Device Overview

The Homebase is connected via an ethernet cable to your router, and you can connect up to 30 different Energomonitor sensors to one station. Transmission from the transmitter works on a radio signal, and the standard range should be approximately three times longer than wifi range. Inside buildings, it is around 20-50 m. If sensors in a second building is not within this range, it will be necessary to assign another Homebase station. The Homebase keeps the connection with the sensors 1x in 5-6 seconds and data is sent and stored in the cloud every 60 seconds. To make the system work properly, you need to have an active internet connection.

Network Requirements

  • The Energomonitor Homebase (current generation EWG5/EWG6) uses DHCP for IP address assignment. 
  • The Homebases connect to two Energomonitor's servers via two network protocols on their standard ports:
    • HTTP (80/TCP) for device configuration and for remote firmware updates,

    • MQTT (1883/TCP) to send measured data in real-time.

  • The network connection is established from the Homebase to the server, thus there is no need for a public IP address and/or special firewall rules in a customer's network.

Remote Updates

  • The new Homebase generation (EWG5/6) use HTTP and its standard port 80 for remote firmware updates. The Homebase periodically checks the Energomonitor provisioning server and if an update is ready for a given serial number, the firmware binary is downloaded via a HTTP GET request. The HTTP GET request is always initiated from the Homebase and contains the serial number and current firmware version. If new firmware is ready on the server, the response will contain firmware binary data. The Homebase will save it in flash memory and then restart itself.
  • This update is done by a bootloader application permanently stored in a dedicated section of flash memory. This bootloader cannot be deleted, changed or disabled without direct access to the Homebase itself.
  • The update process does not use DNS, the IP address of the provisioning server is fixed, so an attacker cannot use any kind of DNS attack. The only possible attack is a Man In The Middle attack. If an attacker can redirect the TCP connection from the Homebase to his server (on the public internet route), the bootloader can download the wrong firmware. This firmware will be stored in flash memory and then executed. If the firmware is not correct, the MCU will stop and restart the bootloader. Also, the Energomonitor provisioning server periodically checks if device is working correctly and thus, any suspicious behavior can be detected.
  • To successfully imitate the correct firmware behavior, the attacker has to have very detailed information about hardware, firmware and server side. Also the attacker's firmware can be replaced by official FW at any time after an attack is ended. The Homebase contains very low power 8bit MCU with hardware implemented TCP/IP. It is not possible to run any kind of operating system (for example Linux) used by attackers. The attacker's firmware has to be specifically implemented with detailed knowledge of the hardware.

Technical Specifications

Article number
110 x 80 x 26 mm (without antenna)
128 g
0 to 60 °C
< 80 %RH non-condensing
1x LAN 10/100 Mb/s (RJ-45), 1x TTL RS-232 (RJ-12), 1x power (USB-B)
unremovable telescopic
Power supply
< 2 W
Radio protocol
proprietary protocol Chirp 433 MHz (868 MHz optionally)
Built-in sensors

Resolution of metering

Accuracy of metering

Range of metering

Conversion constant