[Syonyk] read that you could solder a few wires to a TEC-06 battery capacity tester, connect it to a TTL serial adapter, and it would interface with some Windows software via a serial port. You can buy it already enabled for serial, but since he had the non-connected version, he was interested in trying it. Not only did it work, but he took the time to reverse engineer the protocol and made a detailed write up about his findings and how he attacked the problem.
Around here, we never need an excuse to reverse engineer anything. But [Synonyk] mentions that he didn’t like using Windows-only software from China. If he wants it on Linux, or if Windows compatibility breaks with a new version, or if the software has spyware in it, he wants to be able to continue using the device. Of course, he also admits — and we get it — that he just enjoys doing it, too.
His first step was to locate the CPU’s datasheet and validate that the pin he’d read about looked like it could be serial data. It was. Then he verified that serial data was coming out with an oscilloscope. That means the serial and non-serial devices likely have exactly the same firmware, and the non-serial device just doesn’t have the components to connect to the port.
After that, he pulled out a better scope, some Windows-based serial port sniffing software, and started working the puzzle. Once he had an idea of the port’s configuration, he moved to Linux where he found how painful it is to set a non-standard baud rate like 128,000 with even parity. He then worked out the protocol and wrote code to push out a CSV file with the data.
This reminded us of when an oddly familiar guy hacked the MHS-5200A protocol for many of the same reasons. With so much electronics from China getting hacked like this, you almost wish they’d save us the trouble and publish the specifications. Then again, what fun is that?