tuxmike
commented
1 year ago Solax X1 Hybrid G4 ? The commands in the Readme are coming from an X1-Mini 1.5, so there seems to be some difference. What does "(alternate ...)" refer to?
Open 70p4z opened 1 year ago
tuxmike
commented
1 year ago Solax X1 Hybrid G4 ? The commands in the Readme are coming from an X1-Mini 1.5, so there seems to be some difference. What does "(alternate ...)" refer to?
70p4z
commented
1 year ago Oh, thanks pretty dumb actually, the command to send to the x1 could be:
Either command, the first 0x197 bytes are containing the same information. Hope that helped.
70p4z
commented
1 year ago Additionally, I think each inverter of the solax product line are somewhat implementing different command set.
xdubx
commented
1 year ago Additionally, I think each inverter of the solax product line are somewhat implementing different command set.
Yes. If you take a look in the data sheets https://github.com/xdubx/Solax-Pocket-USB-reverse-engineering/tree/refactor/Modbus%20stuff they have a very weird implementation. Modbus is different from the usb implementation.
70p4z
commented
1 year ago I'm not familiar with modbus, only CAN and the pocketwifi serial link (it's not USB at all :s)
tuxmike
commented
1 year ago Hi @70p4z, can you confirm the below cmd table for you / X1 Hybrid?
| Control code | Function Code | Payload length (byte) | Checksum length (byte) | Description |
|---|---|---|---|---|
| 01 | 01 | 0 | 2 | Request inverter data X1 Hybrid |
| 01 | 90 | 400 | 2 | Response inverter data X1 Hybrid (example you posted above) |
| 01 | 13 | 0 | 2 | Request inverter data2 X1 Hybrid |
| 81 | 90 | 600 | 2 | Response inverter data2 X1 Hybrid (what is in there, do you have an example?) |
| known X1 Mini (Pocket v2.0) as comparison | ||||
| 01 | 0C | 0 | 2 | Request inverter data X1 Mini |
| 01 | 8C | 200 | 2 | Response inverter data X1 Mini |
| Are generic cmds below also the same for you / X1 Hybrid? | Control code | Function Code | Payload length (byte) | Checksum length (byte) | Description |
|---|---|---|---|---|---|
| 01 | 05 | 0 | 2 | Request read serial numbers | |
| 01 | 85 | 40 | 2 | Response read serial numbers | |
| 02 | 01 | 10 | 2 | Request register pocket dongle serial number | |
| 02 | 01 | 10 | 0 (!) | Response register pocket dongle serial number |
tuxmike
commented
1 year ago @70p4z Are you using are black PocketWifi/LAN v3.0, or a white v2.0, or even v1.0?
70p4z
commented
1 year ago Hi @tuxmike, The only mistake in the table, is:
Hi @70p4z, can you confirm the below cmd table for you / X1 Hybrid?
Commands
Control code Function Code Payload length (byte) Checksum length (byte) Description 01 01 0 2 Request inverter data X1 Hybrid 01 90 400 2
01 13 0 2 Request inverter data2 X1 Hybrid 81 90 600 2 Response inverter data2 X1 Hybrid (what is in there, do you have an example?) known X1 Mini (Pocket v2.0) as comparison
01 0C 0 2 Request inverter data X1 Mini 01 8C 200 2 Response inverter data X1 MiniAre generic cmds below also the same for you / X1 Hybrid? Control code Function Code Payload length (byte) Checksum length (byte) Description 01 05 0 2 Request read serial numbers 01 85 40 2 Response read serial numbers 02 01 10 2 Request register pocket dongle serial number 02 01 10 0 (!) Response register pocket dongle serial number
I haven't checked all those comman/func pairs, they are not needed to drive the inverter or get its status. I just discovered other commands though:
- check pin : AA 55 09 09 00 DE 07 F6 01
===== Start of packet
== packet length (including start of packet and checksum)
===== Command indication
===== PIN value (U16LE)
===== checksum
- check pin reply
AA 55 07 09 80 8F 01
An extract from my tparse project may also be useful. Here are some other commands
const uint8_t solax_pw_cmd_mode_self_use[]= { 0xAA, 0x55, 0x09, 0x09, 0x1C, 0x00, 0x00, 0x2D, 0x01 };
const uint8_t solax_pw_cmd_mode_manual[]= { 0xAA, 0x55, 0x09, 0x09, 0x1C, 0x03, 0x00, 0x30, 0x01 };
// useless // const uint8_t solax_pw_cmd_mode_backup[]= { 0xAA, 0x55, 0x09, 0x09, 0x1C, 0x02, 0x00, 0x30, 0x01 };
const uint8_t solax_pw_cfg_manual_stop[]= { 0xAA, 0x55, 0x09, 0x09, 0x24, 0x00, 0x00, 0x35, 0x01 };
const uint8_t solax_pw_cfg_manual_charge[]= { 0xAA, 0x55, 0x09, 0x09, 0x24, 0x01, 0x00, 0x35, 0x01 };
// useless // const uint8_t solax_pw_cfg_manual_discharge[]= { 0xAA, 0x55, 0x09, 0x09, 0x24, 0x02, 0x00, 0x35, 0x01 };
And others I'm not using, but which can prove useful too
#set gmppt high
aa5509096a03007e01 aa550709eaf901
#set gmppt low
aa5509096a01007c01 aa550709eaf901
#set gmppt off
aa5509096a00007b01 aa550709eaf901
# set system off
aa5509092f00004001 aa550709afbe01
# set system on
aa5509092f01004101 aa550709afbe01Also I've started listing all settings and create a map of what setting is at what index in the settings array (and therefore what SET commands is required to change it). If you're interested I'll share that too later on.
Finally, I'm using solax pocket wifi 2.0 (the white one), well, at least I was using it. Now that my bridge for pylontech compatibility is featuring a pocket wifi serial port, and an I2C monitoring port (to eventually reach home assistant), I'm not using it anymore.
Cheers,
70p4z
commented
11 months ago Few update, I've just reversed the Solax inverter states:
#define INVERTER_STATUS_WAITING 0
#define INVERTER_STATUS_CHECKING 1
#define INVERTER_STATUS_NORMAL 2
#define INVERTER_STATUS_FAULT 3
#define INVERTER_STATUS_ERROR 4
#define INVERTER_STATUS_UPDATE 5
#define INVERTER_STATUS_EPS_WAIT 6
#define INVERTER_STATUS_EPS 7
#define INVERTER_STATUS_SELFTEST 8
#define INVERTER_STATUS_IDLE 9
#define INVERTER_STATUS_STANDBY 10For anyone who might need such info
After a few dump of the serial interface and reverse to get the mapping here are some results I got. I hope this would help.
Check with some values on your side to validate, but that sounds about right on my interpreter.