Curing A Parrot’s Amnesia With BLEAH

[Dandu] recently wrote in to tell us how he managed to revive his Parrot Flower Power after the manufacturer told him it couldn’t be repaired. To save you the trouble of opening Google in another tab, the Parrot Flower Power is a Bluetooth Low Energy (BLE) “smart” device for your flower pot. Because of course that’s a thing.

A healthy Flower Power connected

When [Dandu] noticed his Flower Power was no longer being detected by his iOS devices, he contacted support who told him that sadly this was a hardware failure and that he should just throw it away. But he had his doubts about this diagnosis as other devices such as his Raspberry Pi could still communicate with it. Upon closer inspection, he realized that the Flower Power didn’t have a name, and could only be contacted by its MAC address directly. Reasoning the lack of a name might be upsetting the “It Just Works” sensibility of his iGadget, [Dandu] started researching if there was some way to get the device to take a new name remotely.

Luckily for our hero, BLE is kind of broken. Searching for a solution to his problem brought him to a blog post by the creator of BLEAH which demonstrated exactly what [Dandu] was looking to do. Following along, it took only a single command to push a new name to the Flower Power’s BLE configuration. With that, his “broken” device was brought back to life. Why the device lost its name, or how to prevent it from happening in the future are questions for another day. [Dandu] will take the win.

If you’re interested in the popular new technology that’s compromising our security in the name of convenience and improved battery life, the rabbit hole starts here.

It’s Curtains For Blu Chip

In theory, there is no reason you can’t automate things all over your house. However — unless you live alone — you need to consider that most people won’t accept your kludgy looking circuits on a breadboard hanging everywhere. Lighting has become easy now that there are a lot of commercial options. However, there are still plenty of things that cry for automation. For [jeevanAnga], the curtains were crying out for remote control.

Since cellphones are ubiquitous, it makes sense to use the phone as a controller and BlueTooth Low Energy (BLE) is perfect for this kind of application. But you can’t hang a big ugly mess of wires off the curtain rods. That’s why [jeevanAnga] used a tiny (16.6 x 11.5 mm) BLE board knows as a BluChip.

We didn’t verify it, but [jeevanAnga] claims it is the smallest BLE board available, and it is certainly tiny. You can see the result in the video below.

Continue reading “It’s Curtains For Blu Chip”

Mission Impossible: Infiltrating Furby

Long before things “went viral” there was always a few “must have” toys each year that were in high demand. Cabbage Patch Kids, Transformers, or Teddy Ruxpin would cause virtual hysteria in parents trying to score a toy for a holiday gift. In 1998, that toy was a Furby — a sort of talking robot pet. You can still buy Furby, and as you might expect a modern one — a Furby Connect — is Internet-enabled and much smarter than previous versions. While the Furby has always been a target for good hacking, anything Internet-enabled can be a target for malicious hacking, as well. [Context Information Security] decided to see if they could take control of your kid’s robotic pet.

Thet Furby Connect’s path to the Internet is via BLE to a companion phone device. The phone, in turn, talks back to Hasbro’s (the toy’s maker) Amazon Web Service servers. The company sends out new songs, games, and dances. Because BLE is slow, the transfers occur in the background during normal toy operation.

Continue reading “Mission Impossible: Infiltrating Furby”

Hackaday Prize Entry: Reflowduino, The Open Source Reflow Oven Controller

Face it — you want a reflow oven. Even the steadiest hands and best eyes only yield “meh” results with a manual iron on SMD boards, and forget about being able to scale up to production. But what controller should you use when you build your oven, and what features should it support? Don’t worry — you can have all the features with this open source reflow oven controller.

Dubbed the Reflowduino for obvious reasons, [Timothy Woo]’s Hackaday Prize entry has everything you need in a reflow oven controller, and a few things you never knew you needed. Based on an ATMega32, the Reflowduino takes care of the usual tasks of a reflow controller, namely running the PID loop needed to accurately control the oven’s temperature and control the heating profile. We thought the inclusion of a Bluetooth module was a bit strange at first, but [Timothy] explains that it’s a whole lot easier to implement the controller’s UI in software than in hardware, and it saves a bunch of IO on the microcontroller. The support for a LiPo battery is somewhat baffling, as the cases where this would be useful seem limited since the toaster oven or hot plate would still need a mains supply. But the sounder that plays Star Wars tunes when a cycle is over? That’s just for fun.

Hats off to [Timothy] for a first-rate build and excellent documentation, which delves into PID theory as well as giving detailed instructions for every step of the build. Want to try lower-end reflow? Pull out a halogen work light, or perhaps fire up that propane torch.

Screwdriving

Screwdriving! It’s like wardriving but instead of discovering WiFi networks, the aim is to discover Bluetooth Low Energy (BLE)  devices of a special kind: adult toys. Yes, everything’s going to be connected, even vibrators. Welcome to the 21st century.

Security researcher [Alex Lomas] recently found that a lot of BLE-enabled adult toys are completely vulnerable to malicious attacks. In fact, they are basically wide open to anyone by design.

“Adult toys lend themselves to being great testbeds for IoT research: they’re BLE, they’re relatively cheap, they’re accessible and have companion apps for the full spectrum of testing.”

Yes… great test beds… Erm, anyway, [Alex Lomas] found that there is no PIN nor password protection, or the PIN is static and generic (0000 / 1234) on every Bluetooth adult toy analysed. Manufacturers don’t want to go through the hassle, presumably because sex toys lack displays that would enable a classic Bluetooth pairing, with random PIN and so on. While this might be a valid point, almost all electronic appliances have an “ON/OFF” button for input and some LED (or even vibration in these cases) that allow some form of output. It could be done, and it’s not like vibrators are the only minimalistic appliances out there in the IoT world.

Although BLE security is crippled by design (PDF), it is possible to add security on top of flawed protocols. The average web-browser does it all the time. The communications don’t have to be clear-text where you can literally see “Vibrate:10” flying around in packets. Encryption could be implemented on top of the BLE link between the app and the device, for instance. Understandably, security in some devices is not absolutely critical. That being said, the security bar doesn’t have to be lowered to zero — it’s not safe for work or play.

[via Arstechnica]

Hackaday Prize Entry: Fighting Dehydration One Sip At A Time

Humans don’t survive long without water, and most people walk around in a chronic state of mild dehydration even if they have access to plenty of drinking water. It’s hard to stay properly hydrated, and harder still to keep track of your intake, which is the idea behind this water-intake monitoring IoT drinking straw.

Dehydration is a particularly acute problem in the elderly, since the sense of thirst tends to diminish with age. [jflaschberger]’s Hackaday Prize entry seeks to automate the tedious and error-prone job of recording fluid intake, something that caregivers generally have to take care of by eyeballing that half-empty glass and guessing. The HydrObserve uses a tiny turbine flowmeter that can mount to a drinking straw or water bottle cap. A Hall sensor in the turbine sends flow data to a Cypress BLE SoC module, which totalizes the volume sipped and records a patient identifier. A caregiver can then scan the data from the HydrObserve at the end of the day for charting and to find out if anyone is behind on their fluids.

There are problems to solve, not least being the turbine, which doesn’t appear to be food safe. But that’s a small matter that shouldn’t stand in the way of an idea as good as this one. We’ve seen a lot of good entries in the Assistive Technology phase of the 2017 Hackaday Prize, like a walker that works on stairs or sonic glasses for the blind. There are only a couple of days left in this phase — got any bright ideas?

Reverse Engineering A BLE Service To Control A Light Bulb

So, you buy an Internet of Things light bulb, it’s a fun toy that allows you to bathe your environment in pretty colours at the touch of an app, but eventually you want more. You start to wonder how you might do more with it, and begin to investigate its inner workings. Then to your horror you discover that far from having bought a device with a convenient API for you to use, it has an impenetrable closed protocol that defies easy access.

This was the problem facing [Ayan Pahwa] when he bought a Syska Smartlight Rainbow LED bulb, and discovered that its Bluetooth Low Energy  interface used a closed protocol. But instead of giving up, he proceeded to reverse engineer the communication between bulb and app, and his write-up makes for an interesting read that provides a basic primer on some of BLE’s workings for the uninitiated.

BLE allows a device manufacturer to define their own device service specific to their functionality alongside standard ones for common device types. Using a handy Android app from Nordic Semiconductor he was able to identify the services defined for the light bulb, but sadly they lacked any human-readable information to help him as to their purpose. He thus had to sniff BLE packets directly, and lacking dedicated hardware for this task he relied on a developer feature built into Android versions since KitKat, allowing packets to be captured and logged. By analysing the resulting packet files he was able to identify the Texas Instruments chip inside the bulb, and to deduce the sequences required to control its colours. Then he was able to use the Bluez utilities to talk directly to it, and as if by magic, his colours appeared! Take a look at the video we’ve placed below the break.

Many of us may never need to reverse engineer a BLE device. But if we are BLE novices, after reading [Ayan]’s piece we will at least have some idea of its inner workings. And that can only be a positive thing.

Continue reading “Reverse Engineering A BLE Service To Control A Light Bulb”