At this point, Entrade no longer offered devices with local logging, only the option of cloud logging – free, but only for five years, clearly not an option if you like your home cloud-free; the local logging wasn’t flawless either, so the device was worth exploring. A quick look at the file system gave him two large statically compiled binaries, and strace gave him a way to sniff RS485 communication between the data logger and the solar roof paired inverter. Next, he dug into binaries and gathered information about how this device did its job. Earlier, he found that the device provided an undocumented API over HTTP while connected to his network, and comparing the API’s function to the data inside the binary gave him some good results – but not enough.
The main binary was identified to be Go code, and (Paolo) shows us a walkthrough of how to reverse-engineer such binaries in radare2with a small collection of tricks to boot – for example getting a handle on the output of strings for GitHub URLs to find out which libraries are used. Finally, after reverse-engineering the protocol, he completely rewrote the software without the annoying bugs of the previous one and integrated it into his home MQTT network powered by HomeAssistant. As a bonus, he also shows us the main PCB of the data logger, which turned out to be a peculiar creation – not to spoil the surprise!
We imagine this research is not only useful when faced with a similar data logger’s demise, but also quite handy for those at the mercy of the pseudo-free cloud logging plan and would like to opt out. Solar technology seems to be an area where Raspberry Pi boards and proprietary interfaces are not uncommon, which is why we’re seeing hackers reverse-engineer solar-related devices – for example, check out this exploration of a solar inverter’s proprietary protocol to extract data of it, or reverse-engineering an obsolete but perfectly healthy solar inverter’s software to get the password to the service menu.