Hacking the Shimano charger

With a Raspberry pi, you can send the same code as the charger would.. and the FETs close! :)

Original

Spoof

Python code

import serial
import time


ser = serial.Serial('/dev/serial0')
ser.baudrate=9600
ser.parity=serial.PARITY_NONE
ser.stopbits=serial.STOPBITS_ONE
ser.bytesize=serial.EIGHTBITS
ser.xonxoff=False
ser.rtscts=False
ser.dsrdtr=False
ser.timeout=1


msg0 = [
    0,
    0,
    5,
    0x10,
    0,
    0,
    0,
    0,
    0xB7,
    0x2C
    ]


msg1 = [
    0,
    1,
    5,
    0x10,
    0,
    0,
    0,
    0,
    0x62,
    0xB3
    ]


msg2 = [
    0,
    2,
    5,
    0x10,
    0,
    0,
    0,
    0,
    0x0C,
    0x1B
    ]


msg3 = [
    0,
    3,
    5,
    0x10,
    0,
    0,
    0,
    0,
    0xD9,
    0x84
    ]

msg_array = [msg0, msg1, msg2, msg3]


hello_0 = [0x00]
ser.write(bytearray(hello_0))
time.sleep(0.2)

hello_1 = [0x00, 0x41, 0x00, 0xF9, 0x50]
ser.write(bytearray(hello_1))
time.sleep(0.025)


hello_2 = [0x00, 0x02, 0x11, 0x30, 0x02, 0x01, 0x2E, 0x71,
           0x2F, 0x71, 0x58, 0xAA, 0x58, 0xAA, 0x71, 0xC3,
           0x71, 0xC3, 0xAE, 0x05, 0xB2, 0X0D]
ser.write(bytearray(hello_2))
time.sleep(0.2)

hello_3 = [0x00, 0x03, 0x0B, 0x31, 0x9F, 0x01, 0xA9, 0x01,
           0x01, 0x00, 0x02, 0x00, 0x1F, 0x00, 0x05, 0x7F]
ser.write(bytearray(hello_3))
time.sleep(0.045)


while True:
    for msg in msg_array:
        ser.write(bytearray(msg))
        print("sent")
        resp=ser.read(27)
        print(resp)
        time.sleep(1)