Supercon 2023: Reverse Engineering Commercial Coffee Machines

There was a time when a coffee vending machine was a relatively straightforward affair, with a basic microcontroller doing not much more than the mechanical sequencer it replaced. A modern machine by contrast has 21st century computing power, with touch screens, a full-fat operating system, and a touch screen interface. At Hackaday Supercon 2023, [Kuba Tyszko] shared his adventures in the world of coffee, after reverse engineering a couple of high-end dispensing machines. Sadly he doesn’t reveal the manufacturer, but we’re sure readers will be able to fill in the gaps.

Under the hood is a PC running a Linux distro from a CF card. Surprisingly the distros in question were Slax and Lubuntu, and could quite easily be investigated. The coffee machine software was a Java app, which seems to us strangely appropriate, and it communicated to the coffee machine hardware via a serial port. It’s a tale of relatively straightforward PC reverse engineering, during which he found that the machine isn’t a coffee spy as its only communication with its mothership is an XML status report.

In a way what seems almost surprising is how relatively straightforward and ordinary this machine is. We’re used to quirky embedded platforms with everything far more locked down than this. Meanwhile if hacking vending machines is your thing, you can find a few previous stories on the topic.

15 thoughts on “Supercon 2023: Reverse Engineering Commercial Coffee Machines

  1. The most fascinating thing about coffee vending machines is that the brown fluid that comes out can still be legally called “coffee”, even in countries with a rich coffee tradition like Austria or Italy.

    1. The ones in gas stations with whole-bean hoppers on top have an LTE connection. They download the hopper config and firmware updates, and upload metrics.

      If they’re serviced by an outside company, then I wouldn’t be surprised if they have a similar setup. Having a machine make its own service call seems like an ante to play, now.

    2. We have one at work. I took the opportunity when it was open for replenishment to look around a bit. “Yes” to the networking (cellular) and very programmable. Coffee is not bad, it’s a drip/filter arrangement, fresh ground from beans, with a roll of filter medium which does double duty to transport the used grounds to the waste hopper. The only thing unpleasant about it is the powedered “milk”. Ours was made by a Canadian company and there were details including a servide manual on the web. We did not check to see if the service password had been changed from the default.

    3. The ones I played with had wifi and ethernet, I strongly recommend intercepting the packets and taking a peek at what they do. In my case it was simply reporting status, but there IS possibility of expanded service where the machine might contact a remote server reporting on ingredient levels or even more…

  2. Slax Linux
    Man that’s a name I haven’t seen in some time. It was like 230MB ISO back when I played around with it in ~2009 or so. It always crashed after like 30 minutes of running for some reason, no idea why.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.