Battery Firmware Hacking
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 122 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/40546 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
DEF CON 1997 / 122
3
5
10
11
12
22
23
24
30
31
32
38
43
46
47
49
51
54
56
59
60
62
71
73
76
84
85
88
92
93
96
97
98
104
106
109
112
113
115
119
00:00
FirmwareHacker (term)Menu (computing)Convex hullRule of inferenceWindowChainPlastikkarteMultiplication signPlanningBackupTwitterQuicksortSoftwareLatent heatNeuroinformatikProcess (computing)Operating systemOperator (mathematics)Arithmetic progressionSoftware crackingYouTubeParameter (computer programming)TouchscreenBitRight angleFirmwareInformation securityHacker (term)InformationEndliche ModelltheorieSoftware bugExplosionComputer hardwareAsynchronous Transfer ModeCalculationMathematicsVideo gameStylus (computing)PlastikkarteAndroid (robot)Kernel (computing)CASE <Informatik>WebsiteSummierbarkeitPhysical systemLecture/ConferenceSource code
07:36
Execution unitComputer fileFunctional (mathematics)EmailOpen sourceCodeSource codeDevice driverRootData structurePower (physics)Revision controlData managementWebsiteFirmwarePlastikkarteComputer programmingElectronic mailing listNeuroinformatikQuicksortConnected spaceFiber bundleRight angleComputer hardwareBuildingOpen setKernel (computing)Lecture/Conference
09:10
GoogolDynamic random-access memoryMotion blurWeb pageUniform resource nameRankingDefault (computer science)QuicksortComputer programmingBitLaptopPasswordNeuroinformatikCodeSlide ruleNumberFunctional (mathematics)Key (cryptography)MathematicsGoogolLecture/Conference
10:57
Type theorySoftwareIntrusion detection systemDifferent (Kate Ryan album)QuicksortRight angleTouch typingSocial class
11:45
Electronic signatureLevel (video gaming)2 (number)Matching (graph theory)QuicksortOcean currentSocial classData storage devicePhysical systemLecture/Conference
12:34
Electronic data interchangeSoftwareProcess (computing)InformationRippingNeuroinformatikLecture/Conference
13:26
Total S.A.ACIDComputer hardwareRippingInheritance (object-oriented programming)Operator (mathematics)WhiteboardEngineering drawingComputer animationLecture/Conference
14:04
Diallyl disulfideComputer fileInformationSlide ruleProjective planeQuicksortComputer hardwareFigurate numberEmailParameter (computer programming)Level (video gaming)Device driverSuite (music)Degree (graph theory)2 (number)FirmwareLecture/Conference
15:20
PlastikkartePhysical systemBus (computing)QuicksortNumberLatent heatMultiplication signTelecommunicationRootEquivalence relationPlastikkarteWordCommutatorNeuroinformatikRoutingConnectivity (graph theory)Reading (process)Power (physics)PasswordDisk read-and-write headFlash memoryLecture/Conference
16:58
Wechselseitige InformationExecution unitKey (cryptography)Flash memoryNeuroinformatikPasswordMultiplication signLecture/Conference
17:43
Asynchronous Transfer ModeConfiguration spaceBootingMenu (computing)Performance appraisalSoftwareTouchscreenPoint (geometry)Flash memoryWritingAsynchronous Transfer ModeCASE <Informatik>MathematicsMetropolitan area networkFirmwareOcean currentConfiguration spaceWhiteboardSoftwareFactory (trading post)WindowVideo gameBootingNumberData storage deviceQuicksortProjective planeInternet forumSlide ruleException handlingDiallyl disulfideOnline helpThresholding (image processing)Computer hardwareModule (mathematics)Device driverRight angleLevel (video gaming)Inheritance (object-oriented programming)Computer programmingGame theoryVector potentialPerformance appraisalRoutingRoundness (object)Field (computer science)Default (computer science)Information technology consulting2 (number)BitRootComputer animationLecture/Conference
24:09
Performance appraisalComputer fileQuicksortSummierbarkeitLevel (video gaming)Software development kitFirmwareEmailEncryptionComputer programmingTrailParameter (computer programming)Configuration spaceExclusive orSynchronizationLecture/Conference
25:03
Mathematical analysisWaveComputer programmingComputer programBootingFlash memoryContent (media)Error messageQuicksortScripting languageWritingGraphical user interfaceLengthHexagonGoodness of fitShape (magazine)Right angleWordMultiplication signCategory of beingText editorBitFirmwareRow (database)Point (geometry)Computer file1 (number)GoogolClique-widthCoprocessor3 (number)Level (video gaming)Operator (mathematics)Process (computing)Slide ruleMereologyGame theoryReverse engineeringInformationFlash memoryDependent and independent variablesPunched cardBootingFunctional (mathematics)Bus (computing)Computer animationLecture/Conference
31:57
GoogolExecution unitGoogolBitHacker (term)Computer architectureGoodness of fitFlash memoryShape (magazine)Reduced instruction set computingPoint (geometry)Line (geometry)Lecture/Conference
33:23
Scripting languageCoprocessorMathematicsCoprocessorScripting languageGauge theoryLine (geometry)Flow separationComputer architectureSheaf (mathematics)CodeSlide ruleProcess (computing)Table (information)LengthBitSet (mathematics)Video gameReduced instruction set computingDisassemblerLecture/ConferenceComputer animation
34:53
BootingFunctional (mathematics)NeuroinformatikCalculationOperator (mathematics)FirmwareFlash memoryMultiplication signQuicksortMathematicsResultantRight angleComputer animationLecture/Conference
36:12
Formal verificationBootingPatch (Unix)Bus (computing)Keyboard shortcutData storage deviceSemiconductor memoryRandomizationRight angleCore dumpMultiplication signRevision controlSpeech synthesisFirmwareCodeSystem callFunctional (mathematics)BootingFlash memoryMotherboardMathematicsHookingNumberTrailWhiteboardKeyboard shortcutMemory cardLogicTotal S.A.Reverse engineeringGame controllerNeuroinformatikAsynchronous Transfer ModeFlagRaw image formatCodierung <Programmierung>Cycle (graph theory)Bus (computing)Patch (Unix)PasswordComputer hardwareBitFigurate numberComputer animation
43:24
Menu (computing)FirmwareHookingWritingLogikanalysatorDependent and independent variablesBus (computing)Right angleGraphical user interfaceInformationMultiplication signExpert systemTheory of relativityState of matterOrder (biology)Channel capacityOcean currentFunctional (mathematics)Flash memoryNeuroinformatikAsynchronous Transfer ModeQuery languageStatisticsMathematicsLecture/ConferenceComputer animation
45:18
Bus (computing)CASE <Informatik>Personal digital assistantKernel (computing)Source codeGrand Unified TheoryInformationMenu (computing)1 (number)Functional (mathematics)NumberChannel capacityGame theoryType theoryRootDirection (geometry)PasswordPatch (Unix)CodeOffice suiteCASE <Informatik>Software bugMathematicsComputer hardwareQuicksortHookingInheritance (object-oriented programming)Fuzzy logicFirmwareKernel (computing)NeuroinformatikSource codeMultiplication signSerial portWordMalwareSlide ruleSystem callScripting languageSingle-precision floating-point formatOcean currentComputer animationLecture/Conference
Transcript: English(auto-generated)
00:00
All right, so if you can tell, if you follow me on Twitter, I have a terrible cold. I've had awful DEFCON. I've been sick the whole time. I didn't get to play soccer. I've been sober for 72 hours, and I can barely talk. So I'm going to do my best and bear with me. But I do have a backup plan. So here's my backup plan.
00:22
Let me see here. If I start to phase out here, you'll hear this. Welcome to my battery hacking talk. Is that good? Should I do that instead? All right, I'll try it. If I get too nasally, I'm going to go back to the computer. So hopefully that won't happen. So who am I?
00:40
And sorry about the screen. I guess they had to move it up so people in the front could see. So I used to work at the NSA for five years doing secret stuff. And then when the iPhone came out, I hacked it. And when the Android phone came out, the G1 phone, I hacked that. One phone known the last four years, I've been sporting the stylus jacket. So if you see a guy wearing a white jacket for some reason,
01:01
that's probably me. So everyone who won this year got the jacket. For some reason, I'm the only one who wears it. I've written a couple books and that sort of stuff. And then the most important thing is there's an InfoSuck comic that has my name in it. So I feel pretty cool about that. Although I don't understand this particular comic, but maybe that's because it's about me.
01:21
So why am I here? Why did I decide to do battery firmware hacking? So last year, I came to Black Hat and Def Con and I saw Barmy Jack's talk. And I thought it was really awesome. So I was like, this is cool that it's easy to explain to someone. You walk up to an ATM and it gives you money. This is what it's all about.
01:41
It's not like, hey, I can make calculator pop up on your computer. It's just not impressive. And that's what I usually do. And I usually do less impressive stuff than that. It's like, I can make this bit change or something. So then I was like, I need to do something cool like Barnaby. So I came across this YouTube video of this computer catching on fire and the flames just going feet high.
02:03
I was like, I want to do that. So I set out in September last year, right after Black Hat. And I was like, I'm going to see if someone remotely could blow up my computer. And you're going to find out I actually didn't do that. But I made a lot of progress. And so it's sort of interesting anyway.
02:20
And maybe someone who's a little smarter than me can actually finish it up for me. And also, I'm kind of a chicken. So you'll see about that too. So this is the spoilers. Despite what you might have read in the paper, I actually didn't blow up anything. Mostly, well, you'll see. There's a lot of layers of security. I totally bust one of them. And then I got kind of scared.
02:41
So there's all these parameters you can switch. And you got to charge it and discharge it and maybe overnight. And I work out of my home. So anyway, it's kind of a chicken shit. But you'll see that it's kind of cool. So what's the talk about? So mostly, I'll start out with a little sort of intro on how batteries work and that sort of thing.
03:01
And then I'm going to basically tell you the story of seven months of my life looking into this. And it's mostly a story about a guy who's good at software hacking who tried to do hardware hacking. So the good thing about that is probably not you guys who are in hardware hacking village, which I should actually go to and hang out.
03:22
But the guys who do software, you'll probably learn some stuff, hopefully, about how to do hardware because that's what I had to learn. And then at the end, I'll talk about the so what question. Since I didn't blow up something, what did I do and what could I do? So when I started this whole thing, I didn't know anything about batteries or chargers or really anything about hardware.
03:41
So I'm giving you a little bit of a spoiler here just to sort of make sense of where I'm going. But I didn't know this when I started. So there's this document called the Smart Battery Specification. And what it does is it outlines exactly how batteries and chargers and computers are supposed to communicate with each other. And so this sort of justifies what I went after.
04:03
So it says, safety is the primary concern. It's great. The primary concept is that the primary intelligence is supposed to be in the battery itself. So the computer's smart. It doesn't have to be. The charger doesn't have to be smart.
04:20
What's supposed to be smart in this whole thing is the battery. So the brains are supposed to be in the battery. And the reason is because when the battery knows the most about the battery, so it knows how much charge it's got and it knows how much it's got stored in it. It knows what its temperature is. It knows what kind of chemistry it has. So the battery is supposed to be the brains of the operation.
04:42
And everything else is supposed to rely on that. And so that's why I attack the brains. So I'm going to go after the little chip on the battery. So what are smart batteries? I just thought these were like Duracells. They're Duracells with a chip, or actually more than one
05:00
chip you'll see. So there's chemistry cells, and then there's some chips. And its main job is to make sure that it gets charged and it doesn't blow up. And if you have a MacBook like me and you hit the more information about your system, you end up with a screen that looks like that if you can read it.
05:21
And on this one, when I started, it didn't say this. But on this one, actually, if you look, it says device name BQ20Z451. That's the model of the chip from Texas Instruments that's on this battery. But anyway, this information is obtained from the battery by the operating system asking the battery and the battery telling it.
05:41
So what could go wrong with a battery? So you could make their battery not work anymore. And this is super easy. I do it all the time, never on purpose, though. And then you could reprogram it to Y, and this is what I do. Maybe this would allow what the engineers call
06:03
thermal runaway, and I call like explosions. But I didn't do it, so I can't say. And then the other thing is you can imagine just talking to, you know, have the battery talking nonstop to the OS, like a Dan Kaminsky DEF CON talk. And then eventually, the OS is going to get bogged down.
06:22
Dang, everyone loves Dan Kaminsky. At Black Hat, that would have nailed it. So and then you could imagine it also, if there was a bug in the kernel, it could actually attack the kernel from the battery. And you figure, like, Apple can barely write secure software when they know someone's going to attack them. But when they're like reading values from a battery,
06:41
they really probably didn't pay attention. And then you're also on the same bus as like a TPM chip or the BIOS. So you could sniff all sorts of other interesting things that you wouldn't normally have access to, because you're at this other spot in hardware. So these are things that you might be able to do with this. OK, so the story was, again, after Black Hat, I sat around mopey trying to think
07:01
of something interesting to do. And eventually, I was like, yeah, let's see if I can blow up a computer. So I was like, well, you know, I wish I knew something about hardware. So I said, I know I have a computer and I have a battery. What else? Well, let's just use Google. That's what a lot of this talk is. I don't know what I'm doing inside Google stuff. So in this case, I Google MacBook battery firmware.
07:20
That seems like a reasonable thing to start. And sure enough, the very first hit is about a firmware upgrade that Apple put out in 2009. And I was like, sweet, it's software. I can look at this. I understand this. So I downloaded it, checked it out, reverse engineered it. And I found out a few things. So one thing is that the computer's
07:42
trying to talk to the battery. And it just wraps this function, ioconnect method structure is structure zero function over and over and over. It just keeps calling this. And it turns out this is a function that you use in OS X to talk to kernel drivers, like kexts. So this is the way you do it.
08:00
And the particular driver they're talking to is called Apple Smart Battery Manager. So your userland program, it has to have root privileges, but it doesn't have to have wires plugged into the hardware or anything. It can talk to the battery by calling this method. So I was like, OK, cool.
08:20
So I noticed that there's this sort of associated source code bundle on the Apple website called Apple Smart Battery. Actually, it's called Power Management Package. You can download it. It has some cool source in it, but it doesn't build. They give you enough just to say it's open source, but not enough to actually use it. But the cool thing is they have a bunch of header files, and you can start to read some interesting stuff about some
08:42
of the commands that this firmware upgrade is doing. So what's the firmware upgrade do? Well, based on that header file, I can see. It does things like it looks at the device name and compares it to a list of things to see whether this is something it should be upgrading.
09:00
Looks at the firmware version. Looks at the pack lot code, again, making sure it's the right one to upgrade. And then some things that it's not in the header files. I don't know what those things are. And then I came across this. And I was like, that's weird. It doesn't look like the rest of the program. Instead of just calling that function over and over, it's got these weird numbers, like 414 and 3672.
09:21
These stick out to me. I wonder what that is. So I was like, well, I don't know. I'll Google. So you Google that number, and the very first thing is it's like the default is 3672-0414. And it's like this is entered by sending the data, 414 to address 0. And it's like, look back at here. Oh, look, that's what it's doing.
09:41
And then it's like, and then immediately after saying 3672, that's exactly what it's doing. So what does it mean? And then you can look down a little bit, and it's like the default code is set to unsealed to full. And it's like talking about all sorts of stuff. And so you Google a little bit more. And I come across this document from Texas Instruments that talks about the unsealed key is
10:01
this magical number I see. I was like, oh, OK. It's like unsealing the battery. And then I was like, oh, look. There's this other thing called full access key. That sounds even more important. And it's FFFF. I was like, well, let me try that. Hey, it worked. So this is basically the whole talk is a slide.
10:23
They use this chip, and you can download the spec. And they didn't change the passwords on it. So it allows you to, and this is on every Apple laptop I've ever seen. I have a bunch of them. And apparently, there's a bunch of other computers that use the same chip. But I don't know if they have actually changed the password. So I mean, the chip's OK.
10:41
It's just Apple was stupid and didn't change the passwords. So anyway, so now I was like sort of in business because, A, I know it comes from Texas Instruments because that's where I got the dock from. I know Apple is dumb, but I already kind of knew that. And then that's where I'm at right now. So I'm feeling pretty good. But I still don't know exactly what chip. I just know it came from Texas Instruments.
11:02
So I had to figure out what that was. And you should know by now that I could have just opened the battery and looked at the chip, but I'm totally scared to touch stuff. So I still wanted to find a new software way to do it. And so what I did was, there's a way you could query the battery for particular types of data with these different what they call subclass IDs. And so I just did that.
11:21
I said, OK, give me your data for subclass ID 0, 1, 2, 3, 4. And it would give me a certain amount of data for each one. And all the Texas Instruments chips, they have documentation on what that's supposed to return. And each one returns something a little bit different. And so I just saw what mine was. And I looked at every single doc to see which one had sort of the same kind of,
11:40
it returned the right amount of data. And I found out what chip it was by doing that. It's a Texas, oh, right here. I won't give away the store yet. So anyway, this is what mine returned. Subclass 0 was 22 bytes. So you can see what kind of stuff this is. This is the kind of stuff you're messing with now that you probably shouldn't be. So it says, first level safety is subclass ID 0. So it returns 22 bytes.
12:02
Subclass ID 1 is first level safety current. The other one was voltage. And then you keep going. Then you've got second level safety, and second level safety current, second level safety voltage, and so on. And it turns out it matches exactly this Texas Instruments chip called TI-BQ20Z80.
12:22
And so all the MacBook and MacBook Airs and MacBook Pros and all these have some sort of chip really close to this. They're not all necessarily the 20Z80, but all the stuff I'm talking about all works on all of them. So that was my totally weenie way to figure out what it was. And then eventually, my guy was like, well, I should at least get my hands a little bit dirty.
12:42
So I took a battery, and I ripped it apart. And so if you take a battery out of your computer, it looks like this. And there's these little screws. So you unscrew it. And then you just rip off the plastic part. And this is what you see on the inside. So you've got six lithium polymer cells. And then on the end, like over here,
13:03
is where all the electronic stuff is. So then you rip that off. And it's like, whoa, there's lights on, and I'm touching it. For a software guy, it's really just creepy. So there's chips and stuff. Then you can open it up even more. And then you can start to read the labels on the chips. So there's one that's called BQ29312.
13:21
You can download information about that. His job is basically it does safety stuff. And then so this talk, there was a newspaper and all that stuff. And Travis Goodspeed, who's like a total hardware nut, just because he's curious, he takes one of his batteries, and he rips apart the chips.
13:42
He puts an acid bath and x-rays it. And this is some pictures he did, just because he's a super curious guy. So this is what the chip looks like under x-ray. And then on the other side of that board, you've got the BQ20Z80, which is the brains of the operation, and then this other chip, 29412, which is another one of these chips that does safety checks.
14:04
And then here is the BQ20Z80. Thanks to Travis for these pictures. Pretty cool. So anyway, so the BQ20Z80 is the main brains. That's the chip you can talk to through that driver. The other two chips you can't talk to directly. They're in charge of some safety stuff.
14:22
But what you can do is you can set the parameters in the 20Z80, and it will push out those parameters to the other chips. So you can configure those other chips. You just can't talk to them directly. But that's all you really need. So you can say, oh, yeah, you're in charge of the second level safety suite. Don't go off until you're at 5 million degrees, and then everything's bad.
14:41
But until then, it's cool. So you can still mess with those other chips. Oops, I skipped this slide. So this is the show again. It took me that long to figure out what kind of chip it was. Actually, if I were to pay attention to the actual header file, they'd tell me exactly what it was. Oh, well. That's why we do it. And that's why it took me seven months instead
15:01
of my normal project, which is like two weeks. All right, so where am I at now? I actually took it apart, so I know what kind of hardware it is. I can download information about it. I can see how this firmware updater talks to it, so I can probably figure out how to talk to it. But I don't really know what kind of things to say to it.
15:21
So back to this document, the smart battery specification. It describes exactly how this sort of communication works. So there's three components. There's the battery, which is in the middle, and that's what we've talked about so far. There's the charger, which is this thing that decides somehow how much charge to deliver to the battery or not to charge it.
15:41
And then there's the host, which is like the computer, the thing that needs to get power. So basically, this is the way they can communicate. It's on this bus, the SN bus. And the SN bus is based on I2C, which Steven Ridley gave this really cool talk about. There's lots of things in the electronics world based on I2C.
16:02
Anyway, so they talk to each other. And it's sort of complicated, but I wrote this API that makes it easy to talk to the battery. And I released it. You can download it and play with your battery. But just be careful that you don't break it. Or at least don't blame me.
16:20
You can break it if you want. So anyway, so you can do things now like read a word, like read the serial number from the thing. You can unseal it if you know the password, which we do. You can write a word, so you can change what the manufacturer date was. You can change the device name, which is what I'm doing here. And you can read data flash, which is like all that stuff I was talking about about getting
16:41
the ID and stuff. So here I'm reading some data flash, whatever 57 was. I don't know which one that is from the time I had. Then you can get full access, which I'll talk about in a minute, which is the equivalent of root or whatever on the battery. And then you can seal things back up when you're done. So what kind of things can a computer or can we
17:04
say to the battery? So there's this document that says exactly what to do. So there's these things called standard commands, which is the first column. You can do things like ask it what its temperature is, what its voltage is, how much charge it wants, stuff like that. And then there's, in the next column, extended commands.
17:21
So these are things like a little more complicated. These are things you need more privileges to do. You can set passwords. You can control the FETs, which is the little thing that physically closes to make electricity run instead of battery. And then keys and all that kind of stuff. Then there's this data flash. This is all just like data that you can configure the device with.
17:43
So there's lots of interesting things you could imagine playing with. So you can change the chemistry. You can change all these thresholds where bad things are supposed to be happening. And so I did that. The first thing I do is like, hmm, how about no overvoltage protection?
18:02
Let's change that. But what happens is the battery still, it gets its charge and it knows when it's done and it stops. So just changing those thresholds, those are like safety features when things go wrong. But if you don't make things go wrong somehow, then you don't need those thresholds. They're not ever hit. So you have to do something more.
18:23
So we talked about how we can unseal it, and then we can get full access. But there's other modes that are even more powerful. So there's like boot round mode, which I'll talk about in a second. And that gives you very low level access, like you're the TI guy sitting in the factory. So these are all the different modes
18:40
that you can put the battery in. So sealed, that's how it's supposed to ship from the factory. Let me see if I have slides. Yeah, I'll just go in. Couldn't remember. So the problem with this talk is at blackout, it was 75 minutes, and now it's 50 minutes. And I can't remember for sure what I cut, so bear with me. OK, so sealed, I guess I thought this was really important because I didn't cut it. So it comes from the factory.
19:01
You're not supposed to mess with it. This is how your batteries are supposed to behave. You can't change anything. You can't configure it. You can't do anything. So you can only do the standard commands, which was that first column. And even there, you can only read them. You can't write to those, so you can't set anything. If you unseal it, which is what the firmware upgrade did, so in a sense, it wasn't bad
19:22
that they used the default unseal command because I could have just reverse engineered anything they chose. The bad thing is that they sort of gave me the idea to try the default for the full access, and then they did change that. Anyway, so in the unsealed mode, you can then access some of the extended commands. You can read the data flash and write the data flash. At that point, you can start to do some real configuration
19:41
of the thing. And this is, again, what the battery firmware upgrades go to. So full access mode, then you have all SPS commands. So again, this is like a root. All SPS commands, you can write to any of them that allow you to write. You can enter these other super-privileged access modes, boot ROM and configuration mode.
20:00
And the Apple firmware upgrades don't even need to access that. So one of the modes is called configuration mode. And this is basically the way that you can configure all the little internal sensors and stuff. So the little internal sensor might think it has 2,000. So it measures the amount of current passing into it,
20:21
and it thinks it's 20 milliamps. But really, it's 22. And so you tell it that, and then it reconfigures itself to know that, oh, yeah, that was 22. And so you can imagine definitely screwing with it in this mode. I didn't mess with that mode. So the things you can configure are number of cells. So that means like six in this case. How much current that you're giving it, how much voltage it has, and what its temperature is.
20:40
So these are the things that this document I found tells you to do. I was like, gee, I wonder if there's any other calibrations you can do besides those, because this sounds like really fun. And I don't know. And it turns out if you Google, like, what other calibrations for BQ20Z80 besides temperature, voltage, Google actually doesn't help in that case. So I just went to the store.
21:00
So I asked the Texas Instruments people. So I said, so I get on the board, and I'm like, hi, yes, can I do anything besides this? And this really nice employee named Jackie writes back. She's like, no, only current, voltage, and temperature. I'm like, OK, thanks. And the only reason I put this up is I think it's really cool, because they have these
21:20
message boards there, and you earn points, and it's like a video game. And I have 105 points at this point in this game, and it says I'm a prodigy. And I like that the game realized that while I don't know much about batteries, I have a lot of potential. So I felt really good about that. OK, so then the other mode that I deal with a lot
21:43
is called boot route mode. And this allows low-level access. And in the regular document that talks about SPS, it doesn't talk about this at all, because really, you're not supposed to be doing this unless you know what you're doing. And obviously, I don't. So I had to buy some hardware to help me out. So, and again, this is something I bought
22:00
just to help figure out things. You don't actually need this to do all the sort of attacks I talk about. So anyway, I bought this evaluation module. And it's basically the same exact thing that's on the battery, except it's like a big board. You can look at it, and you can play with it. And the most important thing is it comes with Windows software that talks over USB to the chip, and we'll program it and stuff.
22:21
And so I can just sort of emulate what it does. So this is what it looked like at my house, sitting on my dusty floor. And then you'll also notice there's this Radio Shack device that I bought there. And I was like, well, I'm a child of the 80s or whatever. So I was like, those dudes at Radio Shack, they know a lot. So I went in there, and I was like,
22:40
so I was sort of hinting around at my project. You know, I'm like, well, you know, I work for a consulting company, and we're evaluating the safety of batteries. And tell me about batteries, and what do I need to test batteries? And the guy was like, I don't know. Dude, can I interest you in a mobile phone, you know? So it was not helpful at all.
23:01
So yeah, it was amazing. But there's a lot of people that still shop there, surprisingly. So anyway, here, this is what the software looks like. And this is where I got the little guy for the title screen. I think it's really cool. They have like a mascot for battery technology. It's like Clippy with a backpack on.
23:22
So this is what the screen looks like. And this allows you, like the Ragui, to change all the SPS commands, and it shows you all the bit fields and what they mean and stuff. And so here's the data flash. And again, it tells you what each one means, what the value is, what to change it to. But of course, the first button that I push
23:40
when I see it is the Pro button, right? So it says like this. This screen is only for advanced users. And I'm certainly an advanced user. So it lets you do things like send raw commands. And then the best thing is it lets you flash the firmware, which is something I really wanna do. So then what I wanted to do
24:02
is see how it's doing all these things and then write some, you know, write a driver or something for OS X to let me do it. Unfortunately, it's a Windows program, and I'm trying to do things on Macs. But anyway, the evaluation kit comes with this SREC file, which has the firmware on it. And so I wanna reprogram the thing
24:21
and sniff what it does to know how to talk to it on this little level, because there's no documentation I've seen yet that tells you that. So I Google, I look around, and there's this SREC file. It says it's an encrypted, or the sync file. That's what the E-N-C is for, encrypted. So it's an encrypted SREC file. And so like I reverse engineered the encryption. It's like XOR.
24:43
But you know, to give it some credit, it's not just XOR with a byte. It's like XOR with a byte and the previous byte. So it's like, you know, sort of fancy. Anyway, the firmware file has header stuff. It has all the data flash. So those are all the configuration parameters. It has all the instructions
25:00
and then a bunch of checksums and stuff. So I wrote a Pi debug script to intercept the USB traffic. And then I could see exactly the sorts. And then by comparing it to the things I saw when I would just do a single byte write and all that kind of things in the GUI, I could figure out sort of what was going on. It's like, for example, I figured out like,
25:21
oh, to read a word, apparently you send the command eight. To write a word, you send the command four and so on. So then I'm back to Google, right? So I Google smbus bootrom read eight, write four. So it's like, I don't know how anyone did any research before Google. And no, Google did not pay me for this talk. I should have, you know, had Microsoft pay me.
25:43
I could say, yeah, I used Bing. Bing did it for me. So anyway, I came across this document that talks exactly about like how to do talk in the bootrom level. And also it talked about how the firmware and the instructions were laid out. So that was like really useful too.
26:02
So now when I sniff the reprogramming, I see these are the steps it does. So it erases everything, instructions and the data. And then I can see like how much data it expects. And then it reprograms row by row the data. And then it reprograms the instructions. So there's 300, hex 300 rows of instructions. Cool.
26:20
And then I can see the data too. So like I could piece together by the data it's sending what the firmware looks like. So I pretty much understand now how to write in bootrom to reprogram it just by sniffing. I could probably figure out how to read, you know, how to dump the firmware. But at this point in the story, I haven't. I could get the data flash.
26:43
But the problem is, so I could either have the firm, I could either probably dump the firmware or I could just watch the firmware being uploaded from the SREC file. But I don't know like what the hell is in there. So that's the next thing I want to do. So I want to disassemble it and like reverse engineer see how it works. But the problem is I don't know what kind of chip it is.
27:01
All right, I know Texas Instruments makes it but I don't know what kind of like, you know, assembly it takes. So, you know, I do this stupid thing which is I load it into IDA Pro and I select each processor one by one and see what happens. And they all suck. So it's none of the ones that are in IDA Pro. So I'm back to asking Texas Instruments.
27:20
So I'm like, hey, does anyone know what kind of, you know, what kind of processor this is? You know, thank you. And I try to be like really nice. And I'm like, you know, and I'm not lying. I'm saying I'm Charlie Miller. You know, if they Google, they'll see who I am. And you know, so I'm just, my approach is just to be nice and hopefully Jackie will give me a nice answer. But instead of Jackie, this time I get this asshole named Doug Williams
27:42
and he says proprietary. That's it, one word answer. I'm like, don't you know I'm a prodigy? So anyway, I'm like, oh, thank you for your kind response. Can you give me a little more information? Like, do you mean this is something you just don't wanna tell me?
28:01
Or do you mean like you made this in your basement and like no one knows what the hell it is? And he says, this is the first thing. We have customers, you know, Apple probably, who create their own firmware. But we don't disclose this data because we wanna protect our intellectual property. Sorry. So I'm like, well, okay,
28:22
I'll just steal your intellectual property. So I just take the binary, I stick it into hex editor and I just start staring at it, right? Like this is the worst job in the world. And actually someone asked me about this part and when I gave this talk in Black Hat and they were like, wow,
28:40
you like some kind of genius for looking at this? I'm like, no, this is the beauty of like, you know, the cooking show where the guy like throws much stuff to six in the oven. They're like, hey, it's done, right? So like, this was like really hard but in the slide deck it's like, oh yeah, it was this, oh, it was so obvious, right? But this was actually like, took me like a week, it was really hard. But you know, for your benefit, it looks like really cool, like I'm awesome.
29:01
So anyway, so what do you notice in this? Anyone wanna beat me to the punch? So is there anything special? Can you read the bytes at all? Anything stick out? Oh, I already said, don't look at that bullet if you wanna play my game. All right, so you'll notice there's threes, right? That's the only thing that you really notice is there's some threes.
29:21
Okay, cool, threes. And anyone notice like, you know, something special about the threes? Sorry, well, they're spread out a certain amount. So it turns out the threes are separated by two bytes each. So it's like, oh, well, that's sort of interesting. So that's like, well, maybe then it's aligned somehow
29:41
on, you know, three byte widths. So you know, adjust the hex editor a little bit and then you start to look, hey, look, sure enough, if you look down these columns, there's this feature that the high nibble of the third byte is always zero, one, two, or three.
30:00
Okay, so maybe, and then you can see this is true for all the columns. So maybe this is a 22-bit word. So I gotta find some sort of chip that has 22-bit length instructions and maybe I'm in good shape. And you know, that's probably pretty rare. Okay, and then the final clue was I looked
30:20
at the end of the firmware. And so what you see here is the very last, so there's lots of these things at the end that say 3FFFF, and the very last thing before that is 23FFFF. So here's the 23FFFF. Can anyone, like, what would you think would be the very last instruction in something that you disassembled?
30:48
Ah, see, I am smart. I knew the answer and I don't think I've heard the right answer yet. Keep going. What's at the end of, like, big functions, little functions? Return, right. So I'm like, well, maybe this is a return
31:01
because, you know, that's how I end my functions. And then any guesses what 3FFFF is? What's that? Oh, I heard it. So like, what do you put at the end when you don't wanna do anything? No ops. So that's what I'm thinking, right? So no op, no op, no op, no op, no op, no op.
31:21
So let's see if I'm right. So the first thing to see if I have, maybe I'm just like totally crazy. So I was like, well, let's search for this thing that might be returned in the whole file. Okay, so there's 410 times it shows up. Cool. And they're all sort of like randomly spread about. Well, also cool. And also, I'm very happy to say
31:41
that they didn't like encode or encrypt the firmware. That would have really made this sort of analyzing in a hex editor harder. So anyway, you know, I'm pretty sure this thing's a return by now and those other things are no ops and I know 23-bit instructions, so probably that might be enough to go back to my best friend Google. But my Google foo was weak. I could not find it.
32:02
But my coworker, Dionne Lozakis, he came up with a Google search that did work. So he searched for 23FFFF, 3FFFF, 22-bit. I don't know why I didn't think of that. So anyway, I come across this document, you know, to be fair, to show how hard this research was, it wasn't the top hit, it was the second hit.
32:21
So you see things like it says blah, blah, blah, 23FFFF is a no op, you know, return is 23FFFF, so like this is pretty much business. So you look in there and it says something about CoolRisk and then you Google for that and you come across the document and you find out that the BQ20Z80 is a CoolRisk C816 chip, or at least something so close that it doesn't matter.
32:44
So at this point, we're in good shape. So I can read all about it. And yeah, so who saw Hackers last night? It's a great movie. And you know, this is the best line, I think, from it. Angelina Jolie talking about risk architecture is like a total awesome thing.
33:04
So anyway, so this particular chip, it's 8-bit. It has this Harvard risk architecture. You can see the data flash, 64K, 64K flash instructions, each 22 bits. There's 8-bit registers, and of course, IdaPro doesn't support it.
33:23
So, you know, this is what the registers look like. And luckily, since it's risk, and risk is gonna change everything, that there's not too many instructions, and so this is what they are. There's like, you know, 40 or something. And so basically, all you have to do, if you like IdaPro like me, is go in and you can write in Python
33:41
an IdaPro processor script and tell it what each of these instructions means and what it looks like, and then it can disassemble it. That's what I did. So this is, you know, another two weeks of my life in one slide. So you just go in this table in the document. It explains exactly what the bits are. You translate it into Python. And then you've got a new setting on your IdaPro
34:02
that says Texas Instruments Gas Cage BQ20C80. And this is all released too, so you can download it and disassemble and see how these things work now. Oh, sorry, you can't. They're proprietary. So anyway, now if you pop in IdaPro, it's RISC, so you have to make a separate data section for it
34:23
and then you're good to go. It'll disassemble. But the problem is that it didn't do that great a job. But I just can help it out. So I know that the instructions are fixed length. They're all gonna be three by a line. So I just wrote a Python script to go through and disassemble every single instruction. And I know that that can be any data
34:41
because of the RISC architecture. So now I'm in business. It disassembled the whole thing pretty much and I can start reading it and seeing how this is code on the battery, what it does. So if you can see that, so basically this is some function that takes in those SPS commands
35:00
that you can ask for the temperature and stuff. It does the operation and it sends it back to the computer. So this is exactly what we would kind of expect to see. So this one, if you can see it, so the one on the left, it says, so it's SPS command 21, which is the device name. So it does some calculations and then sends it back. This one is 20, which is like the manufacturer name,
35:21
sends it back and so forth. Okay, cool. So where are we now? I can disassemble the firmware. I know what's going on in the battery, but it turns out things are gonna go wrong for me very soon. So I can disassemble it. I can dump the flash, cool. What else can I do?
35:41
Oh, so then I start to dump the flash, right? And I notice that I'm not getting identical results when I dump the flash each time. And that's sort of weird, but eh, whatever. And then the bad things start to happen, right? So then I was like, well, let's make some changes to the firmware. That's really what I wanna do. I do it, the battery doesn't work anymore. So that's bad.
36:01
The other thing wasn't so bad, but this is bad. If I tried, so I was like, well, maybe you have to do exactly what the Texas Instruments GUI does. So I do exactly what it does, bricked. So I'm sort of stuck. And so I start to, you know, I get on the Apple Store and I start ordering these batteries because I'm going through them so quick. Faster than they can ship them to me, I'm bricking them.
36:23
So, and they're like $129, they're pretty expensive. So I have a ton of these things. And I have just piles of them in my house that don't work anymore. So it's a very expensive hobby. Lucky I have a corporate credit card. So I had one idea. I was like, hey, I got an idea.
36:41
They have it like on eBay. They sell these batteries that, you know, some dude in China makes in his basement. And, you know, they, let's buy one. Maybe it's the same thing and then it'll be cheaper. So I bought it and yeah, I looked at it. It's got the Texas Instruments chip. As far as I can tell, it's pretty much the same. But he changed the password on it. So I couldn't hack it.
37:07
Yeah, so anyway, so the $40 battery was like super safe. I was like, well, well. Okay, so to start to fix my problems and stop buying batteries.
37:20
I like, I wondered if like the Apple store like tracks this. It's like, this guy has bought like 10 batteries. What's he doing? And then like, you should have a special like, and he's Charlie Miller. You know, he hates Apple. He's up to something. So anyway, it turns out by experimentation, I found out that when I do the reads from the firmware, they're not always reliable
37:41
and they don't air out or anything. They just return like random crap sometimes. And so what I did is now I just have, I changed the API that I wrote to like, it reads it a few times and it makes sure that it always agrees and then it's okay. And so once I do that, then everything starts to go much better for me. So I can, you know, consecutive dumps to the firmware, like agree. So this is good.
38:02
All right, so then the next problem. Oh, by the way, this is like the worst thing that ever happens to me in my research, if you can see it. The little X on the battery. So when you see that, that means you're screwed. So that means you bricked your battery. Well, if you're doing my stuff. Otherwise it just means you probably don't have it plugged
38:22
in quite tight enough. Oh, the other thing, so speaking of the Apple store before, so the one thing you can do from this research, I didn't blow up batteries, but I know how to like manipulate them. So if ever anyone has a battery that isn't covered under warranty anymore, I can hook you up. So I can, you can go in and you can change when it was manufactured.
38:40
You can change how many cycles it's ever seen. So you can make it look like it's like five days old. You're like, dude, I just bought this battery like five days ago and it's not working. I don't know what the problem is. It's good, so I help out the community when I can. All right, so then I start, so now I'm confident I can read firmware
39:01
and I can write firmware, but still it's not working. I'm getting this stupid X that says I've done something wrong. And so I look at the traffic and I figure out what it is. And it turns out that it's this particular flag is set, the data flash failure flag, total failure. So you read it, blah, blah, blah, and it's like, number one, after a full reset,
39:21
the instruction flash checksum does not verify. Ah, crap, there's a checksum. I've messed it up. So I need to figure that out. But luckily I have the firmware so I can reverse engineer how they do that. So it turns out that there's these particular functions that I can't change that are in the ROM. And one of them is in charge of computing the checksum.
39:42
So I just need to figure out who's using that function. And in IDA Pro there's only two references to it. One is to some SBS command that Google will tell you has something to do with checksumming. And the other one is some function I haven't seen yet. So that's my candidate. So I check that out. If you look at the IDA Pro double that, it does something like it reads in four bytes
40:03
from data flash and then it compares it and if it's zero, these four bytes are zero, then it just goes to the end of the function. Otherwise it switches the ending in this, calls the checksum and then compares byte for byte if it's true. And if it's not true, it goes to the bad code. And if it is true, if they do agree,
40:21
then it goes to the end of the function. So anyone have an idea what we should set those four bytes in memory to? Zero, right. So if you set it to zero, then it doesn't compute the checksum anymore and you can make any changes you want. But then, so that was the older version of the firmware, some of the newer versions of the firmware.
40:41
Like they got tricky and they encode, or they probably would say they encrypt the checksum. And really I think they just did this because you might accidentally get zeros there someday but you wouldn't actually get this weird value. So they do some encoding of the thing, but the same basic principle applies that if you set these four bytes instead of the zero to an encoded zero,
41:00
then it won't check the checksum anymore. So you can just do a raw data flash right to the device of zeros for those four bytes and it won't check the checksum anymore. But since I'm totally scared to go into boot run mode with all my dead batteries, I figured out a way to do it without going to the boot run mode. You can just figure out
41:20
that there's this undocumented subclass 57 you can read and the checksum is actually in there. So you can change those four bytes just with using extended SPS controls. So now I can just freely patch the firmware and do whatever I want. So what do I want to do?
41:42
Well, I can make it lie. So now when you ask for the temperature, I can make a return to anything I want. But what I need to do is understand what things are asked of the battery and what things, you know, so those are, I need to know what to lie about. So I bought some more stuff, plugged it in, and I was like, okay, now I'm going to sniff the traffic.
42:02
The battery has these six little grooves and then maybe a couple other little spots where there's wires. Two of these have got to be S and bus. I don't know which two. So I just, I was like, well, I know. I'll buy these little probes, I'll hook them up between the things and, you know, I'll monitor what's going on. This was a disaster. So I did this and I must have touched the wrong thing at some time.
42:23
The computer just didn't work anymore. So apparently I shorted something on the main logic board and so I had to take it into the Apple store, which I do this a lot. I go to the Apple store and I'm like, yeah, this isn't working anymore.
42:40
And they're like, what'd you do? I was like, I don't know, I just turned it on and it doesn't work. So they replaced the logic board and then everything was good again. So, yeah, I never tell them what I do. Okay, so then I said, well, the problem was, you know, all these loose wires and stuff.
43:01
So I'm going to build my own special cable that connects the battery to the computer. And so, you know, for someone who doesn't do any hardware, this is like a big deal. It took me like five days soldering and, you know, all this stuff. I plugged in, it didn't work. It's a piece of crap. So that didn't work. So finally I figured out the right way to do it is you just move the keyboard a little bit. The battery can be sitting where it's supposed to sit. You can still see the wires
43:21
and you can hook a little approach to it. This is the right way to go. So then I hook up this logic analyzer and I can see exactly which cables have the SMBus traffic. And then you can actually ask it to decode it and you can see the actual SMBus write. So it's like a write of eight, which is temperature, and then it reads the values, so B73,
43:41
so I can see what the temperature response is. And then, you know, that's cool for just like show, but then there's this other thing called a beagle that will record all this information for a long time. You get like cool gooey like this and you can see still the SMBus traffic. You can record it for like an hour while you're charging your battery and see all the things that are ever asked of the battery.
44:00
And so these are the exact things that the, with the computer off and the charging it asks for. Battery status, temperature, charging current, current, voltage, battery mode, relative state of change, remaining capacity, full charge capacity. And of those, only five ever change. So the rest of them are just like, yeah, everything's cool or whatever. So temperature changes, but probably that's not so important. Current, which is the amount of current it's delivering,
44:21
well, okay. Then voltage, remaining charge, or remaining capacity and relative state of charge. So these are the things that you could guess the charger's asking for in order to figure out how much charge to deliver it. So I'm going to lie about those things. So I got to wrap this up quick, but basically these are the things I can imagine doing now.
44:41
So where am I at? I can make the battery do anything I want. So what could, so what, right? So bricking the battery is super easy. I'm an expert at it. I'm not even just a prodigy, I'm a full-blown expert. So here is some code that with my API you can do. All this does is erases all flash.
45:02
You're definitely not going to recover from that. So you can make firmware changes like we've been talking about. So you can change all the things that are queried to lie. So like, no matter how much charge it gets, you're always like, hey, I'm 50% full, keep it coming. And maybe something bad would happen there. So this is basically like a function that deals with SPS commands,
45:23
and I want to change the ones, so like remaining capacity, which is SPS command F. Instead of F, I'm going to say, you want to know F? I'll tell you 1B, that's manufacturer date. And same thing, if you ask me for full charge capacity, I'll tell you the serial number. So you just make changes to the firmware. And the reason is because manufacturer date and serial number
45:40
are both words, which is the same thing as remaining capacity and full charge capacity, but they're never queried, and you can set them to any value you want. So then you can control exactly what the battery is reporting. And you can do this live while the battery is charging, you know, without any wires or anything, just remotely with root access. So this is what the code looked like that handles that case.
46:01
And then here's the API call to patch the firmware. And then it changes that code to this code, which just changes the SPS command and then jumps to the other case. So now when I query remaining capacity, you know, surprisingly, it's exactly the same as the manufacturer date. And the same thing, full charge capacity, you know, coincidentally is exactly the same as serial number.
46:21
Okay, so now, I don't show it here, but I go through, and I have a white paper that goes in way more detail than I can here. But I go and I change the firmware to lie about every single thing that's queried. So now over time, it doesn't change what I want it to. I can change it on the fly. And I did verify that, you know, these changes that I make do affect
46:42
how much current's delivered to the battery, but in, like, some sort of weird, non, like, super obvious way. So anyway, this is where I, like, started to get scared. And I tell this story that I was driving, you know, to a soccer game or something, and I saw, like, fire trucks and stuff going the other direction. I was like, oh, shit.
47:01
Because I was just, like, messing with this stuff when I left. And so I call home, and, you know, my wife answers. I'm like, well, that's good. She answered the phone. And then I was like, you know, that computer upstairs in my office, can you go unplug that? So she did that. Anyway, so I mentioned that there's various layers of defense besides this chip that I'm, like, owning is the main guy in charge of safety.
47:22
But there's other things that may prevent the big explosion. So there's these, like, thermal cutoffs that you see. So it's, like, these little cells that they get hot, they melt, and then you can't get electricity to the cells anymore. But, you know, the good thing about that battery is I can't mess with it, the off-market one. The bad thing is I didn't see these little things
47:41
on the off-market battery. The other thing you could imagine, again, is attacking the kernel from the battery. So this would be, like, a way to have persistent malware, for example. I didn't look for a particular bug. Again, like, knowing Apple, it's hard to imagine there's not a bug there. So you can imagine writing a fuzzer in CoolRisk assembly and changing the firmware and having the battery
48:02
literally fuzzing the OS. That is crazy, but it would be awesome. The easier way is you could just do it in hardware, just hook wires in there and emulate the fuzz. And Travis Goodspeed is talking about he already has something that basically does that. So then if, you know, I don't really think there's much risk of anything bad happening to you from this
48:22
without someone else doing something, you know, a lot more work. But if you're the super paranoid type, which probably 90% of the people in this room are pretty paranoid, I released a tool called CallGun which basically goes in and changes the passwords to values nobody knows. So the source code basically looks like this. It's just like, yeah, it gets full access, changes the password, and that's it.
48:41
So here's all the people who helped me on this talk. You know, I'm such a hardware noob that I couldn't get very far. So thanks to all those guys. Here's where you can download the paper, the slides, the tools. I have IOT approach scripts. I have the firmware, IDB files, everything you'd want to, like, learn and play with. And that's it. Thanks a lot.