I received a new four piece box of “no-brand” Zigbee plugs yesterday. They identify as coming from a manufacturer called _TZ3000_gjnozsaz, model TS011F.
What I find very concerning is that these devices use “not fully random” IEEE extended addresses. Here’s the four addresses of the plugs I received yesterday:
(Yes, I know these addresses “should” usually be unique, so they could identify “me”, which is why many people redact parts of the addresses – I don’t really care about this in this particular case, so I’m not doing this, especially as we might want to identify others suffering from the same problem…)
That’s completely ridiculous. I’ve never seen anything like this, and I have roughly 20 of these (identically looking) plugs already (all same model ID, but different manufacturer IDs, such as _TZ3000_w0qqde0g or _TZ3000_cicwjqth).
What I also find concerning is the trailing FF:FF bytes – in some protocols addresses with such octets are used for broadcasts, I don’t know about Zigbee, though…
It looks like only two octets may be really “random”, making up 65,536 distinguishable devices, so the chances of some individual having a collision seems realistic.
What’s your view on this?
Many thanks for any insights, I’m very much clueless on these Zigbee low-level things…
Fully expected with Tuya. They whitelabel and sell their software to anyone who wants to create and sell devices, irrespective of their skill level. You were probably unlucky enough to buy from someone who thought changing only those 2 octets would be enough.
Even if that weren’t the case and all Tuya manufacturers do this, they tend to change the manufacturer ID quite frequently even for the same device model, so _TZ3000_gjnozsaz might be changed to _TZ3000_abcdefgh once they exhaust all available addresses, like you’ve seen on your other plugs.
EDIT: Realised that I have that plug model with a manufacturer ID of _TZ3000_typdpbpg. IEEE address on mine is fully populated, so you probably have a batch from a clueless manufacturer (or one who didn’t intend to create more than 65536 devices for that manufacturer ID)
You need to read up on how MAC address work.
They are “should” not be unique. They MUST be unique.
And they never leave your Zigbee network, so your complaint is not important.
The 3 first hex pairs are vendor identifikations and the 2.5 (the 6th pair should be converted to bits before being split in half) next pairs are their own numbering, so they can decide to number them how they like without conflicts with other vendors items.
And broadcast go to FF:FF:FF:FF:FF:FF, at least in Ethernet, but I guess it is the same in Zigbee, since they built on the same techniques.
Yes, I know. I believe I have 4 or 5 of these manufacturer IDs for basically the same plug…
Do you happen to know where this strange naming comes from? Is it just random “gibberish” after some “base name”? I wonder where this “base name” comes from, because it’s the same for all my “manufacturers”…
I generally know how MAC addresses work, at least with Ethernet. I was supposing they work very similar in Zigbee as well, that’s why I was phrasing my message a bit “defensively.”
My “complaint” was about potential collisions within my own network. Seems like I should have made that clearer…
Like I said earlier, they’re all Tuya, so I’m guessing TZ means Tuya Zigbee. Pretty sure they have this explained in the Tuya developer docs, but I’ve never been curious enough to look it up.
The vendor ID in the addresses are one given to the vendor.
It is the manufacturer of the Zigbee chip and not the vendor of the manufacturer of the device that have that ID.
There might be 1000 manufacturers of devices, because it is somewhat easy to make a device, but there are not that many manufacturers of chips, because that is a really complex thing.
Well, what you say makes sense (I’m an electrical and computer engineer, so I can easily make sense of it) – but then it doesn’t.
If the manufacturer of the Zigbee chip assigns the specific MAC addresses under their 3-octet OUI to each and every chip they manufacture and sell (which seems to make perfect sense to me!), then how come I suddenly observe these strange MAC addresses (i.e. the consecutive 5 octets) with the recent 4 plugs I bought, while the previous 20 ones or so were “perfectly random” (in the least-significant 5 octets)?
Probably a question about how many times the chips have been resold before ending in the device.
If the chips comes directly from the manufacturer of the chips, then it can happen.
Every time a chip is resold the packages might get move around, like put on shelfs or in other boxes.
