DangerousBatteryChargerExperiments » History » Version 10

Denis 'GNUtoo' Carikli, 12/21/2019 03:43 PM

1 1 Denis 'GNUtoo' Carikli
h1. DangerousBatteryChargerExperiments
h2. Messing with batteries is dangerous
Messing with battery charging is very dangerous:
* Batteries regularly explode in laptops and smartphones. The press often talks about that.
* Exploding batteries can cause dangerous fires.
* Messing with charging values can really cause batteries to explode or take fire.
So really make sure you know what you're doing if you mess with that.
This is not the usual warning that is there just because of legal requirements, in order to prevent potential lawsuits, and that tells you that the documentation may eat your cat.
Batteries issues are real.
16 4 dl lud
Read the "Wikipedia page on the Galaxy Note 6": for a famous examples of a battery issue.
17 1 Denis 'GNUtoo' Carikli
Here the cause was due to the fact that the battery was non-removable and that the case didn't have enough extra space for the battery.
20 2 Denis 'GNUtoo' Carikli
It's also a well known fact that messing with the battery charging values can make the battery explode or catch fire.
22 1 Denis 'GNUtoo' Carikli
h2. Other warnings
24 5 dl lud
You may also break your phone's electronics if you mess up with battery charging values. However, compared to the danger of an explosion or fire, ending up with a bricked phone is just a minor issue.
25 1 Denis 'GNUtoo' Carikli
26 10 Denis 'GNUtoo' Carikli
h2. Why this page was made
27 1 Denis 'GNUtoo' Carikli
28 10 Denis 'GNUtoo' Carikli
We lack documentation for the Max77693 PMIC (Power Management IC).
The thing we tried enabled us to gain more insights into how it worked.
In order to make things safer, we added the issues our experiments here so you don't need to reproduce them, and can just use the information we gathered with the results of the experiments.
h2. Attempts to Disable charging through I2C
36 6 dl lud
The max77693 driver in the Replicant 6 kernel has a "function to enable and disable charging":
37 1 Denis 'GNUtoo' Carikli
38 6 dl lud
As this driver is used on a Galaxy SIII we tried to disable the charging by setting the last bit of the MAX77693_CHG_REG_CHG_CNFG_00 register to 0.
39 1 Denis 'GNUtoo' Carikli
41 8 dl lud
# i2cget -f 17 0x66 0xB7
42 1 Denis 'GNUtoo' Carikli
i2cget: WARNING! This program can confuse your I2C bus
Continue? [y/N] y
48 8 dl lud
# i2cset -f 17 0x66 0xB7 0x4
49 1 Denis 'GNUtoo' Carikli
i2cset: WARNING! This program can confuse your I2C bus
Continue? [y/N] y
51 6 dl lud
52 1 Denis 'GNUtoo' Carikli
53 8 dl lud
This made it stop charging:
54 1 Denis 'GNUtoo' Carikli
# grep POWER_SUPPLY_STATUS /sys/class/power_supply/battery/uevent
56 6 dl lud
57 1 Denis 'GNUtoo' Carikli
59 10 Denis 'GNUtoo' Carikli
We did that while the driver is running, as it is necessary to disable the charger register protection.
60 1 Denis 'GNUtoo' Carikli
61 10 Denis 'GNUtoo' Carikli
However we didn't check if the driver was using that same register while we were trying the i2cset command.
62 1 Denis 'GNUtoo' Carikli
63 10 Denis 'GNUtoo' Carikli
Such could lead to a race condition, where we read a value (e.g. 0x05) and then the driver does some stuff and changes it to 0xf5 for instance, after that we would set it as 0x04, messing up things.
So don't reproduce that experiment if you don't know what you are doing.
67 2 Denis 'GNUtoo' Carikli
We also didn't get any review of what we were doing here, and humans do mistakes.
68 1 Denis 'GNUtoo' Carikli
69 10 Denis 'GNUtoo' Carikli
Also note that we don't have a datasheet for either the battery or the battery charger chip, so doing such experiments is very error prone.
70 2 Denis 'GNUtoo' Carikli
71 1 Denis 'GNUtoo' Carikli
h2. How to properly disable charging
73 7 dl lud
In order to minimize the risk it would be best to have the upstream kernel review the process involved.
74 1 Denis 'GNUtoo' Carikli
75 2 Denis 'GNUtoo' Carikli
To do that, first you need your device to be ported to Replicant 9. The Galaxy SIII already boots under Replicant 9 and uses a kernel that is very closely based on upstream. So we can even test under GNU/Linux with Replicant 9 kernel.
76 1 Denis 'GNUtoo' Carikli
77 9 dl lud
You can then take advantage of the Linux review process to be extra sure that you didn't mess up. The max77693_charger driver available upstream already has a function to disable charging (max77693_enable_charger) but it has no way to accept the charging enabled/disabled commands through a sysfs node. Adding such functionality would allow userspace to easily stop the charging process with way less risks.
78 1 Denis 'GNUtoo' Carikli
79 7 dl lud
Note that upstream still requires you to test (and probably understand) the code you are writing, so you still need to know what you are doing. If you don't know what you are doing, try instead to find someone who does and who is willing to do it for you.