Mac Battery Firmware Hacking

Charlie Miller reverse engineers the Mac battery firmware updater, sniffs battery communications on the SMBus, writes an IDA processor plugin (in IDAPython) for the CoolRISC 816 processor in the bq20z80, and mucks around with the its firmware.

All the source code and presentation materials are provided.

[via Dangerous Prototypes]


One comment on “Mac Battery Firmware Hacking

  1. […] But still it’s nice to have someone saying the eulogy for this strange little chip. Or maybe the reports of the CR816’s death are premature — it seems to be inside TI’s bq20x80 chip that’s used in a number of battery power monitors. Oh, the irony! Indeed, watch [Charlie Miller] tear into a battery and find a CR816. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s