custom firmware

15 Articles

Exploring Custom Firmware On Xiaomi Thermometers

December 8, 2020 by 55 Comments

If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.

Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.

You could probably build your own…but why?

It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.

We first brought news of his ambitious project to create an open source firmware for these low-cost sensors last month, and unsurprisingly it generated quite a bit of interest. After all, folks taking existing pieces of hardware, making them better, and sharing how they did it with the world is a core tenet of this community.

Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.

Continue reading “Exploring Custom Firmware On Xiaomi Thermometers”

Custom Firmware For Cheap Bluetooth Thermometers

November 17, 2020 by 52 Comments

The Xiaomi LYWSD03MMC temperature and humidity sensor is ridiculously cheap. If you’re buying a few at a time, you can expect to pay as little as $5 USD a pop for these handy Bluetooth Low Energy environmental sensors. Unfortunately, that low price tag comes with a bit of a catch: you can only read the data with the official Xiaomi smartphone application or by linking it to one of the company’s smart home hubs. Or at least, that used to be the case.

Over the past year, [Aaron Christophel] has been working on a replacement firmware for these Xiomi sensors that unlocks the data so you can use it however you see fit. In addition, it allows the user to tweak various features and settings that were previously unavailable. For example, you can disable the little ASCII-art smiley face that usually shows on the LCD to indicate the relative comfort level of the room.

The new firmware publishes the temperature, humidity, and battery level every minute through a BLE advertisement broadcast. In other words, that means client devices can read data from the sensor without having to be paired. Scraping this data is quite simple, and the GitHub page includes a breakdown of what each byte in the broadcast message means. Avoiding direct connections not only makes it easier to quickly read the values from multiple thermometers, but should keep the device’s CR2032 battery going for longer.

But perhaps the most impressive part of this project is how you get the custom firmware installed. You don’t need to crack the case or solder up a programmer. Just load the flasher page on a computer and browser combo that supports Web Bluetooth (a smartphone is probably the best bet), point it to the MAC address of the thermometer you want to flash, and hit the button. [Aaron] is no stranger to developing user-friendly OTA installers for his firmware projects, but even for him, it’s quite impressive.

Continue reading “Custom Firmware For Cheap Bluetooth Thermometers”

Teaching A Pocket Logic Analyzer (Many) New Tricks

October 1, 2020 by 8 Comments

A few years ago, low-cost pocket digital oscilloscopes aimed at the hacker and maker crowd started hitting the market and gained quite a following. While few would consider them to be a replacement for a proper bench scope, they’re cheap and convenient enough that it’s hard to complain. Manufacturers are apparently looking to expand on the concept, as we’re now seeing similarly priced and sized logic analyzers pop up from the usual sources.

[Gabriel Valky] got his hands on a sub-$100 USD model known as the LA104, and decided that the stock software didn’t quite deliver. So he started a project to create a new open source firmware for the affordable gadget that greatly expands its core functionalities. The code has even been ported to a few of those digital oscilloscopes, as it turns out (perhaps unsurprisingly) that they aren’t too far removed internally.

Controlling addressable LEDs with the LA104.

In the video after the break, [Gabriel] shows off some impressive radio tricks by adding a small CC1101 transceiver to the mix. This allows his modified LA104 to scan for and decode popular RF protocols in the 300 – 900 MHz range. His software even allows for the received packets to be modified and re-transmitted, which he demonstrates by pushing a fake temperature signal into a wireless weather station.

But that’s just the beginning. A perusal of the GitHub page for his replacement firmware shows just how many features have already been packed into this project. For example it can be used to control WS2812 LED strips, generate arbitrary PWM signals, log data from temperature sensors, interface with MIDI devices, and scan for I2C devices. Many of these functions can be controlled on the computer by utilizing a modern browser and WebUSB.

The replacement firmware that [Gabriel] has come up with for the LA104 is really an incredible accomplishment, and elevates an already intriguing piece of kit. Being able to pack all of these functions into something small and cheap enough you can toss into a bag is a very compelling prospect for hackers on the go.

Continue reading “Teaching A Pocket Logic Analyzer (Many) New Tricks”

Pulling Display Data Off Of A Fitness Tracker

October 27, 2019 by 1 Comment

[Aaron Christophel] writes in with yet another clever hack for his D6 Fitness Tracker. Using OpenOCD and Pygame, he shows how you can pull data right off the tracker’s screen and sent it to the computer.

This one appealed to us for its brevity. First [Aaron] launches the OpenOCD server which connects to the D6. Then, a short Python script connects to the server through telnet, reads the screen data, and uses a look-up table to turn the data into a duplicate display on the PC screen. If you’re more of a visual learner, there’s a demonstration video after the break.

The D6 is a popular fitness tracker that’s often re-branded and sold at a very low cost. [Aaron] is a big fan of these Nordic nRF52 powered devices, and we’ve covered some of his hacks before. If you’d like to learn more about these interesting little devices there’s quite a write-up on their inner-workings here.

Continue reading “Pulling Display Data Off Of A Fitness Tracker”

OTA Flash Tool Makes Fitness Tracker Hacking More Accessible

August 23, 2019 by 25 Comments

Over the last several months, [Aaron Christophel] has been working on creating a custom firmware for cheap fitness trackers. His current target is the “D6 Tracker” from a company called MPOW, which can be had for as little as $7 USD. The ultimate goal is to make it so anyone will be able to write their own custom firmware for this gadget using the Arduino IDE, and with the release of his new Android application that allows wirelessly flashing the device’s firmware, it seems like he’s very close to realizing that dream.

Previously, [Aaron] had to crack open the trackers and physically connect a programmer to update the firmware on the NRF52832-based devices. That might not be a big deal for the accomplished hardware hacker, but it’s a bit of a hard sell for somebody who just wants to see their own Arduino code running on it. But with this new tool, he’s made it so you can easily switch back and forth between custom and original firmware on the D6 without even having to take it off your wrist.

After the break, you can see the video that [Aaron] has put together which talks about the process of flashing a new firmware image. It’s all very straightforward: you simply pick the device from the list of detected BLE devices, the application puts the tracker into bootloader mode, and then you select the DFU file you want to flash.

There are a couple of ready-made firmwares you can put on the D6 right now, but where’s the fun in that? [Aaron] has put together a customized version of the Arduino IDE that provides everything you need to start writing and flashing your own firmware. If you’ve ever dreamed about creating a wearable device that works exactly the way you want, it’s hard to imagine a cheaper or easier way to get in on the action.

When we last heard from [Aaron] earlier this year, he was working on the IWOWN I6HRC tracker. But it looks like the availability of those devices has since dried up. So if you’re going to try your hand at hacking the MPOW D6, it might be wise to buy a few now while they’re still cheap and easy to find.

Continue reading “OTA Flash Tool Makes Fitness Tracker Hacking More Accessible”

Dumb Down Your Xiaomi Smart Lamp With A Custom Firmware

March 29, 2018 by 42 Comments

Undoubtedly, the ESP8266’s biggest selling point is its WiFi capability for a ridiculously low price. Paranoid folks probably await the day its closed-source firmware bits will turn against humanity in a giant botnet, but until then, hobbyists and commercial vendors alike will proceed putting them in their IoT projects and devices. One of those devices is the Yeelight desk lamp that lets you set its color temperature and brightness via mobile app.

[fvollmer] acquired such a lamp, and while he appreciated its design and general concept, he wasn’t happy that it communicates with external servers. So he did the only reasonable thing and wrote his own firmware that resembles the original functionality, but leaves out the WiFi part. After all, the ESP8266 has still a lot to offer in its core essence: a full-blown 32-bit microcontroller with support for the most common, hobbyist-friendly SDKs.

The lamp’s color temperature and brightness are set with a rotary encoder / push button combo switch, and the LEDs themselves are controlled via PWM. All things considered, it’s a rather straightforward endeavour, for which [fvollmer] chose the standalone C SDK. And in the end, it’s not like he’s unreasonably cautious to keep some control over his household items.

Can Commodity RC Controllers Stay Relevant?

November 20, 2017 by 42 Comments

Visualize some radio controlled airplane fanatic of yesteryear, with the requisite giant controller hanging from a strap, neck craned to see the buzzing dot silhouetted against the sky. It’s kind of a stereotype, isn’t it? Those big transmitters were heavy, expensive, and hard to modify, but that was just part of the challenge. Additionally, the form factor has to a degree remained rigid: the box with gimbals — or for the 3-channel controller, the pistol-grip with the big pot that looks like a cheesy race car wheel.

With so much changing in RC capabilities, and the rise of custom electronics across so many different applications, can commodity RC controllers stay relevant? We’re facing an age where the people who invest most heavily in RC equipment are also the ones most likely to want, and know how to work with customization for their rapidly evolving gear. It only makes sense that someone will rise up to satisfy that need.

Continue reading “Can Commodity RC Controllers Stay Relevant?”