bluetooth low energy

46 Articles

Reverse-Engineering The Bluetooth Fichero Thermal Label Printer Protocol

March 9, 2026 by 16 Comments

It’s hard to deny that label printers have become more accessible than ever, but an annoying aspect of many of these cheap units is that their only user interface is a proprietary smartphone app connected via Bluetooth. The Fichero-branded label printer that [0xMH] obtained for a mere 10 Euro at a store in the Netherlands was much the same, with an associated app that doesn’t just bind it to smartphones, but also requires no fewer than 26 permissions. Obviously this required some reverse-engineering of the BLE protocol.

The fruits of this reverse-engineering effort can be found in the GitHub repository, with the most interesting part probably being that this Fichero is just one of many relabeling of generic label printers, this one being an AiYin D11, by Xiamen Printer Future Technology. This means that other iterations of this D11 will work exactly the same, as they all use the same ‘LuckPrinter’ SDK.

[0xMH] provides a Web GUI to talk with a local D11 printer, though you can also use the Python scripts, or of course implement the protocol using your favorite language and frameworks, so that you can finally control a cheap label printer from a PC or even BLE-equipped MCU like the software gods intended.

Thanks to [T-ice] for the tip.

Hacking The Bluetooth-Enabled Anker Prime Power Bank

August 14, 2025 by 35 Comments

Selling power banks these days isn’t easy, as you can only stretch the reasonable limits of capacity and output wattage so far. Fortunately there is now a new game in town, with ‘smart’ power banks, like the Anker one that [Aaron Christophel] recently purchased for reverse-engineering. It features Bluetooth (BLE), a ‘smart app’ and a rather fancy screen on the front with quite a bit of information. This also means that there’s a lot to hack here beyond basic battery management system (BMS) features.

As detailed on the GitHub project page, after you get past the glue-and-plastic-clip top, you will find inside a PCB with a GD32F303 MCU, a Telink TLSR8253 BLE IC and the 240×240 ST7789 LCD in addition to a few other ICs to handle BMS functions, RTC and such. Before firmware version 1.6.2 you can simply overwrite the firmware, but Anker added a signature check to later firmware updates.

The BLE feature is used to communicate with the Anker app, which the official product page advertises as being good for real-time stats, smart charging and finding the power bank by making a loud noise. [Aaron] already reverse-engineered the protocol and offers his own alternative on the project page. Naturally updating the firmware is usually also done via BLE.

Although the BLE and mobile app feature is decidedly a gimmick, hacking it could allow for some interesting UPS-like and other features. We just hope that battery safety features aren’t defined solely in software, lest these power banks can be compromised with a nefarious or improper firmware update.

Continue reading “Hacking The Bluetooth-Enabled Anker Prime Power Bank”

A photo of the circuit board with components soldered on

A Solar-Only, Battery-Free Device That Harvests Energy From A BPW34 Photodiode

August 10, 2025 by 21 Comments

Normally when you think solar projects, you think of big photovoltaic cells. But a photodiode is just an inefficient, and usually much smaller, PV cell. Since [Pocket Concepts]’s Solar_nRF has such a low power budget, it can get away with using BPW34 photodiodes in place of batteries. (Video, embedded below.)

The BPW34 silicon PIN photodiode feeds a small voltage into a BQ25504 ultra-low-power boost converter energy harvester which stores power in a capacitor. When the capacitor is fully charged the battery-good pin is toggled which drives a MOSFET that powers everything downstream.

When it’s powered on, the Nordic nRF initializes, reads the current temperature from an attached I2C thermometer, and then sends out a Bluetooth Low Energy (BLE) advertising packet containing the temperature data. When the capacitor runs out of energy, the battery-good pin is turned off and downstream electronics become unpowered and the cycle begins again.

Continue reading “A Solar-Only, Battery-Free Device That Harvests Energy From A BPW34 Photodiode”

A photo of the circuitry in its case

GarageMinder: Automatic Garage Door

July 19, 2025 by 12 Comments

After getting a new car, [Solo Pilot] missed the automatic garage door opening and closing system their old car had. So they set about building their own, called GarageMinder. On the project page you will find a bill of materials, schematics, and some notes about the approach taken in various versions of the software. [Solo Pilot] also made the software available.

The basic hardware centers around a Raspberry Pi Zero W, but there are plans to switch to an ESP32. From the car side of things there are built-in continuous Bluetooth Low Energy (BLE) advertisement broadcasts, which the Raspberry Pi can detect. Building a reliable system on top of these unreliable signals is difficult and you can read about some of the challenges and approaches that were taken during development. This is a work in progress and additional techniques and approaches are going to be trialed in future.

If you’re interested in Bluetooth garage door openers be sure to read about using a Bluetooth headset as a garage door opener for your Android device.

Intercepting And Decoding Bluetooth Low Energy Data For Victron Devices

May 26, 2025 by 12 Comments

[ChrisJ7903] has created two Ardiuno programs for reading Victron solar controller telemetry data advertised via BLE. If you’re interested in what it takes to use an ESP32 to sniff Bluetooth Low Energy (BLE) transmissions, this is a master class.

The code is split into two main programs. One program is for the Victron battery monitor and the other is for any Victron solar controller. The software will receive, dissect, decrypt, decode, and report the data periodically broadcast from the devices over BLE.

The BLE data is transmitted in Link-Layer Protocol Data Units (PDUs) which are colloquially called “packets”. In this particular case the BLE functionality for advertising, also known as broadcasting, is used which means the overhead of establishing connections can be avoided thereby saving power.

Continue reading “Intercepting And Decoding Bluetooth Low Energy Data For Victron Devices”

Fighting To Keep Bluetooth Thermometers Hackable

January 16, 2025 by 39 Comments

Back in 2020, we first brought you word of the Xiaomi LYWSD03MMC — a Bluetooth Low Energy (BLE) temperature and humidity sensor that could be had from the usual sources for just a few dollars each. Capable of being powered by a single CR2032 battery for up to a year, the devices looked extremely promising for DIY smart home projects. There was only one problem, you needed to use Xiaomi’s app to read the data off of the things.

Enter [Aaron Christophel], who created an open source firmware for these units that could easily be flashed using a web-based tool from a smartphone in BLE range and opened up all sorts of advanced features. The firmware started getting popular, and a community developed around it. Everyone was happy. So naturally, years later, Xiaomi wants to put a stop to it.

Continue reading “Fighting To Keep Bluetooth Thermometers Hackable”

Diagram from the blog post, showing how GATT communication capture works

Hacking BLE To Liberate Your Exercise Equipment

January 4, 2024 by 17 Comments

It’s a story we’ve heard many times before: if you want to get your data from the Domyos EL500 elliptical trainer, you need to use a proprietary smartphone application that talks to the device over Bluetooth Low-Energy (BLE). To add insult to injury, the only way to the software will export your workout information is by producing a JPG image of a graph. This just won’t do, so [Juan Carlos Jiménez] gives us yet another extensive write-up, which provides an excellent introduction to practical BLE hacking.

He walks us through BLE GATT (Generic Attribute Profile), the most common way such devices work, different stages of the connection process, and the tools you can use for sniffing an active connection. Then [Juan] shows us a few captured messages, how to figure out packet types, and moves into the tastiest part — using an ESP32 to man-in-the-middle (MITM) the connection.

Continue reading “Hacking BLE To Liberate Your Exercise Equipment”