There are quite a few devices on the market that have a Raspberry Pi at their heart and after becoming the proud owner of a solar roof, [Paolo Bonzini] found himself with an Entrade ENR-DTLA04DN data logger that – let’s just say he had some of the signs and at FOSDEM 2023 he told us all about it. Installed on the promise of purely local logging, the data logger betrayed its nature with a power brick emblazoned with the Raspberry Pi logo, a datasheet identical to that of a Pi 3, and a MAC address identical to that of the Raspberry Pi Foundation belongs. That spec sheet also mentioned a MicroSD card – which eventually died prompting it [Paolo] to remove the lid. He disposed of the defective SD card, then replaced it — and put his own SSH keys on the device while he was at it.
At this point, Entrade no longer offered devices with local logging, only the option of cloud logging – free but only for five years, clearly not an option if you like your home cloud-free; Local logging wasn’t flawless either, so the device was worth exploring. A quick look at the file system brought him two large statically compiled binaries and strace gave him the opportunity to spy on the RS485 communications between the data logger and the inverter coupled to the solar roof. Next, he dug into the binaries and gathered information about how this device worked. Previously, he found that the device exposed an undocumented API over HTTP while connected to his network, and comparing how the API worked with the data in the binary gave him some good results – but not enough.
The main binary was identified as Go code, and [Paolo] shows us a walkthrough of reverse engineering such binaries in radare2, with a small collection of boot tricks – for example, grepping the output strings for GitHub URLs to find out the libraries used. In the end, after reverse engineering the protocol, he completely rewrote the software without the annoying bugs of the previous ones and integrated it into his MQTT home network powered by HomeAssistant. As a bonus, he also shows us the data logger’s main circuit board, which turned out to be a strange creation – not to spoil the surprise!
We imagine that this research will not only come in handy when you’re facing the death of a similar data logger, but also very handy for those who feel at liberty to the pseudo-free cloud logging plan and want to opt out. Solar seems to be an area where Raspberry Pi boards and proprietary interfaces are not uncommon, which is why we’re seeing hackers reverse-engineering devices related to solar energy – check out this investigation of a solar inverter’s proprietary protocol to access data, for example remove it from or reverse engineer the software of a retired but perfectly intact solar inverter to obtain the password for the service menu.
