Teardown of Nike Self-Lacing Shoes

There used to be a time, before running shoes had blinking LEDs and required placing on an inductive charger overnight, when we weren’t worried about whether or not we could dump the firmware running underneath our heels. Those are not the times that we’re living in. Nike came out with a shoe that solves the age-old problem of lacing: the HyperAdapt. And [Telind Bench] has torn them apart.

img_0059Honestly, we’re kinda “meh” about what’s inside. The “laces” are actually tubes with a small Kevlar-like cable running inside, and the whole thing torques up using a small, geared DC motor. That’s kinda cool. (We have real doubts about [Telind]’s guess of 36,000 RPM for the motor speed.) But in an age when Amazon gives away small WiFi-enabled devices for a few bucks as a loss-leader to get you to order a particular brand of laundry detergent, we’re not so dazzled by the technology here, especially not at the price of $720 for a pair of freaking shoes.

The only really interesting bit is the microcontroller, which is over-powered for the job of turning a wheel when a keyboard-style sensor is pressed by your heel. What is Nike thinking? We want to see the firmware, and we’d like it reverse engineered. What other chips are on board? Surely, they’ve got an accelerometer and are measuring your steps, probably tying in with an exercise app or something. Does anyone have more (technical) detail about these things? Want to make a name for yourself with a little stunt hacking?

Hacking the Nike+ Fuelband

[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.

[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.

After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.

EagerFeet lets you scrape your Nike+ data from the web

Runners that wear shoes with the Nike+ system can upload GPS data about their runs to the proprietary website. If you’ve been using this for a while you may be reluctant to switch to another service that works with the hardware because you don’t want to lose the historical data. Faced with this issue, [Robert Kosara] developed some software that can scrape Nike+ data. Not only did he write the code, but he also threw up a website that shows how well it works. EagerFeet lets you copy and paste your Nike+ ID for mapping on Google Maps.

Data is scraped from Nike+ and assembled as GPX files, which are backups of GPS data. From there you can use it for whatever you like. Since the code is available in a Git repository it’s easy to depend on it with your own projects, and still get updates if the scraping system needs to be changed in the future. Even if you don’t want to use the GPX files in your own projects, they can be imported on some third party exercise tracking sites if that’s what you’re interested in.

Of course you could try to pull the data straight off of your iPod.

Nike + iPod as a tracking device

[Thomas] found a paper from 2006 that describes using the Nike + iPod system as inexpensive tracking devices. Yep, it’s old as dirt but we think it’s fascinating reading! [Scott Saponas] and his fellow authors take a hard look at the lack of security in the system in a twelve-page PDF. They cover several different ways to capture and track one of the $29 tags in someone’s shoe, including using the Gumstix reader above, or a slightly modified 3G iPod. If the sensors are not removed or manually switched off when not in use they can be picked up by any RF reader within range. Because the tags are cheap and available, one could be planted on an unsuspecting victim James-Bond-style. Maybe this is what prompted Apple’s half-hearted attempt to restrict hacking the devices to do things like unlock doors.

Of course if you don’t want to do the reading you could download their video presentation or just stream it.

Chalkbot Vs GraffitiWriter

For those who watched the Tour de France, you may have been pleasantly surprised to see some cool tech. Nike was using a robot to paint pictures on the street in chalk dot matrix style. It was accepted by the general public as new and innovative, as well as generally cool. In the hacker community though, a bit of trouble began to brew. The Chalkbot bears more than a passing resemblance to a project called GraffitiWriter. GraffitiWriter was a bot initially designed to protest the militarization of robotics. As it turns out, one of the early developers of the GraffitiWriter is behind the Chalkbot in a legitimate contract. The trouble doesn’t seem to be one of intellectual property legalities. People are mad at the corporatization of public work. They want kids watching to know that this system was designed by regular people in their spare time at their homes, not by a team of researches in a secret underground Nike laboratory.

The article takes a bit of a turn and talks some about the possibility of projects being taken and used for corporate advertisement. The specific item they are talking about is the Image Fulgurator which secretly projects images on objects in your photographs. You’ll have to go check that one out to see how it works.

iFob: Keyless entry

iFOB-11-M (Custom)

[Nate] hates keys. He’s gone through a lot of effort to remove them wherever possible. He has a keypad at home and a keypad at work, but he still has to carry car keys. His solution is to build a device he can carry in his pocket that will unlock the car via RF. To do this, he’s utilizing the guts of a Nike iPod puck along with an Arduino and an iPod serial board. He has managed to get this all working, but still has to carry his key to actually start the car. We know what his next project will be.

Apple tries to stop sneaker hackers

Apparently, Apple has decided that extending DRM to your Nike accessories will keep hackers at bay.  Sick of people cutting the sensors out of their Nike shoes for use on other apparell, they have applied for a patent. Ever noticed the warning that it’s illegal to pull the tag off of a mattress?  Did that stop you?

[via Slashdot]