ble

85 Articles

Cycling Cadence Display With ESP32

March 2, 2021 by 9 Comments

Terry Pratchett once said “Wisdom comes from experience. Experience is often a result of lack of wisdom.” This is as true with technical skills as it is with the rest of life, and you won’t truly understand a specific topic unless you’ve struggled with it a bit. [publidave] wanted a simple wireless display for a bluetooth cycling cadence sensor, and soon found himself deep down the rabbit hole of Micropython and Bluetooth Low Energy on the ESP32.

[publidave] had converted his bicycle for indoor training during lockdown and winter, and realized he can’t use the guided training app and view his cadence simultaneously, so he needed a dedicated cadence display. Since [publidave] was comfortable with Python, he decided to give Micropython on the ESP32 ago. Bluetooth Low Energy can be rather confusing if you haven’t implemented it before, especially if good examples are hard to come by. In short, the ESP32 needs to find the sensor, connect to it, select the right service, and listen for the notifications containing the data. The data is then converted to RPM and displayed on a small OLED display. [publidave] does an excellent job of describing what exactly he did, highlighting the problems he encountered, and how he solved them.

In the end, he had a functional display, a good idea of what he would do differently next time, and a lot of additional knowledge and understanding. In our book that’s a successful project.

Since so much of the health related devices work with Bluetooth Low Energy, it could be handy to know the technology and how to interface with it. It would allow you to do things like unbrick a $2000 exercise bike,

Custom Firmware For Cheap Bluetooth Thermometers

November 17, 2020 by 52 Comments

The Xiaomi LYWSD03MMC temperature and humidity sensor is ridiculously cheap. If you’re buying a few at a time, you can expect to pay as little as $5 USD a pop for these handy Bluetooth Low Energy environmental sensors. Unfortunately, that low price tag comes with a bit of a catch: you can only read the data with the official Xiaomi smartphone application or by linking it to one of the company’s smart home hubs. Or at least, that used to be the case.

Over the past year, [Aaron Christophel] has been working on a replacement firmware for these Xiomi sensors that unlocks the data so you can use it however you see fit. In addition, it allows the user to tweak various features and settings that were previously unavailable. For example, you can disable the little ASCII-art smiley face that usually shows on the LCD to indicate the relative comfort level of the room.

The new firmware publishes the temperature, humidity, and battery level every minute through a BLE advertisement broadcast. In other words, that means client devices can read data from the sensor without having to be paired. Scraping this data is quite simple, and the GitHub page includes a breakdown of what each byte in the broadcast message means. Avoiding direct connections not only makes it easier to quickly read the values from multiple thermometers, but should keep the device’s CR2032 battery going for longer.

But perhaps the most impressive part of this project is how you get the custom firmware installed. You don’t need to crack the case or solder up a programmer. Just load the flasher page on a computer and browser combo that supports Web Bluetooth (a smartphone is probably the best bet), point it to the MAC address of the thermometer you want to flash, and hit the button. [Aaron] is no stranger to developing user-friendly OTA installers for his firmware projects, but even for him, it’s quite impressive.

Continue reading “Custom Firmware For Cheap Bluetooth Thermometers”

Page-Turning Pedal Is Pretty Boss

October 16, 2020 by 2 Comments

Buying things to make your life easier certainly has its therapeutic joys, but if you really wanna feel good, you gotta make the thing yourself whenever possible. [Bjørn Brandal] happened to have a two-switch BOSS pedal just lying around, so it made sense to turn it into a wireless page turner for reading sheet music.

As [Bjørn] says, the circuit is simple — just two 1/4″ TRS jacks and an ItsyBitsy nRF52840 Express. The jacks are used to connect to the pedal outputs to the ItsyBitsy, which sends keystrokes over BLE.

The cool thing about this pedal is that it can work with a bunch of programs, like forScore, Abelton Live, Garage Band, and more. The different modes are accessed by holding down both pedals, and there’s confirmation via blinking LED and buzzing buzzer.

Our favorite part has to be the DIY light guide [Bjørn] that bends the ItsyBitsy’s RGB LED 90° and points it out the front of the enclosure. Nicely done!

Don’t play anything but the computer keyboard? Put those feet to work with shortcuts behind giant arcade buttons.

A Deep Dive Into The Sterzo Steering Plate

September 11, 2020 by 15 Comments

Pedaling in place isn’t the most exciting pastime, so it’s no surprise that modern technology is being used to make the in-home biking experience a bit more interactive. With a stand on the rear wheel providing resistance, and a movable steering plate under the front to read the handlebar angle, you can now use your standard bike as the “controller” in a virtual environment provided by software such as Zwift.

Paving the way towards a DIY Sterzo clone

[Keith Wakeham] wanted to take a closer look at how Zwift communicated with his Sterzo steering device, and it turned into a pretty epic bout of exploration and reverse engineering. As the video after the break shows, he didn’t just go from sniffing the device’s proprietary Bluetooth Low Energy (BLE) communications protocol to figuring out how to emulate it in software so you could roll your own Zwift peripheral. He also tore the device apart, pulled the firmware from its microcontroller, and postulated how you could build your own low-cost clone device that would work with the existing software.

Even if you have absolutely zero interest in virtual biking, the video [Keith] has put together for this project is really a must watch. Have you ever wanted to sniff and reverse engineer BLE communications? Looking for a real-world example of pulling the firmware off of a consumer device? Maybe in the market for some tips on how to identify unknown ICs on a board? All of that, and quite a bit more, is covered in this nearly hour long hacking tour de force.

On the other hand, if you are interested in adding your own hardware to Zwift, then this look at getting an unsupported stationary bike working with it should be useful.

Continue reading “A Deep Dive Into The Sterzo Steering Plate”

This Week In Security: Bluetooth Hacking, NEC Phones, And Malicious Tor Nodes

August 21, 2020 by 4 Comments

One of the fun things about vulnerability research is that there are so many places for bugs to hide. Modern devices have multiple processors, bits of radio hardware, and millions of lines of code. When [Veronica Kovah] of Dark Mentor LLC decided to start vulnerability research on the Bluetooth Low Energy protocol, she opted to target the link layer itself, rather than the code stack running as part of the main OS. What’s interesting is that the link layer has to process data before any authentication is performed, so if a vulnerability is found here, it’s guaranteed to be pre-authentication. Also of interest, many different devices are likely to share the same BLE chipset, meaning these vulnerabilities will show up on many different devices. [Veronica] shares some great info on how to get started, as well as the details on the vulnerabilities she found, in the PDF whitepaper. (Just a quick note, this link isn’t to the raw PDF, but pulls up a GitHub PDF viewer.) There is also a video presentation of the findings, if that’s more your speed.

The first vuln we’ll look at is CVE-2019-15948, which affects a handful of Texas Instruments BT/BLE chips. The problem is in how BLE advertisement packets are handled. An advertisement packet should always contain a data length of at least six bytes, which is reserved for the sending device address. Part of the packet parsing process is to subtract six from the packet length and do a memcpy using that value as the length. A malicious packet can have a length of less than six, and the result is that the copy length integer underflows, becoming a large value, and overwriting the current stack. To actually turn this into an exploit, a pair of data packets are sent repeatedly, to put malicious code in the place where program execution will jump to.

The second vulnerability of note, CVE-2020-15531 targets a Silicon Labs BLE chip, and uses malformed extended advertisement packets to trigger a buffer overflow. Specifically, the sent message is longer than the specification says it should be. Rather than drop this malformed message, the chip’s firmware processes it, which triggers a buffer overflow. Going a step further, this chip has non-volatile firmware, and it’s possible to modify that firmware permanently. [Veronica] points out that even embedded chips like these should have some sort of secure boot implementation, to prevent these sort of persistent attacks.
Continue reading “This Week In Security: Bluetooth Hacking, NEC Phones, And Malicious Tor Nodes”

DropController Sets The Bar For Documentation

August 18, 2020 by 4 Comments

dropController has the kind of documentation we wish would spontaneously generate itself whenever we build something. [Martyn Currey] built a robust rig for water droplet photography, and we don’t want to dismiss the hardware, but the most impressive part might be the website. It might not be very fancy, but it’s thorough and logically organized. You can find parts lists, assembly manuals, tutorials, sketches, and schematics. If only all the projects that came our way were so well detailed.

Water droplet photography is pretty cool, although freehanding it will make your patience fall faster than 9.81 m/s². The concept is that a solenoid valve will flicker open to release a drop of water, wait for a certain number of microseconds, and then trigger your DSLR via a wired remote cable. The tricky part comes from controlling as many as six valves and three flashes. We don’t have enough fingers and toes to press all those buttons.

The bill of materials contains many commonly available parts like an Arduino Nano, an LM2596 voltage regulator, some MOSFETS, an HC-06 Bluetooth module, plus standard audio connectors to hook everything up. Nothing should break the bank, but if money is not an issue, [Martyn] sells kits and complete units.

Waterdrop controllers are not the newest kids on the block, and strobe photography is a time-honored tradition.

Continue reading “DropController Sets The Bar For Documentation”

MenoPlay Through The Pain Of Menopause

August 4, 2020 by 7 Comments

Menopause, that fireworks finale of fertility, is like a second puberty that works in reverse. At least, that’s what we hear. Along with mood swings and acne, there are new joys like hot flashes that make you want to jump naked into the nearest snowdrift, or at least put your head in the freezer for a while. Sounds great; can’t wait.

The biggest problem with menopause is that it gives suffers pause when it comes to getting help. This is natural, they think. There’s nothing I can do but ride it out. Those who do seek relief are likely to find expensive products that only treat single symptoms. This dearth of solutions inspired [Moinak Ghosh] to create one system to rule them all, a wearable with a suite of sensors that’s designed to take the pause out of menopause.

MenoPlay will take temperature readings at the neck and pelvis and switch on a Peltier module worn on the back of the neck when it senses a hot flash in progress. Exercise is a natural defense against hormonal imbalance, but step counters are too easy to cheat or ignore. The MenoPlay system will model the user’s movements using 9DoF accelerometers and suggest exercises that fill in the gaps.

We particularly like the automation aspect of this wearable. After decades of manually tracking menstrual cycles and everything that implies, the idea of so much useful biological data being collected automatically and fed over BLE to a NodeRed application sounds wonderful.

Hot flashes may not feel useful internally, but would do a fine job of powering the right kind of flashlight.

The HackadayPrize2020 is Sponsored by:
Supplyframe
Digi-Key
Microchip
Arm