[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.
[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.
After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.
Just Do It!
Nike is world world renowned for their security, unfortunately it is only for grip in their runners. It is like as an after thought they decided to add some security, not good security, but some. Good security starts day one of design, not something that is bolted on at the eleventh hour. – https://xkcd.com/221/
Why would you care about security for a device like this anyway? A regular user won’t care and anyone looking to get more out of it will be happy. Unless Nike starts selling hardware equivalent versions with moar features.
This is a major problem. Someone could forge data and make the president of the united states not get a proper workout… Pure evil..
At first, I was unimpressed. I mean it’s a good hack, but what can you do with a fuel band? Then I looked up what the fuel band does: it stays permanently synced to your phone. Seems like it might be a way to get past some of the security on someone’s phone or laptop.
I don’t care if it’s just a Nike fuelband or whatever. A hack is a hack, and the concepts exposed are always useful
“The authenticator requires the connecting device to know both a pin code and a nonce”.
A nonce! Why would the connecting device have to know a paedophile?
Excelente, tengo una y quiero empezar a jugar
Now that the firmware can be replaced, the fuel band can be made into something useful.
Now since the nike fuel band services are shut down, is there any way to setup a factory reseted nike fuel band? Mine is not starting up after i have done a factory reset.
No, there isn’t. I know of a software developer who was working on a fix for dumping the data to PC, but no updates from him in months.
Why did Nike quit the setup function?
Are you crazy about not being able to do anything that has been initialized?
I bought a fuel band off ebay that has been factory reset. Of course now that I know Nike connect has been abandoned, its pretty much useless unless I can figure out how to set it up. Am I just screwed?
just want to use the watch as a watch
Me too, I just liked it as a watch! Any look?