December 27, 20232 yr 6 hours ago, PUser said: The reason I want it is because I do MAC address whitelisting on my routers for extra security - so I need to first add the MAC address to my router in order for the router to accept connection from the device. I'll probably just have to switch off that feature temporarily and then go about as per your suggestion i #1. Thank you AFAIK, the dongle registers the DNS name e-linter. You can use the arp command do display MAC addresses (Linux) On Windows, you man have to ping e-linter and then use the "arp -a" command. Nmap also displays the mac addresses nmap -sn 192.168.7.0/24 You can also check on your DNS/DHCP server
December 27, 20232 yr 3 hours ago, system32 said: AFAIK, the dongle registers the DNS name e-linter. You can use the arp command do display MAC addresses (Linux) On Windows, you man have to ping e-linter and then use the "arp -a" command. Nmap also displays the mac addresses nmap -sn 192.168.7.0/24 You can also check on your DNS/DHCP server Thank you! Turns out my Deco App shows it by default if I just look at the online clients - but I'll remember the nmap -sn option...
December 27, 20232 yr Also can look through the logs and see what mac address was rejected. But not sure if teh TP-link provides that level of logs Yup Mac Whitelisting has so many holes it is not funny. But if it makes you feel secure who am I to argue. Setup the ap's and put in place proper security mentality will mitigate 99% of the threats that are out there. Based on the comment "deco App" tell me you have tp-link. Entry level consumer stuff. Go look here and tell me you still feel good TP-Link - Security Advisory Edited December 27, 20232 yr by Gary Waterworth
December 28, 20232 yr 14 hours ago, Gary Waterworth said: Also can look through the logs and see what mac address was rejected. But not sure if teh TP-link provides that level of logs Yup Mac Whitelisting has so many holes it is not funny. But if it makes you feel secure who am I to argue. Setup the ap's and put in place proper security mentality will mitigate 99% of the threats that are out there. Based on the comment "deco App" tell me you have tp-link. Entry level consumer stuff. Go look here and tell me you still feel good TP-Link - Security Advisory I run my IoT devices (e-linter/sunsynk/tuya/solar-assistant/tasmota/cctv/etc) in an IoT VLAN. I use nftables to limit access and direction of traffic. Edited December 28, 20232 yr by system32
March 5, 20242 yr On 2022/11/11 at 9:42 AM, Gary Waterworth said: I have been putting together some flows in Home Assistant NodeRed to query the SunSynk API on the website directly. Been working on endpoints. Looks like I have access to all readings and Inverter settings now. I have only pulled out some of them into sensors so I can use them in HA. Still need to make/find some nice cards. Busy looking at how to set some settings. Basic process is there, just need to make sure it all works Hi Gary, I am a complete noob when it comes to coding/python etc. All I am trying to do is get data from my Sunsynk inverter into a .csv file with headings. Is there any basic code I can use to get this done? I'm going down a bit of a rabbit hole, so would appreciate any guidance!
March 8, 20242 yr On 2024/03/05 at 8:50 AM, Scott Havemann said: Hi Gary, I am a complete noob when it comes to coding/python etc. All I am trying to do is get data from my Sunsynk inverter into a .csv file with headings. Is there any basic code I can use to get this done? I'm going down a bit of a rabbit hole, so would appreciate any guidance! While it is theoretically possible, it is not going to be done with basic code. What data are you looking for exactly ?
April 16, 20242 yr Ok, so I finally took the time to flash ESPHome onto my Sunsynk wifi dongle. Took a while to figure out the details, which I wrote up in another thread: https://powerforum.co.za/topic/28044-anyone-noticed-weird-behaviour-from-their-sunsynk-inverter-charging-when-not-supposed-to-resetting-daily-totals-etc/?do=findComment&comment=202244 The end result is that you have a dongle running ESPHome, powered neatly from the inverter via the Ring Indicator pin of the DE9 connector, polling the inverter using modbus over RS232 at 9600 baud. The diff from slipx06's original ESPHome config is minimal: diff -w ESPHome-1P-Sunsynk-Deye.yaml sunsynk_dongle.yaml 12c12 < board: nodemcu-32s --- > board: airm2m_core_esp32c3 14a15 > variant: esp32c3 60,61c61,62 < tx_pin: GPIO1 < rx_pin: GPIO3 --- > tx_pin: GPIO5 > rx_pin: GPIO6 67d67 < flow_control_pin: GPIO16 Basically, change the board to an ESP32C3 (I just picked one, there may be better options), set the variant, and update the UART pins. Also, delete the modbus TX control pin, because RS232 is full duplex. Shout if you have any questions.
April 17, 20242 yr Would still be amazing to get into the orignal firmware and see if it is possible to retain the original communications but add in a stream server of the RS323 (modbus).
April 17, 20242 yr 14 hours ago, RoganDawes said: Ok, so I finally took the time to flash ESPHome onto my Sunsynk wifi dongle. Took a while to figure out the details, which I wrote up in another thread: https://powerforum.co.za/topic/28044-anyone-noticed-weird-behaviour-from-their-sunsynk-inverter-charging-when-not-supposed-to-resetting-daily-totals-etc/?do=findComment&comment=202244 The end result is that you have a dongle running ESPHome, powered neatly from the inverter via the Ring Indicator pin of the DE9 connector, polling the inverter using modbus over RS232 at 9600 baud. The diff from slipx06's original ESPHome config is minimal: diff -w ESPHome-1P-Sunsynk-Deye.yaml sunsynk_dongle.yaml 12c12 < board: nodemcu-32s --- > board: airm2m_core_esp32c3 14a15 > variant: esp32c3 60,61c61,62 < tx_pin: GPIO1 < rx_pin: GPIO3 --- > tx_pin: GPIO5 > rx_pin: GPIO6 67d67 < flow_control_pin: GPIO16 Basically, change the board to an ESP32C3 (I just picked one, there may be better options), set the variant, and update the UART pins. Also, delete the modbus TX control pin, because RS232 is full duplex. Shout if you have any questions. Busy debating buying another dongle to play with this. Is there anything special i need to be able to flash the dongle or can I just connect it to my pc with a RS232-> usb ? EDIT : Never mind , going through the other post Edited April 17, 20242 yr by Gary Waterworth
April 17, 20242 yr 3 hours ago, Gary Waterworth said: Busy debating buying another dongle to play with this. Is there anything special i need to be able to flash the dongle or can I just connect it to my pc with a RS232-> usb ? EDIT : Never mind , going through the other post Just to be clear, I used a USB-TTL (3.3V) adapter, directly connected to the header holes on the PCB, not an RS232 UART connected to the DE9.
April 17, 20242 yr 4 hours ago, WazzaCPT said: Would still be amazing to get into the orignal firmware and see if it is possible to retain the original communications but add in a stream server of the RS323 (modbus). @WazzaCPT I am sure you would be able to this. Two serial ports are needed (with the same logic as the current one) to monitor TX and RX data Below is a typical example connection diagram for unobstructed sniffing of serial data. P1 and P2 represents the existing Sunsynk inverter and Dongle connectors (not sure about actual male and female on dongle/inverter). P3 and P4 provides a sniffed copy of the TX and RX data between the Dongle and Sunsynk inverter which can be interpreted and used for own monitoring by connecting to micro controller or PC. Hope this helps to simulate some ideas ...
April 17, 20242 yr 11 minutes ago, DeonBez said: @WazzaCPT I am sure you would be able to this. Two serial ports are needed (with the same logic as the current one) to monitor TX and RX data Below is a typical example connection diagram for unobstructed sniffing of serial data. P1 and P2 represents the existing Sunsynk inverter and Dongle connectors (not sure about actual male and female on dongle/inverter). P3 and P4 provides a sniffed copy of the TX and RX data between the Dongle and Sunsynk inverter which can be interpreted and used for own monitoring by connecting to micro controller or PC. Hope this helps to simulate some ideas ... Hello @DeonBez, Are you saying that you could sniff both the RX and TX packets using an ESP32 with a logic level convert (or a TTL to DB9 serial interface) while not messing with the functions of the dongle and inverter. I would assume this means you can see data but should block sending any data through the sniffing device? Would this mean that technically you would only need to sniff the TX of the inverter? Would it be possible in theory to sniff directly off the RX pin of the UART on the ESP32 in the dongle? Potentially including a second ESP module inside the same dongle? I am not very clued up with this type of approach but I do know you can scope a signal, so understand you should be able to read it with a device. Edited April 17, 20242 yr by WazzaCPT
April 17, 20242 yr 7 minutes ago, WazzaCPT said: I would assume this means you can see data but should block sending any data through the sniffing device? @WazzaCPT As long as one connects the TX signal of the inverter to another serial port RX signal and the same for the Dongle, it should not interfere with the existing communications taking into account the cable length limits for RS232 which is dependent on the baud rate but generally stated as around 15m. 10 minutes ago, WazzaCPT said: Would this mean that technically you would only need to sniff the TX of the inverter? I have not looked at the protocol to know if only TX or both TX/RX data packets are needed to implement monitoring but am sure other forum/internet members already reversed engineer it so the info will be available somewhere. 13 minutes ago, WazzaCPT said: Would it be possible in theory to sniff directly off the RX pin of the UART on the ESP32 in the dongle? Potentially including a second ESP module inside the same dongle? If you are prepared to open the Dongle, yes. Not sure how the ESP32 is powered and if another ESP32 or similar can be powered from the same source, but this information should also be available on the forum / internet. The diagram attached in previous post was really more to indicate sniffing should be possible without modifying the stock Dongle by just using a breakout sniffing cable 😃
April 17, 20242 yr 53 minutes ago, DeonBez said: @WazzaCPT I am sure you would be able to this. Two serial ports are needed (with the same logic as the current one) to monitor TX and RX data Below is a typical example connection diagram for unobstructed sniffing of serial data. P1 and P2 represents the existing Sunsynk inverter and Dongle connectors (not sure about actual male and female on dongle/inverter). P3 and P4 provides a sniffed copy of the TX and RX data between the Dongle and Sunsynk inverter which can be interpreted and used for own monitoring by connecting to micro controller or PC. Hope this helps to simulate some ideas ... I actually built something like this, based on an ESP32. I posted some pictures of it, and a little description, here: https://infosec.exchange/deck/@RoganDawes/111595769934719217 Sorry, the pictures are too large for this forum 🙂 ESP32 has 3 UART's, I put an SP3232 on some veroboard to get 2 inbound signals and 2 outbound signals, mapped to U1RX/U1TX and U2RX/U2TX. The jumper pins in the middle let you switch from just snooping to active interception, by connecting the TX signals, and breaking the "Straight through" connections in the middle. And yes, while it is possible to pass through the data from the genuine dongle (running e-linter firmware) to the inverter, and its responses in the other direction, and then issue your own commands when it is quiet so as not to trample over the e-linter comms, actually identifying and using those intervals of quiet is not the simplest problem to solve. I think I mentioned it above, but another approach is to emulate the e-linter firmware using Wokwi, and forward the emulated UART to the dongle. Still some impedance matching required (e-linter firmware will expect a response within X ms, otherwise will resend the query, so you can simply drop a duplicated query, etc, etc).
April 17, 20242 yr Ok, so all way to complex for me. Is there a way to make use of the firmware bin that you dumped to get to the code and functions?
April 17, 20242 yr 39 minutes ago, WazzaCPT said: Ok, so all way to complex for me. Is there a way to make use of the firmware bin that you dumped to get to the code and functions? It’s not easy, I’m afraid. As of last year, the tools for reversing an ESP32 RISC-V binary were not exactly user friendly. There are lots of debugging / logging statements which should help to give an idea of what the code is supposed to be doing, if you can figure out the memory base addresses, etc for your decompiler.
April 23, 20242 yr This is how I go about sniffing serial traffic between the ports. As mentioned the ESP32 has 3 serial ports UART0, UART1 & UART2 #define RXD1 4 #define TXD1 2 #define RXD2 16 #define TXD2 17 void setup() { Serial1.begin(9600, SERIAL_8N1, RXD1, TXD1); //Dongle Serial2.begin(9600, SERIAL_8N1, RXD2, TXD2); //Inverter Serial.begin(9600); } void loop() { //From Dongle if (Serial1.available() > 0) { // read the incoming byte: int incomingByte=0; incomingByte = Serial1.read(); Serial2.write(incomingByte); } //From Inverter if (Serial2.available() > 0) { // read the incoming byte: int incomingByte=0; incomingByte = Serial2.read(); Serial1.write(incomingByte); } } Additionally to the above I make use of web serial to monitor the data https://randomnerdtutorials.com/esp32-webserial-library/ Note the above interferes with the comms but I do get a response from the inverter. Also note the inverter does not send data all the time, It needs to be queried. Using SolarAssistant as the "Dongle" I receive the following (Without spaces) that is sent to the inverter before the inverter will respond. Below is in decimals, but using serial.print(intvalue,HEX); will format it hex if you like. 0 3 0 0 0 9 132 29 1 3 0 0 0 9 133 204 2 3 0 0 0 9 133 255 3 3 0 0 0 9 132 46 4 3 0 0 0 9 133 153 5 3 0 0 0 9 132 72 6 3 0 0 0 9 132 123 7 3 0 0 0 9 133 170 8 3 0 0 0 9 133 85 9 3 0 0 0 9 132 132 10 3 0 0 0 9 132 183 11 3 0 0 0 9 133 102 12 3 0 0 0 9 132 209 13 3 0 0 0 9 133 0 14 3 0 0 0 9 133 51 Perhaps linking directly to the inverter's TX and then send to webserial may be a better idea. Not shown in the below image, I use a DB9 Gender Changer to interface with the inverter. Edited April 23, 20242 yr by MartinViljoen
April 23, 20242 yr 36 minutes ago, MartinViljoen said: This is how I go about sniffing serial traffic between the ports. As mentioned the ESP32 has 3 serial ports UART0, UART1 & UART2 #define RXD1 4 #define TXD1 2 #define RXD2 16 #define TXD2 17 void setup() { Serial1.begin(9600, SERIAL_8N1, RXD1, TXD1); //Dongle Serial2.begin(9600, SERIAL_8N1, RXD2, TXD2); //Inverter Serial.begin(9600); } void loop() { //From Dongle if (Serial1.available() > 0) { // read the incoming byte: int incomingByte=0; incomingByte = Serial1.read(); Serial2.write(incomingByte); } //From Inverter if (Serial2.available() > 0) { // read the incoming byte: int incomingByte=0; incomingByte = Serial2.read(); Serial1.write(incomingByte); } } Additionally to the above I make use of web serial to monitor the data https://randomnerdtutorials.com/esp32-webserial-library/ Note the above interferes with the comms but I do get a response from the inverter. Also note the inverter does not send data all the time, It needs to be queried. Using SolarAssistant as the "Dongle" I receive the following (Without spaces) that is sent to the inverter before the inverter will respond. Below is in decimals, but using serial.print(intvalue,HEX); will format it hex if you like. 0 3 0 0 0 9 132 29 1 3 0 0 0 9 133 204 2 3 0 0 0 9 133 255 3 3 0 0 0 9 132 46 4 3 0 0 0 9 133 153 5 3 0 0 0 9 132 72 6 3 0 0 0 9 132 123 7 3 0 0 0 9 133 170 8 3 0 0 0 9 133 85 9 3 0 0 0 9 132 132 10 3 0 0 0 9 132 183 11 3 0 0 0 9 133 102 12 3 0 0 0 9 132 209 13 3 0 0 0 9 133 0 14 3 0 0 0 9 133 51 Perhaps linking directly to the inverter's TX and then send to webserial may be a better idea. Not shown in the below image, I use a DB9 Gender Changer to interface with the inverter. This is mine: ESP32 talks to the SP3232 transceiver (yellow wires), which has 2 channels in each direction, perfect for 2 UARTs. The jumpers at the bottom either swap RX/TX (two blocks on either side), or connect/disconnect the TX lines from the transceiver/ESP32. When the ESP32 TX lines are disconnected, the ESP32 can snoop but not transmit, which is enough for most purposes. I run ESPHome on the ESP32, because it has a ton of useful functionality (OTA updates, built in UART buffering, debug logging via WiFi, etc), and simply put the Sunsynk dongle on one side, and a DE9 cable to the inverter on the other side. The string of numbers you posted is actually just the dongle trying to identify the address of the inverter (first column). Second column (3) is a "read holding register" command, starting at address 0, and returning 9 registers. last two columns are the CRC. Apparently the inverter was not responding for some reason. Not connected, maybe? 0 3 0 0 0 9 132 29 1 3 0 0 0 9 133 204 2 3 0 0 0 9 133 255 3 3 0 0 0 9 132 46 4 3 0 0 0 9 133 153 5 3 0 0 0 9 132 72 6 3 0 0 0 9 132 123 7 3 0 0 0 9 133 170 8 3 0 0 0 9 133 85 9 3 0 0 0 9 132 132 10 3 0 0 0 9 132 183 11 3 0 0 0 9 133 102 12 3 0 0 0 9 132 209 13 3 0 0 0 9 133 0 14 3 0 0 0 9 133 51
April 23, 20242 yr This looks like a great project. My only concern is you would lose inverter firmware updates functionality
April 23, 20242 yr 7 minutes ago, Gambit said: This looks like a great project. My only concern is you would lose inverter firmware updates functionality Sure, that's why you take a backup, and can reinstall it if you ever need to do an upgrade. And while doing so, log all the data written out on the serial port to see how it is done 😛
April 23, 20242 yr I wonder how different the firmware update process is compared to say the Nextion firmware upload is.
April 23, 20242 yr 31 minutes ago, WazzaCPT said: I wonder how different the firmware update process is compared to say the Nextion firmware upload is. I suspect it is something like doing a modbus write to a particular holding register (probably with the expected length of the firmware), then writing the bytes of the firmware one after another to a different holding register, then finally writing a "complete" message to either the first or a different holding register.
April 25, 20242 yr I have to correct my earlier post, I'm not actually getting any response from the inverter. At the time of testing I swopped the ports. I received data from the dongle and thought its coming from the inverter. Got a little excited. Not sure why I'm not getting any responses when I copy the byte received as is from the dongle over to the inverter's RX pin. Starting to wonder if the gender changer is the issue or if the inverter expect RTS and CTS. Going to try what DeonBez suggested.
April 25, 20242 yr 40 minutes ago, MartinViljoen said: I have to correct my earlier post, I'm not actually getting any response from the inverter. At the time of testing I swopped the ports. I received data from the dongle and thought its coming from the inverter. Got a little excited. Not sure why I'm not getting any responses when I copy the byte received as is from the dongle over to the inverter's RX pin. Starting to wonder if the gender changer is the issue or if the inverter expect RTS and CTS. Going to try what DeonBez suggested. There is no RTS/CTS required. You may well have the outbound RX and TX lines swapped. Would try that first.
July 6, 2025Jul 6 On 2024/04/16 at 10:05 PM, RoganDawes said:Basically, change the board to an ESP32C3 (I just picked one, there may be better options), set the variant, and update the UART pins. Also, delete the modbus TX control pin, because RS232 is full duplex.Shout if you have any questions.Hey there @RoganDawes :)I have a spare sunsynk dongle and want to re-flash it.I have flashed tons of sonoff devices and visia devices, just not too sure about the pads to use on this one.I see the TX RX GND pins but do not see the +3.3 padAlso for programing do I BRIDGE/THE isp pads as indicated on the board to put it in flashing mode?EDIT: I did find your link to more info where you explained the connections for power and confirmed the ISP short for programming :)Will be giving it a go today. Edited July 6, 2025Jul 6 by WannabeSolarSparky
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.