Hacking a Fitness Tracker

When [rbaron] started a new job, he got a goodie bag. The contents included a cheap fitness tracker bracelet that used Bluetooth LE. Since this is Hackaday, you can probably guess what happened next: hacking ensued.

For something cheap enough to give away, [rbaron] claims it cost $10, the device has quite a bit in it. In the very tiny package, there is an OLED display, a battery, a vibration motor, and a Nordic 32-bit ARM with BLE. The FCC ID was key to identifying the device. Opening the case, which was glued down, was pretty difficult, but doable with a hair dryer and a knife.

Obligingly, the PC board had pads for the serial wire debug (SWD) protocol. This is probably for programming and testing in production, but [rbaron] likes to think it was some unknown engineer’s gift to us hackers.

Once you have the debugger working, the rest is just sweat work. However, the post details a lot about how to manipulate the hardware, including driving the OLED and using Arduino code thanks to the arduino-nRF5 project. He even adapted the Adafruit OLED library to work with the wrist band’s quirky display.

If you have a similar fitness tracker, this post takes care of a lot of the legwork. If you have something else, the process is illustrative of how you can start with something as simple as an FCC ID and wind up with total control of the device. Of course, that isn’t always possible depending on what’s inside and how it is locked up or obscured, but — especially these days — your chances of finding some commodity part inside that you can access is higher than its ever been.

Fitness band hacks are pretty popular lately. It is interesting to contrast the design choices made by different companies.

18 thoughts on “Hacking a Fitness Tracker

  1. SWD ports are almost always left in cheap devices because removing them requires changes to design and typically once those devices are good enough, they are pushed out to clients. Then after some clients test them (skimping on beta testers, because they cost too) engineers fix problems in firmware and new firmware is uploaded in factory through those ports. Often manufacturer will make big batch of devices and then program them in factory with alternative firmware for each of several customers (branding). It’s just too convenient to leave those ports.

    1. I was wondering that too!
      If they are using them to track employee health, I think [rbaron] should be their first employee to record a million steps in a day! B^)
      But I can also see the company using it to monitor how long the wearer is in the restroom, break room, or outside smoking…

      1. 1) Although it could be done, I suspect many employers will just give such a device to their personnel to increase awareness of health and moving around as opposed to tracking individual employees.

        2) When it does track employee activity, it would be fun to simulate: at 5pm, users starts running increasing the pace to 10mph over half an hour, and keeps that pace until 9AM next morning.

        Or a little more realistically: gets up at 6AM, moves about a little (record getting up and grabbing breakfast) leaves home at 7 AM, runs at just over 12mph for two hours and turns up at work at 9. And after 5PM runs 2 hours (a marathon) before grabbing dinner…. :-)

    2. A lot of companies have fitness-related perks, e.g. my father’s company bought him a Samsung watch on the basis of it being a fitness tracker. I would make the less pessimistic assumption that they have a vested interest in keeping their employees fit and healthy, both to keep them happy and to cut down on medical leave and insurance costs.

    3. Something this basic isn’t capable of tracking location without a lot of assistance from outside. There’s no GPS receiver, no gyroscope, just a cheap accelerometer. Without orientation knowledge, you can’t even do inertial navigation.

      The only way for this thing to know where it is would be the BLE radio, which could log the visibility and RSSI of other BLE devices. Setting that up to do location tracking is a lot more trouble than most people are willing to go through, and you still only get position to maybe 5 or 10 meters on a good day.

      If you want to track people, get them to install something on their phones. Those are far, far better tracking devices.

    4. The story of ’employee wellness’ programs is not a happy one. It sounds a lot nicer than “‘consent’ to whatever tracking collar our program has settled on or pay sharply more for health insurance”; but the meaning is the same.

  2. Nice in depth article, really enjoyed seeing [rbaron]’s train of thought on things. I liked how he did some good old trial and error to find out what each analog pin did in regards to input. I bookmarked his site and hoping to see more awesome content like this!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.