[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.
[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.
After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.
Runners that wear shoes with the Nike+ system can upload GPS data about their runs to the proprietary website. If you’ve been using this for a while you may be reluctant to switch to another service that works with the hardware because you don’t want to lose the historical data. Faced with this issue, [Robert Kosara] developed some software that can scrape Nike+ data. Not only did he write the code, but he also threw up a website that shows how well it works. EagerFeet lets you copy and paste your Nike+ ID for mapping on Google Maps.
Data is scraped from Nike+ and assembled as GPX files, which are backups of GPS data. From there you can use it for whatever you like. Since the code is available in a Git repository it’s easy to depend on it with your own projects, and still get updates if the scraping system needs to be changed in the future. Even if you don’t want to use the GPX files in your own projects, they can be imported on some third party exercise tracking sites if that’s what you’re interested in.
Of course you could try to pull the data straight off of your iPod.
[Thomas] found a paper from 2006 that describes using the Nike + iPod system as inexpensive tracking devices. Yep, it’s old as dirt but we think it’s fascinating reading! [Scott Saponas] and his fellow authors take a hard look at the lack of security in the system in a twelve-page PDF. They cover several different ways to capture and track one of the $29 tags in someone’s shoe, including using the Gumstix reader above, or a slightly modified 3G iPod. If the sensors are not removed or manually switched off when not in use they can be picked up by any RF reader within range. Because the tags are cheap and available, one could be planted on an unsuspecting victim James-Bond-style. Maybe this is what prompted Apple’s half-hearted attempt to restrict hacking the devices to do things like unlock doors.
Of course if you don’t want to do the reading you could download their video presentation or just stream it.
For those who watched the Tour de France, you may have been pleasantly surprised to see some cool tech. Nike was using a robot to paint pictures on the street in chalk dot matrix style. It was accepted by the general public as new and innovative, as well as generally cool. In the hacker community though, a bit of trouble began to brew. The Chalkbot bears more than a passing resemblance to a project called GraffitiWriter. GraffitiWriter was a bot initially designed to protest the militarization of robotics. As it turns out, one of the early developers of the GraffitiWriter is behind the Chalkbot in a legitimate contract. The trouble doesn’t seem to be one of intellectual property legalities. People are mad at the corporatization of public work. They want kids watching to know that this system was designed by regular people in their spare time at their homes, not by a team of researches in a secret underground Nike laboratory.
The article takes a bit of a turn and talks some about the possibility of projects being taken and used for corporate advertisement. The specific item they are talking about is the Image Fulgurator which secretly projects images on objects in your photographs. You’ll have to go check that one out to see how it works.
[Nate] hates keys. He’s gone through a lot of effort to remove them wherever possible. He has a keypad at home and a keypad at work, but he still has to carry car keys. His solution is to build a device he can carry in his pocket that will unlock the car via RF. To do this, he’s utilizing the guts of a Nike iPod puck along with an Arduino and an iPod serial board. He has managed to get this all working, but still has to carry his key to actually start the car. We know what his next project will be.
Apparently, Apple has decided that extending DRM to your Nike accessories will keep hackers at bay. Sick of people cutting the sensors out of their Nike shoes for use on other apparell, they have applied for a patent. Ever noticed the warning that it’s illegal to pull the tag off of a mattress? Did that stop you?