So, you buy an Internet of Things light bulb, it’s a fun toy that allows you to bathe your environment in pretty colours at the touch of an app, but eventually you want more. You start to wonder how you might do more with it, and begin to investigate its inner workings. Then to your horror you discover that far from having bought a device with a convenient API for you to use, it has an impenetrable closed protocol that defies easy access.
This was the problem facing [Ayan Pahwa] when he bought a Syska Smartlight Rainbow LED bulb, and discovered that its Bluetooth Low Energy interface used a closed protocol. But instead of giving up, he proceeded to reverse engineer the communication between bulb and app, and his write-up makes for an interesting read that provides a basic primer on some of BLE’s workings for the uninitiated.
BLE allows a device manufacturer to define their own device service specific to their functionality alongside standard ones for common device types. Using a handy Android app from Nordic Semiconductor he was able to identify the services defined for the light bulb, but sadly they lacked any human-readable information to help him as to their purpose. He thus had to sniff BLE packets directly, and lacking dedicated hardware for this task he relied on a developer feature built into Android versions since KitKat, allowing packets to be captured and logged. By analysing the resulting packet files he was able to identify the Texas Instruments chip inside the bulb, and to deduce the sequences required to control its colours. Then he was able to use the Bluez utilities to talk directly to it, and as if by magic, his colours appeared! Take a look at the video we’ve placed below the break.
Many of us may never need to reverse engineer a BLE device. But if we are BLE novices, after reading [Ayan]’s piece we will at least have some idea of its inner workings. And that can only be a positive thing.
Want to know more about BLE? Read our Hackaday Dictionary piece on it. And if you’d like to use it, look at this tiny BLE UART, or even use an NRF24L01 module.
Love posts like these!
Nice job. Definitely going to look at this again if I buy some of those
Nice work, but what one should really do is stop buying closed interface crap like this.
Nah, break it open and share. It’s the world we want.
Very well said :D
I’m trying exactly the same thing with my new nespresso prodigio.
People get upset when IoT is riddled with security holes and people also get upset when IoT is riddled with closed source, obfuscated, proprietary inner workings. *shakes head*
Yeah. And? Things can be secure and yet well written. I even hear that well written and open source occasionally overlap
IoT devices don’t get firmware updates, so security through obscurity is their only security.
Though the real problem is that open source solutions tend to be bad solutions since they’re inevitably some combination of linux and a web server stuffed in a SoC, and the system becomes millions of times too complicated for the task – which includes the millions of obscure bugs and security holes that pop up years and years later.
Probably an open source ESP8266 will be light years ahead of anything commercial in terms of security, usefulness, and future features.
If it was, then they’d be using it.
No sense inventing the wheel twice.
Security… Obscurity… choose one.
And yes, it’s possible to be obscure and open source… just look at OpenSSL.
No reason why they can’t – there are plenty of companies trying to do it with ‘large-scale’ (ie linux) IoT devices using docker et al, and all of the big BLE vendors support (secure) OtA updates as far as I know
Is 1300 INR (apparently about 20 USD) actually a good price for this light bulb? A good price relative to the cost of living specifically where he is?
I’d say it’s a slightly on high end price tag in India not everyone would be buying it for sure, but for tech enthusiasts like me it’s cheap enough, around equals to one original Arduino Uno board :)
And then there are people who already have trouble pairing their devices
to check out a few half assed attempts to do it with nodejs ( Mansa Smartshine, reos lite and Syska rainbow led ) check out my repo
Warning, the code is in flux, and might now entirely work. But with a few fixes, it does work. ( change the ids etc ) – ill be updating it soon.
https://github.com/shreyasubale?tab=repositories