Author: Maya Posch

1384 Articles

Open Source Lithium-Titanate Battery Management System

August 15, 2025 by 10 Comments

Lithium-titanate (LTO) is an interesting battery chemistry that is akin to Li-ion but uses Li2TiO3 nanocrystals instead of carbon for the anode. This makes LTO cells capable of much faster charging and with better stability characteristics, albeit at the cost of lower energy density. Much like LiFePO4 cells, this makes them interesting for a range of applications where the highest possible energy density isn’t the biggest concern, while providing even more stability and long-term safety.

That said, LTO is uncommon enough that finding a battery management system (BMS) can be a bit of a pain. This is where [Vlastimil Slintak]’s open source LTO BMS project may come in handy, which targets single cell (1S) configurations with the typical LTO cell voltage of around 1.7 – 2.8V, with 3 cells in parallel (1S3P). This particular BMS was designed for low-power applications like Meshtastic nodes, as explained on the accompanying blog post which also covers the entire development and final design in detail.

The BMS design features all the stuff that you’d hope is on there, like under-voltage, over-voltage and over-current protection, with an ATtiny824 MCU providing the brains. Up to 1 A of discharge and charge current is supported, for about 2.4 Watt at average cell voltage. With the triple 1,300 mAh LTO cells in the demonstrated pack you’d have over 9 Wh of capacity, with the connected hardware able to query the BMS over I2C for a range of statistics.

Thanks to [Marcel] for the tip.

Hacking The Bluetooth-Enabled Anker Prime Power Bank

August 14, 2025 by 35 Comments

Selling power banks these days isn’t easy, as you can only stretch the reasonable limits of capacity and output wattage so far. Fortunately there is now a new game in town, with ‘smart’ power banks, like the Anker one that [Aaron Christophel] recently purchased for reverse-engineering. It features Bluetooth (BLE), a ‘smart app’ and a rather fancy screen on the front with quite a bit of information. This also means that there’s a lot to hack here beyond basic battery management system (BMS) features.

As detailed on the GitHub project page, after you get past the glue-and-plastic-clip top, you will find inside a PCB with a GD32F303 MCU, a Telink TLSR8253 BLE IC and the 240×240 ST7789 LCD in addition to a few other ICs to handle BMS functions, RTC and such. Before firmware version 1.6.2 you can simply overwrite the firmware, but Anker added a signature check to later firmware updates.

The BLE feature is used to communicate with the Anker app, which the official product page advertises as being good for real-time stats, smart charging and finding the power bank by making a loud noise. [Aaron] already reverse-engineered the protocol and offers his own alternative on the project page. Naturally updating the firmware is usually also done via BLE.

Although the BLE and mobile app feature is decidedly a gimmick, hacking it could allow for some interesting UPS-like and other features. We just hope that battery safety features aren’t defined solely in software, lest these power banks can be compromised with a nefarious or improper firmware update.

Continue reading “Hacking The Bluetooth-Enabled Anker Prime Power Bank”

Remembering James Lovell: The Man Who Cheated Death In Space

August 12, 2025 by 15 Comments

Many people have looked Death in the eye sockets and survived to tell others about it, but few situations speak as much to the imagination as situations where there’s absolutely zero prospect of rescuers swooping in. Top among these is the harrowing tale of the Apollo 13 moon mission and its crew – commanded by James “Jim” Lovell – as they found themselves stranded in space far away from Earth in a crippled spacecraft, facing near-certain doom.

Lovell and his crew came away from that experience in one piece, with millions tuning into the live broadcast on April 17 of 1970 as the capsule managed to land safely back on Earth, defying all odds. Like so many NASA astronauts, Lovell was a test pilot. He graduated from the US Naval Academy in Maryland, serving in the US Navy as a mechanical engineer, flight instructor and more, before being selected as NASA astronaut.

On August 7, 2025, Lovell died at the age of 97 at his home in Illinois, after a dizzying career that saw a Moon walk swapped for an in-space rescue mission like never seen before.

Continue reading “Remembering James Lovell: The Man Who Cheated Death In Space”

Exploring The TRS-80’s Color BASIC’s Random Number Function

August 8, 2025 by 6 Comments

Although these days we get to tap into many sources of entropy to give a pretty good illusion of randomness, home computers back in the 1980s weren’t so lucky. Despite this, their random number generators were good enough for games and such, as demonstrated by the [CoCo Town] YouTube channel.

The CoCo is the nickname for the TRS-80 Color Computer, which despite its name, shares absolutely nothing with the TRS-80. Its BASIC version is called Color BASIC, which like many others was based on Microsoft BASIC, so the video’s description should be valid for many other BASIC versions as well. In the video we’re first taken through a basic summary of what the floating point format is all about, before running through an example of the algorithm used by Color BASIC for its RND function, using a test program written in Color BASIC.

As described in the video, the used algorithm appears to be the linear congruential generator, which is a pseudo-random generator that requires minimal resources from the hardware it runs on. Of course, its main disadvantage is that it will fairly rapidly begin to repeat itself, especially with a limited number of output bits. This makes it a decent choice even today for something like simple game logic where you just want to get some variation without aiming for cryptographically secure levels of randomness.

Continue reading “Exploring The TRS-80’s Color BASIC’s Random Number Function”

Microsoft’s New Agentic Web Protocol Stumbles With Path Traversal Exploit

August 7, 2025 by 11 Comments

If the term ‘NLWeb’ first brought to mind an image of a Dutch internet service provider, you’re probably not alone. What it actually is – or tries to become – is Microsoft’s vision of a parallel internet protocol using which website owners and application developers can integrate whatever LLM-based chatbot they desire. Unfortunately for Microsoft, the NLWeb protocol just suffered its first major security flaw.

The flaw is an absolute doozy, involving a basic path traversal vulnerability that allows an attacker to use appropriately formatted URLs to traverse the filesystem of the remote, LLM-hosting, system to extract keys and other sensitive information. Although Microsoft patched it already, no CVE was assigned, while raising the question of just how many more elementary bugs like this may be lurking in the protocol and associated software.

As for why a website or application owner might be interested in NLWeb, the marketing pitch appears to be as an alternative to integrating a local search function. This way any website or app can have their own ChatGPT-style search functionality that is theoretically restricted to just their website, instead of chatbot-loving customers going to the ChatGPT or equivalent site to ask their questions there.

Even aside from the the strong ‘solution in search of a problem’ vibe, it’s worrying that right from the outset it seems to introduce pretty serious security issues that suggest a lack of real testing, never mind a strong ignorance of the fact that a lack of user input sanitization is the primary cause for widely exploited CVEs. Unknown is whether GitHub Copilot was used to write the affected codebase.

Teardown Of A Persil Smartwash Smart Laundry Detergent Ball

August 7, 2025 by 37 Comments
How to make doing laundry more smart, depending on your perspective. (Credit: Zerobrain, YouTube)
How to make doing laundry more smart, depending on your perspective. (Credit: Zerobrain, YouTube)

Ever since the invention of washing machines, the process of doing laundry has become rather straightforward. Simply toss the dirty laundry into the machine, fill up the detergent, and let the preset program handle the rest. This of course has not prevented companies from coming up with ways to add more complexity to doing laundry, with Henkel’s Smartwash technology the latest example, as demonstrated by German YouTube channel [ZeroBrain] with a complete teardown.

Henkel is the owner of detergent brands like Persil and Somat, with the Smartwash ball supposedly offering ‘smart’ dosing of detergent for washing machines, with naturally a smartphone app with intrusive localization to personalize the laundry experience. Sadly the video is only in German, but the language of teardowns is universal.

Continue reading “Teardown Of A Persil Smartwash Smart Laundry Detergent Ball”

Buying Large LiFePO4 Batteries: How Cheap Is Too Cheap?

August 7, 2025 by 42 Comments

It’s a well-known factoid that batteries keep getting cheaper while capacity increases. That said, as with any market that is full of people who are hunting for that ‘great deal’, there are also many shady sellers who will happily sell you a product that could be very dangerous. Especially in the case of large LiFePO4 (LFP) batteries, considering the sheer amount of energy they can contain. Recently [Will Prowse] nabbed such a $125, 100 Ah battery off Amazon that carries no recognizable manufacturer or brand name.

Cheap and cheerful, and probably won't burn down the place. (Credit: Will Prowse, YouTube)
Cheap and cheerful, and probably won’t burn down the place. (Credit: Will Prowse, YouTube)

If this battery works well, it could be an amazing deal for off-grid and solar-powered applications. Running a battery of tests on the battery, [Will] found that the unit’s BMS featured no over-current protection, happily surging to 400 A, with only over-temperature protection keeping it from melting down during a discharge scenario. Interestingly, under-temperature charge protection also worked on the unit.

After a (safe) teardown of the battery the real discoveries began, with a row of missing cells, the other cells being re-sleeved and thus likely salvaged or rejects. Fascinatingly, another YouTuber did a similar test and found that their (even cheaper) unit was of a much lower capacity (88.9 Ah) than [Will]’s with 98 Ah and featured a completely different BMS to boot. Their unit did however feature something of a brand name, though it’s much more likely that these are all just generic LFP batteries that get re-branded by resellers.

What this means is that these LFP batteries may be cheap, but they come with cells that are likely to be of questionable quality, featuring a BMS that plays it fast and loose with safety. Although [Will] doesn’t outright say that you shouldn’t use these batteries, he does recommend that you install a fuse on it to provide some semblance of over-current protection. Keeping a fire extinguisher at hand might also be a good idea.

Continue reading “Buying Large LiFePO4 Batteries: How Cheap Is Too Cheap?”