2

Can anyone point me in the right direction for tutorials etc on reverse engineering RS484 connected battery management system?

I have a large 12V lithium battery module which has an internal BMS and its official diagnostic program running on an old XP laptop which uses an RS485-USB dongle to connect the two.

I have RealTerm running on the XP laptop snooping on the RS485 connection and can see oodles of traffic going to and fro between the two. The trafic consists of lots of bytes of data some of which is ASCii plain text which clearlu identifies itself as relating to the battery/diagnostic app (it has the manufacturers name etc in it).

I would like some help in deciphering the traffic as it must represent the battery's internal voltages and temperatures etc that are displayed in the Diagnostic app on the laptop.

Ultimately, I want to build a very basic PIC-based (as this is what I already know - I appreciate it may be time to move on to Arduino or similar) 'master' BMS to monitor several battery modules and control the charging and/or trigger alarms should something go out of whack in any of the battery modules.

Regards, MW.

Improve this question
2
  • Note that if you're using PIC32 moving to Arduino (one with AVR) would be moving backwards. If you're not using PIC32, I suggest looking through various 32-bit controller platforms. Commented Feb 28, 2017 at 8:31
  • In my answer below you will see I am detailing how I am moving this from a Win7 box to a Raspberry Pi 3. You are right about the PIC, @John. Unless there is a need for the reader to be smaller than a Pi I can't see any good reason to make that move. I was happy with it on Win7 but now the Pi is hidden somewhere (with power) and I don't have to worry about it. Total freedom to reprogram any time I want, from any computer with Remote Desktop, including my tablet. Commented Feb 28, 2017 at 23:03

3 Answers 3

Reset to default
1

Renogy just solved the entire problem for me. They finally finished up their own software.

So instead of sniffing RS485 they now have a USB cable and software that gives finer control over their controller.

Improve this answer
1

Rs485 just physical interface, your bms use some of logical protocol to communicate with management /reporting software. You can try to find well known protocol for 485 interface here: https://en.wikipedia.org/wiki/RS-485#Applications Maybe your bms use some of them. For such devices modbus protocol is very common.

Improve this answer
1

I am working on the same thing, with a Renogy Commander. Upvote.

It is very similar to scraping web sites, because a lot of it is text and graphics to draw the screen, then there are variables with the values I want.

Here is a search that can help point you in the right direction: RS-485 monitoring

RS485 is a bus-style system so monitoring it doesn't disrupt the flow. I am not trying to control anything; just trying to periodic data logging.

I started with a RJ-45 breakout board so I can easily pull off the wires I need for the RS-485 converters. Here is the one I bought: RJ-45 breakout

Then picked up a RS485-to-USB unit: RS485-to-USB

If this one wasn't so expensive I would also have gotten this: RS485 I/O breakout

You might find these pinouts interesting: RS485 pinouts on RJ-45

Or this one: RS485 pinouts on RJ-45

Or this: RS485 pinouts on RJ-45

Particularly this one for monitoring only: RS-485 to RJ-45 Male

So I am connecting a pigtail on the breakout that works as a pass-through for the regular connection, but pulling off just these pins for monitoring.

FYI, most RJ-45 terminated cables for RS485 will be straight-through. Here are some examples: RJ-45 terminated cable pinouts for RS-485

As opposed to normal Ethernet cables that are TIA-568A or 568B like this: TIA-568 A/B cables for Ethernet

They are NOT interchangeable.

As I have searched I am finding very few people trying to do this, but there is a lot of information about RS-485. Modbus is one thing, but it appears my brand uses nonstandard wiring.

Right now I am using my Win7 machine, (RS485-to-USB) but will soon move it all over to a Raspberry Pi 3 if I can get Debian drivers for it.

It sounds like you are a bit ahead of me.

I am processing all the data in Python.

Improve this answer
3
  • 1
    I have progress to report with the Raspberry Pi 3 B - the RS485-to-USB unit is showing up as /dev/USB0 - That's great because it can now be accessed by python as if it were just a regular serial port. It can generate interrupts or simply respond to polling. Commented Feb 28, 2017 at 22:39
  • FYI, my Pi is in a small acrylic box with a fan that I run at 3.3 Volts so it is quiet. I can RDP into it and change programming any time I want. Plus, I use a USB memory plug-in for longer-term data logging. Seems ideal for this purpose. Commented Feb 28, 2017 at 23:00
  • I'm surprised not to get any votes or an acceptance on this answer. Commented Mar 2, 2017 at 20:02

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.