SAJ Solar inverter

@BenV:
reading values over RS232 is working well, but found a wrong time set of the RTC of the inverter.
It is 7 hours ahead (chinese time) in relation to german time. With holding regsiter 8020H can set the RTC of the inverter. Do you ever did this?

Writing 569154557935168500 to the holfing register (defined a 64 bit unsigned big endian), this is 07E60B0E10052C00 in hex and shoud set the “now” time. My I do setting in the RS232 gateway to send values, writte in the holding register to the inverter?

all the best, Frank

hi Klagio,

So your AIO3 is actualy a usb-dongle (there is a usb port below), this USB port is actually communicateing in RS232 mode (not that common), so you need to identify the communicating wires the usb port uses for the RS232.

With that serial to UTP converter you can indeed converter 2 independent serial ports to utp and if your inverters work independent from each other, that would be the way to go indeed.

Just wondering if your inververters are truly working independent or if one is the slave and the other one master… if that’s the case, you should only use one rs232 port. no harm in getting of course the converter for 2 ports, you can always use only one port…

Hi Frank,

not sure on the H1 converters (i only have the SAJ battery), so your approach might work (probably one one of the inverters is the masters while the other ones are slaves, so you should connect to that master). Please note that within serial communcation (RS232 and RS485) there can only be one client (one master) polling data, you can poll different devices. The AIO3 is probably also a client, so not sure you would be able to poll simultaneouly on that (just a theory… ;-)).

good luck!

kind regards,

Ben

Good question, i never had this issue. Cannot assist here, but keep us updated on your findings! you might also ask the SAJ helpdesk on this, they were quite helpfull for me when asking about the AS1 and BS1 modbus communciation and protocols.

good luck!

Yes MAster and Slave.

Anyway project canceled, due to lack of SAJ batteries the importer suggested me to go different route

DEYE inverters and WECO batteries, the SAJ will be dismantled SIGH

hello, I’m also trying the mqtt way. for the moment I have managed to convert the buffer values ​​into readable values ​​but I have not found any correspondence to what is indicated by the inverter. Were you able to find anything?

thank you

Hello, I’m totally new to Home Assistant and their integrations, but managed to install it on a single board computer of mine. I have an H1 SAJ device and also I’m interested in exploring and reverse engineering the MQTT communication to use the wifi dongle.
Could you share some details on how to setup the MQTT broker to start getting raw data from the device, even privately to not pollute the thread?
Thanks

hi, with my mikrotik router I intercepted communications on port 1883 (mqtt) and forwarded to the nodered server. there i created a simple mqtt node and put debug to check the log

/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-address=
47.254.120.144 dst-port=1883 protocol=tcp src-address=
192.168.130.17 to-addresses=192.168.130.231 to-ports=
1883

if you have any update please write thanks

I forgot, in the mqtt node, you have to enter as topic: saj/H1_seriale_inverter/+ to view the data buffer

You can use this android apk that acts as a modbus gateway with the saj h1 s2 dongle.
It supports modbus tcp calls. The only problem is that you must leave an android within bluetooth range of the inverter and within the home wifi network.
I think it works with the SAJ AS1 too.

Hello, I find some time to setup my own environment.
I’m using armbian on a former tvbox device, in pratice it is a debian installation on arm.
I installed dnsmasq for dns forwarding and dhcp server and mosquitto as MQTT broker, plus the device is acting as a wireless access point.

Of course there are several ways to hijack mqtt traffic, one is via netfilter as you did, I choose instead to hijack the dns. The inverter tries to contact mqtt.saj-solar.com, so I assigned that DNS name to my local server;

mosquitto MQTT broker is happy to accept the connection from the inverter and the inverter publish its data with the topic saj/serial_number/realtime_data (where serial_number is the actual serial of the inverter that starts with H1S2…) with no encryption and no cypher at all. That’s bad for privacy, for good for reverse engineering.

mosquitto_sub utility also is very handy to receive, on the other side, the messages sent by the inverter, which are 1200 bytes each of binary data:
mosquitto_sub -h 192.168.16.1 -t saj/serial_number/realtime_data

The essential knowledge is that all the values are in big-endian format.
The first four bytes of the packet looks like a sequential number, which increases on each sent packet.
The second four bytes are an Epoch timestamp.

I’m just looking into the rest of the data, but the great news is that, starting from the packet address 0x86, the data looks like being mapped directly to the description of realtime data on the modbus protocol documentation of paragraph “4.3 Definitions of Realtime Data Registers”. The PDF is available somewhere in this thread in a post pointing to a telegram discussion from spanish friends.

So this little formula can be used to map the realtime data attribute from modbus protocol to the MQTT packet:
addr = ((modbus_address - 0x4031) * 2) + 0x86

0x4031 is the first modbus address that contains valuable attributes and 0x86 is the corresponding offset in the MQTT packet.
The multiplication by two * 2 is due to the fact that each modbus register contains a 2-byte word. Most of the realtime data are signed or unsigned 16 bit short integers (=> one modbus register), but some are 32 bit integers too (=> two modbus registers). I don’t see any floats around.

That formula above is just what I guessed in a quick two hour study over the documentation, so it is not written in stone and may change with further findings.

Just some quick random examples:
Grid voltage: modbus 0x4031 → mqtt offset 0x86 = uint16(2426) * 10^^-1 = 242,6 Volts
Photovoltaic Array 1 power: modbus 0x4073 → mqtt offset 0x10a = uint16(1596) * 10^⁰= 1596 Watts
Battery voltage: modubs 0x4069 → mqtt offset 0xf6 = uint16(526) * 10^^-1 = 52,6 Volts

Is it possible to start and stop charging through home assistant?

Could you elaborate on this?

I don’t know if you want to use the app of SAJ.
But there are 2 hacs integrations that read the data from the side.
1 of those integration is very new, somebody developed it and I was his first test subject for H1 setup.

No sec support yet, he is looking for somebody with that setup to get the data.

I am trying to understand if there may be some options to control charging and discharging, and then which option to go for

Modbus method:

• Ben V post
• if you look in the documentation you see ‘gridchargeenable’ and ‘griddischargeenable’. If that would allow you to control charging and discharging through HA that would be amazing
• would currently have no idea how to get this up and running, it also seems different methods are being used/proposed in this thread
• edit: actually it would seem that our spanish friends are absolutely killing it in the telegram discussion, and are even writing an extensive manual for the H1 hybrid inverter, most of which seems to be relatively easy to translate for the AS1. Link, manual

• AS1 Modbus protocol as provided by Ben V
  H1 modbus protocol

O&M portal app
Can set time for Charging and discharging there but need installer permissions. No control through HA

Palmfields method (use of back up mode for charging only):

1. Palmfields post
2. there is an app called Esaj Home, which is a new app with no link (yet?) to Home Assistant. There is an option called ‘outage guard’ there what I believe does exactly what palmfields does with the circuit breaker. Some downsides 1) you cannot control discharging 2) it does not seem to work with an end user account and you need extra permission which I do not have

Screenshot_20221222_204737_eSAJ Home1080×1934 175 KB

Just got my SAJ H2 installed and B2 10kwh will also be installed shortly.

This is just what I am looking for, I want full local control of the inverter and battery. Any tips on what I should buy and do to get this to work?

Hi all, i believe I have made some decent progress but i am stuck on the part on enable charge and discharge times

1. i have the AS1
2. i am using the modbus option as described by Ben V and the spanish guys in the manual (see above). As a result i am using a mix of yaml and node-red (which is a rework from the manual)

I just don’t know how to be able to (i) enable the charge (GridchargeEnable, 3600H in hex, 13824 in dec) (ii) i don’t know if i should also use the 3604 charge_time_enable_control (iii) how to set the time (first_charge_start_time and end time).

Could someone guide me through or help me either through yaml or node red?

easiest would be if we could just force it to start charging and set the schedule in HA through automations, but this does not seem possible

thank you!

image424×568 31 KB

@Test123 I don’t think anyone could really guide you in setting those registers, my best guess is that those are not exactly suitable to be tinkered by the end-user.
You should reverse engineer by yourself looking at the documentation and experimenting with the official apps and see how the changes reflect in those registers.
Nonetheless, I would be extremely careful changing registers via modbus.

Io per il momento mi sono adeguato con uno shelly EM (2 sensori da 50 A). I dati esportati non sono proprio precisi come quelli che rileva l’inverter. A questo punto devo capire chi dei 2 non è veritiero. Lo shelly EM è quasi un anno che è installato e non differenzia di molto da quanto rilevato dalle bollette enel. Tuttavia è abbastanza discordante da quanto rilevo ora dal fotovoltaico. Esempio:

ho 1 dei 2 sensori collegaot direttamente sulla fase del contatore, in teoria dovrebbe misurare quanto importo dall’enel, ma non rispecchia quanto indica SAJ. a fine giornata, ci sono 3-4 KW in piu misurati.

L’altro sensore è collegato al cavo di alimentazione dell’abitazione. Anche in questo caso ho gli stessi KW a fine giornata che non sono conteggiati.

Sembra che conteggia di piu.

Per il momento non prendo come veritieri i dati forniti dal pannello web di SAJ. Non vorrei che sono “gonfiati” per far vedere una produzione maggiore.