It sometimes seems like there are two kinds of cheap hardware devices: those dependent on proprietary software that is no longer available and those that are equally dependent but haven’t been abandoned just quite yet. But rest assured, abandonment is always on the table, and until then, you get to deal with poorly written apps that often suffer from a crippling lack of essential functionality.
Such was the case for the wireless game camera that [Chris Jones] scored on the cheap, but rather than suffering with the original software, he decided to reverse engineer the camera and turn it into something more useful. The eBay description was promising — Bluetooth LE! WiFi! — but the reality proved less so. To save the batteries, WiFi is off by default and can only be turned on by connecting to the camera via BLE using a janky and crash-prone Android app.
[Chris]’ first step in reverse engineering the camera was to snoop into the BLE by capturing the Bluetooth packets to a file and running them through Wireshark. This revealed a write command with the text “BT_KEY_ON” — very promising. After verifying that this command turned on the camera’s access point, [Chris] got to work capturing WiFi packets using PCAPDroid and analyzing the results, again with Wireshark. Using every function available in the OEM app eventually revealed the full API on the camera, which gives file system control, access to individual images, and even putting the camera into live video mode.
Continue reading “Reverse Engineering Reveals Hidden API In Abandonware Trail Camera”
You won’t need to pack a full set of dice for your next game with this DIY Multifunctional Eink Gadget. [Sasa Karanović] brings us a fun device that combines a few essential aspects of tabletop gaming, D6, D12, and D20 dice rolling and a hero dashboard. While they have grand plans for a BLE networked future application, we admire the restraint to complete a V1 project before allowing scope-creep to run amok. Well played!
For this project, [Sasa] realized it needed to be battery powered and just choosing the right display for a battery powered application can be daunting. Even if you aren’t building this project, the video after the break includes a nice intro to electronic ink and low power microcontrollers for the uninitiated. We even see a graph of the completed board’s power draw from the button wake up, display refresh, and low power sleep. The project has some neat tips for building interaction into case design with the use of the display and a flexible bezel as integrated buttons. Continue reading “What’s Black, White, And Red On 20 Sides?”
Whether you’re making coffee or beer or complex chemicals, weighing your ingredients carefully and tracking them is key to getting good results. [Tech Dregs] decided to build a logging scale that would work seamlessly with his smartphone, and shared the design on YouTube.
The design begins with a Greater Goods manual electronic scale, which was chosen for its convenient design and 750 gram load cell. Once cracked open, [Tech Dregs] pulled out the original PCB to replace it with his own. Only the original buttons are used, with an Seed Xiao ESP32-C3 replacing the scale’s original brains. The original LCD screen was swapped out for an OLED display, and it also got a rechargeable lithium battery for better usability.
The real value of the project, though, is its communication capability. It’s able to talk to an Android smartphone over Bluetooth Low Energy. Thanks to a custom app, [Tech Dregs] is able to log weight readings from the scale over time and even graph them live on the smartphone. As a demonstration, the scale is used to log the weight of a cup as it fills with a shot of coffee, which should serve [Tech Dregs] well in his coffee automation projects.
We’ve seen bathroom scales hacked before, too, with similar connectivity upgrades.
Continue reading “The BLE Datalogging Scale Of A Thousand Uses”
As the saying goes, there’s no lock that can’t be picked, much like there’s no networked computer that can’t be accessed. It’s usually a continual arms race between attackers and defenders — but for some modern passenger vehicles, which are essentially highly mobile computers now, the defenders seem to be asleep at the wheel. The computing systems that control these cars can be relatively easy to break into thanks to manufacturers’ insistence on using wireless technology to unlock or activate them.
This particular vulnerability involves the use of a piece of software called gattacker which exploits vulnerabilities in Bluetooth Low Energy (BLE), a common protocol not only for IoT devices but also to interface a driver’s smartphone or other wireless key with the vehicle’s security system. By using a man-in-the-middle attack the protocol between the phone and the car can be duplicated and the doors unlocked. Not only that, but this can be done without being physically close to the car as long as a network of some sort is available.
[Kevin2600] successfully performed these attacks on a Tesla Model 3 and a few other vehicles using the seven-year-old gattacker software and methods first discovered by security researcher [Martin Herfurt]. Some other vehicles seem to have patched these vulnerabilities as well, and [Kevin2600] didn’t have universal success with every vehicle, but it does remind us of some other vehicle-based attacks we’ve seen before.
It’s getting harder and harder to think of a modern premium-level appliance that doesn’t come with some level of Internet connectivity. These days it seems all but the cheapest refrigerators, air purifiers, and microwaves include wireless capabilities — unfortunately they’re often poorly implemented or behind a proprietary system. [Matt] recently purchased a high-end coffee maker with Bluetooth functionality which turned out to be nearly useless, and set to work reverse-engineering his coffee maker and adapting it to work by sending commands from GitHub.
Since the wireless connectivity and app for this coffee maker was so buggy and unreliable, [Matt] first needed to get deep into the weeds on Bluetooth Low Energy (BTLE). After sniffing traffic and identifying the coffee maker, he set about building an interface for it in Rust. Once he is able to send commands to it, the next step was to integrate it with GitHub, so that filing issues on the GitHub interface sends the commands from a nearby computer over Bluetooth to the coffee maker, with much more reliability than the coffee maker came with originally.
Using [Matt]’s methods, anyone stuck with one of these coffee makers, a Delonghi Dinamica Plus, should be able to reactivate the use of its wireless functionality. While we’d hope that anyone selling a premium product like this would take a tiny amount of time and make sure that the extra features actually work, this low bar seems to be oddly common for companies to surmount. But it’s not required to pick up an expensive machine like this just to remotely brew a cup of coffee. You can do that pretty easily with a non-luxury coffee maker and some basic wireless hardware.
There are plenty of problems that are easy for humans to solve, but are almost impossibly difficult for computers. Even though it seems that with modern computing power being what it is we should be able to solve a lot of these problems, things like identifying objects in images remains fairly difficult. Similarly, identifying specific sounds within audio samples remains problematic, and as [Eivind] found, is holding up a lot of medical research to boot. To solve one specific problem he created a system for counting coughs of medical patients.
This was built with the idea of helping people with chronic obstructive pulmonary disease (COPD). Most of the existing methods for studying the disease and treating patients with it involves manually counting the number of coughs on an audio recording. While there are some software solutions to this problem to save some time, this device seeks to identify coughs in real time as they happen. It does this by training a model using tinyML to identify coughs and reject cough-like sounds. Everything runs on an Arduino Nano with BLE for communication.
While the only data the model has been trained on are sounds from [Eivind], the existing prototypes do seem to show promise. With more sound data this could be a powerful tool for patients with this disease. And, even though this uses machine learning on a small platform, we have seen before that Arudinos are plenty capable of being effective machine learning solutions with the right tools on board.
[Daniel Dakhno] kept ending up in a situation where the ability to read the status of, or control a few digital IO pins with minimal effort, would be terribly useful. Not wanting to keep compiling code, for such simple needs, they instead used a nRF51-based module as a physical interface and produced a general purpose firmware that could be configured with a simple web interface. The NRF51-IO-module was born, whose job is to pair with whatever device you have in front of you, provided it supports BLE, and give direct access to those IO pins.
Rather than acting as a rather slow logic analyser, the firmware is intended for mostly static configurations. The web application sends a configuration packet over to the nRF51 board, which then programs it into FLASH and restarts, reading the updated configuration and applying it to the IO pins. These outputs then persist as long as there is power. The read-side of the equation can also be performed via the web page, but we didn’t have a chance to verify that. The code implements the Bluetooth automation IO service as well as the binary sensor service so if you have access to applications that talk these services, then you should be able to fire it up and go with it, although we’ve not personally tested this due to lack of an nRF51 board. We noticed that the Home Assistant automation platform supports the BT binary sensor, which might be a big help for some people with a need for some wireless control and sensing.
If you need a practical example of a use for remote sensing, here’s a physical mailbox status monitor, using the nRF51. Whilst we’re thinking of Bluetooth and sensors, here’s a custom firmware for some super cheap environment sensors that frees them from vendor lock-in.
Header image: Ubahnverleih, CC0.