Trying to figure out how my #ThinkPad Edge #E531 does the detection that it has a "genuine" battery.
Of course it has to be implemented inside the EC firmware.
It is an ENE KB9012. I have the datasheet as well as a dump of its firmware and the schematics for the laptop. But I cannot find where it writes to or reads from the right #SMBus registers.
Does anyone know where I can get in contact with the right people in this domain?
IT IS CHARCHING!!!!!🥳
This has been quite a journey!
I plan to create a blogpost and/or repository in the next couple of days.
Hopefully that can help some people having the same problem. But to be fair it is not that easy to reflash the EC. At least you do not have to disassemble the laptop as much as when flashing the BIOS.
#lenovo #thinkpad #e531
#firmware #hacking #reversengineering
@8051enthusiast Thank you very much for the links!
I can see those 20 Bytes challenges in my SMBus traces!
The SHA-1 constants from your firmware are not in mine so it might be another algorithm. But I am not that much interested in the specific algorithm but rather how to disable the check completely.
I finally managed to find code that reads from the SMBus data registers in a strange way that's why I did not find it in the first place.
It is starting to make more sense!
DerFetzer
8051 enthusiast
AmpBenzScientist