Quick way to reverse engineer modbus?

[rthorntn]

Hi,

I should say up front that I'm not a programmer.

I just bought a new inverter (Goodwe SBP G2) and I need to control it with modbus, I've got the inverter installed and I have a working connection using a waveshare modbus TCP to RTU converter.

So I bought this inverter because the modbus was already reversed.  The vendor has changed it and won't provide a document.

So I'm using node-red, the previous modbus implementation would provide the serial number when you read 0x0200 I figured out that that has changed to 0x07D0.

So does anyone have a way to quickly enumerate all the addresses, so I can use the SolarGo app to change something and search modbus for changed values?

Thanks.
Richard

[RoGeorge]

I would install wireshark, to sniff the modbus TCP packets.  Then use the modbus device together with its own application (from the provider), to learn the must-have coils and registers addresses, and their values.

AFAIK modbus can not be interrogated about its register addresses, so you can only sniff the exchanged data and try to deduce which does what.

Before anything else, contact the manufacturer and kindly ask them for the programming manual, or for the modbus registers directly.  Maybe they'll give you the info.

[rthorntn]

Thanks, the manufacturer refused to provide the info.

Unfortunately the SolarGo app communicates with the inverter over WiFi, not through my RS485 TCP adapter.

[RoGeorge]

Wireshark can sniff any network card, including wireless ones.  Install a solar Go app on a PC/laptop that has a connection to the wireless network, so you can install Wireshark on the same machine where the Solar Go is running, and sniff the packets.

If not, try to sniff from the air the wireless packets between the Android phone and the RTU device.  Preferably sniff them from the phone/tablet (e.g. https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark ).  Should be possible to sniff from the air to, though might be more difficult, depending on the encryption type used by the wireless.

What device/network layout do you use now, to control the RTU?

[voltsandjolts]

A starting point perhaps...

[Doctorandus_P]

If they refuse to give decent usermanual (including all mosbus register names and usage) then return the inverter and buy another one which does have this info.