Understanding of the 376.1 Statute

376.1 messages are transmitted in hexadecimal notation. The Transmission sequence of the link layer is low and high, except for the control domain, which must be converted to binary notation and then flipped over.

 

The following uses the second F1 data of vertex copy (daily frozen positive active power total) as an example:

 

The main site sends messages:

 

68 56 00 56 00 68 4B 73 08 10 00 0C 0d E3 02 01 01 00 29 11 11 00 22 35 0130 00 A9 16

Message Parsing:

68
// Frame start character

56 00 56 00 // length L, 0056 → bin: 0000000001010110. the rightmost two digits are 10 representing the 376.1-2009 protocol, and 01 representing the 05 protocol;

The length of user data is converted from three to ten. Here:

21;

68
// Frame start character

4B // control domain C, Dir = 0, which indicates that the master site is sent; PRM = 1, the message comes from the start site; ACD = 0, cid = 11

73 08 10 00 // administrative area: 0873, terminal address: 0010

0C // 0C → bin: 00001100, main site address and group address flag

0d // application layer function code AFN: 0d, request second-class data (historical data)

E3 // frame sequence domain

02 01 // information point da, 0102: second point of the first group, that is, measurement point 2

01 00 // data flag: fn = 0001, type 2 F1 data: Forward Active Data Block

29 11 11 // data time scale, from 11 to November 29

00 22 35 01 30 00 // 00: Start frame number counter PFC; 22 35 01 30: Start frame sending

Delivery Time frame, 01:35:22 on the 30 th; 00: When transmission delay is allowed

Room

A9 // frame checksum

16
// Frame Terminator

 

Valid terminal reply message:

 

68 C2 01 C2 0168 88 73 08 10 00 0C 0d e302 01 01 00 29 11 11 19 01 11 11 04 00 95 12 24 00 00 95 12 24 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 ee ee
Ee 00 22 35 01 30 00b4 16

The above method is used for cracking. The analysis is as follows:

68

C2 01 c201

68

88

73 08 10 00

0c

0d

E3

02 01

01 00

29 11 11
// Data time scale, from January 11, November 29

19 01 30 11 11 // terminal meter reading time, November 30 01:19:00

04
// Rate: 4

00 95 12 24 00 // positive active power value: 000024129500, the entire number is 6 bits,

Four decimal places, 2412.95kwh;

00 95 12 24 00 // rate 1 positive active power value

00 00 00 00 00 // rate 2 positive active power total power value

00 00 00 00 00 // rate 3 positive active power total power value

00 00 00 00 00 // rate 4 positive active power total power value

Ee // positive total reactive power value

Ee // rate 1 positive total reactive power

Ee // rate 2 positive total reactive power

Ee // rate 3 positive total reactive power

Ee // rate 4 positive total reactive power

Ee // shows the total reactive power in the first quadrant.

Ee // rate 1 quadrant total reactive power

Ee // rate of 2 quadrant total reactive power

Ee // rate of three quadrant total reactive power

Ee // rate of 4 quadrant total reactive power

Ee // display value of reactive power in four quadrants

Ee // rate of 1 quadrant total reactive power

Ee // rate of 2 quadrant total reactive power

Ee // rate of three quadrants of total reactive power

Ee // rate of 4 quadrant total reactive power

00 22 35 01 30 00 // 00: Start frame number counter PFC; 22 35 01 30: Start frame sending

Delivery Time frame, 01:35:22 on the 30 th; 00: When transmission delay is allowed

Room

B4 // frame checksum

16
// Frame Terminator