1.3.6.1.4.1.61513Does someone want to write up a CVE? I seem to have stumbled upon an attack against a car battery, and it's really stupid.
1.3.6.1.4.1.61513(unauthenticated over bluetooth which (untested) might be able to cause damage)
1.3.6.1.4.1.61513Remind me to remove apk2gold from my machine so I stop asking "I wonder how that works"
1.3.6.1.4.1.61513So DCS (deep cell systems) sells Lithium batteries that are basically a drop in replacement for lead acids. They are really good and have built in BMS system.
Because they have a BMS, the BMS already knows all the details you'd want about your battery. These are exposed via bluetooth so don't need an external battery monitor to see battery state.
1.3.6.1.4.1.61513Bluetooth is done over BLE and no auth or pairing is done.
There is a little hamburger menu for some reason opens up an text input for "password".
Without knowing the password. It would be impossible to go any further.
1.3.6.1.4.1.61513after starting from 0, I worked my way up. 1, 2, 3,... 9998, 9999. Jackpot.
I kid, I just used apk2gold to decompile the app and searched for "password".
Two passwords exist. 9999 and 736263.
1.3.6.1.4.1.61513The 736263 passcode seems to allow setting the device name.
9999 is more scary and seems to set a lot of the BMS parameters. I'm not sure if these are sanity checked by the BMS but I don't think it would be hard to put the BMS into an unsafe state with this control.