Reverse Engineering The Nike+ Hardware

The Nike+ hardware is obviously an interesting device.  We haven’t heard a whole lot about hacking one until now, but [Dimitry] has decided to change that. Many would assume that the data transmitted off of these sensors is quite simple, however there’s a bit more than meets the eye. Amongst other challenges, all the data packets coming out of the transceiver are encrypted. [Dimitry] claims to have decoded this data stream and made use of it.

This hack also outlines how one can use this without the stock iPod receiver using a 2.4 GHz chip from Sparkfun. A lot of work has been done to figure out how these packets are decoded and the process one goes through to do this is well outlined in this post. This could serve as a good example for those wanting to figure out similar devices.

One thing [Dimitry] hasn’t done yet is release the source code for this hack. He cites some ethical issues that might not seem obvious on first glance, including the ability to follow someone in a crowd or simply jamming their data. He does add though that if you have a good reason for wanting it, to simply email him. We’re looking forward to what [Dimitry] comes up with in the future using this setup!

31 thoughts on “Reverse Engineering The Nike+ Hardware

      1. http://en.wikipedia.org/wiki/Caesar_cipher
        http://library.thinkquest.org/C0126342/ceaser.htm

        Reading is a skill…
        As is googling…

        Caesar isa SHIFT cypher (addition modulo arithmetic). It is a simple map (C -> C where C is the same alphabet, and if c1->c2 in position X, c1->c2 in position Y, for y != X). Their cypher is XOR-based (and thus exactly NOT a shift cypher). Furthermore in their cipher position maters. A123 encrypted with Caesar and B123 encrypted with Caesar will both have last 3 chars of cyphertext equal. with their cipher that i snot the case.

        If you would like a link to some good crypto books to read, let me know, I have a few recommendations. However I’d love to see this “way more complex” stuff you’ve reversed, what with your amazing knowledge of crypto :)

    1. Reading is a skill…
      As is googling…

      Pleas google “caesar cipher” and read

      Caesar is a SHIFT cypher (addition modulo arithmetic). It is a simple map (C -> C where C is the same alphabet, and if c1->c2 in position X, c1->c2 in position Y, for all Y != X). Their cipher is XOR-based (and thus exactly NOT a shift cipher). Furthermore in their cipher position maters. A123 encrypted with Caesar and B123 encrypted with Caesar will both have last 3 chars of cyphertext equal. With their cipher that is not the case.

      If you would like a link to some good crypto books to read, let me know, I have a few recommendations. However I’d love to see this “way more complex” stuff you’ve reversed, what with your amazing knowledge of crypto and all:)

      1. shifting bytes based on an integer field is a caesar..Try to make me look uneducated some more..your knowledge is amusing..

        P.S. I read all the books in my teens over a decade ago..before I did mathematics prerequisites for computer engineering and computer science which actually tested my skills before I went on to be a consultant and senior level engineer for a chip maker..

      2. XOR is NOT a shift. a numeric shift for caesar is of form shift(x) { (x + shiftNum) % alphabetSz; }

        Thus a shift satisfies the condition of shift(a) + 1 = shift(a + 1) in “mod alphabetSz” arithmetic. XOR can be easily shown to not satisfy this requirement. eg: if XOR value is 0x55 and “a” is 0xcc.

        0xcc XOR 0x55 is 0xFF, (0xcc + 1) XOR 0x55 is 0xFE. 0xFF + 1 is 0x00 in “mod 256” arithmetic. and 0x00 is most certainly not equal to 0xFE

        Perhaps it is time to review those books you read so long ago? “Senior engineers” who do not remember basics? I reject such job candidates in phonescreens – they do not even get to on-site interview (luckily)

    1. That is incorrect. Please refer to the data dumps I posted and to ANT spec to see the many differences. The data dumps are correct because I am able to both receive data from the sensor and parse it, as well as send data to iPhone, pretending to be a sensor and have it accept it and use it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.