Have any of you had any success unsealing a TI BQ20Z451 gas gauge chip?
In September 2020, my 2014 MacBook Pro 15" Retina A1398 battery cells started swelling. The computer's long out of AppleCare, so getting an original part isn't an option.
I bought a third-party replacement battery, but that broke the logic board.
The fake battery has an idle voltage of 12V, compared to the original which idles at 2V and "wakes up" to 12V. This is important because there can be voltage spikes during power state changes.
I tried replacing the cells, but in the process I disconnected power, and now the PF flag is set due to an undervoltage error.
Charlie Miller's research was helpful, but his hack only works on the BQ20Z80, an older model.
https://docplayer.net/19923167-Battery-firmware-hacking-inside-the-innards-of-a-smart-battery-charlie-miller-accuvant-labs-charlie-miller-com-twitter-0xcharlie.htmlI'm using Charlie's code to write a fuzzer for an unseal code of 8 hex digits, but I guess this won't work if the code is in fact 160 bits SHA-1.
Be2Works can't unlock TI BQ20Z45x firmwares newer than v5 (mine is 702).
http://be2works.com/Can any of you help me figure out what to try next? Any advice would be helpful! I'm willing to try voltage glitching, but wouldn't that just trigger the PFF again?
And if any of you know how I can get batteries shipped to New Zealand, I could also buy that. iFixit and OWC won't even send batteries to here (though rumour has it that their batteries are the same as the one that broke mine).
https://www.ifixit.com/Answers/View/670587/A1398+-+New+Simplo+battery+-+System+dead+after+3+days.