Hacking The Xiaomi Mi Band 8 With Custom Firmware

December 7, 2023 by Maya Posch 11 Comments

Over the past years, fitness trackers have gone from fairly unobtrusive bands that relied mostly on smartphone apps for interaction to essentially being fashion statements and smart watches, with large screens and impressive specs. The Xiaomi Mi Band 8 is no exception, with a zippy MCU and a 1.62″ AMOLED screen that just asks for some serious rick-rolling. This was a challenge which [Aaron Christophel] was all too happy to accept, resulting in some reverse-engineering and flashing of custom firmware onto one of these marvels of modern wearable technology.

Block Diagram for the Apollo4 Blue Lite. (Credit: Ambiq)

The Mi Band 8 is built around an Ambiq Apollo4 Blue Lite MCU which features a Cortex-M4 core for applications, along with a Bluetooth LE radio and a lot of SRAM and Flash. This naturally implies an SWD interface for programming, which was mostly a matter of reverse-engineering the PCB to find the locations for these signals and realizing that the original firmware disables the SWD interface on boot. Unfortunately the Ambiq SDK requires you to create an account, but you can get the basics from [Aaron]’s GitHub project. It appears that for BLE you do need the full SDK, and OTA updates feature a signing check, so physical access is required.

So far the display, touchscreen and light sensor are working, with the remaining peripherals just a matter of time. With a list price of around $64 for one of these fitness bands with a 192 x 490 touch-enabled AMOLED display and a variety of health-related sensors, they’d seem to be a fun toy to hack, especially when found on sale or used.

Continue reading “Hacking The Xiaomi Mi Band 8 With Custom Firmware” →

Hackaday Links: March 6, 2022

March 6, 2022 by Dan Maloney 12 Comments

As if the war in Ukraine weren’t bad enough right here on Earth, it threatens knock-on effects that could be felt as far away as Mars. One victim of the deteriorating relationships between nations is the next phase of the ExoMars project, a joint ESA-Roscosmos mission that includes the Rosalind Franklin rover. The long-delayed mission was most recently set for launch in October 2022, but the ESA says that hitting the narrow launch window is now “very unlikely.” That’s a shame, since the orbital dynamics of Earth and Mars will mean that it’ll be 2024 before another Hohmann Transfer window opens. There are also going to be repercussions throughout the launch industry due to Russia pulling the Soyuz launch team out of the ESA’s spaceport in Guiana. And things have to be mighty tense aboard the ISS right about now, since the station requires periodic orbital boosting with Russian Progress rockets.

Continue reading “Hackaday Links: March 6, 2022” →

Reverse Engineering A Very Cheap Fitness Band

July 8, 2021 by Lewin Day 10 Comments

With the rise of big-name smartwatches in the marketplace, there are also a smattering of lower-end offerings. The M6 fitness band is one of them, and [Raphael] set about hacking the cheap device with a custom firmware of his own creation.

The M6 band, which sells for around $6, appears to trade on name similarity to the more expensive (~$50) Xiaomi Mi Smart Band 6 fitness tracker. Upon disassembly, [Raphael] found that the system-on-chip running the show is a Telink TLSR8232. It’s paired with a 160×80 display, a small LiPo battery for power, and a vibration motor and what appears to be a fake heart rate sensor.

[Raphael] wanted to flash the SOC with a new firmware, and learned a lot from code for a similar part created by [atc1441]. It took some time to figure out how to program the chip using the somewhat oddball SWire interface, but [Raphael] persevered and eventually got things going after much research and experimentation.

From there, it was yet further work to figure out how to read the capacitive button input as well as how to drive the screen, but [Raphael] succeeded in the end. The final result was whipping up a firmware that allowed him to read Bluetooth Low Energy soil moisture sensors he has installed in his plants at home.

It’s not [Raphael], aka [rbaron]’s first bite at the cherry; we’ve featured his efforts in hacking similar fitness bands before! Video after the break.

Continue reading “Reverse Engineering A Very Cheap Fitness Band” →

Amazon Halo Teardown Is Supremely Thorough

December 31, 2020 by Anool Mahidharia 10 Comments

We rarely see teardowns this detailed. [txyzinfo] wanted to know what hardware was under the hood, and did an amazing Amazon Halo Teardown.

Sometime around the middle of 2020, Amazon jumped on to the health and fitness tracker space with the introduction of the Halo — a $100 device with an add on $4 monthly subscription service if you wanted additional features, which Amazon calls “labs”, many of which are third-party services. The device does not have any display at all, and any metrics that need to be displayed (heart rate, steps, calories, etc.) show up on the Halo phone app. Halo’s focus is more on health, rather than fitness. It helps monitor your active and sleep states, keeps track of body fat, and reports your emotional state.

We won’t delve much in to the pros and cons of the device, other than mention two features which have the potential to creep out most folks. The device has a pair of microphones, which listen to the “tone” of your voice and report on your emotional state. The other is its use of your phone via the companion app, to take photos of you, preferably dressed in your undergarments. Your front, back and side photos get uploaded to Amazon servers, get converted to a 3D model, and then downloaded back to your phone. Amazon mentions that the photos are never retained and deleted from their servers once your 3D model is transferred back to the phone. Amazon’s ML algorithms then calculate your body fat percentage. More worryingly, the app offers a slider which you can move to see how you will “look” if you have higher or lower body fat percentages.

Fortunately for us hardware hacker types, [txyzinfo] wanted to unlock all the secrets Amazon poured into this design. Even if the device in particular does not interest you, the techniques he uses are very educational and will prove a useful addition to your skills. The device does not have any external fasteners, with the back cover being held together with glue. [txyzinfo] starts off by applying a solvent around the back cover to soften the glue, then works with his spudger to pry it open. The back cover appears to have an antenna with touch-contact terminations without a connector. The main body holds the rest of the electronics, and can be easily removed by unscrewing the four corner screws. Using a combination of solvent to soften the glue at various points, and snips to cut off retaining plastic tabs, he manages to untangle the hybrid rigid-flex PCB assembly from its plastic-metal clam-shell.

He uses a hot-air blower to cleanly separate the flex PCB parts attached to the rigid PCB. With all the flex pieces removed, he is left with the main part of the device — the rigid PCB with most parts potted under a metal shield filled with what appears to be a soft, grey compound. At this point, we are not sure if the potting compound is for heat dissipation, or just to obfuscate reverse engineering. His next action gives us a severe case of the heebie jeebies, as he clamps the PCB to a milling machine, and mills away the sides of the metal shield. Next, he heats the whole assembly with the hot air gun to melt all the solder, applying some generous amounts of flux, using the spudger to pull apart the PCB from the components embedded in the potting compound. Check out the video after the break to see his tear down techniques in action.

His plan was to identify as many parts as he could, but he wasn’t very successful, and managed to identify just a few — the two MEMS microphones, two temperature sensors and the LED driver on the flex PCB, and the photo-diodes, 6-axis IMU, battery charger and flash memory on the main board. The board has an uncommon 5-layer stack up, with the centre layer being ground. PCB de-layering is a time consuming process and requires a lot of patience, but in the end, he was able to get a pretty good result. He found some oddities in the track layout and was able to identify some of the more common connections to the I2C bus and between the micro-controller and its memory. He also located several test points which seem promising for a second round of investigations. Sometime in the future, he plans to get another Halo and have a go at it using the JTAGulator and GoodFET.

Tear downs are a favourite for all hackers, as is evident by the regularity with which we keep seeing them. If this one hasn’t whetted your appetite, then check out this other Fitness Tracker Teardown which is a lesson in Design for Manufacture.

Continue reading “Amazon Halo Teardown Is Supremely Thorough” →

Hacking A Fitness Tracker

May 29, 2018 by Al Williams 20 Comments

When [rbaron] started a new job, he got a goodie bag. The contents included a cheap fitness tracker bracelet that used Bluetooth LE. Since this is Hackaday, you can probably guess what happened next: hacking ensued.

For something cheap enough to give away, [rbaron] claims it cost $10, the device has quite a bit in it. In the very tiny package, there is an OLED display, a battery, a vibration motor, and a Nordic 32-bit ARM with BLE. The FCC ID was key to identifying the device. Opening the case, which was glued down, was pretty difficult, but doable with a hair dryer and a knife.

Continue reading “Hacking A Fitness Tracker” →

Hacked Fitness Trackers Aim To Improve Mental And Physical Health

May 4, 2018 by Dan Maloney 5 Comments

We all know that the mind can affect the body in dramatic ways, but we tend to associate this with things like the placebo effect or psychosomatic illnesses. But subtle clues to the mind-body relationship can be gleaned from the way the body moves, and these hacked fitness monitors can be used to tease data from the background noise of everyday movements to help treat mental health issues.

Over the last few years, [Curt White] of the Child Mind Institute has been able to leverage an incredibly cheap but feature-packed platform, the X9 Pro Sports Bracelet, a fitness band that looks more or less like a watch. Stuffed with an ARM Cortex processor, OLED screen, accelerometer, pulse sensor, and a ton of other stuff, the $35 wearable is a hacker’s dream. And hack it he did. One version of the bracelet is called Tingle, which is used to detect and avert body-focused repetitive behaviors (BFRBs), compulsive disorders that can result in self-harm through pulling at hair or pinching. The Tingle is trained to recognize the motions associated with these behaviors and respond with haptic feedback through the vibration motor. Another hacked X9 was attached to a dental retainer and equipped with sensors to monitor respirations intraorally, in an attempt to detect overdoses. It’s fascinating stuff, and the things [Curt] has done with these cheap fitness bands is mighty impressive.

This project is yet another entry in the 2018 Hackaday Prize, which is currently in the Robot Modules phase. Got an idea for something to make robots easier to build? Start a project page on Hackaday.io and get entered. Maybe your module will even feature a hacked fitness tracker.

Continue reading “Hacked Fitness Trackers Aim To Improve Mental And Physical Health” →