>>>>> traffic to those 3 addresses in the past year you could >>>> probably >>>>>>>>>>>> spot >>>>>>>>>>>> the >>>>>>>>>>>> change. Maybe they changed the default response to >>>> unregistered >>>>>>>>>>>> devices. >>>>>>>>>>>> It would be interesting to log the actual web traffic >> and >>>> see if >>>>>>>>>>>> you can >>>>>>>>>>>> spot the data being returned. If you logged all traffic >>>> for the >>>>>>>>>>>> past >>>>>>>>>>>> year >>>>>>>>>>>> then you could correlate the time you saw the change >> with >>>> any >>>>>>>>>>>> changes in >>>>>>>>>>>> server responses. >>>>>>>>>>>> -Ben >>>>>>>>>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>>>>>>>>>>> On Wednesday, January 5th, 2022 at 2:50 PM, Chuck Hast >> < >>>>>>>>>>>> wch...@gmail.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>> The interesting thing is that I have had this unit for >>> over >>>>>>>>>>>> 2 years and it has never done this, it just started >> doing >>>>>>>>>>>> it when I turned on the heat. I had shut the HVAC >> system >>>>>>>>>>>> down in Sept because the weather did not warrant >> running >>>>>>>>>>>> the system. All I did was set the system to OFF on the >>>>>>>>>>>> thermostat. So it was all powered up. When I set it to >>> HEAT >>>>>>>>>>>> I got this funny time change thing. I tested with the >>> A/C, >>>> as >>>>>>>>>>>> we have had a nice warm autumn this year, and got the >>>>>>>>>>>> same thing. So something happened between Sept and >>>>>>>>>>>> Nov when I turned on the heat. The question is what? >> Did >>>>>>>>>>>> the thermostat get hacked somehow, I have tried to do a >>>>>>>>>>>> factory reset but that does not work either. And since >>>> these >>>>>>>>>>>> people will not talk on the phone, I am pretty much >>> running >>>>>>>>>>>> out of patience. >>>>>>>>>>>> On Wed, Jan 5, 2022 at 4:38 PM Ben Koenig < >>>>>>>>>>>> techkoe...@protonmail.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> You also want to look at the URL sent as well. Since >> no >>>> other >>>>>>>>>>>>> ports are >>>>>>>>>>>>> open it's unlikely to be using any non-HTTP >> protocols. >>>> However if >>>>>>>>>>>>> this >>>>>>>>>>>>> is a >>>>>>>>>>>>> REST API of some sort then the addresses might be >> part >>>> of a load >>>>>>>>>>>>> balancing >>>>>>>>>>>>> system and may be expecting data for authentication >> or >>>> other >>>>>>>>>>>>> information >>>>>>>>>>>>> specific to your router. The address is just the >> server >>>> being >>>>>>>>>>>>> asked for >>>>>>>>>>>>> information, the full URL path is the question. >>>>>>>>>>>>> What's probably happening is that your "unconfigured" >>>> device is >>>>>>>>>>>>> dialing >>>>>>>>>>>>> home to ask if it is associated with an account >> using a >>>> REST API. >>>>>>>>>>>>> When >>>>>>>>>>>>> it >>>>>>>>>>>>> gets a no from the server, it loads default settings >>> and >>>> probably >>>>>>>>>>>>> goes >>>>>>>>>>>>> through this check on a regular schedule. I see this >> a >>>> lot with >>>>>>>>>>>>> cloud-routers as well. Under the hood its openwrt and >>>> while they >>>>>>>>>>>>> function >>>>>>>>>>>>> without the cloud account linked they tend to behave >> in >>>> unexpected >>>>>>>>>>>>> ways. >>>>>>>>>>>>> -Ben >>>>>>>>>>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>>>>>>>>>>>> On Wednesday, January 5th, 2022 at 2:19 PM, Chuck >> Hast >>> < >>>>>>>>>>>>> wch...@gmail.com> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> That is interesting, yesterday I tried all of them >> and >>>>>>>>>>>>> got no route, but doing as you did gave me what you >>>>>>>>>>>>> got. I have got to fire up Wireshark and get the >>> sniffer >>>>>>>>>>>>> going on my router again and capture those packets >>>>>>>>>>>>> to see what is going on, I know that what I saw was >>>>>>>>>>>>> that the system was saying that there was no route >>>>>>>>>>>>> available. Let me get the port that was associated >>>>>>>>>>>>> with this connection attempts. >>>>>>>>>>>>> On Wed, Jan 5, 2022 at 3:53 PM Ben Koenig < >>>>>>>>>>>>> techkoe...@protonmail.com> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> FWIW those are actually up and have ports 80/443 >> open >>>> for web >>>>>>>>>>>>>> access >>>>>>>>>>>>>> according to a zenmap no-ping scan. >>>>>>>>>>>>>> Although accessing them via a browser is a pain. >> They >>>> are using >>>>>>>>>>>>>> self-signed certs and appear to be part of their >> API >>>>>>>>>>>>>> infrastructure >>>>>>>>>>>>>> since >>>>>>>>>>>>>> simple requests via curl result in redirect http >>>> response codes >>>>>>>>>>>>>> so the >>>>>>>>>>>>>> servers are up but it appears they want to limit >>>> traffic from >>>>>>>>>>>>>> most >>>>>>>>>>>>>> sources. >>>>>>>>>>>>>> It would be kind of odd if they are using HTTP >> calls >>>> to sync the >>>>>>>>>>>>>> time. >>>>>>>>>>>>>> Either way since you mentioned that you don't want >> to >>>> use their >>>>>>>>>>>>>> cloud >>>>>>>>>>>>>> system they are probably safe to block. If you >> bypass >>>> SSL cert >>>>>>>>>>>>>> checks >>>>>>>>>>>>>> then >>>>>>>>>>>>>> 3.214.34.120 actually brings up a real website. >>>>>>>>>>>>>> -Ben >>>>>>>>>>>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>>>>>>>>>>>>> On Wednesday, January 5th, 2022 at 11:02 AM, Chuck >>>> Hast < >>>>>>>>>>>>>> wch...@gmail.com> wrote: >>>>>>>>>>>>>>> Going to tear into it. Sorry state of affairs >> when >>>> you cannot >>>>>>>>>>>>>>> trust the devices in your own home... >>>>>>>>>>>>>>> On Wed, Jan 5, 2022 at 12:59 PM Russell Senior >>>>>>>>>>>>>>> russ...@personaltelco.net >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> The FCC internal photos (if I have the right >>>> device) suggest >>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>> is a >>>>>>>>>>>>>>>> marvell SoC. The photos have a sticker over the >>>> chip, so I >>>>>>>>>>>>>>>> can't >>>>>>>>>>>>>> identify >>>>>>>>>>>>>>>> it precisely. There is a largish 8-pin SOIC >> chip >>>> in one >>>>>>>>>>>>>>>> corner >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>> looks >>>>>>>>>>>>>>>> like serial NOR flash. If you can get the part >>>> numbers of >>>>>>>>>>>>>>>> the SoC >>>>>>>>>>>>>> and the >>>>>>>>>>>>>>>> flash, that would help. I don't see an obvious >>>> serial >>>>>>>>>>>>>>>> console in >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> photos, but the photos are a bit blurry. >>>>>>>>>>>>>>>> On Wed, Jan 5, 2022, 10:46 Chuck Hast >>>> wch...@gmail.com >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> The radio is a separate module you can plug >> two >>>> of them >>>>>>>>>>>>>>>>> in, a zigbee module and a WiFi module, there >>> are >>>> some >>>>>>>>>>>>>>>>> other ones also. I have the Wifi module. I >> will >>>> see which >>>>>>>>>>>>>>>>> one of those it is. I will see how to remove >>> the >>>> case from >>>>>>>>>>>>>>>>> the thermostat board and see what is in there >>>> beside the >>>>>>>>>>>>>>>>> screen. >>>>>>>>>>>>>>>>> I am going to start a capture again and see >>> what >>>> the port >>>>>>>>>>>>>>>>> is, I thought I had saved the previous >> capture >>>> file but >>>>>>>>>>>>>>>>> when >>>>>>>>>>>>>>>>> I went to open it, could not find it. >>>>>>>>>>>>>>>>> It is either checking different addresses >> until >>>> it finds >>>>>>>>>>>>>>>>> some >>>>>>>>>>>>>>>>> thing alive or one of those addresses is >> being >>>> activated. >>>>>>>>>>>>>>>>> If I block the address in the router the time >>>> stays what I >>>>>>>>>>>>>>>>> have set it to. >>>>>>>>>>>>>>>>> On Tue, Jan 4, 2022 at 9:34 PM Russell >> Senior < >>>>>>>>>>>>>>>>> russ...@personaltelco.net >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> Maybe this? FCC ID: QO8-WIFI-M-0210 >>>>>>>>>>>>>>>>>> https://fccid.io/QO8-WIFI-M-0210 >>>>>>>>>>>>>>>>>> On Tue, Jan 4, 2022 at 7:16 PM Russell >>> Senior < >>>>>>>>>>>>>>>>>> russ...@personaltelco.net >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>> Those addresses are all in AWS address >>> space, >>>>>>>>>>>>>>>>>>> according to >>>>>>>>>>>>>> whois. As >>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>> previous commenter suggested, it might >> just >>>> be NTP. >>>>>>>>>>>>>>>>>>> Did you >>>>>>>>>>>>>> notice >>>>>>>>>>>>>>>>>>> what port the communication was happening >>>> over? >>>>>>>>>>>>>>>>>>> Have you considered popping the case and >>>> seeing if >>>>>>>>>>>>>>>>>>> there is >>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>> serial >>>>>>>>>>>>>>>>>>> console port on their wifi module? It's >>>> reasonably >>>>>>>>>>>>>>>>>>> likely it >>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>> running some ancient version of linux. Is >>>> there an >>>>>>>>>>>>>>>>>>> FCC-ID on >>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> case? >>>>>>>>>>>>>>>>>>> On Tue, Jan 4, 2022 at 6:49 PM Chuck Hast >>>>>>>>>>>>>>>>>>> wch...@gmail.com >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>> Well folks, I was able to get wireshark >>> on >>>> the >>>>>>>>>>>>>>>>>>>> thermostat. >>>>>>>>>>>>>> I found >>>>>>>>>>>>>>>>>>>> that it is trying to contact these >>>> addresses: >>>>>>>>>>>>>>>>>>>> 54.209.187.172 >>>>>>>>>>>>>>>>>>>> 107.21.255.187 >>>>>>>>>>>>>>>>>>>> 3.214.34.120 >>>>>>>>>>>>>>>>>>>> Right now none are reachable. I am >> trying >>>> to figure >>>>>>>>>>>>>>>>>>>> out >>>>>>>>>>>>>>>>>>>> why >>>>>>>>>>>>>> this >>>>>>>>>>>>>>>>>>>> thermostat is trying to reach those >>>> addresses. >>>>>>>>>>>>>>>>>>>> When I do a whois, they come up as >> being >>>> hosted on >>>>>>>>>>>>>>>>>>>> Amazon... >>>>>>>>>>>>>>>>>>>> I wonder if one of them comes awake >> every >>>> so often >>>>>>>>>>>>>>>>>>>> and the >>>>>>>>>>>>>>>>>>>> thermostat gets the connection and >>>> receives a TZ >>>>>>>>>>>>>>>>>>>> change... >>>>>>>>>>>>>> So >>>>>>>>>>>>>>>>>>>> far I have not been able to catch it >>> doing >>>> so. >>>>>>>>>>>>>>>>>>>> When I bought the unit I intentionally >>> did >>>> NOT try >>>>>>>>>>>>>>>>>>>> to use >>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> cloud service, I have tried to get >> proper >>>>>>>>>>>>>>>>>>>> communications >>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>> Radio Thermostat but so far only >>> idiots... >>>> And they >>>>>>>>>>>>>>>>>>>> do not >>>>>>>>>>>>>> have >>>>>>>>>>>>>>>>>>>> a published telephone number. >>>>>>>>>>>>>>>>>>>> On Tue, Jan 4, 2022 at 4:53 PM Chuck >> Hast >>>>>>>>>>>>>>>>>>>> wch...@gmail.com >>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>> More info, this was the reply I got >>> from >>>> the >>>>>>>>>>>>>>>>>>>>> manufacturer >>>> -----------------------SoF------------------------------------------ >>>>>>>>>>>>>>>>>>>>> Radio Thermostat >>>> radiothermos...@tstatsupport.com >>>>>>>>>>>>>>>>>>>>> 1:10 PM (3 hours ago) >>>>>>>>>>>>>>>>>>>>> to Info, me >>>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>>>> If you are sure you have a WiFi >> module >>>> in the >>>>>>>>>>>>>>>>>>>>> thermostat >>>>>>>>>>>>>> Model - >>>>>>>>>>>>>>>>>>>>> RTMV-01 >>>>>>>>>>>>>>>>>>>>> Then check out the following to see >> and >>>> correct >>>>>>>>>>>>>>>>>>>>> the time >>>>>>>>>>>>>> zone so >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> thermostat will have the correct >> time: >>>>>>>>>>>>>>>>>>>>> How to change time zone >>>>>>>>>>>>>>>>>>>>> First go to the web portal via a >>> browser >>>> * >>>> https://my.radiothermostat.com/rtcoa/login.html >>>> https://my.radiothermostat.com/rtcoa/login.html* >>>>>>>>>>>>>>>>>>>>> (Note you will need to use the >> desktop >>>> version of >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> web >>>>>>>>>>>>>> site) >>>>>>>>>>>>>>>>>>>>> Then log in and go to the person >> (then >>>> select >>>>>>>>>>>>>>>>>>>>> location) >>>>>>>>>>>>>>>>>>>>> select the location you want and >> click >>>> edit >>>>>>>>>>>>>>>>>>>>> Go to the pull down for time zone and >>>> select your >>>>>>>>>>>>>>>>>>>>> time >>>>>>>>>>>>>> zone >>>>>>>>>>>>>>>>>>>>> Then click save >>>> -----------------------------------EoF--------------------------------- >>>>>>>>>>>>>>>>>>>>> This is exactly what I have tried to >>>> avoid, I never >>>>>>>>>>>>>>>>>>>>> registered >>>>>>>>>>>>>>>>>>>>> the thermostat with their cloud. I >> have >>>> my personal >>>>>>>>>>>>>>>>>>>>> reasons >>>>>>>>>>>>>>>>>>>>> for not wanting my devices on >> someone's >>>> cloud if I >>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>> avoid >>>>>>>>>>>>>>>>>>>>> it. in this case that is exactly >> what I >>>> have tried >>>>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>>>> do. >>>>>>>>>>>>>>>>>>>>> Now meantime, since the thermostat IP >>> is >>>> static, I >>>>>>>>>>>>>>>>>>>>> went >>>>>>>>>>>>>> into >>>>>>>>>>>>>>>>>>>>> the firewall and set up a rule to >> drop >>>> any packets >>>>>>>>>>>>>>>>>>>>> to/from >>>>>>>>>>>>>>>>>>>>> the thermostat. No more time change, >>> and >>>> I did >>>>>>>>>>>>>>>>>>>>> that well >>>>>>>>>>>>>> over >>>>>>>>>>>>>>>>>>>>> and hour ago. I can still control the >>>> device on my >>>>>>>>>>>>>>>>>>>>> LAN >>>>>>>>>>>>>> just >>>>>>>>>>>>>>>>>>>>> dropping whatever is trying to reach >>> the >>>>>>>>>>>>>>>>>>>>> thermostat. >>>>>>>>>>>>>>>>>>>>> This brings up the question, of >>> who/what >>>> is it? I >>>>>>>>>>>>>>>>>>>>> never >>>>>>>>>>>>>>>>>>>>> registered the device with their >> cloud, >>>> indeed I >>>>>>>>>>>>>>>>>>>>> bought >>>>>>>>>>>>>>>>>>>>> it because it was one of the >>> thermostats >>>> that did >>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>> require you to use an outside network >>> to >>>> access >>>>>>>>>>>>>>>>>>>>> it, (I >>>>>>>>>>>>>>>>>>>>> am >>>>>>>>>>>>>>>>>>>>> looking at you Honeywell, Nest and >> all >>>> of the rest >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> cloud only based devices). Now to see >>> if >>>> I can get >>>>>>>>>>>>>>>>>>>>> Wire >>>>>>>>>>>>>>>>>>>>> shark on a part of the network that >> can >>>> see that >>>>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>>>> Suspend the rule and try to catch the >>>> packet >>>>>>>>>>>>>>>>>>>>> session. >>>>>>>>>>>>>>>>>>>>> On Tue, Jan 4, 2022 at 9:41 AM Chuck >>> Hast >>>>>>>>>>>>>>>>>>>>> wch...@gmail.com >>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>> Sorry, should have, not there is >> not. >>>> But the >>>>>>>>>>>>>>>>>>>>>> interesting thing >>>>>>>>>>>>>>>>>>>>>> is that as long as it cannot >> contact >>>> the network >>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>> is no >>>>>>>>>>>>>>>>>>>>>> time change. I think I am going to >> go >>>> into the >>>>>>>>>>>>>>>>>>>>>> firewall >>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>> make it drop all packets to/from >> the >>>> device and >>>>>>>>>>>>>>>>>>>>>> see >>>>>>>>>>>>>>>>>>>>>> what >>>>>>>>>>>>>>>>>>>>>> happens. If that takes care of it >>> then >>>> maybe >>>>>>>>>>>>>>>>>>>>>> allow it >>>>>>>>>>>>>> to talk >>>>>>>>>>>>>>>>>>>>>> on the LAN but drop anything going >>>> to/from it on >>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>> WAN >>>>>>>>>>>>>>>>>>>>>> side. I would like to see what it >> is >>>> talking to. >>>>>>>>>>>>>>>>>>>>>> So >>>>>>>>>>>>>>>>>>>>>> far >>>>>>>>>>>>>> I have >>>>>>>>>>>>>>>>>>>>>> not been able to catch it. >>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 3, 2022 at 11:00 PM >> Erik >>>> Lane >>>>>>>>>>>>>>>>>>>>>> erikl...@gmail.com >>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>>> You don't mention this, but since >>>> it's always 2 >>>>>>>>>>>>>>>>>>>>>>> hours, is >>>>>>>>>>>>>>>>>>>>>>> there a >>>>>>>>>>>>>>>>>> time >>>>>>>>>>>>>>>>>>>>>>> zone >>>>>>>>>>>>>>>>>>>>>>> setting in there that has gotten >>>> off? Maybe >>>>>>>>>>>>>>>>>>>>>>> it's >>>>>>>>>>>>>> talking to a >>>>>>>>>>>>>>>>>>>>>>> NTP >>>>>>>>>>>>>>>>>> server? >>>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 3, 2022 at 8:49 PM >>> Chuck >>>> Hast >>>>>>>>>>>>>>>>>>>>>>> wch...@gmail.com >>>>>>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>>>>>>> Folks, >>>>>>>>>>>>>>>>>>>>>>>> Not sure where to take this but >>>> figured that >>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>> would get more >>>>>>>>>>>>>>>>>>>>>>>> info here. >>>>>>>>>>>>>>>>>>>>>>>> I have a RadioThermostat CT80. >> I >>>> have had it >>>>>>>>>>>>>>>>>>>>>>>> now >>>>>>>>>>>>>> for several >>>>>>>>>>>>>>>>>>>>>>>> years. As the summer wound >> down. >>> I >>>> shut down >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>> A/C and >>>>>>>>>>>>>>>>>>>>>>>> opened the windows in the >> house. >>>> Then in Nov >>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>> needed to fire >>>>>>>>>>>>>>>>>>>>>>>> up the heating, all appeared to >>> be >>>> well, but >>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>> noticed that >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> thermostat clock was 2 hours >>> slow. >>>> I set it >>>>>>>>>>>>>>>>>>>>>>>> and a >>>>>>>>>>>>>> while >>>>>>>>>>>>>>>>>>>>>>>> later see that it has lost 2 >>> hours >>>> again. >>>>>>>>>>>>>>>>>>>>>>>> I have a home automation >> system. >>> I >>>> checked >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>> logs, and >>>>>>>>>>>>>>>>>>>>>>>> contacted the author. He has a >>>> CT50 which has >>>>>>>>>>>>>>>>>>>>>>>> fewer >>>>>>>>>>>>>> bells >>>>>>>>>>>>>>>>>>>>>>>> and whistles than mine but same >>>> unit. Anyhow >>>>>>>>>>>>>>>>>>>>>>>> he >>>>>>>>>>>>>> gave me >>>>>>>>>>>>>>>>>>>>>>>> some guidance, in the end I >> shut >>>> down the HA >>>>>>>>>>>>>>>>>>>>>>>> system >>>>>>>>>>>>>> and it >>>>>>>>>>>>>>>>>>>>>>>> still would drop the 2 hours, I >>>> powered the >>>>>>>>>>>>>>>>>>>>>>>> thermostat down >>>>>>>>>>>>>>>>>>>>>>>> and removed the WiFi radio, >>>> powered it back >>>>>>>>>>>>>>>>>>>>>>>> up, it >>>>>>>>>>>>>> ran about >>>>>>>>>>>>>>>>>>>>>>>> 4 hours (about 3 hours longer) >>> and >>>> never >>>>>>>>>>>>>>>>>>>>>>>> dropped >>>>>>>>>>>>>> the 2 hours. >>>>>>>>>>>>>>>>>>>>>>>> Normally it will go between 20 >>>> minutes and >>>>>>>>>>>>>>>>>>>>>>>> an hour >>>>>>>>>>>>>> after I >>>>>>>>>>>>>>>>>>>>>>>> have set it to the correct >> time, >>>> then drop >>>>>>>>>>>>>>>>>>>>>>>> back to >>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> incorrect >>>>>>>>>>>>>>>>>>>>>>>> time. So this appears to >>> indicated >>>> that it is >>>>>>>>>>>>>>>>>>>>>>>> either >>>>>>>>>>>>>>>>>>>>>>>> something >>>>>>>>>>>>>>>>>>>>>>>> on the network that is doing >> the >>>> time change >>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>> something in >>>>>>>>>>>>>>>>>>>>>>>> the WiFi radio. >>>>>>>>>>>>>>>>>>>>>>>> I am trying to sniff the >> network >>>> and see if >>>>>>>>>>>>>>>>>>>>>>>> I can >>>>>>>>>>>>>> catch any >>>>>>>>>>>>>>>>>>>>>>>> weird packets. But this is one >> I >>>> have not >>>>>>>>>>>>>>>>>>>>>>>> done >>>>>>>>>>>>>> before. >>>>>>>>>>>>>>>>>>>>>>>> My router is a Mikrotik 2011, >> and >>>> I have been >>>>>>>>>>>>>>>>>>>>>>>> trying to use >>>>>>>>>>>>>>>>>>>>>>>> the tools on it to try to >> monitor >>>> the IP >>>>>>>>>>>>>>>>>>>>>>>> address >>>>>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> thermo- >>>>>>>>>>>>>>>>>>>>>>>> stat and try to see if it is >>>> talking to >>>>>>>>>>>>>>>>>>>>>>>> something >>>>>>>>>>>>>> else. So >>>>>>>>>>>>>>>>>>>>>>>> far >>>>>>>>>>>>>>>>>>>>>>>> no joy. >>>>>>>>>>>>>>>>>>>>>>>> I am wondering about getting >> wire >>>> shark in >>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>> and trying >>>>>>>>>>>>>>>>>>>>>>>> to filter those packets that >> way >>>> as I am not >>>>>>>>>>>>>>>>>>>>>>>> having >>>>>>>>>>>>>> much luck >>>>>>>>>>>>>>>>>>>>>>>> with the Mikrotik tools >>>>>>>>>>>>>>>>>>>>>>>> Any recommendations? >>>>>>>>>>>>>>>>>>>>>>>> -------------------- >>>>>>>>>>>>>>>>>>>>>>>> Chuck Hast -- KP4DJT -- >>>>>>>>>>>>>>>>>>>>>>>> I can do all things through >>> Christ >>>> which >>>>>>>>>>>>>>>>>>>>>>>> strengtheneth me. >>>>>>>>>>>>>>>>>>>>>>>> Ph 4:13 KJV >>>>>>>>>>>>>>>>>>>>>>>> Todo lo puedo en Cristo que me >>>> fortalece. >>>>>>>>>>>>>>>>>>>>>>>> Fil 4:13 RVR1960 >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> Chuck Hast -- KP4DJT -- >>>>>>>>>>>>>>>>>>>>>> I can do all things through Christ >>>> which >>>>>>>>>>>>>>>>>>>>>> strengtheneth >>>>>>>>>>>>>> me. >>>>>>>>>>>>>>>>>>>>>> Ph 4:13 KJV >>>>>>>>>>>>>>>>>>>>>> Todo lo puedo en Cristo que me >>>> fortalece. >>>>>>>>>>>>>>>>>>>>>> Fil 4:13 RVR1960 >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> Chuck Hast -- KP4DJT -- >>>>>>>>>>>>>>>>>>>>> I can do all things through Christ >>> which >>>>>>>>>>>>>>>>>>>>> strengtheneth >>>>>>>>>>>>>>>>>>>>> me. >>>>>>>>>>>>>>>>>>>>> Ph 4:13 KJV >>>>>>>>>>>>>>>>>>>>> Todo lo puedo en Cristo que me >>> fortalece. >>>>>>>>>>>>>>>>>>>>> Fil 4:13 RVR1960 >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> Chuck Hast -- KP4DJT -- >>>>>>>>>>>>>>>>>>>> I can do all things through Christ >> which >>>>>>>>>>>>>>>>>>>> strengtheneth me. >>>>>>>>>>>>>>>>>>>> Ph 4:13 KJV >>>>>>>>>>>>>>>>>>>> Todo lo puedo en Cristo que me >> fortalece. >>>>>>>>>>>>>>>>>>>> Fil 4:13 RVR1960 >>>>>>>>>>>>>>>>> -- > > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960
