Diagram from the blog post, showing how GATT communication capture works

Hacking BLE To Liberate Your Exercise Equipment

It’s a story we’ve heard many times before: if you want to get your data from the Domyos EL500 elliptical trainer, you need to use a proprietary smartphone application that talks to the device over Bluetooth Low-Energy (BLE). To add insult to injury, the only way to the software will export your workout information is by producing a JPG image of a graph. This just won’t do, so [Juan Carlos JimĂ©nez] gives us yet another extensive write-up, which provides an excellent introduction to practical BLE hacking.

He walks us through BLE GATT (Generic Attribute Profile), the most common way such devices work, different stages of the connection process, and the tools you can use for sniffing an active connection. Then [Juan] shows us a few captured messages, how to figure out packet types, and moves into the tastiest part — using an ESP32 to man-in-the-middle (MITM) the connection.

Continue reading “Hacking BLE To Liberate Your Exercise Equipment”

Bluetooth As Proxy For Occupancy

During [Matt]’s first year of college, he found in a roundabout way that he could avoid crowds in the dining hall by accessing publicly available occupancy data that the dining hall collected. Presumably this was data for the dining hall to use internally, but with the right API calls anyone could use the information to figure out the best times to eat. But when the dining hall switched providers, this information feed disappeared. Instead of resigning himself to live in a world without real-time data on the state of the dining hall, he recreated the way the original provider counted occupancy: by using Bluetooth as a proxy for occupancy.

Bluetooth devices like smartphones, fitness sensors, and other peripherals often send out advertising packets into the aether, to alert other devices to their presence and help initiate connections between devices. By sniffing these advertising packets, it’s possible to get a rough estimate of the number of people in one particular place, assuming most people in the area will be carrying a smartphone or something of that nature. [Matt]’s Bluetooth-sniffing device is based on the ESP32 set up to simply count the number of unique devices it finds. He had some trouble with large crowds, though, as the first ESP32 device he chose didn’t have enough RAM to store more than a few hundred IDs and would crash once the memory filled. Switching to a more robust module seems to have solved that issue, and with a few rounds of testing he has a workable prototype that can run for long periods and log at least as many Bluetooth devices passing by as there are within its range.

While [Matt] hasn’t deployed this to the dining hall yet, with this framework in place most of the work has been done that, at least in theory, one of these modules could be easily placed anywhere someone was interested in collecting occupancy data. He has plans to submit his project to the university, to research the topic further, and potentially sell these to businesses interested in that kind of data. This isn’t an idea limited to the ESP32, either. We’ve seen similar projects built using the Raspberry Pi’s wireless capabilities that perform similar tasks as this one.

Thanks to [Adrian] for the tip!

Raspberry Pi Pico W Now Supports Bluetooth

What’s the best kind of upgrade a piece of consumer technology can get? A free one that doesn’t require you to do anything other than accept a new version of the software it’s running.

That’s precisely what every current (and future) owner of the Raspberry Pi Pico W just got with the addition of Bluetooth support to SDK 1.5.1. This is possible because the CYW43439 radio chipset used on the wireless version of the Pi Pico has always had Bluetooth capabilities, they just weren’t officially accessible from the C or MicroPython environments until now. In a corresponding blog post, [Eben Upton] explains that part of the delay was due to difficulties in getting both WiFi and Bluetooth connections to work simultaneously over the three-pin SPI bus that links the two chips on the board.

One thing that struck us as particularly interesting here is the use of BlueKitchen’s BTStack to provide support for both Bluetooth Classic and Low Energy profiles. This library is released under a modified version of the BSD 3-Clause license that otherwise specifically forbids commercial usage. That would be a problem for anyone who wanted to sell a gadget built around the Pico W, so Raspberry Pi Ltd negotiated — and presumably paid for — a special dispensation so commercial use is in the clear.

We should note that technically Bluetooth support was available in a beta state previously, albeit without this new license agreement made with BlueKitchen. Though anyone with a keen eye knew Bluetooth support was coming well before that, our own [Elliot Williams] called it when he first set eyes on the Pi Pico W back in 2022.

The BLE Datalogging Scale Of A Thousand Uses

Whether you’re making coffee or beer or complex chemicals, weighing your ingredients carefully and tracking them is key to getting good results. [Tech Dregs] decided to build a logging scale that would work seamlessly with his smartphone, and shared the design on YouTube.

The design begins with a Greater Goods manual electronic scale, which was chosen for its convenient design and 750 gram load cell. Once cracked open, [Tech Dregs] pulled out the original PCB to replace it with his own. Only the original buttons are used, with an Seed Xiao ESP32-C3 replacing the scale’s original brains. The original LCD screen was swapped out for an OLED display, and it also got a rechargeable lithium battery for better usability.

The real value of the project, though, is its communication capability. It’s able to talk to an Android smartphone over Bluetooth Low Energy. Thanks to a custom app, [Tech Dregs] is able to log weight readings from the scale over time and even graph them live on the smartphone. As a demonstration, the scale is used to log the weight of a cup as it fills with a shot of coffee, which should serve [Tech Dregs] well in his coffee automation projects.

We’ve seen bathroom scales hacked before, too, with similar connectivity upgrades.

Continue reading “The BLE Datalogging Scale Of A Thousand Uses”

Using GitHub Actions To Brew Coffee

It’s getting harder and harder to think of a modern premium-level appliance that doesn’t come with some level of Internet connectivity. These days it seems all but the cheapest refrigerators, air purifiers, and microwaves include wireless capabilities — unfortunately they’re often poorly implemented or behind a proprietary system. [Matt] recently purchased a high-end coffee maker with Bluetooth functionality which turned out to be nearly useless, and set to work reverse-engineering his coffee maker and adapting it to work by sending commands from GitHub.

Since the wireless connectivity and app for this coffee maker was so buggy and unreliable, [Matt] first needed to get deep into the weeds on Bluetooth Low Energy (BTLE). After sniffing traffic and identifying the coffee maker, he set about building an interface for it in Rust. Once he is able to send commands to it, the next step was to integrate it with GitHub, so that filing issues on the GitHub interface sends the commands from a nearby computer over Bluetooth to the coffee maker, with much more reliability than the coffee maker came with originally.

Using [Matt]’s methods, anyone stuck with one of these coffee makers, a Delonghi Dinamica Plus, should be able to reactivate the use of its wireless functionality. While we’d hope that anyone selling a premium product like this would take a tiny amount of time and make sure that the extra features actually work, this low bar seems to be oddly common for companies to surmount. But it’s not required to pick up an expensive machine like this just to remotely brew a cup of coffee. You can do that pretty easily with a non-luxury coffee maker and some basic wireless hardware.

An infographic showing a tap with a sensor and a flow meter display

2022 Hackaday Prize: Sensible Flow Helps You Keep Track Of Your Water Usage

Safe, clean drinking water is a scarce resource that shouldn’t be wasted. But it’s not always easy to see how much you’re using when you turn on the tap: is it one liter a minute? Is it ten? How much do you actually use when washing your hands or brushing your teeth? If you’d like to get some hard data on your water usage, have a look at [Josh EJ]’s Sensible Flow project. It contains designs for a set of sensors that measure your water consumption and a convenient little display that shows the total amount consumed.

The most obvious way of measuring water consumption is to install an off-the-shelf flow meter onto your pipe, which is something that Sensible Flow supports. But probably the most interesting part of the project is a design for a non-invasive flow sensor that you can simply attach to any type of tap. This sensor contains a nine-axis inertial measurement unit (IMU) that detects how far you’ve twisted, turned or tilted the handle, and uses that information to estimate the amount of water flow. You will need to perform an initial calibration step using a timer and measuring cup, but you won’t have to rip open your plumbing just to keep track of your water usage.

Both types of sensors are powered by a coin cell battery that is estimated to work for about one year, thanks to a power-efficient Arduino Pro Mini and a BlueTooth Low Energy (BLE) module to communicate with the base station. The base station plugs into a wall socket and shows the total water consumption on a small one-inch OLED display. STL files for the enclosures are available on the project page, along with detailed circuit diagrams that show how all the parts are connected.

We’ve seen several water flow measurement systems for home use, such as this neat ESP8266-based shower water monitor. If you prefer just a simple visual reminder to turn off the tap, have a look at this LED gadget.

Continue reading “2022 Hackaday Prize: Sensible Flow Helps You Keep Track Of Your Water Usage”

A small round NRF51822 board glued to the underside of a mailbox lid, with a small vibration sensor attached

Check Your Mailbox Using The AirTag Infrastructure

When a company creates an infrastructure of devices, we sometimes subvert this infrastructure and use it to solve tricky problems. For example, here’s a question that many a hacker has pondered – how do you detect when someone puts mail into your mailbox? Depending on the availability of power and wireless/wired connectivity options, this problem can range from “very easy” to “impractical to solve”. [dakhnod] just made this problem trivial for the vast majority of hackers, with the FakeTag project – piggybacking off the Apple’s AirTag infrastructure.

This project uses a cheap generic CR2032-powered NRF51822 board, sending the mailbox status over the FindMy system Apple has built for the AirTag devices. For the incoming mail detection, he uses a simple vibration sensor, glued to the flap lid – we imagine that, for flap-less mailboxes, an optical sensor or a different kind of mechanical sensor could be used instead. Every time someone with a FindMy-friendly iPhone passes by [dakhnod]’s mailbox, he gets an update on its status, with a counter of times the sensor has been triggered. [dakhnod] estimates that the device could run for up to a year on a single battery.

Continue reading “Check Your Mailbox Using The AirTag Infrastructure”