Decompiling Software To Fix An Old Solar Inverter

A solar inverter that asks for a password on its display

It’s a fact of life that electronic devices become obsolete after a few years. Sometimes this is because technology has moved on, but it can also happen that a perfectly functional device becomes near-useless simply because the original manufacturer no longer supports it. When [Buy It Fix It] found a pair of second-hand Power-One Aurora solar inverters, he ran into an issue for which he needed access to the service menu, which happened to be password-protected. The original manufacturer had ceased to exist, and the current owner of the brand name was unable to help, so [Buy It Fix It] had to resort to reverse engineering to find the password.

Thanks to the Wayback Machine over at the Internet Archive, [Buy It Fix It] was able to download the PC software bundle that originally came with the inverters. But in order to access all features, a password was required that could only be obtained by registering the unit with the manufacturer. That wasn’t going to happen, so [Buy It Fix It] fired up dnSpy, a decompiler and debugger for .NET programs. After a bit of searching he found the section that checked the password, and by simply copying that section into a new program he was able to make his own key generator.

With the service password now available, [Buy It Fix It] was able to set the inverter to the correct voltage setting and hook it up to his solar panels. Interestingly, the program code also had references to “PONG”, “Tetris” and “tiramisu” at various places; these turned out to be Easter eggs in the code, containing simple versions of those two games as well as a photo of the Italian dessert.

Inside the software archive was also another program that enabled the programming of low-level functions within the inverter, things that few users would ever need to touch. This program was not written in .NET but in C or something similar, so it required the use of x32dbg to look at the machine code. Again, this program was password-protected, but the master password was simply stored as the unencrypted string “91951” — the last five digits of the manufacturer’s old phone number.

The inverter was not actually working when [Buy It Fix It] first got it, and his repair video (also embedded below) is also well worth watching if you’re into power electronics repair. Hacking solar inverters to enable more features is often possible, but of course it’s much easier if the entire design is open source.

16 thoughts on “Decompiling Software To Fix An Old Solar Inverter

  1. I still remember the passwords for all appliances of my old company. It would be just a checkbox ticked to unlock a 2000 USD premium feature in the lab hardware we were selling to companies. The mainboards were all the same in them. Features were just unlocks. Whilst we were a serious business and had 200k staff around the globe, it always felt a bit wrong. Though we produced little waste and installing an extra sensor and unlocking it produced no electronic waste. It also allowed to sell basic features more cheaply customers unable to afford the entire platform.

    The video brings back these memories. However it saddens me to see it in consumer tier hardware, this produces a lot of waste, as they just dump it in the trash. My company would allow to sell old hardware back for refurbishments.

  2. Reminds me of the good old days in school when I used the lunch break to stare at assembly code on continuous paper to figure out how the key to register a shareware program is calculated.

    1. I remember when TVs came with a schematic in a pocket inside the back cover, complete with adjustment instructions, voltages and oscillograms; and large appliances came with a manual that had exploded diagrams and spare part numbers. Regulators should make this compulsory. At a minimum, they should ensure that, for any large/expensive appliance sold, companies deposit schematics, repair information, firmware updates, installer software etc (ideally all with source code) in a registry, where it’s made publicly available after a set time, or when the company ceases to exist and fails to renew their registration, whichever comes first.

  3. I’m still pissed about my old Webramp RAS box that wanted an unlock code following a firmware upgrade. Webramp was long gone but I found the firmware updater online, so I installed it, and promptly turned the unit into a paperweight.

    I’d still be using it today if I’d known how to make a key for it.

    Right to repair, 100%. Key-gen escrow or something, so when the company vanishes, the hardware doesn’t fly straight into a landfill.

  4. As a matter of interest, there’s an inverter manufacturer in Australia who will open-source all their IP in 2025.

    I had one of their original pure sine-wave inverters and it finally released the magic smoke (in great quantities) this year, after 26 years of service. I’ve replaced it with a current model. Browsing the website, and talking to my supplier, I discovered that the owners are retiring from inverter manufacturing and moving into e-waste processing and recycling, shutting down the business in 2025. And releasing all their IP to open-source when they close. So if anyone’s interested in the design of good-quality inverters, set a reminder to check the website in 2025. I don’t know if they’re actually going to publish the information on the website, or set up a separate repository, but there’ll be some good info there.

    1. Wow, I hope they are OK and ceasing business by choice. Thanks for the link. Companies that do things like this should be rewarded.

      I’ve noticed a trend for solar inverters to be *less* open in recent years. My old inverter used to have an LCD readout showing instantaneous power stats, and its own self-hosted website that would also show power logs etc. On my new inverter, I can’t read anything directly, I have to give it access to my wifi then download the info from the manufacturer’s website.

      For anyone in the market for a grid-tie inverter, avoid “solar edge” they are dicks and will hold your data hostage.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.