Enecsys SMI-360-72 Microinverter

Table of Contents

1. Intro

This is a page describing my notes about the Enecsys SMI-360-72 microinverter with main focus on reverse-engineering the 802.15.4 (Zigbee) communications protocol used for monitoring of the microinverter parameters by a Enecsys Gateway device documented here.

2. Zigbee Radio

The inverter contains a ETRX2-PA Zigbee module manufactured by Telegesis. This module is based on now end-of-life EM250 chip sold by Silicon Labs. It's been built by a company called Ember which has been since acquired by Silicon Labs. A datasheet (mirror) for the chip is available. Unfortunately, it uses an obscure XAP2b microprocessor core (more docs here (mirror) with no open-source compiler or instruction set published. The microcontroller designer (Cambridge Consultants, add another company to the vendor soup) has apparently licensed an IDE called xIDE (some docs here) to Silicon Labs as this software is what they are selling to their customers in order to develop custom firmware. No free licenses for this software seem to be available.

Some remnants of the development kit brochures can be found on Digikey and I have reached out to a single non-Chinese company which lists the development kits on their website:

As a sidenote, the EM250 is also used in the popular XBee and XBee-PRO Zigbee RF modules models XBEE2, XBEEPRO2 as described in their User manual (mirror). This has also been independently confirmed on the Digi (maker of XBee) forums.

3. Random links

A random thread on Microchip's forum describing how you can enter the Ember bootloader from the AT command (default firmware) by entering

AT%P24F7
OK
B
.EM250 Bootloader. v20 b06
.
.3435. upload ebl
.2. run
.6263. ebl info
.BL > .V1
.begin upload

https://www.microchip.com/forums/m304986.aspx

The documentation for the EM250 development kit. Contains instructions on hardware setup and xIDE installation: https://www.mouser.com/catalog/specsheets/silicon%20laboratories_108.pdf (mirror)

Some people selling what appears to be a USB Zigbee WIFI gateway. They provide xIDE screenshots and claim to have the original source code from ENECSYS. Their product is pretty pricey (300 USD) but I suppose all of this expensive Imaginary Property needed to be bought. https://www.ebay.pl/itm/283656242209

The inverter installation guide enecsys-smi-360-72-microinverter/installationGuideEnecsys.pdf

A very detailed teardown and reverse-engineering thread focused on the power-conversion electronics. https://www.elektroda.pl/rtvforum/topic3855360.html

Author: Maciej Grela <enki@fsck.pl>

Fediring