MQTT - bytespider/Meross GitHub Wiki

The stock firmware uses username authentication but that's not required for our own servers.

The device publishes to /appliance/<device uuid>/publish and subscribes to /appliance/<device uuid>/subscribe topics. Further information can be gained by looking through the source code of https://github.com/albertogeniola/MerossIot/blob/0.4.X.X/meross_iot/manager.py

Set up the Certificates

Make sure that your CA Root uses a different Common Name to your server and the common name for the server is the server IP address

##Create the Certificate Authority

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

##Create the certificate signing request. It's important when asked for the FQDN in these next step to use the IP or domain name of the machine your MQTT instance is on.

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key

##Create the final certificate

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

Set up MQTT server

Minimal unauthenticated

Using Mosquitto, this minimal config sets up the server allowing the device to connect

port 8883

allow_anonymous true
require_certificate false

# replace with your CA Root
cafile ../certs/ca.crt

# replace with your server certificate and key paths
certfile ../certs/server.crt
keyfile ../certs/server.key

Authenticated users

port 8883

allow_anonymous true
require_certificate false
use_username_as_clientid true

# replace with your CA Root
cafile ../certs/ca.crt

# replace with your server certificate and key paths
certfile ../certs/server.crt
keyfile ../certs/server.key

auth_plugin /usr/local/opt/mosquitto/share/auth-plug.so

auth_opt_backends mysql
auth_opt_host 127.0.0.1
auth_opt_port 3306
auth_opt_dbname dbmqtt
auth_opt_user my_db_user
auth_opt_pass my_db_password
auth_opt_userquery SELECT password FROM users WHERE username = '%s'
auth_opt_aclquery SELECT topic FROM acls WHERE (username = '%s') AND (rw >= %d)

You can find my version of mosquitto-auth-plug here https://github.com/bytespider/mosquitto-auth-plug/tree/bugfix/fix-build

Device credentials

Username: {device_mac_address}
Password: {user}_ + md5({device_mac_address}{key})

user is the string you provided with --user and key is the string you provided with --key on setup using the provided tool meross setup.

Setting up the device

Using the supplied utility

Setup Utility

Put the device into pairing mode (Yellow/Green alternating) and connect to it's AP.

From the bin/src/ directory in the project run ./meross info --gateway 10.10.10.1 where 10.10.10.1 is the ip address Meross device. This will spit out some data. The from field is the MQTT topic you'll need to subscribe to in order to get information from the device later.

Next run ./meross setup --gateway 10.10.10.1 --wifi-ssid myssid --wifi-pass mypass --mqtt mqtts://192.168.0.2 where 10.10.10.1 is the IP address of the Meross device, myssid and mypass are the wifi credentials you'd like the device to connect to and mqtts://192.168.0.2 is the MQTT server url in the form of protocol://hostname:port, you can repeat the --mqtt flag, but only the first 2 server will be configured on the device. Protocol can be mqtt:// or mqtts://. With any luck the device will turn off, flash green and you should see the light become solid and a successful connection in your Mosquitto logs.

Publishing and Subscribing to topics

mosquitto_sub -h 192.168.0.2 -p 8883 -t "/appliance/<device uuid>/publish" --cafile /usr/local/etc/mosquitto/mqtt_ca.crt