Pulling Display Data Off Of A Fitness Tracker

October 27, 2019 by Gerrit Coetzee 1 Comment

[Aaron Christophel] writes in with yet another clever hack for his D6 Fitness Tracker. Using OpenOCD and Pygame, he shows how you can pull data right off the tracker’s screen and sent it to the computer.

This one appealed to us for its brevity. First [Aaron] launches the OpenOCD server which connects to the D6. Then, a short Python script connects to the server through telnet, reads the screen data, and uses a look-up table to turn the data into a duplicate display on the PC screen. If you’re more of a visual learner, there’s a demonstration video after the break.

The D6 is a popular fitness tracker that’s often re-branded and sold at a very low cost. [Aaron] is a big fan of these Nordic nRF52 powered devices, and we’ve covered some of his hacks before. If you’d like to learn more about these interesting little devices there’s quite a write-up on their inner-workings here.

Continue reading “Pulling Display Data Off Of A Fitness Tracker” →

OTA Flash Tool Makes Fitness Tracker Hacking More Accessible

August 23, 2019 by Tom Nardi 25 Comments

Over the last several months, [Aaron Christophel] has been working on creating a custom firmware for cheap fitness trackers. His current target is the “D6 Tracker” from a company called MPOW, which can be had for as little as $7 USD. The ultimate goal is to make it so anyone will be able to write their own custom firmware for this gadget using the Arduino IDE, and with the release of his new Android application that allows wirelessly flashing the device’s firmware, it seems like he’s very close to realizing that dream.

Previously, [Aaron] had to crack open the trackers and physically connect a programmer to update the firmware on the NRF52832-based devices. That might not be a big deal for the accomplished hardware hacker, but it’s a bit of a hard sell for somebody who just wants to see their own Arduino code running on it. But with this new tool, he’s made it so you can easily switch back and forth between custom and original firmware on the D6 without even having to take it off your wrist.

After the break, you can see the video that [Aaron] has put together which talks about the process of flashing a new firmware image. It’s all very straightforward: you simply pick the device from the list of detected BLE devices, the application puts the tracker into bootloader mode, and then you select the DFU file you want to flash.

There are a couple of ready-made firmwares you can put on the D6 right now, but where’s the fun in that? [Aaron] has put together a customized version of the Arduino IDE that provides everything you need to start writing and flashing your own firmware. If you’ve ever dreamed about creating a wearable device that works exactly the way you want, it’s hard to imagine a cheaper or easier way to get in on the action.

When we last heard from [Aaron] earlier this year, he was working on the IWOWN I6HRC tracker. But it looks like the availability of those devices has since dried up. So if you’re going to try your hand at hacking the MPOW D6, it might be wise to buy a few now while they’re still cheap and easy to find.

Continue reading “OTA Flash Tool Makes Fitness Tracker Hacking More Accessible” →

Fitness Trackers Don’t Have To Be Proprietary

August 11, 2019 by Jenny List 6 Comments

Fitness trackers have become a popular piece of consumer electronic equipment, with a range of models from a variety of manufacturers. Many of these commercial offerings, however, leave the consumer with the prospect of their data being drawn off to a cloud server and sold to the highest bidder, trading convenience for a loss of privacy. If only there were a fitness tracker offering complete control!

The OpenHAK is an open-source fitness tracker in a 3D printed wristwatch case that measures your heart rate and counts your steps, offering the resultant data for you to collect via Bluetooth. At its heart is a Sparkfun Simblee module, with heart rate sensing through a Maxim MAX30101 and step counting .by a Bocsh BMI160. It’s designed for expandability from the start with a header bringing out useful interface lines. In the prototype, they’ve used this to support a small OLED display. The result is a fitness tracker watch that may not match some of the well-known proprietary devices, but which remains completely open and probably costs a lot less too.

We’ve seen quite a few fitness tracker apps over the years, including a conversion to an EEG, and custom firmware for some commercial trackers.

Custom Firmware For Cheap Fitness Trackers

February 20, 2019 by Lewin Day 51 Comments

The concept of wearable hardware is an enticing one, but it can be difficult to tackle for the first-time maker. While many of us are experienced at designing PCBs and soldering up arcane gadgets, interfacing with the soft and fleshy human form can present unforeseen difficulties. There’s a way around that, of course – leveraging an existing platform where someone else has already done the work. That’s precisely what [Aaron Christophel] has done, by reverse engineering and developing custom firmware for cheap fitness trackers (Google Translate).

The first part of [Aaron]’s work consisted of research and disassembly. After purchasing a wide variety of fitness trackers online, he eventually came across his favored unit, the Tracker I6HRC by IWOWNFIT. This features an NRF52832 microcontroller, as well as an IPS display, some Flash storage, and a vibration motor. Connectivity is handled over Bluetooth Low Energy. [Aaron] particularly rates it for the well-made case that can be disassembled without damage, and the spare USB 2.0 pads on the board which can be used to program the device over the SWD interface.

[Aaron] has developed an Arduino-compatible firmware which is discussed further in a forum post. Most of the peripherals on board have been explored, and reducing power consumption is a current area of active development.

Firmware hacks are always fun – have you considered giving your TV a custom boot screen? Have a FitBit original instead of the clone? There’s a hack for that too.

[Thanks to Jim for the tip!]

Hacking A Fitness Tracker

May 29, 2018 by Al Williams 20 Comments

When [rbaron] started a new job, he got a goodie bag. The contents included a cheap fitness tracker bracelet that used Bluetooth LE. Since this is Hackaday, you can probably guess what happened next: hacking ensued.

For something cheap enough to give away, [rbaron] claims it cost $10, the device has quite a bit in it. In the very tiny package, there is an OLED display, a battery, a vibration motor, and a Nordic 32-bit ARM with BLE. The FCC ID was key to identifying the device. Opening the case, which was glued down, was pretty difficult, but doable with a hair dryer and a knife.

Continue reading “Hacking A Fitness Tracker” →

Opt-Out Fitness Data Sharing Leads To Massive Military Locations Leak

January 28, 2018 by Roger Cheng 79 Comments

People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.

Strava is a fitness tracking service that gathers data from several different brands of fitness tracker — think Fitbit. It gives athletes a social media experience built around their fitness data: track progress against personal goals and challenge friends to keep each other fit. As expected of companies with personal data, their privacy policy promised to keep personal data secret. In the same privacy policy, they also reserved the right to use the data shared by users in an “aggregated and de-identified” form, a common practice for social media companies. One such use was to plot the GPS data of all their users in a global heatmap. These visualizations use over 6 trillion data points and can be compiled into a fascinating gallery, but there’s a downside.

This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.

This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:

“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017

We’ve seen individual fitness trackers hacked and we’ve seen people tracked through controlled domains before, but the global scope of [Nathan]’s discovery puts it in an entirely different class.

[via Washington Post]

Custom Firmware Unlocks Fitness Tracker

July 3, 2016 by Elliot Williams 17 Comments

[Mikhail] sent us a teaser video for a hack he’d done (embedded below). He takes a Bluetooth LE fitness tracker dongle and reflashes it spit out the raw accelerometer data and trigger events. He then wrote a phone app that receives the data and uses the device as an alarm, an on/off switch, a data-logging device, and more.

We thought it was cool enough that we asked [Mikhail] for more detail, and he delivered in spades! Inside the device is a Nordic NRF51822, their ARM Cortex + Bluetooth chip, an accelerometer, and a bunch of LEDs. [Mikhail] mapped out the programming headers, erased the old flash, and re-filled it with his own code. He even added over-the-air DFU re-flashing capability so that he wouldn’t have to open up the case again.

Continue reading “Custom Firmware Unlocks Fitness Tracker” →