Navigation

    Logo
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unread
    • Categories
    • Unreplied
    • Popular
    • GitHub
    • Docu
    • Hilfe
    1. Home
    2. Deutsch
    3. ioBroker Allgemein
    4. PH-Messung

    NEWS

    • Amazon Alexa - ioBroker Skill läuft aus ?

    • Monatsrückblick – September 2025

    • Neues Video "KI im Smart Home" - ioBroker plus n8n

    PH-Messung

    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sharan @dala last edited by

      @dala
      Hi,
      Sorry for writing in English, I don't speak German.
      I found this thread while Googling for PH-803W firmware flashes...

      Some background:
      I'm in the process of buying a Wifi PH/ORP measurement tool and found PH-803W on AliBaba. I wanted to check a way to not use the Android App, but redirect the data from PH-803W to a MQTT broker and then integrate with my home automation system. I use HomeSeer for home automation.

      According to the picture posted by you the PH-803W uses ESP12f chip, which is based on ESP8266 chipset.
      Have to tries to use tools like Tasmota or similar to reflash the device?

      There are many toolkits that support ESP8266 firmware rewrite. Take a look:
      https://en.wikipedia.org/wiki/ESP8266#Espressif_modules

      1 Reply Last reply Reply Quote 0
      • coyote
        coyote Most Active @apollon77 last edited by

        @apollon77 hab ich doch vorhin im poolpower forum deinen Alias entdeckt 😉

        Ich bin da jetzt auch noch nicht wirklich weiter mit dem Teil. An App zerlegen hab ich auch schon gedacht, braucht nur jemanden, der es kann.
        Ich weiß nicht, ob man auch an RX/TX was auslesen könnte von dem ESP.

        apollon77 1 Reply Last reply Reply Quote 0
        • apollon77
          apollon77 @coyote last edited by

          @coyote sagte in PH-Messung:

          An App zerlegen hab ich auch schon gedacht, braucht nur jemanden, der es kann.

          naja da muss man mal schauen. Ich würde mit nem HTTP proxy anfangen und schauen ob man HTTP requests sieht ... wenn nein muss man mit wireshark ran dann könnte es MQTT sein.

          Also wenn du die app und nen clpud account hast mir mal schicken mit den Daten und ich schaue mal 🙂

          coyote 1 Reply Last reply Reply Quote 0
          • coyote
            coyote Most Active @apollon77 last edited by

            @apollon77 mit http proxy kann ich nix anfangen, weiß ich nicht wie das geht.
            Wireshark hatte ich schon benutzt, damit hab ich die IP und den Port raus bekommen, die das Ding anspricht.
            Nutze aber auch den Cloud Zugang nicht, nur LAN oder über VPN, wobei er in der App auch Remote anzeigt, wenn ich über VPN verbunden bin.

            Wenn es dir hilft, kann ich auch nen Account anlegen

            apollon77 1 Reply Last reply Reply Quote 0
            • apollon77
              apollon77 @coyote last edited by

              @coyote Ahhh ... die App verbindet ich lokal?? Ja dann ... aber ja am Ende muss man schauen was die App tut. Wenn Lokal dann braucht man wohl eher direkten Zugriff

              coyote 1 Reply Last reply Reply Quote 0
              • coyote
                coyote Most Active @apollon77 last edited by

                @apollon77
                Also ich weiß nicht so recht, lokal sei mal dahin gestellt. In der App steht zwar "LAN" wenn ich mit beidem im heimischen WLAN bin und wenn ich per VPN drauf zugrreife steht "Remote" in der App. Aber bei Wireshark kommen die gleichen Protokolle und auch IP Adresse raus.

                Schau mal, so siehts in wireshark aus.

                59398	42.180687	119.29.42.117	192.168.66.54	MQTT	60	Ping Response
                58392	41.859962	192.168.66.54	119.29.42.117	MQTT	56	Ping Request
                56888	41.376643	192.168.66.54	119.29.42.117	MQTT	134	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY/usr2AiQiQhHhGgG5F5F4E4t]
                55942	41.070275	119.29.42.117	192.168.66.54	MQTT	125	Publish Message [app2dev/CFqpJTSymCE9PLlp1DpbhY/usr2AiQiQhHhGgG5F5F4E4t]
                55898	41.048388	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                55755	41.006119	119.29.42.117	192.168.66.54	MQTT	121	Publish Message [app2dev/CFqpJTSymCE9PLlp1DpbhY/usr2AiQiQhHhGgG5F5F4E4t]
                53674	40.334612	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                52837	40.064017	119.29.42.117	192.168.66.54	MQTT	100	Publish Message [ser2cli_res/CFqpJTSymCE9PLlp1DpbhY]
                35117	34.327664	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                5944	24.840750	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                917	18.835631	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                397	12.827564	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                123	6.535826	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                9	0.532890	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                
                1 Reply Last reply Reply Quote 0
                • apollon77
                  apollon77 last edited by

                  Ich switche mal auf Englisch um auch @sharan mitzunehmen:

                  Ok, I found some code and looks like the GizWith stuff opens ports locally on the device in LAN for port 12416 (TCP) and 12414 (UDP) and UDP Broadcast on 2415 ... So it could be really an idea to do a port scan against the device in local network.
                  (https://github.com/gizwits/gokit-GAgent/blob/master/software/lan/Socket.c#L109-L111)

                  We should also see UDP packages I think which are then also used for discovery.

                  Also in this code some stuff is in that could describe some protocols and stuff.

                  So, yes also the local stuff should be a MQTT server when I interpret that correctly

                  https://github.com/gizwits/gokit-GAgent/blob/master/software/lan/lan.c#L291

                  (all relevant only if that code is somehow current) 🙂

                  coyote 1 Reply Last reply Reply Quote 0
                  • coyote
                    coyote Most Active @apollon77 last edited by coyote

                    @apollon77 here again everything that wireshark outputs to adress 119.29.42.117
                    Port is 47280
                    I don't see UDP packets

                    9	0.532890	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    123	6.535826	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    397	12.827564	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    917	18.835631	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    5944	24.840750	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    35117	34.327664	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    53057	40.134667	192.168.66.54	119.29.42.117	TCP	54	47280 → 1883 [ACK] Seq=313 Ack=47 Win=4957 Len=0
                    53674	40.334612	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    55772	41.009306	192.168.66.54	119.29.42.117	TCP	54	47280 → 1883 [ACK] Seq=365 Ack=114 Win=4890 Len=0
                    55898	41.048388	192.168.66.54	119.29.42.117	MQTT	106	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY]
                    56143	41.134375	192.168.66.54	119.29.42.117	TCP	54	47280 → 1883 [ACK] Seq=417 Ack=185 Win=4819 Len=0
                    56888	41.376643	192.168.66.54	119.29.42.117	MQTT	134	Publish Message [dev2app/CFqpJTSymCE9PLlp1DpbhY/usr2AiQiQhHhGgG5F5F4E4t]
                    58392	41.859962	192.168.66.54	119.29.42.117	MQTT	56	Ping Request
                    59645	42.258980	192.168.66.54	119.29.42.117	TCP	54	47280 → 1883 [ACK] Seq=499 Ack=187 Win=4817 Len=0
                    
                    1 Reply Last reply Reply Quote 0
                    • apollon77
                      apollon77 last edited by

                      In fact this all seems to be the "device to cloud" traffic ... so I would have expected that as soon as you open the app on the phone the app sends out udp packages locally and this is also answered by the device and then the app connects to the device directly ...

                      so you would need to check traffic where your mobile phone and the local device IP is involved

                      1 Reply Last reply Reply Quote 0
                      • Marc R
                        Marc R last edited by

                        Hi yall, my first post so be gentle...
                        I connected the TX/RX inside the PH-803W with my UART to see what is shown there:

                        f9d7f5c5-3913-4b22-9f41-91401981d447.jpg 091217d5-f679-44f3-9227-bdad52436c79.jpg

                        Seems it sends the same binary data that Anti was able to reroute to his MQTT? While my router has the NAT functionality, I unfortunately cannot define virtual IP addresses, so that route is not viable for me and probably most here. But if we can make sense of the TX/RX Data, we could potentially add another ESP on this port and let it send the data to where we want it to be sent?

                        Hope this makes sense and is helpful for the discussuion, Cheers

                        A 1 Reply Last reply Reply Quote 0
                        • C
                          Chaosbrother last edited by

                          Hi, maybe it would be easier to make a backup of the firmware from the ESP and then just change the gateway and play back again. Something like that works with Esptool.py , but I don't know my way around that well either.

                          1 Reply Last reply Reply Quote 0
                          • apollon77
                            apollon77 last edited by apollon77

                            Hey,

                            I hope I also get my device in next 1 days (just ordered yesterday). When the code I found telling anything AND when it is right that the App also switches to "local" communication when in same WLAN then honestly I would start really analyzing that. That could be way more easy!
                            Code wise it seemed to me that locally the device itself acts as a simple mqtt server hopefully.

                            So if someone wants to do stuff in between:

                            • maybe start with a nmap scan against the local IP ... is there anything open and what can be found there?
                            • start (like @coyote started) with Wireshark but focus on mobile device/App-with-ph-803w communication ... there should be some

                            Anyone up for that?

                            PS: @Marc-R

                            Hi yall, my first post so be gentle...

                            We are always 🙂

                            To maybe see more in the data would be a good idea to also see what data the device was showing as you tried it, maybe the "calculation rules" that @Anti was able to decode also apply. ALso interesting would be which part o fthe message is changing when the values change and which part stays static. So now you need to start "data crunching", I expect the data needs to be in there

                            coyote 1 Reply Last reply Reply Quote 0
                            • coyote
                              coyote Most Active @apollon77 last edited by coyote

                              Today I made a local scan in the same network. At the first attempt it was over the VPN connection and therefore "Remote"

                              Maybe you like that better @apollon77 😉

                              39484	33.259423	192.168.66.54	192.168.66.8	TCP	62	12416 → 48158 [PSH, ACK] Seq=94 Ack=83 Win=5758 Len=8
                              29590	29.524847	192.168.66.54	192.168.66.8	TCP	62	12416 → 48158 [PSH, ACK] Seq=86 Ack=75 Win=5766 Len=8
                              26127	28.341450	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              18180	25.193896	192.168.66.54	192.168.66.8	TCP	62	12416 → 48158 [PSH, ACK] Seq=78 Ack=67 Win=5774 Len=8
                              8826	21.298249	192.168.66.54	192.168.66.8	TCP	62	12416 → 48158 [PSH, ACK] Seq=70 Ack=59 Win=5782 Len=8
                              8700	21.257654	192.168.66.54	192.168.66.8	TCP	76	12416 → 48158 [PSH, ACK] Seq=48 Ack=51 Win=5790 Len=22
                              8696	21.255005	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              7288	20.836871	192.168.66.54	192.168.66.8	TCP	72	12416 → 48158 [PSH, ACK] Seq=30 Ack=38 Win=5803 Len=18
                              7287	20.824022	192.168.66.54	192.168.66.8	TCP	54	12416 → 48158 [ACK] Seq=30 Ack=38 Win=5803 Len=0
                              6978	20.574620	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              5694	20.118304	192.168.66.54	192.168.66.8	TCP	63	12416 → 48158 [PSH, ACK] Seq=21 Ack=29 Win=5812 Len=9
                              5643	20.100519	192.168.66.54	192.168.66.8	TCP	74	12416 → 48158 [PSH, ACK] Seq=1 Ack=9 Win=5832 Len=20
                              5607	20.088883	192.168.66.54	192.168.66.8	TCP	58	12416 → 48158 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
                              3855	19.504039	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              2761	18.290828	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              2567	17.284353	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              2381	16.220137	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              2210	15.190409	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              2063	14.544840	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              1906	13.514199	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              1662	12.248355	192.168.66.54	192.168.66.8	UDP	151	12414 → 37038 Len=109
                              
                              apollon77 1 Reply Last reply Reply Quote 0
                              • apollon77
                                apollon77 @coyote last edited by apollon77

                                @coyote yes. Via VPN normally all UDP messages are not transferred 😉

                                Can you send me that wireshark file via email to iobroker@fischer-ka.de

                                Ps: i assume .54 is the ph803 and the .8 is mobile device?

                                coyote 2 Replies Last reply Reply Quote 0
                                • coyote
                                  coyote Most Active @apollon77 last edited by

                                  @apollon77 ok, i didn't know.

                                  Sure, think it'll take another hour, then I can send it to you.

                                  Yes exactly. .54 is the 803W and .8 is the smartphone

                                  1 Reply Last reply Reply Quote 0
                                  • coyote
                                    coyote Most Active @apollon77 last edited by

                                    @apollon77 you have mail 😉

                                    apollon77 1 Reply Last reply Reply Quote 1
                                    • C
                                      Chaosbrother last edited by Chaosbrother

                                      Das mal zur App vieleicht kann jemand was damit anfangen.
                                      https://docs.gizwits.com/en-us/AppDev/AndroidSDKA2.html#5-Device-control
                                      Dafür ist mein Englich zu schlecht. Wenn ich das richtig verstehe kann und darf man an der App was ändern mit
                                      Android Studio

                                      1 Reply Last reply Reply Quote 0
                                      • apollon77
                                        apollon77 @coyote last edited by apollon77

                                        @coyote Ok, I start to collect here the stuff I saw in the Wireshark:

                                        • (01) App sends a UDP broadcast with data "00 00 00 03 03 00 00 03" to port 12414

                                        • App sends MDNS query to 224.0.0.251 _%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local, "QU" question PTR _googlecast._tcp.local, "QU" question

                                        • (02) Device Answers with UDP message from port 12414 to App
                                          00:00:00:03:68:00:00:04:00:16:43:46:71:70:4a:54:53:79:6d:43:45:39:50:4c:6c:70:31:44:70:62:68:59:00:06:48:3f:da:87:dc:47:00:00:00:20:32:64:33:64:39:35:34:64:39:62:62:37:34:31:62:34:61:31:39:62:61:31:31:35:33:31:30:34:39:33:32:62:00:00:00:00:00:00:00:02:61:70:69:2e:67:69:7a:77:69:74:73:2e:63:6f:6d:3a:38:30:00:34:2e:30:2e:38:00
                                          ( hCFqpJTSymCE9PLlp1DpbhYH?ÚÜG 2d3d954d9bb741b4a19ba1153104932bapi.gizwits.com:804.0.8)

                                        • App connects to device on port 12416 and Device and App communicates on that port

                                        • (03) App sends 00:00:00:03:03:00:00:06

                                        • (04) Device answers: 00:00:00:03:0f:00:00:07:00:0a:X1:X2:X3:X4:X5:X6:X7:X8:X9:X0

                                        • (05) App sends : 00:00:00:03:0f:00:00:08:00:0a:X1:X2:X3:X4:X5:X6:X7:X8:X9:X0

                                        • (06) Device answers: 00:00:00:03:04:00:00:09:00

                                        • (07) App sends : 00:00:00:03:04:00:00:90:02

                                        • (08) Device answers: 00:00:00:03:0d:00:00:91:03:00:02:dc:08:9d:00:00:00:00

                                        • (09) App sends : 00:00:00:03:08:00:00:93:00:00:00:04:02

                                        • (10) Device answers: 00:00:00:03:11:00:00:94:00:00:00:04:03:00:02:dc:08:9d:00:00:00:00

                                        • (11) App sends : 00:00:00:03:03:00:00:15

                                        • (12) Device answers: 00:00:00:03:03:00:00:16

                                        ... and the last two repeat every 4s (seems like a ping/pong)

                                        Das passt grob spontan zu dem Protokoll von hier https://github.com/gizwits/gokit-GAgent/blob/master/software/lan/lan.c#L291

                                        • 00 00 00 03 sind immer die lokalen ersten Bytes
                                        • byte Nummer 8 ist das "Kommando" (also wenn App->Device) ... damit von oben
                                          • (---) code 01 -- UDP to device - onBoarding message ... 00 XX <XX bytes ssid> 00 YY <YY bytes ssidpwd> (unsure with 00xx/yy or if only xx/yy?)
                                          • (---) code 02 -- UDP from device - onBoarding response ... just as OK message
                                          • (01): code 03 -- UDP to device - Discover message
                                          • (02): code 04 ?? -- UDP from device - Discover response
                                          • (---) code 05 ?? -- UDP from device active broadcast from device
                                          • (03): code 06 -- TCP to device: user bind passcode; Device returns passcode for login command
                                          • (04): code 07 -- TCP from device: device answers with data and 10 chars as passcode
                                          • (05): code 08 -- TCP to device: user login : Device wants to see the same passcode as sent above
                                          • (06): code 09 -- TCP from device: login result: 00=ok, 01=error
                                          • (07): code 90 -- TCP to device: send p0 to uart ... schreibt "02" ans Device
                                          • (08): code 91 ?? TCP answer from serial?? 03:00 02:dc 08:9d 00:00 00:00
                                          • (09): code 93 ?? -- TCP to device - unknown 00:00:00:04:02
                                          • (10): code 94 ?? -- TCP from device - unknown 00:00 00:04 03:00 02:dc 08:9d 00:00 00:00
                                          • (11) code 15: -- TCP to device: "tick" aka ping
                                          • (12) code 16: should be "pong" then

                                        If we now would have info on the values on display vs data it would help 🙂

                                        • 02dc could be 732 with idea from above with /100 == 7,32 ... PH??
                                        • 089d could be 2205 with idea from above -2000 === 205 ... ORP?
                                          @coyote ??

                                        The two other 00 00 at the end could be the switch states ... but also would need to be verified.

                                        Ingo

                                        coyote 1 Reply Last reply Reply Quote 1
                                        • coyote
                                          coyote Most Active @apollon77 last edited by

                                          @apollon77 sounds good 😉

                                          Will do more test today with wireshark and and will write down the values from the display or take pictures.
                                          The switches cannot be triggered manually.
                                          The device is currently not in use by me, there are no probes connected, so the values are not directly plausible (ORP 0.2 etc.)

                                          1 Reply Last reply Reply Quote 1
                                          • A
                                            Anti @Marc R last edited by

                                            @marc-r Thats nice Marc-r. So the ESP just bring the Serial kommunikation to the Network. What I allready suspected but didn't checked. I think, like you, is the most simple way to flash the original ESP (or put a second one if you want to keep the original).

                                            for the completness: 9600 8N1

                                            I think I will make that, to don't have the MQTT in the middle.

                                            apollon77 Marc R 2 Replies Last reply Reply Quote 1
                                            • First post
                                              Last post

                                            Support us

                                            ioBroker
                                            Community Adapters
                                            Donate
                                            FAQ Cloud / IOT
                                            HowTo: Node.js-Update
                                            HowTo: Backup/Restore
                                            Downloads
                                            BLOG

                                            1.3k
                                            Online

                                            32.3k
                                            Users

                                            81.1k
                                            Topics

                                            1.3m
                                            Posts

                                            48
                                            432
                                            104209
                                            Loading More Posts
                                            • Oldest to Newest
                                            • Newest to Oldest
                                            • Most Votes
                                            Reply
                                            • Reply as topic
                                            Log in to reply
                                            Community
                                            Impressum | Datenschutz-Bestimmungen | Nutzungsbedingungen
                                            The ioBroker Community 2014-2023
                                            logo