DangerousBatteryChargerExperiments » History » Version 10
Denis 'GNUtoo' Carikli, 12/21/2019 03:43 PM
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. DangerousBatteryChargerExperiments |
|---|---|---|---|
| 2 | |||
| 3 | h2. Messing with batteries is dangerous |
||
| 4 | |||
| 5 | Messing with battery charging is very dangerous: |
||
| 6 | * Batteries regularly explode in laptops and smartphones. The press often talks about that. |
||
| 7 | * Exploding batteries can cause dangerous fires. |
||
| 8 | * Messing with charging values can really cause batteries to explode or take fire. |
||
| 9 | |||
| 10 | So really make sure you know what you're doing if you mess with that. |
||
| 11 | |||
| 12 | This is not the usual warning that is there just because of legal requirements, in order to prevent potential lawsuits, and that tells you that the documentation may eat your cat. |
||
| 13 | |||
| 14 | Batteries issues are real. |
||
| 15 | |||
| 16 | 4 | dl lud | Read the "Wikipedia page on the Galaxy Note 6":https://en.wikipedia.org/wiki/Galaxy_Note_6#Battery_faults for a famous examples of a battery issue. |
| 17 | 1 | Denis 'GNUtoo' Carikli | |
| 18 | Here the cause was due to the fact that the battery was non-removable and that the case didn't have enough extra space for the battery. |
||
| 19 | |||
| 20 | 2 | Denis 'GNUtoo' Carikli | It's also a well known fact that messing with the battery charging values can make the battery explode or catch fire. |
| 21 | |||
| 22 | 1 | Denis 'GNUtoo' Carikli | h2. Other warnings |
| 23 | |||
| 24 | 5 | dl lud | You may also break your phone's electronics if you mess up with battery charging values. However, compared to the danger of an explosion or fire, ending up with a bricked phone is just a minor issue. |
| 25 | 1 | Denis 'GNUtoo' Carikli | |
| 26 | 10 | Denis 'GNUtoo' Carikli | h2. Why this page was made |
| 27 | 1 | Denis 'GNUtoo' Carikli | |
| 28 | 10 | Denis 'GNUtoo' Carikli | We lack documentation for the Max77693 PMIC (Power Management IC). |
| 29 | |||
| 30 | The thing we tried enabled us to gain more insights into how it worked. |
||
| 31 | |||
| 32 | In order to make things safer, we added the issues our experiments here so you don't need to reproduce them, and can just use the information we gathered with the results of the experiments. |
||
| 33 | |||
| 34 | h2. Attempts to Disable charging through I2C |
||
| 35 | |||
| 36 | 6 | dl lud | The max77693 driver in the Replicant 6 kernel has a "function to enable and disable charging":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/battery/max77693_charger.c#n403 |
| 37 | 1 | Denis 'GNUtoo' Carikli | |
| 38 | 6 | dl lud | As this driver is used on a Galaxy SIII we tried to disable the charging by setting the last bit of the MAX77693_CHG_REG_CHG_CNFG_00 register to 0. |
| 39 | 1 | Denis 'GNUtoo' Carikli | |
| 40 | <pre> |
||
| 41 | 8 | dl lud | # i2cget -f 17 0x66 0xB7 |
| 42 | 1 | Denis 'GNUtoo' Carikli | i2cget: WARNING! This program can confuse your I2C bus |
| 43 | Continue? [y/N] y |
||
| 44 | 0x05 |
||
| 45 | </pre> |
||
| 46 | |||
| 47 | <pre> |
||
| 48 | 8 | dl lud | # i2cset -f 17 0x66 0xB7 0x4 |
| 49 | 1 | Denis 'GNUtoo' Carikli | i2cset: WARNING! This program can confuse your I2C bus |
| 50 | Continue? [y/N] y |
||
| 51 | 6 | dl lud | </pre> |
| 52 | 1 | Denis 'GNUtoo' Carikli | |
| 53 | 8 | dl lud | This made it stop charging: |
| 54 | 1 | Denis 'GNUtoo' Carikli | <pre> |
| 55 | # grep POWER_SUPPLY_STATUS /sys/class/power_supply/battery/uevent |
||
| 56 | 6 | dl lud | POWER_SUPPLY_STATUS=Discharging |
| 57 | 1 | Denis 'GNUtoo' Carikli | </pre> |
| 58 | |||
| 59 | 10 | Denis 'GNUtoo' Carikli | We did that while the driver is running, as it is necessary to disable the charger register protection. |
| 60 | 1 | Denis 'GNUtoo' Carikli | |
| 61 | 10 | Denis 'GNUtoo' Carikli | However we didn't check if the driver was using that same register while we were trying the i2cset command. |
| 62 | 1 | Denis 'GNUtoo' Carikli | |
| 63 | 10 | Denis 'GNUtoo' Carikli | Such could lead to a race condition, where we read a value (e.g. 0x05) and then the driver does some stuff and changes it to 0xf5 for instance, after that we would set it as 0x04, messing up things. |
| 64 | |||
| 65 | So don't reproduce that experiment if you don't know what you are doing. |
||
| 66 | |||
| 67 | 2 | Denis 'GNUtoo' Carikli | We also didn't get any review of what we were doing here, and humans do mistakes. |
| 68 | 1 | Denis 'GNUtoo' Carikli | |
| 69 | 10 | Denis 'GNUtoo' Carikli | Also note that we don't have a datasheet for either the battery or the battery charger chip, so doing such experiments is very error prone. |
| 70 | 2 | Denis 'GNUtoo' Carikli | |
| 71 | 1 | Denis 'GNUtoo' Carikli | h2. How to properly disable charging |
| 72 | |||
| 73 | 7 | dl lud | In order to minimize the risk it would be best to have the upstream kernel review the process involved. |
| 74 | 1 | Denis 'GNUtoo' Carikli | |
| 75 | 2 | Denis 'GNUtoo' Carikli | To do that, first you need your device to be ported to Replicant 9. The Galaxy SIII already boots under Replicant 9 and uses a kernel that is very closely based on upstream. So we can even test under GNU/Linux with Replicant 9 kernel. |
| 76 | 1 | Denis 'GNUtoo' Carikli | |
| 77 | 9 | dl lud | You can then take advantage of the Linux review process to be extra sure that you didn't mess up. The max77693_charger driver available upstream already has a function to disable charging (max77693_enable_charger) but it has no way to accept the charging enabled/disabled commands through a sysfs node. Adding such functionality would allow userspace to easily stop the charging process with way less risks. |
| 78 | 1 | Denis 'GNUtoo' Carikli | |
| 79 | 7 | dl lud | Note that upstream still requires you to test (and probably understand) the code you are writing, so you still need to know what you are doing. If you don't know what you are doing, try instead to find someone who does and who is willing to do it for you. |