Mac Battery Firmware Hacking

by darell tan

Charlie Miller reverse engineers the Mac battery firmware updater, sniffs battery communications on the SMBus, writes an IDA processor plugin (in IDAPython) for the CoolRISC 816 processor in the bq20z80, and mucks around with the its firmware.

All the source code and presentation materials are provided.

[via Dangerous Prototypes]

3 comments on “Mac Battery Firmware Hacking

  1. Do You Know The CR816? | Hackaday says:
    19 Mar 2017 at 10:00 pm

    […] But still it’s nice to have someone saying the eulogy for this strange little chip. Or maybe the reports of the CR816’s death are premature — it seems to be inside TI’s bq20x80 chip that’s used in a number of battery power monitors. Oh, the irony! Indeed, watch [Charlie Miller] tear into a battery and find a CR816. […]

    Reply
  2. Do You Know The CR816? says:
    20 Mar 2017 at 12:48 am

    […] But still it’s nice to have someone saying the eulogy for this strange little chip. Or maybe the reports of the CR816’s death are premature — it seems to be inside TI’s bq20x80 chip that’s used in a number of battery power monitors. Oh, the irony! Indeed, watch [Charlie Miller] tear into a battery and find a CR816. […]

    Reply
  3. Alex Cooks says:
    13 May 2023 at 9:06 am

    This is a ggreat post thanks

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.