DangerousBatteryChargerExperiments » History » Revision 9

« Previous | Revision 9/12 (diff) | Next »
dl lud, 12/20/2019 05:27 AM
Clarify that the enable/disable charging is already properly implemented upstream.


Messing with batteries is dangerous

Messing with battery charging is very dangerous:
  • Batteries regularly explode in laptops and smartphones. The press often talks about that.
  • Exploding batteries can cause dangerous fires.
  • Messing with charging values can really cause batteries to explode or take fire.

So really make sure you know what you're doing if you mess with that.

This is not the usual warning that is there just because of legal requirements, in order to prevent potential lawsuits, and that tells you that the documentation may eat your cat.

Batteries issues are real.

Read the Wikipedia page on the Galaxy Note 6 for a famous examples of a battery issue.

Here the cause was due to the fact that the battery was non-removable and that the case didn't have enough extra space for the battery.

It's also a well known fact that messing with the battery charging values can make the battery explode or catch fire.

Other warnings

You may also break your phone's electronics if you mess up with battery charging values. However, compared to the danger of an explosion or fire, ending up with a bricked phone is just a minor issue.

Disable charging through I2C (don't!)

The max77693 driver in the Replicant 6 kernel has a function to enable and disable charging

As this driver is used on a Galaxy SIII we tried to disable the charging by setting the last bit of the MAX77693_CHG_REG_CHG_CNFG_00 register to 0.

# i2cget -f 17 0x66 0xB7
i2cget: WARNING! This program can confuse your I2C bus
Continue? [y/N] y
# i2cset -f 17 0x66 0xB7 0x4
i2cset: WARNING! This program can confuse your I2C bus
Continue? [y/N] y

This made it stop charging:

# grep POWER_SUPPLY_STATUS /sys/class/power_supply/battery/uevent

We did that while the driver is running, as it is necessary to disable the charger register protection. However we didn't check if the driver was using that same register while we were trying the i2cset command. Such could lead to a race condition, where we read a value (e.g. 0x05) and then the driver does some stuff and changes it to 0xf5 for instance, after that we would set it as 0x04, messing up things.

So really use with caution.

We also didn't get any review of what we were doing here, and humans do mistakes.

Also note that we don't have a datasheet for either the battery or the battery charger chip.

How to properly disable charging

In order to minimize the risk it would be best to have the upstream kernel review the process involved.

To do that, first you need your device to be ported to Replicant 9. The Galaxy SIII already boots under Replicant 9 and uses a kernel that is very closely based on upstream. So we can even test under GNU/Linux with Replicant 9 kernel.

You can then take advantage of the Linux review process to be extra sure that you didn't mess up. The max77693_charger driver available upstream already has a function to disable charging (max77693_enable_charger) but it has no way to accept the charging enabled/disabled commands through a sysfs node. Adding such functionality would allow userspace to easily stop the charging process with way less risks.

Note that upstream still requires you to test (and probably understand) the code you are writing, so you still need to know what you are doing. If you don't know what you are doing, try instead to find someone who does and who is willing to do it for you.

Updated by dl lud over 2 years ago · 9 revisions

Also available in: PDF HTML TXT