• Moving is a pain..

    kamiller659109/30/2014 at 04:25 0 comments

    Looks like 99% of my tools are still packed up in off-site storage, so this project is going to be on hold for anywhere from a week to a month, depending on how quickly I get settled in my new apartment.  Still doing plenty of research but there's not much new to add until I get my hands on a logic analyzer and my Hakko iron, the cheap RatShack firestarter I've got isn't going to cut it working on this I don't think..mostly cause the tip is already destroyed from plenty of other projects I've had to do with it.

  • Day 2: Teardown

    kamiller659109/04/2014 at 01:41 0 comments

    Lasted under a day of light usage.  Very unimpressed.  Yet another reason to tear it open and see what's going on!  Also after looking at the collar connections again it appears there's only three signals, presumably power, ground, and some form of one-wire protocol to read/write the EEPROM.  That rules out the potential match for the EEPROM in the last post.

    The battery LED blinks twice when the cartridge is running low (according to what they consider low, at least) and will signal when it's 'empty' as well, so there's definitely some smarts in this thing, probably a small MCU in the battery that reads the EEPROM in the cartridge, handles the LED functions, and then passes voltage to the atomizer if the value on the cartridge EEPROM is greater than zero..then of course deincrements the value.

  • Day 1: Actually using the thing

    kamiller659109/03/2014 at 11:20 1 comment

    Surprisingly, this is actually a fairly decent ecig, not to promote buying from big tobacco, but for what I paid I'm certainly pleased..and in a pinch, as long as it worked, I didn't really care.  What I've figured out so far is that the battery won't even fire without a cartridge attached, it just blinks the led in a white/red pattern, so there's obviously some sort of communication going on between the chip inside the battery and the chip inside the cartridge.  First step is going to be getting a logic analyzer of some sort, probably my old Arduino once I find it, and a few spare cartridges to hack up into a sniffing interface.  From there it's a matter of decoding the data being transferred, and hopefully finding a way to spoof the protocol and/or reprogram whatever chip is inside the cartridges.  If anyone has information on the chips being used, please feel free to let me know!  I'll verify the part numbers posted in the imgur gallery linked above once I finish this cartridge and can tear it open.

    Edit:  Closest match found with some quick Google searching for the chip inside the cartridges: http://rohmfs.rohm.com/en/products/databook/datasheet/ic/memory/eeprom/br24g08-3a-e.pdf  Markings don't all match, but it'd make sense for the chip to be some sort of an EEPROM, with the unknown chip in the battery being the brains of the operation that checks and updates the 'fill level' value on the EEPROM.  Going to have to find something I can use as an EEPROM dumper it seems.