I'm trying to reverse engineer the protocol my heating/cooling system uses. The packets are framed by time and they look like they have a crc in order to check the packet.
Here's a couple of packets (in hex):
05 31 21 FF 03 05
05 31 21 06 60 83
11 22 21 46 c0 03 00 00 00 08 16 09 01 01 00 00 94 14
11 22 21 46 c0 03 00 00 00 08 15 09 01 01 00 00 1c 14
The first byte is the # of bytes following. At a guess the crc is the last two bytes. There's no rolling code as I can get a number of identical packets. I've tried the usual suspects - CRC16 etc but I haven't tried the CRC for CAN. Is there anyone interested in solving a puzzle?
If it can't be resolved, I'll just have to assume the packets are ok and respond with 'canned' messages.
As an aside, the physical side is interesting - sort a modification of current loop. Two wires are used for power and comms - to send data a resistor is switched across the loop to modulate the current and thus the voltage level, to receive, a capacitor and a comparator is used to sense the voltage changes. Baud rate is 9600 baud asynchronous. A bridge rectifier is used so that is is polarity insensitive. I dare say the designers got fed up with installers not being able to wire up a handful of connections - with only two wires, its pretty hard to get it wrong.