HackIt: Sony Invites You To Hack Its SmartWatch Firmware


This is Sony’s smart watch, which has been around for a while now. It’s designed for use with your Android phone, and has always included an SDK that allows app developers to interact with it. But now Sony is taking it one big step further. They’ve published everything you need to know to hack your own firmware for the SmartWatch.

The navigation scheme for that articles includes five menu items at the bottom which you’ll want to dig through. The most interesting to us was the one labeled “SmartWatch hacker guide”. It lays bare the hardware used in the watch and how it’s peripheral component connect to each other. This starts with the STM32 (ARM) microcontroller that drives the watch. It goes on to document how the screen is addressed (SPI1) including the pin to turn it on and off. The same goes for the Bluetooth, accelerometer, buzzer, and touch sensors.

Firmware is updated via USB using Device Firmware Upgrade (DFU) mode. We don’t don’t see any way to connect an on-chip debugger. We searched to see if there is a JTAG port on the circuit board and it sounds like getting the watch apart without breaking it is pretty tough.

Now that you don’t need to stick to what Sony had planned for the device, what do you want to do with your strapless wristwatch?

[Thanks Brian]

63 thoughts on “HackIt: Sony Invites You To Hack Its SmartWatch Firmware

          1. I want the specs to the chip. its pinout. what custom firmware i need to load on it. how to. what vendor specific hci commands it needs/has. what custom sleep power modes it has. hwo to change the baudrate of the hci uart. etc….

            I’ve written BT stacks before. No chip is compliant with the spec, and thus without a datasheet the chances of getting one to work are very slim.

          2. Off topic, but what is a good bluetooth chip with all of that documentation? I’ve been trying to build a small device (power concerns) and every chip+antenna blob I’ve found has crap for documentation. Imaging profile would be a plus!

    1. Here’s my serious reply, and I see what you mean. If they wanted to see what the hacker community can do then they should have given all the information. So do we take it as:

      1)They were just doing a PR stunt to generate more sales to a market they have scorned.

      2)They gave out just what was needed for others to create a alternate use for this device.

      1. sorry #2 should have said:
        They gave out just what was needed for others to create a alternate use for this device to generate more sales but sales that are geared to DIY/Hackers

      2. They didn’t make the BT chipset; they may not legally have the right to redistribute the documentation.

        They also say they are working with Arduino on making an open toolchain to target this device. If that’s a PR stunt, then give me more PR stunts.

      3. The people who reverse-engineered the various consoles to write emulators, and make add-on devices, didn’t even have this luxury! They usually start off working through disassembled code, uncommented, then try firing a few bytes off to some addresses to see what happens. After a while comes N64 emulators, the Heath-Robinson system for cracking the Nintendo DS (involving custom Wifi messing), and obscure systems like the Radofin worked out from pretty-much first principles.

        So what I’m saying is, could be worse! It’d take a smarter chap than me to reverse-engineer like that, but there are a few very smart chaps out there.

        People port Linux to systems with less information. And Rockbox, and all the rest. So while Sony could be more helpful, it’s enough for a start. It’d be nice if there was some sort of OS in there, but maybe you have to provide that yourself too. It can be done, if people care. I’ve wanted a smart watch for ages, so far nothing’s had all the features I wanted. So far…!

        Hopefully the price’ll drop a bit. I’m tempted by the $20 previous model of this watch that’s all over Ebay.

        1. Quote: “So while Sony could be more helpful, it’s enough for a start.”

          But $ony has established a precedent of “starting” something and then reversing and locking out any future attempts to alter their products…

          1. People need to get over the whole PS3 thing… They had their reasons for doing it, and no matter how much people bitch and complain about it, they won’t go back. Sony at least gives you the option, very few manufacturers can say the same.

          2. In this case, would it matter? You’ve got your watch, you control any updates. In the PS3 case, updates came packaged along with game software people wanted to play. The worst they could do is somehow break future watches to no longer be compatible, so you’d be limited to sharing your work with owners of the present-day model.

            But I don’t think they’re gonna do that. I *do* think they’ve made another failure of a smart watch, in their eyes, and they’re trying to sell them to anybody who’ll have one. If giving out some info that doesn’t cost them anything sells them 2 extra watches, they’re in profit.

            You call them “$ony” as if it’s a secret they’re a bunch of greedy capitalists. That’s their job! The motives of maximising profit are the opposite of those of being good human beings.

            If you just want to “punish” Sony, fine. But as far as “ethical capitalism” goes I’d start off with Nestle and their babymilk capers in the third world, or Monsanto for flirting with extinction. Or Wal-Mart or Nike or a hundred other bunches of douchebags. Name me a big company that isn’t evil. Now Google’s dodging taxes, and they were the last one I had any hope for.

    2. Just because a sub-component made by another manufacturer isn’t open doesn’t mean the rest isn’t. I’m sorry you didn’t get everything you wanted, but that’s no reason to bitch at Sony. (there’s plenty of other reasons to bitch at them, this just isn’t one of them.)

      And have you even tried contacting STEricsson to see what is involved in getting the information you want?

      1. I write embedded software for a living, so yes, I know exactly how much this makes their information disclosure useless. When you cannot use the only means of communications in a device, the device is no longer a “smart connected device”. And yes, i sent an email to STEricsson. I was told that they’d love to talk to me when I am willing to order a few hundred thousand devices.

      1. I never thought about a watch like that, I looked at it the other way. I stopped wearing watches though because it felt constraining and I broke them many times working on projects and forgot to take it off. I might try wearing a “Smart Watch”(I hate the term smart…something, it implies like its predecessor is dumb/average. I’d have to do a lot of research to build a mechanical watch)

        1. No speaker, no headphone jack. buzzer is a tiny vibrating motor. batt life is pretty awful, screen is barely readable in daylight (let alone direct sun). charging cable is awkward, finnicky and unreliable. Yes, i got stung for one. Great idea, awful implementation. They are doing this as it’s the only thing that could make the watches worth it. There are some cool applets written for it but ppl on google play want to charge the earth for them and they are not worth it.

  1. Save your money and just get the $25.00 MN800. Same hackability lol. Actually more. Got one to monkey with from a friend and ended up tinkering a bit for the wife’s phone. There has been a good bit done since the watch’s release and the BT disconnect has been fixed to a point. YMMV as far as usefulness, but I have only peeked at one bit of code for this. In the end, the MN800 was poorly designed and even more poorly implemented (NOT water resistant at all, usb under strap edge, batt life for some users, and BT stack that requires root to function properly.). She mainly uses it to get updates at work or clips it on her messenger bag so she doesn’t have to dig for the phone when it buzzes. It will be interesting to see what comes out of this. Perhaps someone will put a rootkit on it and make it a real sony stinker lol.

  2. http://www.amazon.com/Sony-Ericsson-LiveView-Bluetooth-Android-Based/dp/B004WJURQ2/ref=sr_1_1?s=wireless&ie=UTF8&qid=1371247158&sr=1-1&keywords=sony+mn800
    The lesser, cheaper model. Either way you are better off than with a pebble. Actually there was some article about the top 5 smartwatches that will talk ya out of most of them. I was tempted by the “mega super all in one cellphone watch android bluetooth” things for 80 bux as that is really the whole thing there on your wrist. Anyone ever got one of these Shinzen super watches? Do those things work?

    1. I looked at those, it’s AMAZING how cheap they are! I think (tho I hope not!) you’re mistaken about Android tho. Some claim to offer Java. I’d love a little Java watchlet, wouldn’t care about the phone functions.

      1. I looked back at it and indeed you are correct that it is java. There are some that claim to be android 2.2 but then it says nothing about the gsm on those so it is an either/or situation like you said. Thanks for clearing that up :)
        I wanted to pop it open and fix the bt antenna problem. After a long night of various rabbit holes and forums and youtube vids and fake roms I found that a simple app fixes the bt issue and doesn’t even require root (wife didn’t want her shiny phone messed up). I suppose I will probably crack it open at some point or she will lol. Think of the Goonies when they hand the map to chunk “3.2.1..” so it probably won’t be long ;)
        The main guy that was working on the mn800 moved up to the featured watch and was writing for that so there may be a plethora of apps for it.

        HaD Admins: Sorry about the massive pic. You can remove it. I only meant to post the amazon link and apologize for the mess. Thanks for being cool.

  3. I’m definitely conflicted by this, Sony has proven to dislike the hacking of their products that we buy and own. The only Sony product I own is a PS3 and we know what happened with that (still pissed at the rootkits on CD’s, they can hack us but hate it when it happens to them). I’m tempted to buy the watch and try, and if it’s just to promote this way of thinking in hopes that Sony will see that it can up sales by supporting DIY/Hackers…

    They do make good physical products it’s their respect of their consumers that I question. Could this be a start of a new Sony or a lame attempt at regaining trust in lost consumers.

        1. As someone mentioned on another article, Sony’s a big company with many constituent parts, that operate largely independently. In this case the mobile phone division’s ended up with another white elephant they’re desperately trying to recoup their losses on, so why not release a bit of code and palm them off on the hackers?

          I wonder how much code is in the official software? A real OS or just some basic BIOS? Or maybe just nothing, with the apps accessing the hardware closely? Guess I’m gonna go look.

    1. To be honest, Sony Mobile ist gaining a big chunk of trust since some time now. They provide the community with source code and the ability to unlock their bootloaders. So if a nexus doesn’t cut it for you (because of no removable battery, SD slot or countless other things), Sony is a viable alternative.
      After a lot of hate from me for Sony for years, I just bought a tablet from them…

      1. It’s an excellent point and I would take it as, businesses change to make profit and if things that are easy to re-purpose makes you money then shift your focus on that…still a little hesitant about Sony.

        Which tablet did you buy, out of curiosity.

    2. The various Sony business units are separate from each other. They’re just all under the main Sony banner. The SmartWatch is part of Sony Mobile Communications and has nothing to do with Sony Computer Entertainment who do the Playstation with the silly kneejerk removal of OtherOS and Sony Music Entertainment + Sony Pictures Entertainment who do the strongarm DMCA takedowns + DRM + rootkits. Their laptops and TVs are from Sony Electronics and they’ve got loads of divisions as well which do really varied stuff as the norm for massive Japanese conglomerates.

      As Mathias said, Sony Mobile are pretty good with engaging with the developer community. They’ve actually devoted staff to help with third party firmware development.

      1. Not only that, there are individual *people* within the various business units, just all under the same corporate name. Some of them are highly trustworthy and generally nice people, not at all worthy of the kneejerk reaction to SONY DMCA takedowns + DRM + rootkits.

        Cut them some slack! Not everyone at SONY is a dick, boycotting them would hurt all the likeable individuals as well.

        Sheesh. Give me a break.

    3. I’m still wondering why nobody went to jail over Sony’s rootkits. It’s much worse than the stuff people like Weev have been imprisoned for.

      Well, I’m not really wondering. Obviously being rich and a big corporation makes the law optional nowadays. I’m just pissed off about it.

  4. Really, is there any hw/sw info on MN800? This seems to be an older version of this device branded with SE logo.

  5. A few weeks with my Pebble and I absolutely love it. The design beats the contenders. It really does get 1 week per charge. Most importantly it is what it isn’t. It’s basic. Shoe me the text, the call, the email. No need for swiping, for playing music or a color LCD screen. I’ll use my phone for that.

    Plus, the Pebble SDK is still in alpha and I’ve seen a number of neat apps out there. I’m still waiting for one to vibrate my texts to me in mores code so I don’t have to look down in meetings.

    Now if only Pebble was down around a more appropriate $60-70 price point.

  6. I would touch one but I lent my 20′ pole to someone for the weekend.

    Then again, what if someone with integrity and good standing saw me with a Sony product and then ascociated me with a Sony product!

    Just as well stay well away from it.


  7. STM32 you say???
    isnt that ALREADY partailly-beta made to work in arduino by now?
    (i mean STM32 librarys for arduino)

    mmm i smell something good
    bluetooth you say? I2C display?
    hmm, makes me think about many things that can
    be done in addition from duplicating existing sony functionally

    PS: does it have a mic or at least speaker?
    just think: “dude, my watch is a bluetooth bell102 modem” XD
    maybe even dumping onto the screen simultaneously :)

    1. It’s exactly ppl like George Hotz that make me confused about where Sony is coming from! He hacked, they sued, settled and stopped him from publishing anything about Sony in future. Now they actively encourage us to hack their shitty functionless device whilst they boycott hacking the bigger, more profitable products! Make your fucking mind up Sony! Which is it? Where’s the line? When (IF!?!?) the Smartwatch gets hacked and made useful/profitable will they then say we can’t hack it anymore? Surely it should all be ok or none of it is!


  8. Sony seems to be heading in the right direction lately.

    I still won’t trust or like them for another 5 years at least though, but maybe if they keep it up that long I mellow out towards them.

    1. I don’t own any Sony stuff. And in Geohot’s honour I’ll only get one of these when they go on sale at less than it cost to make them. Like the previous model.

    1. Not sure on this. I see it as them saying “Okay, our watch is somewhat useful but not selling enough. It needs further use, what else can it do?” Instead of hiring a thinktank to revisit it’s capabilities, they put it out to the public.
      What I DO envision is if a sequel to it is in the works, some of whatever coolness that is created by this little offering just might see life as an official “app” on the next new version without any compensation to the hacker/group that created it on this existing version..

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.