Adding Z-Wave Control to your Raspberry Pi

There are many home control technologies available to consumers. ZigBee, Z-wave,  WiFi control, X10, Thread, and Homekit just to name a few. The plethora of options out there is one of the main reasons that I choose to roll my own solution. Doing this, I can incorporate the technologies that I need as I go. There are a few nice multi-protocol solutions available and it may seem that I am reinventing the wheel a bit, but doing it myself allows me to step into the home automation area one bite at a time with one expense at a time. Besides, the wheel might already exist but sometimes it’s just more fun to build your own.

Z-Wave

Z-Wave is a wireless automation protocol used commonly for home automation. Traditionally, it has been used to control things like lighting and access controls.  Z-Wave is an alliance with over 250 manufacturers as members and, according to Wikipedia, over 1100 different Z-Wave products on the market as of 2014.

Z-Wave uses a mesh architecture, meaning that you can start with a single controller and add one device at a time, extending the effective range of the controller.  The product that I selected, due to its Raspberry Pi compatibility and its open nature, is the RaZberry.

The RaZberry plugs straight into the GPIO pins on your Raspberry Pi.  Using its demo programs and API’s, you can set up your Z-Wave hardware and control them with whatever interface you dream up. For the purposes of this post I will show you how to use Tasker to control your hardware. Later, I will show you how to build a home control dashboard to control all the different controls that we are installing in these posts.

The Controller Hardware

In addition to the Razberry ($70), I’ve also found a great deal on a Schlage BE469NXCAM619 Camelot Touchscreen Deadbolt which at the time of this writing was $160. I also picked up an Evolve LOM-15 – Z-Wave 15-Amp Duplex Receptacle ($50) while I was at it to extend my mesh network to where it needed to go. Other than the new hardware, I used a Raspberry Pi that I prepared as outlined in my Preparing your Raspberry Pi Environment post.

Installation

Installing the actual RaZberry hardware was as easy as popping it on the appropriate GPIO pins. Installing the software on a Raspberry Pi (configured as outlined in Preparing your Raspberry Pi Environment  and secured as outlined in Securing your Raspberry PI with SSL and Simple Authentication) was simple, but did require a few additional steps to get the software working alongside our setup.

Step 1. Install the RaZberry software:

raspberrypi# wget -q -O - razberry.z-wave.me/install | sudo bash
raspberrypi# reboot

This gets their software installed and running. Unfortunately, a part of their software interferes with our Nginx SSL so we have to make a change. Edit /etc/mongoose/mongoose.conf. Find the line that says ‘listening ports: 8084,443s‘ and change it to ‘listening ports 127.0.0.1:8084‘.  This will disable the use of port 443 for mongoose and set it to only accept connections from localhost (the Pi itself). Then restart the needed services:

raspberrypi# /etc/init.d/mongoose restart
raspberrypi# service nginx restart

This should get everything up and running together. After we have our Z-Wave hardware configured we will use a command called iptables to secure all of the extra ports from being accessed by anything but localhost in order to secure it.

Z-Wave Devices

Now you can setup your Z-Wave devices. Here is how to set up yours:

  1. After installing the lock hardware, as per the included directions, visit your Raspberry Pi’s web Z-Wave configuration page by going to http://your.ip.address:8083 This displays several options, chose ‘Expert UI’
  2. There are many menus and options in this mode. We are only concerned with a few.
    .includeDevice

    Network Management Screen

    First, we want to set up the new lock. Go to the ‘Network’ menu and select the ‘Network Management’ option. Click the ‘(Re-)include device’ button.

  3. Go to your new door lock and type in your programming code. The devices should pair and you should see the message on the webpage change from ‘Ready to include’ to ‘Included Device’.
  4. After it is included, go to the ‘Device Control’ menu and select the ‘Locks’ option. You should see your lock listed. Go ahead and try to secure and un-secure the lock by pressing the appropriate buttons, make sure it responds like it should.

If all went well we should be able to get the information that we need using the Chrome web browser.

While you are still on the ‘Locks’ page:

  1. Push F12 on your keyboard. This will open the Inspector.
  2. Click on the ‘Network’ tab in the inspector.
  3. You should see a message scroll by every two seconds. This is the web page requesting status updates. Now click the ‘Un-secure’ button.
  4. You should now see a message that looks something like this scroll by: ‘devices[4].instances[0].commandClasses[0x62].Set(0)’.
  5. We can use this to send the RaZberry API the proper commands. Copy the message and paste it into a text document for safekeeping.
  6. Repeat the process for the ‘lock’ button. We are going to use these commands in our control script.

Configuration

Now that you have the information, you can write the script. In this tutorial we are going to make a simple python script to execute via a Tasker task. Yes, I know that you do not have to create a python script to execute this but we are going to add some security and this example works well with the other examples on the site. Also, it allows us to tie our future Home Control Dashboard directly into this program.

Create a new python script called doorControl.py and add the following text.

from flask import Flask
import requests

key = 'iV2XuTBQOPy9LaMzU67R' # Create your own key here

@app.route('/Door/') # Sets our path to execute to http://your.ip.address/Door?key=key&action=action
def do_door_actions():
  secret = request.args.get('key','') # Looks for our secret key
  if secret == key: # if the key is good execute the appropriate action.
    if request.args.get('action','') == 'lock':
      lockDoor()
      return "Done"
    if request.args.get('action','') == 'unlock':
      unlockDoor()
      return "Done"
  else:
    return "Request Not Permitted" # if the key is wrong

def lockDoor(): # The function that executes the RaZberry API. Replace the code in the parentheses with the code you copied earlier.
  r = requests.get("http://127.0.0.1:8083/ZwaveAPI/Run/devices[4].instances[0].commandClasses[0x62].Set(255)")

def unlockDoor(): # The function that executes the RaZberry API. Replace the code in the parentheses with the code you copied earlier.
  r = requests.get("http://127.0.0.1:8083/ZwaveAPI/Run/devices[4].instances[0].commandClasses[0x62].Set(0)")

Now modify the uWSGI config to execute the script.

Copy the default uWSGI configuration script to “useDoor.ini” and link to it from the apps-enabled directory

raspberrypi# cp /etc/uwsgi/apps-available/app-uwsgi.ini /etc/uwsgi/apps-available/useDoor.ini
raspberrypi# cd ../apps-enabled
raspberrypi# ln -s ../apps-available/useDoor.ini

Edit the new file to open your useDoor.py script. It should look something like this:

[uwsgi]
socket = /tmp/uwsgi.sock
plugin = python
wsgi-file = /path/to/PiAutomation.py
callable = app
process = 3

Now restart uWSGI

raspberrypi# service restart uwsgi

Now you can try it out by going to ‘https://your.dns.address/Door?key=iV2XuTBQOPy9LaMzU67R&action=lock’ in your web browserRemember to replace the key with your chosen key. If it works, we can create the Tasker task.

Tasker

Tasker is an automation app that allows you to have fine grained, automated control of your Android phone. It currently costs $2.99 in the Google Play Store and is well worth the price. In future articles, we will use Tasker to enable voice control of our home automation system as well as smart watch control.

Explaining how to use Tasker is beyond the scope of this article, but keeping with tradition, we’ll sprint through the steps to create the task. For this to work properly and securely, you will need to have followed the instructions from the Securing your Raspberry PI with SSL and Simple Authentication article.

  1. Open Tasker and go to the ‘Tasks’ tab
  2. Press the ‘+’ button and name your new task ‘Lock Door’
  3. Press the ‘+’ button to add an action.
  4. Select “Net->HTTP Get’
  5. Insert ‘https://your.dns.address/Door?key=iV2XuTBQOPy9LaMzU67R&action=lock’ in the ‘Server:port’ field and hit the ‘<‘ button at the top left. Of course, replace your server and your key with the correct values.
  6. Try your new task by pressing the play button at the bottom left.

If all went well, your door locked. Congratulations. Watch for a future post for more about using Tasker to control your home automation.




 

A Little More Security

Installing the RaZberry software opened up more than a few ports and routes to be hacked. Rasbian has iptables built in that will allow you to block those ports to anything but localhost. I recommend that you do the following:

raspberry# iptables -A INPUT -state --state RELATED,ESTABLISHED -j ACCEPT
raspberry# iptables -A INPUT -i lo -j ACCEPT
raspberry# iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
raspberry# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
raspberry# iptables -A INPUT -j DROP

For the 4th line be sure to specify your home network IP range. Save that config to /etc/iptables.rules

raspberry# iptables-save /etc/iptables.rules

Finally tell your Pi to run this at startup by adding a line to the end of /etc/network/interfaces file.

pre-up iptables-restore < /etc/iptables.rules

When you want to add more devices to your RaZberry, you can run this line so you can once again access the web interface.

raspberry# iptables -F

And then this to turn your firewall rules back on:

raspberry# iptables-restore < /etc/iptables.rules

The reason that we do all this is that, by default, anyone inside your wireless network has access to your Z-Wave configuration. They can tell your front door to unlock or just mess with your other devices. For a hacker, getting on to your internal wireless network is child’s play. These rules accomplish the following:

  1. Allows all established connections to communicate back to your Pi. You will need this for updates and additional functionality in the future.
  2. Allows all traffic from localhost (your Pi) to do everything.
  3. Allows all traffic to port 443. (Nginx SSL)
  4. Allows traffic from your internal network to port 22 (SSH) for configuration.
  5. Disallows all other traffic to your Pi.

This, combined with the methods discussed in the Securing your Raspberry PI with SSL and Simple Authentication article, should go far in securing your home automation control from the outside world.

Conclusions

By adding the RaZberry module to your Pi, you can effectively add the ability to wirelessly control over 1100 different devices from your Pi. This process can seem daunting, but it is not as difficult as it reads. Once you’ve run through the process once or twice, the process should start to come fairly quickly.

Pro-Tip: use an app called App-Factory (free) to create apps out of your Tasker tasks. This will allow you to make nice icons like in the video and allow you to share the tasks with other users that you wish to give access, they won’t even need to have Tasker installed.

About

I’m just your everyday average home automation hobbyist. I’ve been into technology since I was a little guy and I am currently an IT director at a small community college in rural Oklahoma. While working and playing I’ve had a great deal of fun getting to play with a very wide variety of technology, and I love to play with technology!

Posted in Home Automation

Social