• Have you tried out dark mode?! Scroll to the bottom of any page to find a sun or moon icon to turn dark mode on or off!

diy solar

diy solar

Getting Data DIRECTLY from a Tigo TAP - is it possible ?

Which firmware version do you have ?
On that german forum they mention 3.7.7 broke something and workaround is being prepared.
 
Some tips that helped me get through this:

Reboot the Tigo first (You can do this from the physical interface on the unit). For some systems like mine, the web interface becomes inaccessible after 2 hours.

Run this command from your computer (I assume all current systems these days have curl installed) to get the firmware version:
Code:
curl --silent --basic --user USERNAME:PASSWORD --header 'Accept-Encoding: gzip, deflate' --header 'X-Requested-With: com.tigoenergy.smart' --header 'Origin: file://' --header 'Connection: keep-alive' --header 'Accept: application/json, text/plain, */*' http://YOUR_TIGO_IP/cgi-bin/mobile_api -d 'cmd=DEVICE_INFO&dev=2&ver=1'

In my case, I'm running 2.8.5-nd-bin which uses the older web "user:tigo1" USERNAME: PASSWORD for the web interface instead of Tigo:$olar


Add this to your computer's ~/.ssh/config file:
Code:
Host YOUR_TIGO_IP
    KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    Ciphers +aes128-cbc,aes256-cbc
    HostKeyAlgorithms +ssh-rsa,ssh-dss
    User root

Current versions of client side ssh disabled some of the older kex and ciphers, and this will tell the client to use ones that the Tigo is still using. YMMV here -- the firmware version I'm running is dated 2013, so it's possible that you'll need to use something else. The error you get should tell you as much.

It looks like different versions of the firmware contains different binaries and cgi-bin executable scripts. For instance, there is no iptables binary with this version of the firmware. 'http://YOUR_TIGO_IP/cgi-bin/gwfwupui' also doesn't exist.
 
More details that might help others:

If you want to use your rsa public key to ssh authenticate into Tigo instead of using a password, add this to your client's ~/.ssh/config Host block:
Code:
    PubkeyAcceptedAlgorithms +ssh-rsa

(This assumes you know how to create the ~/.ssh/authorized_keys file on the Tigo unit and chmod it appropriately.)

If you want ssh to start automatically, comment out
START_SSH=n
in
/mnt/ffs/etc/system.conf
(/etc/rc.defaults should have that set to "y" already, and normally system.conf overrides those settings as part of the inittab flow.)

If you want to disable the code that disables the httpd server after two hours, move this file into the preexisting disabled folder. Apparently they do this for security reasons, so consider changing both the root and web user passwords if you feel similarly. Given the age of the firmware, there may be open vulnerabilities to consider for both dropbear and httpd too.

Code:
mv /mnt/ffs/etc/rc.d/S800_StopAccessPoint /mnt/ffs/etc/rc.d/disabled/
 
Ok first of thanks to everyone that's contributed with code on both this and Photovoltaikform.

I've had my unit now running without cloud connection for nearly a month now (firmware 3.6.7), I have 14 panels nicely displayed in the summary page with the calendar fully working, also I've written an index.html page showing current panel power outputs in watts and each panel changing colour with % output. All the basic coding is available on the German forum.

However I quickly noticed the system was getting bogged down with high cpu activity due to compression - Bzip2 in the main
Although this didn't seem to effect my html page operation and summary it was slowing refreshing and opening of status to the point it was almost unusable, also CPU was running quite hot.

I think I've now sorted this and everything is running snappy with CPU usage in the 8-20% region.

First off i'm old school from the times of bbc basic- machine code, pascal and although I can program in C, Linux is new to me so please bare with me.

I've fitted a 32Gb USB flash drive, formatted, mounted and moved daqs, daqs_avg and netrouting to this drive.
This has now freed up the internal nand and seems to have stopped compression from running all the time. Also this massive storage should holds years of data.

First insert you USB flash and find it - /dev/sda1
Format-
Bash:
mkfs.vfat /dev/sda1
make a new directory, my one -

Bash:
/mnt/ffs/bin # mkdir USB1

mount drive-

Code:
mount /dev/sda1 /mnt/ffs/bin/USB1

copy over as required -
Bash:
cp-r /mnt/ffs/data/daqs /mnt/ffs/bin/Usb1

Check your data has copied over ok
Then delete the old copy in /data
Next add a symlink to /data

Bash:
ln -s /mnt/ffs/bin/Usb1/daqs /mnt/ffs/data

You will find this should all run well and top will show a reduction of cpu load etc.

Finally you will need to add mount to the crontab otherwise once you reboot the USB drive will not be mounted.
I have done this with a one line script and a crontab pointed to it

/mnt/ffs/etc/Usb1_mount

Bash:
#!/bin/sh

# mount sda1 (usb drive to Usb1)

mount /dev/sda1 /mnt/ffs/bin/Usb1

crontab-

@reboot sleep 15 && /mnt/ffs/etc/Usb1_mount


I have completely isolated my CCA from Tigo datacenter etc and Openvpn access, if you run offline you’re need to give access to an NTP server for time sync, don't forget you will be be voiding your warrantee. I have logged all my changes so that I can always reverse any changes I've made although going back and allowing Tigo access always comes with the risk of new firmware updates etc.
 
Last edited:
Mine was connected for days before I got control of it.

DOING THE FOLLOWING MAY VOID YOUR WARRANTY

First thing is to connect to
Code:
http://[cca ip address]/cgi-bin/shell
Username:
Code:
Tigo
Password:
Code:
$olar
I had to try several browsers before that worked.

Then you should be able to ssh into it using
Username:
Code:
root
Password:
Code:
gW$70#c

Then you want to remount the file system:
Code:
mount -o remount,rw /

The device is locked down to only respond to certain IP addresses. So we need to fix that.
Code:
echo "/usr/sbin/iptables -t nat -D INPUT -p tcp --dport 80 -j SNAT --to 10.11.1.1" >> /etc/rc.httpd

Code:
echo "/usr/sbin/iptables -t nat -I INPUT -p tcp --dport 80 -j SNAT --to 10.11.1.1" >> /etc/rc.httpd

Reboot.

Then you should be able to access
Code:
http://[cca ip address]/cgi-bin/gwfwupui
which as all the info.

I then added a bash script to push the information to Home Assistant using curl and added this as a cron job.

Mine still has access to the internet, though I have disabled OpenVPN.
First of all, thank you for the write-up. It got me quite far along.

Where I get stuck is the iptables stuff.

I seem to have an old firmware: 3.3.0-ct-5 -- it uses the user/tigo1 username/password combination.

When I try to run the iptables command in the shell, it doesn't find iptables. OK, I looked, it's in /sbin instead of /usr/sbin. Still, any of the two commands I try to run responds with:

Code:
iptables v1.8.7 (legacy): unknown option "--dport"

iptables -t nat -L -v -n responds with:

Code:
/sbin # iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 67320 packets, 9964K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 45776 packets, 6596K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1165 packets, 85516 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 1165 packets, 85516 bytes)
 pkts bytes target     prot opt in     out     source               destination

Without running the iptables commands, I can access the /summary page at my CCA IP, but I cannot access the /cgi-bin/gwfwupui page. I get "Access Denied".

Note that there is also no version if iptables in the /mnt/ffs directory structure.

Any ideas how I can proceed? I'm thinking something is weird with my version's iptables setup, but I'm not experienced enough to understand it.
 
First of all, thank you for the write-up. It got me quite far along.

Where I get stuck is the iptables stuff.

I seem to have an old firmware: 3.3.0-ct-5 -- it uses the user/tigo1 username/password combination.

When I try to run the iptables command in the shell, it doesn't find iptables. OK, I looked, it's in /sbin instead of /usr/sbin. Still, any of the two commands I try to run responds with:

Code:
iptables v1.8.7 (legacy): unknown option "--dport"

iptables -t nat -L -v -n responds with:

Code:
/sbin # iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 67320 packets, 9964K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 45776 packets, 6596K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1165 packets, 85516 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 1165 packets, 85516 bytes)
 pkts bytes target     prot opt in     out     source               destination

Without running the iptables commands, I can access the /summary page at my CCA IP, but I cannot access the /cgi-bin/gwfwupui page. I get "Access Denied".

Note that there is also no version if iptables in the /mnt/ffs directory structure.

Any ideas how I can proceed? I'm thinking something is weird with my version's iptables setup, but I'm not experienced enough to understand it.
Have you tried :-


echo "#!/bin/sh" > /mnt/ffs/www/cgi-bin/SetRoutes.sh


echo "/usr/sbin/iptables -t nat -I INPUT -p tcp --dport 80 -j SNAT --to 10.11.1.1" >> /mnt/ffs/www/cgi-bin/SetRoutes.sh





chmod o+x /mnt/ffs/www/cgi-bin/SetRoutes.sh



Then set a cron to run SetRoutes.sh at startup
 
Hey, curious if anyone has found a way to SSH into Tigo CCA running latest firmware. They killed the /cgi-bin/shell script, in the german forum somsone posted the latest shell.cgi script, which just waits a random number of seconds, then outputs "done".

So the shell trick doesn't work on 3.7.7 or 3.7.8.

Does anyone have a new trick for enabling SSH on Tigo?
 
Hey, curious if anyone has found a way to SSH into Tigo CCA running latest firmware. They killed the /cgi-bin/shell script, in the german forum somsone posted the latest shell.cgi script, which just waits a random number of seconds, then outputs "done".

So the shell trick doesn't work on 3.7.7 or 3.7.8.

Does anyone have a new trick for enabling SSH on Tigo?

Good question. I procrastinated disabling internet access of my CCA and it got updated. I'm still awaiting a fix.

All internet access is blocked now. Losing SSH and my custom cgi script to push to Influx sucks. But all my other cgi scripts are still there. Weird.

So I will have to pull the data instead of pushing it from the CCA.
 
Since http auth credentials still work I was able to add an unofficial Tigo integration to Home Assistant. I'm happy with this energy dashboard but I have some work to do to get my data back into influxdb.
 

Attachments

  • Screenshot_20240814-195929~2.png
    Screenshot_20240814-195929~2.png
    126 KB · Views: 9
Well, I messed up and didn't sufficiently isolate my CCA from the internet and the firmware got updated to 3.7.8. My IPTables update still works, but my scripts aren't running to push to HA.

No one has posted the updated ssh password yet, so I'm stuck there for now.

Hi all,

I am wondering if I can get the data from a Tigo TAP from it's RS485 interface straight into a Raspberry Pi or similar ?

It seems to me that the Tigo simply sends the Data into a Tigo Gateway and sends the data out to the cloud, so I guess it's all about knowing the format of the RS485 data. Oh, bring back RS232, it was so much easier to see data streaming !!!

Ultimately, I want to get the data rom the TAP into Node-Red running on my Raspberry Pi
Circling back around to the original question, though, someone has reverse engineered the RS485 protocol!

I haven't tried it yet, but with some work, this could probably be converted to an ESPHome device: https://github.com/willglynn/taptap
 
Circling back around to the original question, though, someone has reverse engineered the RS485 protocol!

I haven't tried it yet, but with some work, this could probably be converted to an ESPHome device: https://github.com/willglynn/taptap
Yup. Amazing progress and as a final 'f*ckyou' to the community, Tigo has shutdown their community forum because the rising number of complaints from the community about their cloud instability and loss of data.

Now if we can convince SolarAssistant to implement the TapTap metrics, I'd be back in my happy place.
 
Great job in summarising - I was following the German forum and gave up with it all just before the new PW was posted. All working in HA now too, so thanks to you all!
 
Last edited:
I just had a Tigo system installed last week. It is on my list of things to do to examine this RS485 stream, but I haven't gotten around to it yet. My plan was just to use an RS485<->USB adapter and log some of the data (should show up as a serial port). There are a few SW tools around that will attempt to parse it if it is MODBUS, but I'm not sure how useful that will be.

It seems like the more common method is to get inside the CCA and embed a script that dumps the data out of it instead: https://www.photovoltaikforum.com/thread/149592-details-protokolle-zugang-auf-tigo-cca/?pageNo=1
(I haven't tried this either yet).

I'm also not quite sure what to do with it in HA as far as visualizing it (even if I get it in with MQTT).

For those of us who don't speak german, can you give us a gist of how that works? I'd like to have local monitoring functioning
 
For those of us who don't speak german, can you give us a gist of how that works? I'd like to have local monitoring functioning
Oh, I don't speak any German, I use the translation built into Chrome.

How to do it largely depends on what FW version you are running. The old methods of access included getting ssh access to the device, but have been blocked by forced FW updates. I incompletely blocked my device from getting updated and now can't use my old method so I'm debating new ones.

I've now 100% blocked the CCA from accessing the internet through my router.

Probably the most powerful option is actually decode the RS-485 comms between the TAPs and the CCA. Someone has created a Github project to do just that: https://github.com/willglynn/taptap/tree/main. The only problem for me is that it is written in Rust and I don't have something convenient to run that on near the CCA.

Another option is to just decode the status page. Here is a Github project for that: https://github.com/ther3zz/TigoCCAParser/tree/main. I think I'm going to try to run this Python script directly on my Home Assistant device.
 
Oh, I don't speak any German, I use the translation built into Chrome.
How to do it largely depends on what FW version you are running. The old methods of access included getting ssh access to the device, but have been blocked by forced FW updates. I incompletely blocked my device from getting updated and now can't use my old method so I'm debating new ones.

I've now 100% blocked the CCA from accessing the internet through my router.

Probably the most powerful option is actually decode the RS-485 comms between the TAPs and the CCA. Someone has created a Github project to do just that: https://github.com/willglynn/taptap/tree/main. The only problem for me is that it is written in Rust and I don't have something convenient to run that on near the CCA.

Another option is to just decode the status page. Here is a Github project for that: https://github.com/ther3zz/TigoCCAParser/tree/main. I think I'm going to try to run this Python script directly on my Home Assistant device.
There' a HomeAssistant Integration already that pulls from cgi-bin/summary : https://github.com/mletenay/home-assistant-tigo It works pretty good.
 
How to do it largely depends on what FW version you are running. The old methods of access included getting ssh access to the device, but have been blocked by forced FW updates. I incompletely blocked my device from getting updated and now can't use my old method so I'm debating new ones.
What was your mistake when blocking device from accessing internet? Is there any guide how to safely install it without letting firmware update slip in? Does it randomize MAC? Search for local proxies?
 
it looks like it would only work with CCA that wasn't updated, right?
Mine was updated, I can't get root anymore, but I can still use that integration.

Perhaps it's because I made the IP tables change prior to the firmware update. I would think that if you can call mmstatus like in the TigoCCAParser, then you can call /summary, which is what this one does. Not sure, though.

Regardless, all of these feel a bit flimsy to me - I plan on replacing it with the RS485 TapTap solution, then I'll just remove the network to the CCA Altogether.
 
Regardless, all of these feel a bit flimsy to me - I plan on replacing it with the RS485 TapTap solution, then I'll just remove the network to the CCA Altogether.
but then you won't get home assistant integration work anymore, will you?
 

diy solar

diy solar
Back
Top