Bike Computer Exploration Uncovers a Hidden Android

As a happy side-effect of the smartphone revolution, the world is now awash with tiny computers that are incredibly cheap thanks to the nearly unfathomable volumes in which their components are manufactured. There wouldn’t be a $10 Raspberry Pi Zero if the billions of smartphones that were pumped out before it hadn’t dropped the cost of the individual components to literal pennies. That also means that smartphone hardware, or at least systems that are very close to it, have started to pop up in some unexpected places.

When [Joshua Wise] recently took ownership of a Wahoo ELEMNT BOLT bike computer, he wondered how it worked. With impressive list of features such as Internet connectivity, GPS mapping, and Bluetooth Low Energy support, he reasoned the pocket-sized device must have some pretty decent hardware under the hood. With some poking and prodding he found the device was powered by a MediaTek SoC and incredibly had a full-blown install of Android running in the background.

So how does one find out that their lowly bike computer is essentially a cleverly disguised smartphone? If you’re [Joshua], you listen to who it’s trying to talk do when doing a firmware update over the Internet. He used mitmproxy running between his Internet connection and a WiFi access point setup specifically for the BOLT, from there, he was able to see all of the servers it was connecting to. Seeing the device pull some data down from MediaTek’s servers was a pretty good indication of whose hardware was actually inside the thing, and when it ultimately downloaded some Android .apk files from the Wahoo website, it became pretty clear what operating system it was running underneath the customized user interface.

Further examination of the Bolt’s software brought to light a few troubling issues. It turned out that the firmware made extensive use of Apache-licensed code, for which no attribution was given. [Joshua] contacted the company and was eventually referred to the Wahoo’s CEO, Chip Hawkins. Refreshingly, Chip was not only very interested in getting the licensing issues sorted out, but even had some tips on hacking and modifying the device, including how to enable ADB.

Before the publication of this article, we reached out to Chip Hawkins (yes, he really does respond to emails) for a comment, and he told us that not only has he made sure that all of the open source packages used have now been properly attributed to their original authors, but that his team has been providing source code and information to those who request it. He says that he’s been proud to see owners of his products modifying them for their specific needs, and he’s happy to facilitate that in any way that he can.

Open source license compliance is a big deal in the hacking community, and we’ve seen how being on the wrong side of the GPL can lead to lost sales. It’s good to see Wahoo taking steps to make sure they comply with all applicable licences, but we’re even more impressed with their positive stance on customers exploring and modifying their products. If more companies took such an enlightened approach to hacking, we’d all be a lot better off.

[Thanks to Roman for the tip.]

Monitor Your 3D Printer with Node-RED and Tasker

Anyone with a desktop 3D printer knows that it can be a bit nerve-wracking to leave the machine alone for any extended period of time. Unfortunately, it’s often unavoidable given how long more complicated prints can take. With big prints easily stretching beyond the 20 hour mark, at some point you’re going to need to leave the house or go to sleep. We hope, anyway.

In an effort to make his time away from his printer a bit less stressful, [Mat] from NotEnoughTECH has put together a comprehensive framework for monitoring his machine on the go. After looking at existing remote monitoring solutions, he found none gave him the level of information he was after. His system collects up an incredible number of data points about the printer’s current status and pushes it all to his Android phone as a rich notification. Best of all, he’s documented the entire system in exquisite detail for anyone else who might want to follow in his footsteps.

There’s a considerable amount of hardware and software involved in this system, and getting it up and running won’t be quite as straightforward as using some of the turn-key solutions out there. Octoprint is responsible for controlling and monitoring the printer, and [Mat] is pulling data from its API using Node-RED. That data is formatted and ultimately delivered to his Android device as a notification with Tasker. On the hardware side he’s got a Sonoff POW R2 to not only turn the printer on and off but measure its energy consumption, a USB camera to provide a live view of the printer, and a couple of Raspberry Pis to run it all.

Even if you don’t have a 3D printer, or maybe just don’t leave the house to begin with, the video [Mat] has put together after the break that shows how all the elements of this system are pulled together in Node-RED is a fascinating look at the flow-based visual programming tool. Similarly, it’s a great demonstration on how Tasker can be used to add some very slick Android notifications for your project without having to commit to developing a native application for the platform.

If you like the idea of remotely monitoring your printer but aren’t ready to dive into the deep end like [Mat], there are easier options. With a Raspberry Pi running Octoprint added to your 3D printer and one of the existing mobile monitoring and control front-ends installed, you’ll be well on the way to tackling those big prints without having to pitch a tent in the lab.

Continue reading “Monitor Your 3D Printer with Node-RED and Tasker”

Immersive Augmented Reality on a Budget

By now we’ve all seen the cheap headsets that essentially stick a smartphone a few inches away from your face to function as a low-cost alternative to devices like Oculus Rift. Available for as little as a few dollars, it’s hard to beat these gadgets for experimenting with VR on a budget. But what about if you’re more interested in working with augmented reality, where rendered images are superimposed onto your real-world view rather than replacing it?

As it turns out, there are now cheap headsets to do that with your phone as well. [kvtoet] picked one of these gadgets up for $30 USD on AliExpress, and used it as a base for a more capable augmented reality experience than the headset alone is capable of. The project is in the early stages, but so far the combination of this simple headset and some hardware liberated from inexpensive Chinese smartphones looks to hold considerable promise for delivering a sub-$100 USD development platform for anyone looking to jump into this fascinating field.

On their own, these cheap augmented reality headsets simply show a reflection of your smartphone’s screen on the inside of the lenses. With specially designed applications, this effect can be used to give the wearer the impression that objects shown on the phone’s screen are actually in their field of vision. It’s a neat effect to be sure, but it doesn’t hold much in the way of practical applications. To turn this into a useful system, the phone needs to be able to see what the wearer is seeing.

To that end, [kvtoet] relocated a VKWorld S8 smartphone’s camera module onto the front of the headset. Beyond its relatively cost, this model of phone was selected because it featured a long camera ribbon cable. With the camera on the outside of the headset, an Android application was created which periodically flashes a bright LED and looks for reflections in the camera’s feed. These reflections are then used to locate objects and markers in the real world.

In the video after the break, [kvtoet] demonstrates how this technique is put to use. The phone is able to track a retroreflector laying on the couch quickly and accurately enough that it can be used to adjust the rendering of a virtual object in real time. As the headset is moved around, it gives the impression that the wearer is actually viewing a real object from different angles and distances. With such a simplistic system the effect isn’t perfect, but it’s exciting to think of the possibilities now that this sort of technology is falling into the tinkerer’s budget.

If you don’t want to go the DIY route, Leap Motion has been teasing an open source augmented reality headset which has us quite excited. We’re still waiting on the hardware, but that hasn’t stopped hackers from coming up with some fascinating AR applications in the meantime.

Continue reading “Immersive Augmented Reality on a Budget”

Play Chess Like Harry Potter

If you are a Harry Potter fan, you might remember that one of the movies showed an Isle of Lewis chess set whose pieces moved in response to a player’s voice commands. This feat has been oft replicated by hackers and [amoyag00] has a version that brings together a Raspberry Pi, Arduino, Android, and the Stockfish chess engine in case you want to play by yourself. You can see a video of the game, below.

Interestingly, the system uses Marlin — the 3D printing software — to handle motion using the Arduino. We suppose moving chess pieces over a path isn’t much different than moving a print head. It is certainly a novel use of GCode.

Continue reading “Play Chess Like Harry Potter”

Does Library Bloat Make Your Smartphone App Look Fat?

While earlier smartphones seemed to manage well enough with individual applications that only weighed in at a few megabytes, a perusal of the modern smartphone software store uncovers some positively monstrous file sizes. The fact that we’ve become accustomed to mobile applications requiring 100+ MB downloads on what’s often a metered Internet connection in only a few short years is pretty crazy if you stop to think about it.

Seeing reports that the Nest app for iOS tipped the scales at nearly 250 MB, [Alexandre Colucci] decided to investigate. On his blog he not only documents the process of taking the application apart piece by piece to find out just what’s eating up all that space, but lists some potential fixes which could shave a bit off the top. Even if you aren’t planning a spelunking expedition into your pocket supercomputer’s particular variant of the Netflix app, the methodology and tools he uses here are fascinating in their own right and might be something worth adding to your software bag of tricks.

By passing the application’s files through a disk usage visualizer called GrandPerspective, [Alexandre] immediately identified some rather large blocks of content. The bundled Apple Watch version of the app takes up 23 MB, video and audio used to walk the user through the device setup weigh in at 22 MB, and localization files for various languages consumes a surprising 33 MB. But the biggest single contributor to the application’s heft is the assorted libraries and frameworks which total up to an incredible 67 MB.

Of course the question is, how much of it is really necessary? It’s hard to be sure from an outsider’s perspective, but [Alexandre] notes that a few of the libraries used seem to be redundant or obsolete. In some cases this could be the result of old code still lurking in the project, but the four different libraries used for user tracking probably aren’t in there by accident. It also stands to reason that the instructional videos could be offloaded to something like YouTube, so that only users who need to view them have to expend their bandwidth on it.

Getting a little deeper into things, [Alexandre] notes that some of the localization images appear to be redundant. As a specific example, he points to the images of the Nest itself displaying Fahrenheit and Celsius temperatures. While logically this should only be two image files, there are actually eight copies of the Celsius image, each filed away as language-specific. These redundant localization images could easily be stripped out, but with gains measured in only a few hundred kilobytes, it probably wasn’t considered worth the effort during development.

In the end there’s really not as much bloat as we might like to believe. There were some redundant files, maybe a few questionable library inclusions, and the Apple Watch version of the app could surely be separated out. All together, it might get you a savings of 30 – 40%, but still not enough to bring it down under 100 MB.

All signs point to the fact that modern smartphone software development is just a lot more burdensome than us hackers might like. Save for projects looking to put control back into the hand’s of the users, it looks like mobile operating systems aren’t going to be slimming down anytime soon.

Hacker Pops Top On NFC Vending Machines

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines”

Reverse Engineered Media Controller From Car Is Best Friends With Android

The CAN bus is a rich vein to mine for a hacker: allowing the electronic elements of most current vehicles to be re-purposed and controlled with ease. [MikrocontrollerProjekte] has reverse engineered a CAN bus media and navigation controller and connected it to an STM32F746G-Discovery board. The STM32 is in turn connected to an Android phone, and allows the media controller to trigger a large number of functions on the phone, including music playback, maps, and general Android navigation.

When reverse engineering the controller, [MikrocontrollerProjekte] employed a variety of approaches. A small amount of information was found online, some fuzzing was done with random CAN bus IDs and messages, as well as some data logging with the device inside the car to identify message data to the relevant IDs on the bus.

The STM32F746G-Discovery board acts as a Human Interface Device (HID), emulating a mouse and keyboard connected to the Android phone via USB OTG. The LCD screen shows the output of the keystrokes and touchpad area. We’re not sure how useful the mouse-emulation would be, given that the phone has a touchscreen, but the media functions work really well, and would also make a really snazzy music controller for a PC.

We’ve covered plenty of other cool CAN bus hacks, like reverse-engineering this Peugeot 207, or this general purpose CAN sniffer.

Continue reading “Reverse Engineered Media Controller From Car Is Best Friends With Android”