Again on BQ3050 - SN8765 #22
Description
Hi! I read all your work and I need to thank and congratulate you, it's amazing.
I rebuilt an aftermarket battery pack of Asus N56VZ, controlled by SN8765 which seems to be our old friend BQ3050. I used your software and your GUI and, because of it was in full access mode, I was able to write in some registers to revive my battery pack.
It works as long as a full discharge happens, and all values change to default or random. Doing some other tests, I see that every time a reset command is sent (00 41) all values change. I will post the dump of registers after the reset and the modified ones:
[INFO] Connecting to COM3
[<-TX] Handshake request (COM3)
3D 00 02 01 00 03
[RX->] Handshake response
3D 00 08 81 00 53 42 48 41 43 4B 35
[INFO] Handshake OK: SBHACK
[INFO] Device connected (COM3)
[RX->] Device settings
3D 00 05 83 01 03 00 00 8C
[INFO] Word byte-order: reverse read/write
[INFO] Design voltage: 0,0 V
[<-TX] Scan SMBus
3D 00 02 02 02 06
[RX->] Scan SMBus address result
3D 00 03 82 02 0B 92
[INFO] SMBus device(s): 0B
[<-TX] SMBus register dump request
3D 00 04 02 03 00 40 49
[RX->] SMBus register dump (00-40)
3D 00 C7 82 03 00 40 00 00 00 01 01 B8 02 00 0A 03 60 81 04 00 00 05 FF FF 06 FF FF 07 00 01 08
0B B4 09 2A 7C 0A 00 00 0B 00 00 0C 00 64 0D 00 64 0E 03 FD 0F FF 38 10 FF 38 11 FF FF 12 FF FF
13 FF FF 14 09 C4 15 31 38 16 02 C0 17 00 02 18 19 00 19 2B 5C 1A 00 31 1B 50 99 1C 83 6E 1D 83
6E 1E 83 6E 1F 83 6E 20 41 0A 21 4E 07 22 4C 04 23 00 0E 24 00 0E 25 00 0E 26 00 0E 27 00 0E 28
00 0E 29 00 0E 2A 00 0E 2B 00 0E 2C 00 0E 2D 00 0E 2E 00 0E 2F 00 14 30 00 14 31 00 14 32 00 14
33 00 14 34 00 14 35 00 14 36 00 14 37 00 14 38 00 14 39 00 14 3A 00 14 3B 00 14 3C 00 00 3D 0E
2D 3E 0E 25 3F 0E 2A 40 17 17 CA
[INFO] SMBus register dump details (00-40):
[00]: 00 00 // ManufacturerAccess: 00 00
[01]: 01 B8 // RemainingCapacityAlarm: 440 mAh
[02]: 00 0A // RemainingTimeAlarm: 10 minutes
[03]: 60 81 // BatteryMode: 0110000010000001
[04]: 00 00 // AtRate: 0 minutes
[05]: FF FF // AtRateTimeToFull: 65535 minutes
[06]: FF FF // AtRateTimeToEmpty: 65535 minutes
[07]: 00 01 // AtRateOK: true
[08]: 0B B4 // Temperature: 27,23°C
[09]: 2A 7C // Voltage: 10,876 V
[0A]: 00 00 // Current: 0 A
[0B]: 00 00 // AverageCurrent: 0 A
[0C]: 00 64 // MaxError: 100%
[0D]: 00 64 // RelativeStateOfCharge: 100%
[0E]: 03 FD // AbsoluteStateOfCharge: 1021%
[0F]: FF 38 // RemainingCapacity: 65336 mAh
[10]: FF 38 // FullChargeCapacity: 65336 mAh
[11]: FF FF // RunTimeToEmpty: 65535 minutes
[12]: FF FF // AverageTimeToEmpty: 65535 minutes
[13]: FF FF // AverageTimeToFull: 65535 minutes
[14]: 09 C4 // ChargingCurrent: 2,5 A
[15]: 31 38 // ChargingVoltage: 12,6 V
[16]: 02 C0 // BatteryStatus: 0000001011000000
[17]: 00 02 // CycleCount: 2
[18]: 19 00 // DesignCapacity: 6400 mAh
[19]: 2B 5C // DesignVoltage: 11,1 V
[1A]: 00 31 // SpecificationInfo: 0000000000110001
[1B]: 50 99 // ManufactureDate: 2020.04.25
[1C]: 83 6E // SerialNumber: 83 6E
[1D]: 83 6E // 83 6E
[1E]: 83 6E // 83 6E
[1F]: 83 6E // 83 6E
[20]: 41 0A // ManufacturerName: 41 0A
[21]: 4E 07 // DeviceName: 4E 07
[22]: 4C 04 // DeviceChemistry: 4C 04
[23]: 00 0E // ManufacturerData: 00 0E
[24]: 00 0E // 00 0E
[25]: 00 0E // 00 0E
[26]: 00 0E // 00 0E
[27]: 00 0E // 00 0E
[28]: 00 0E // 00 0E
[29]: 00 0E // 00 0E
[2A]: 00 0E // 00 0E
[2B]: 00 0E // 00 0E
[2C]: 00 0E // 00 0E
[2D]: 00 0E // 00 0E
[2E]: 00 0E // 00 0E
[2F]: 00 14 // 00 14
[30]: 00 14 // 00 14
[31]: 00 14 // 00 14
[32]: 00 14 // 00 14
[33]: 00 14 // 00 14
[34]: 00 14 // 00 14
[35]: 00 14 // 00 14
[36]: 00 14 // 00 14
[37]: 00 14 // 00 14
[38]: 00 14 // 00 14
[39]: 00 14 // 00 14
[3A]: 00 14 // 00 14
[3B]: 00 14 // 00 14
[3C]: 00 00 // 00 00
[3D]: 0E 2D // 0E 2D
[3E]: 0E 25 // 0E 25
[3F]: 0E 2A // 0E 2A
[40]: 17 17 // 17 17
[<-TX] Write word data
3D 00 05 05 02 01 02 80 8F
[RX->] Word data write response
3D 00 06 85 02 01 02 80 02 12
[INFO] Reg.: 01
Data: 02 80
# of bytes written: 02
[<-TX] Read word data
3D 00 03 04 02 01 0A
[RX->] Word data received
3D 00 05 84 02 01 02 80 0E
[INFO] Reg.: 01
Data: 02 80
[<-TX] Read word data
3D 00 03 04 02 0F 18
[RX->] Word data received
3D 00 05 84 02 0F FF 38 D1
[INFO] Reg.: 0F
Data: FF 38
[<-TX] Write word data
3D 00 05 05 02 0F 03 C0 DE
[RX->] Word data write response
3D 00 06 85 02 0F 03 C0 02 61
[INFO] Reg.: 0F
Data: 03 C0
# of bytes written: 02
[<-TX] Read word data
3D 00 03 04 02 0F 18
[RX->] Word data received
3D 00 05 84 02 0F FF 38 D1
[INFO] Reg.: 0F
Data: FF 38
[<-TX] Write word data
3D 00 05 05 02 10 19 00 35
[RX->] Word data write response
3D 00 06 85 02 10 19 00 02 B8
[INFO] Reg.: 10
Data: 19 00
# of bytes written: 02
[<-TX] Read word data
3D 00 03 04 02 10 19
[RX->] Word data received
3D 00 05 84 02 10 19 00 B4
[INFO] Reg.: 10
Data: 19 00
[<-TX] Read word data
3D 00 03 04 02 0F 18
[RX->] Word data received
3D 00 05 84 02 0F 03 C0 5D
[INFO] Reg.: 0F
Data: 03 C0
[<-TX] SMBus register dump request
3D 00 04 02 03 00 40 49
[RX->] SMBus register dump (00-40)
3D 00 C7 82 03 00 40 00 00 00 01 02 80 02 00 0A 03 60 81 04 00 00 05 FF FF 06 FF FF 07 00 01 08
0B AE 09 2A 7A 0A 00 00 0B 00 00 0C 00 64 0D 00 0F 0E 00 0F 0F 03 C0 10 19 00 11 FF FF 12 FF FF
13 FF FF 14 09 C4 15 31 38 16 00 C0 17 00 02 18 19 00 19 2B 5C 1A 00 31 1B 50 99 1C 83 6E 1D 83
6E 1E 83 6E 1F 83 6E 20 41 0A 21 4E 07 22 4C 04 23 00 0E 24 00 0E 25 00 0E 26 00 0E 27 00 0E 28
00 0E 29 00 0E 2A 00 0E 2B 00 0E 2C 00 0E 2D 00 0E 2E 00 0E 2F 00 14 30 00 14 31 00 14 32 00 14
33 00 14 34 00 14 35 00 14 36 00 14 37 00 14 38 00 14 39 00 14 3A 00 14 3B 00 14 3C 00 00 3D 0E
2C 3E 0E 25 3F 0E 2A 40 17 17 B0
[INFO] SMBus register dump details (00-40):
[00]: 00 00 // ManufacturerAccess: 00 00
[01]: 02 80 // RemainingCapacityAlarm: 640 mAh = 7104 mWh
[02]: 00 0A // RemainingTimeAlarm: 10 minutes
[03]: 60 81 // BatteryMode: 0110000010000001
[04]: 00 00 // AtRate: 0 minutes
[05]: FF FF // AtRateTimeToFull: 65535 minutes
[06]: FF FF // AtRateTimeToEmpty: 65535 minutes
[07]: 00 01 // AtRateOK: true
[08]: 0B AE // Temperature: 27,17°C
[09]: 2A 7A // Voltage: 10,874 V
[0A]: 00 00 // Current: 0 A
[0B]: 00 00 // AverageCurrent: 0 A
[0C]: 00 64 // MaxError: 100%
[0D]: 00 0F // RelativeStateOfCharge: 15%
[0E]: 00 0F // AbsoluteStateOfCharge: 15%
[0F]: 03 C0 // RemainingCapacity: 960 mAh
[10]: 19 00 // FullChargeCapacity: 6400 mAh
[11]: FF FF // RunTimeToEmpty: 65535 minutes
[12]: FF FF // AverageTimeToEmpty: 65535 minutes
[13]: FF FF // AverageTimeToFull: 65535 minutes
[14]: 09 C4 // ChargingCurrent: 2,5 A
[15]: 31 38 // ChargingVoltage: 12,6 V
[16]: 00 C0 // BatteryStatus: 0000000011000000
[17]: 00 02 // CycleCount: 2
[18]: 19 00 // DesignCapacity: 6400 mAh
[19]: 2B 5C // DesignVoltage: 11,1 V
[1A]: 00 31 // SpecificationInfo: 0000000000110001
[1B]: 50 99 // ManufactureDate: 2020.04.25
[1C]: 83 6E // SerialNumber: 83 6E
[1D]: 83 6E // 83 6E
[1E]: 83 6E // 83 6E
[1F]: 83 6E // 83 6E
[20]: 41 0A // ManufacturerName: 41 0A
[21]: 4E 07 // DeviceName: 4E 07
[22]: 4C 04 // DeviceChemistry: 4C 04
[23]: 00 0E // ManufacturerData: 00 0E
[24]: 00 0E // 00 0E
[25]: 00 0E // 00 0E
[26]: 00 0E // 00 0E
[27]: 00 0E // 00 0E
[28]: 00 0E // 00 0E
[29]: 00 0E // 00 0E
[2A]: 00 0E // 00 0E
[2B]: 00 0E // 00 0E
[2C]: 00 0E // 00 0E
[2D]: 00 0E // 00 0E
[2E]: 00 0E // 00 0E
[2F]: 00 14 // 00 14
[30]: 00 14 // 00 14
[31]: 00 14 // 00 14
[32]: 00 14 // 00 14
[33]: 00 14 // 00 14
[34]: 00 14 // 00 14
[35]: 00 14 // 00 14
[36]: 00 14 // 00 14
[37]: 00 14 // 00 14
[38]: 00 14 // 00 14
[39]: 00 14 // 00 14
[3A]: 00 14 // 00 14
[3B]: 00 14 // 00 14
[3C]: 00 00 // 00 00
[3D]: 0E 2C // 0E 2C
[3E]: 0E 25 // 0E 25
[3F]: 0E 2A // 0E 2A
[40]: 17 17 // 17 17
ps keys should be:
[60]: 14 04 // 14 04 [61]: FF 04 // FF 04 [62]: 73 04 // 73 04 [63]: 10 04 // 10 04 [64]: 98 04 // 98 04 [65]: EF 04 // EF 04 [66]: 67 04 // 67 04
Any idea to solve this situation?
I think I need to write values in flash memory and not in what seem to be output registers.
I checked BQ3050 Technical Reference , but it explains how to read/write flash but does not provide flash address (row and offset)