From a
Youtube Video of a teardown of a Deye Hybrid, they use the TI TMS320F2802 DSP for the inverter / power section and an arm processor for the HMI.
This TI TMS320 processor family was released in 2004 time frame and it was used in Xantrex Schneider XW series in charge controllers and inverters, I know its also used in Solis inverters. I doubt there a hybrid one without, nothing else matches the price / performance.
According to the manual:
(
https://www.ti.com/lit/ds/symlink/t...ps%3A%2F%2Fwww.ti.com%2Fproduct%2FTMS320F2802)
9.1.10 Security
The 280x devices support high levels of security to protect the user firmware from being reverse engineered.
The security features a 128-bit password (hardcoded for 16 wait-states), which the user programs into the flash.
One code security module (CSM) is used to protect the flash/OTP and the L0/L1 SARAM blocks. The security
feature prevents unauthorized users from examining the memory contents via the JTAG port, executing code
from external memory or trying to boot-load some undesirable software that would export the secure memory
contents. To enable access to the secure blocks, the user must write the correct 128-bit KEY value, which
matches the value stored in the password locations within the Flash.
So (if they set it up properly) it won't be practical to try to read the current contents with just the device,
or overlay an existing load with a patch.
Haven' t read far enough to be sure, but I expect it to be possible to reflash it "like a virgin", erasing
whatever it currently contains without reading it.
So you'll pretty much need, not just a bricked device, but also a firmware load and the tools to install it.
Then you should be able to logic-analyze the update process to get the key, at least for the
particular version you're installing - maybe for the product line. (Unless the flashing tool
generates a per-device custom key...). After that you can try to analyze and modify the update
image (on external media) to make a patched one. Assuming it doesn't need to be signed
you'll have something that can debrick-and-replace-firmware on bricked Deyes.
If you can get hold of a firmware update image you might be able to decompile it and
figure out the unbricking code. Then if they didn't use good enough crypto you might
be able to make a debricking key generator.
Not easy. Maybe doable. Lot of work. How much/possible depends on how lazy,
rushed, or incompetent the guys who set up and who used the product's security design were.
Hope is not lost. Soft/firm-ware projects tend to skimp on security in order to avoid missing
the competitive "winddow" and thus the market opportunity. (That's why so many devices
have rotten security: Spend the time to do it right and three of your competitors who don't
do that beat you, get the whole market, and you're an also-ran and bankrupted.)
