Recovery of a Pi-based soldier log

There are quite a few devices on the market that contain a Raspberry Pi at their core, and after becoming the proud owner of a solar roof, (Paolo Bonzini) has found himself with an Entrade ENR-DTLA04DN data logger, which – let’s just say, it had some of the signs and at FOSDEM 2023 he told us all about it. The data logger was installed under the promise of local logging and gave away its nature with a Raspberry Pi logo power brick, a spec sheet identical to that of a Pi 3 and a MAC address belonging to the Raspberry Pi Foundation. The spec sheet also mentioned a MicroSD card – which eventually died, prompting (Paolo) to remove the cover. He dumped the faulty SD card, then replaced it — and put his own SSH keys on the device while he was at it.

At this point, Entrade no longer offered devices with local logging, only the option of cloud logging – free, but only for five years, clearly not an option if you like your home cloud-free; the local logging wasn’t flawless either, so the device was worth exploring. A quick look at the file system gave him two large statically compiled binaries, and strace gave him a way to sniff RS485 communication between the data logger and the solar roof paired inverter. Next, he dug into binaries and gathered information about how this device did its job. Earlier, he found that the device provided an undocumented API over HTTP while connected to his network, and comparing the API’s function to the data inside the binary gave him some good results – but not enough.

The main binary was identified to be Go code, and (Paolo) shows us a walkthrough of how to reverse-engineer such binaries in radare2with a small collection of tricks to boot – for example getting a handle on the output of strings for GitHub URLs to find out which libraries are used. Finally, after reverse-engineering the protocol, he completely rewrote the software without the annoying bugs of the previous one and integrated it into his home MQTT network powered by HomeAssistant. As a bonus, he also shows us the main PCB of the data logger, which turned out to be a peculiar creation – not to spoil the surprise!

We imagine this research is not only useful when faced with a similar data logger’s demise, but also quite handy for those at the mercy of the pseudo-free cloud logging plan and would like to opt out. Solar technology seems to be an area where Raspberry Pi boards and proprietary interfaces are not uncommon, which is why we’re seeing hackers reverse-engineer solar-related devices – for example, check out this exploration of a solar inverter’s proprietary protocol to extract data of it, or reverse-engineering an obsolete but perfectly healthy solar inverter’s software to get the password to the service menu.

Leave a Reply

Scroll to Top
%d bloggers like this: