Mirroring/intercepting SunPower Monitoring Traffic?

So, after about an hour of no data, everything came in for an hour with all the details. I am wondering if the unit has some sort of mobile communication capability, such as 2G? I now blocked any outgoing traffic at my firewall, to see if the data flow stops.

Something really strange is happening. At first, I was convinced that the data was going via the power brick. Since my monitoring was still picking up 100/102 lines. So, I unplugged the power brick and waited. The web-site still showed data was coming in. This morning, I am still trying to figure out how the data is reaching the website. Could be going over wifi, but I am not able to find the IP of the device on the network. It so happens I had another power brick network in the house, so perhaps it switched to using that network? I just unplugged that power brick network to see if the data stops. When I log into my wireless router, I don't see any unknown devices in the DHCP table. So, I am puzzled as to how the traffic is still being sent out.

I unplugged the cable from the switch and no data was being reported by the website. So it is still using the power brick. I am kinda bummed as I kinda liked knowing exactly how each panel was performing and this was going to be a fun project to work on. Need to do some nmap scans against service port to see what's open.

To install a cert, you would need to be able to login to the PVS. I assume it is Linux based, so you would need to ssh, which means you would need to get lucky guess with password. I guess they might have a back door through the service port, but who knows..

Make sense that HTTPS initiator would require special treatment, or no one could bank over the web. I'm afraid I sent you down an unlikely path.

I think highly unlikely that SP switch to https without a firmware update. I've been unable to determine what version I have (or even if it is upgradeable).

When I made a wrong turn due to PVS switchover to wifi, I called SP support and asked them if there was a problem with my system because my powerline adapter wasn't working. They had to refer to second tier support, and eventually I was informed definitively that wifi was enabled even though I had no recollection of telling the installers my wifi password. You might want to do similar and see if you can get them to tell you how the PVS is managing to report while your powerline is unplugged.

I am not sure if would be possible to install a trusted CA on that device. I could try to connect my machine to the "service" port on the device, but I am not sure where to go from there. Is there some SSH access that I can enable?

So, I know the communication is going over the power block adapter. I see that they are using some Go Daddy certificate and talking to some AWS machine. I still see some clear text HTTP posts going for 100 and 102 lines. I am just surprised that they would do a remote software upgrade on the device. Did not expect them to be this technical.

Apara, I may be mistaken. Looks like mitmproxy would require installation of a root cert on the PVS itself.

Yes. ManInTheMiddleProxy. Sorry for the confusion.

Is this what you mean? https://mitmproxy.org/

I will check into mtmproxy, but I never setup the WIFI connection (so the unit would not know the password) and the status was always sent over the power line adapter. In fact, I still get the 100/102 messages in the clear text, but the 130/140 lines are no longer appearing. To ensure that it is indeed the IP of the unit, I watched my router while unplugging the cable from the network. Sure enough, the IP in question disappeared from the network. I also tried to "reboot" the entire system by turning off the power at the main panel. The system came back, with a different MAC but I still did not see the production numbers as I was hoping.

These are the only messages I am seeing:

POST /Command/SMS2DataCollector.aspx HTTP/1.1
Host: collector.sunpowermonitor.com
Content-Type: text/plain
Content-Length: 72

100 SPMS 10 ZT170285000441C0308 20170629230949
102 L0eO+4aUacNCTIxqy/B6

I had a similar moment some time back. I wasn't getting expected packets, yet SP kept registering data. Turned out that I have two network connections to the PVS5. I was keying off of a power line adapter, and the PVS had switched over to wifi.

I'm still getting clear text. I haven't had any interruptions.

You can set up mtmproxy and inspect encrypted packets.

Please send an update when you have one.

I see calls going out to:

splunk.pvs5.p2e.io
search1.pvs5.p2e.io
ec2-52-7-213-242.compute-1.amazonaws.com


Is the party over?

I am in the PST timezone, so as of yesterday 8am PST I have not seen any more captures.

I just came home today and the only thing I see being captured in the log are the 100 and 102 messages:

06/29/2017 04:09:50 PM|INFO|PROCESSING (204): [POST /Command/SMS2DataCollector.aspx HTTP/1.1

Host: collector.sunpowermonitor.com

Content-Type: text/plain

Content-Length: 72

100 SPMS 10 ZT170285000441C0308 2017062923094
102 L0eO+4aUacNCTIxqy/B6

I am no longer seeing other reporting.

Yet the website is still reporting proper results... What gives?

8am in what timezone? I noticed a gap in my consumption data starting at 4:35am Pacific which is what triggered the discovery of my PVS5x not having connectivity through my home internet connection. I had expected that it had been missing internet connectivity for about four hours, since it was around 8am when I checked -- but instead it had been completely disconnected (from my home interne) since mid-day June 21.

I'm logging *all* the LAN traffic coming out of the PVS5x, and there's no other host getting POSTs. There is encrypted traffic to an EC2 splunk instance -- perhaps SunPower is changing how they collect the data.

Oddly enough, something similar happened to me as well. Last night, I noticed that the data stopped coming in at around 8 am. I checked the logs and sure enough, there was nothing there. It was late at night, so was not able to test for 140/130 but after restarting I noticed that only 100/101 (i think) were coming in every 30 minutes. I will check again today to see if the data stream recovered, but it could be that there is a "BACKUP" host, so that if your network goes down, the system may switch to another endpoint at a different IP address.

Anyhow, we'll see...

Has anyone had their PVS5x stop POSTing clear text data back to collector.sunpowermonitor.com? And if so, do you know how to have it start again?

About 10 days ago, the networking device that I use to monitor traffic from the PVS5x disconnected from my home network. I did not notice this because, somehow, the usage data was still being uploaded to the SunPower monitoring website (I haven't built out my own homebrew graphing yet.) I'm assuming it was done through the backup cellular connection, since there was definitely no way that the PVS5x had internet connectivity through my home network.

Since resolving the networking problem between the PVS5x and my home internet connection, I have observed the PVS5x POST message 100 (my system serial number) to /Command/SMS2DataCollector.aspx, however I've seen no POSTS to /Data/SMS2DataCollector.aspx and consequently no message 130, 141, or 140 data. And yet the monitoring website is still being updated with new data.

Curiously after I discovered the lack of internet connection, there was no LED indication on the PVS5x that there was a network problem. I did powercycle the PVS5x last night to see if that would help and it has not.

Any thoughts or experiences would be appreciated. Thanks!