top of page


Public·3 members

Smart Battery EEPROM Resetter 10


In the old school Thinkpad days, charging the battery was just a matter of connecting the connector. [Mitch] decided to play around with his 2x24650-A batteries, and found a chip in the charger that checks if the battery is valid and whether or not its ok to start charging it. [Mitch] figured out that the chip would send a signal indicating battery status when its OK to start charging, and the main controller checks the status of the battery and charges it. If you have a counterfeit battery, the charger will always try and charge it anyway. If its not a counterfeit, but is somehow invalid, then the charger will just cut out.

Theres no documentation on the chip [Mitch] has found, so its hard to tell whats the difference between the counterfeit and invalid battery. The chip he took apart seemed to be powering on several LEDs on the board, so its probably just a secondary circuit that has to be powered on in order for the main chip to power up.

After [Mitch] realized his mistake, he decided to see how much progress [Matt] had made. He had tracked down the firmware on the backup battery, and had a working exploit for the non-genuine battery as well.

So [Matt] had the blueprint, but [Mitch] still had the problems of not knowing exactly whats on this board and how to modify the firmware. After some brainstorming, [Matt] stumbled upon the SMBus (Serial Bus). This allows the charger to communicate with the embedded controller via I2C, allowing him to hack into the charging process. The problem is, I2C doesnt just consist of a couple of lines that are used to write and read a byte. I2C is setup to send multiple bytes over a few cycles to ensure safety. This was problematic because by the time the 5-byte checksum had been sent and received, the battery would be fully charged and have already reached its shutdown voltage. 3d9ccd7d82


Benvenuto/a nel gruppo! Puoi connetterti ad altri iscritti, ...
bottom of page