In an ideal world, every single battery pack for power tools would use the same physical interface and speak a clearly documented protocol with chargers. Since we live in a decidedly less-than-ideal world, we get to enjoy the fun pastime of reverse-engineering the interfaces and protocols of said battery packs.
A recent video from the [Tool Scientist] goes over what is already known about the Milwaukee M18 Redlink protocol, used with the manufacturer’s M18-series of batteries, before diving into some prodding and poking of these packs’ sensitive parts to see what comes out of their interface.
Previously, [Buy It Fix It] shared their findings on Reddit, covering the basic protocol, including the checksum method, but without an in-depth analysis of the entire charging protocol. Meanwhile [Quagmire Repair] performed an in-depth teardown and reverse-engineering of the M18 hardware, including the circuitry of the BMS.
Putting these two things together, [Tool Scientist] was able to quickly get some of his M18 packs strapped down into the analysis chair for both passive analysis, as well as the effect of overvoltage, undervoltage, overheating and freezing the battery pack on the output reported by the battery’s BMS.
![One of the lists of commands and response messages obtained by [Tool Scientist] on YouTube.](https://hackaday.com/wp-content/uploads/2023/09/reverse_engineering_milwaukee_m18_redlink_protocol_startup_messages.jpg)
Hopefully the same inertia that prevents people from moving outside the designated power tool ecosystem due to the incompatible battery packs will also ensure that this level of knowledge will remain relevant for the foreseeable future, especially since the manufacturers of knock-off battery packs seem rather unwilling to share the results of their own reverse-engineering efforts.
I wonder why they chose 2000 baud and not a standard baudrate such as 9600 (1800 and 2400 are pretty close to 2000). Maybe it’s all clocked very low so it’s to avoid rounding issues?
Security by obscurity.
“Standard” serial baud rates require specific crystal values. The value 1.8432 MHz has been stuck in my head for decades. Using a round number like 2000 baud means the crystal can also be a round value like 2.000 or 8.000 MHz.
That’s what I suspect. Low clock frequency and/or limited number of divider options and the closest ratio + jitter may be off enough to cause bit errors in the last bit. More advanced peripherals have fractional baud rate dividers that can slightly vary bit width so that average bit time is much closer to the ideal.
Also easier to see on the scope when a bit time fits perfectly on a division. If you’re not going to hook up the serial lines to a PC anyway, there’s no reason to use standard baud rates.
I’m pretty sure the engineers have connected the batteries to a PC during development. Though most USB-serial cables can handle arbitrary baudrates.
Probably so they can bit bang it with an ultra cheap micro run off an RC clock. Saving a dime per unit really adds up.
Could be running on a 32 kHz clock crystal. Typical UARTs have minimum 16 divider, which gives 2048 bps baudrate.
2048 is not 2000
Is there a description of the protocol in readable text format instead of a youtube video?
Can we do Makita next?
Is there any intelligence in the makita packs?
There’s a physical tab to prevent you connecting a lower capacity pack to a more power-hungry tool like a grinder, which is a safety issue.
There may be smarts in the charger, but nothing required to draw power.
“Hopefully the same inertia that prevents people from moving outside the designated power tool ecosystem due to the incompatible battery packs ”
Protocol isn’t the only one. Shape and keying is the other.
“… especially since the manufacturers of knock-off battery packs seem rather unwilling to share the results of their own reverse-engineering efforts.”
Competitive world. Even my cats recognize that.
If Apple must put a USB C connector on their phones, maybe we should be looking at everyone who purposesly puts “ransomware” features on their products purely for locking you in to higher prices and early obsolescence.
The more tech goes into things, the more this practice evolves.
The logical end game (which is already happening) is that you never own the things you buy.
Ridiculous.
But Chuck Palihnuk was right; sooner or later the things you own begin to own you.
my solution to the One Battery to Rule them All.
most of my tools are Dewalt, so I have a large variety Dewalt batterys and chargers
But I also have a few Ryobi garden tools, you can buy an adapter that lets you use dewalt batterys on Ryobi tools.
Hmm it would be great if the firmware could be dumped somehow from the BMS to being able to unseal and recalibrate them after cell replacement.
Great video! I saw snapchat and thought…….do my batteries have a snap chat account? That would be cool thing to do snapchat message when I’m charged, lol.