Enphase Envoy-S Open Ports!

If you are interested in other Enphase information the following other pages may also be of interest:
What is inside the Enphase Envoy-S (teardown)
Reverse Engineering the Enphase Installer Toolkit
Enphase Envoy-S “Data Scraping”.

Further to my last post about the Envoy-S JSON data that can be retrieved.. I did some more intrusive testing.

Several things to note. It seems that a change between the Envoy-S and the Envoy LCD changed two of the hosts to communicate over port 80 instead of HTTPs / Port 443.

envoy https change

The data exchanged over http port 80 does seem to be obfiscated in some way.. beyond my skills to try and decipher but it is a shame that the entire TLS handshake seems to have been abandoned. The reports. hostsname seems to be the hostname that is mainly communicated with. I’ve not noticed any 443 requests to the home. hostname.

Moving on from that – A port scan against my Envoy-S reveals quite a staggering number of open TCP ports:

Port 22
SSH “SSH-2.0-OpenSSH_6.6”

Port 53
Commonly used as the DNS port but doesn’t seem to respond to TCP DNS requests. Upon connection to it via Telnet you instantly get TCP FIN and the connections gets closed.

Port 80
Easy – the web interface! Doesn’t give away what kind of http daemon that it uses though.

Port 8082
Some sort of web server. Responds with an authentication request for Digest realm=”enphaseenergy.com” and the web server in use is Xavante 2.2.0

Port 8100
Another Xavante 2.2.0 webserver that instantly gives a 404 but the 404 contains the entire url requested rather than just “/”.
The requested URL was not found on this server.
This almost makes me wonder if it is some sort of open reverse proxy for Enphase to be able to then hop into accessing the IPs(?) of the Inverters for troubleshooting.

Port 9091
Exactly the same as above.

UDP Port 5353
MDNS Responder

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Enphase Envoy-S Open Ports!

  1. Pingback: Enphase Envoy-S “Data Scraping”. | thecomputerperson

  2. Pingback: Reverse Engineering the Enphase Installer Toolkit | thecomputerperson

  3. Pingback: What is inside the Enphase Envoy-S (teardown) | thecomputerperson

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s