Hacking An Actual WiFi Toothbrush With An ESP32-C3

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)
Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future  hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

Continue reading “Hacking An Actual WiFi Toothbrush With An ESP32-C3”

Haier Europe Eases Off On Legal Threat And Seeks Dialogue

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.

Haier Threatens Legal Action Against Home Assistant Plugin Developer

Appliance manufacturer Haier has been integrating IoT features into their newer products, and as is so common these days, users are expected to install their “hOn” mobile application to access them. Not satisfied with that limitation, [Andre Basche] reverse engineered the protocol used by the app, and released a Python library and associated Home Assistant plugin to interface with a wide array of Haier appliances, which includes brands like Hoover, Candy, GE Appliances and others.

Unfortunately, it looks like his efforts have gotten him into a bit of legal hot water. In an issue recently opened on the project’s GitHub page, [Andre] explains the circumstances and legal options that have led him to consider pulling the repositories completely — mostly due to the cost of mounting a legal defense to the cease & desist from Haier Europe.

What’s ironic here is that Haier has been part of the Connectivity Standard Alliance (CSA) since 2022, whose goal is to ‘promote universal open IoT standards’, including Matter.

It’s possible that a legal defense will be mounted against this C&D from Haier within the coming days. Yet regardless of the outcome here, it remains problematic that these IoT-enabled Haier appliances are connected to the Haier servers. Ideally they would be controlled locally, which is the goal of projects like [Miguel Ángel López Vicente]’s ESP Haier, that uses an ESP8266 to connect Haier AC units to the local WiFi and e.g. HA instances, all without requiring internet access.

This is sadly just one more example of why building your own off-line smart home can be such an incredible struggle.

Thanks to [Ar3itrary] for the tip.

A Modernized Metric Clock

Much to the chagrin of many living in North America who still need to do things like keep two sets of wrenches on hand, most of the rest of the world has standardized to a simpler measurement system using metric units exclusively. The metric system is widely adopted worldwide, but we still use a base-60 system for timekeeping that predates the rest of the metric system. The French did attempt to “decimalize” timekeeping as well with the French Republican Calendar at around this same time, but this “metric” timekeeping system never caught on particularly well. It’s still an interesting historical tidbit, and [ClassTech] built this modern metric clock to explore it a little more.

The system itself uses ten-day weeks, ten-hour days, and 100-minute hours which makes it more in line with the base-10 system common to the rest of the metric system. But this means that a second in the French Republican system actually works out to a little less than one and a half SI seconds, meaning that a modern timekeeping computer needs to do a little more math to display the correct time at the correct interval. [ClassTech] is using a Particle Photon IoT processor getting the time from a NTP server, converting it to “metric time”, and displaying the time on a Nextion touch display.

While the device is reported to update the time once per second, we’re not sure if this is every SI second or every French Republican second. Either way, there are plenty of reasons this timekeeping system never gained widespread adoption, and a surprising one is that timekeeping tends to be easier in a base-60 system due to its capability of having more divisors. Many other reasons are less technical and more cultural, and timekeeping tends to be surprisingly difficult to coordinate even among shared numbers systems and languages.

Toy Gaming Controller Makes The Big Leagues

Some of the off-brand video game consoles and even accessories for the major brands can leave a lot to be desired. Whether it’s poor build quality or a general lack of support or updates, there are quite a few things on the market not worth anyone’s time or money. [Jonathan] was recently handed just such a peripheral, a toy game controller originally meant for a small child, but upon further inspection it turned into a surprisingly hackable platform, capable of plenty of IoT-type tasks.

The controller itself was easily disassembled, and the functional buttons within were wired to a Wemos D1 Mini instead of the originally-planned ESP32 because of some wiring irregularities and the fact that the Wemos D1 Mini having the required amount of I/O. It’s still small enough to be sealed back inside the controller as well, powered by the batteries that would have powered the original controller.

For the software, [Jonathan] is using MQTT to register button presses with everything easily accessible over Wi-Fi, also making it possible to update the software wirelessly. He was able to use it to do a few things as proof-of-concept, including playing a game in PyGame and controlling a Sonos speaker, but for now he’s using it to control an LED sculpture. With something this easily modified, though, it would be pretty straightforward to use it instead for a home automation remote control, especially since it is already set up to use MQTT.

Continue reading “Toy Gaming Controller Makes The Big Leagues”

The measurement results of: (a) RSSI in dBm collected from gateway 2 and (b) soil moisture during the winter period. (Credit: Maja Škiljo et al., 2022)

Using LoRa Nodes As Soil Moisture Sensing Antennas

Implementation of LoRaWAN-based soil moisture sensing device. (Credit: Maja Škiljo et al., 2022)
Implementation of LoRaWAN-based soil moisture sensing device. (Credit: Maja Škiljo et al., 2022)

Although we generally think of Internet of Things (IoT) and similar devices as things that are scattered around above ground, there are plenty of reasons to also have such devices underground. These so-called IoUT devices are extremely useful when it comes to monitoring underground structures, but communication via radiowaves is obviously impacted when soil is in the way. Although there are ways to get around this, a 2022 paper by Maja Škiljo and colleagues in Sensors covers an interesting way to make use of this signal attenuation property of changing moisture levels in soil.

By quantifying the exact attenuation of the signal received at the gateways, they were able to determine the soil moisture levels around the LoRa node which had been buried at a depth of approximately 14 centimeters. This LoRa node used off-the-shelf components consisting of an ATmega328P-based Arduino Pro Mini and SX1276-based RFM95W LoRa module with a spring antenna.

During experimentation in- and outdoors it was determined that a narrowband, printed (PCB) antenna was optimal for soil moisture sensing purposes. Other than the interesting question of how to keep soil moisture sensing nodes like this powered up over long periods of time (perhaps periodic retrieval to replenish the battery), this would seem to be a very interesting way to monitor the soil moisture levels in something like a field, where each node can provide its own ID and the received signal providing the relevant data in the form of the SNR and other parameters recorded by the gateway.

(Heading image: The measurement results of: (a) RSSI in dBm collected from gateway 2 and (b) soil moisture during the winter period. (Credit: Maja Škiljo et al., 2022) )

A Deep Dive On Battery Life

There are all kinds of old wives’ tales surrounding proper battery use floating around in the popular culture. Things like needing to fully discharge a battery every so often, unplugging devices when they’re fully charged, or keeping batteries in the fridge are all examples that have some kernel of truth to them but often are improperly applied. If you really want to know the truth about a specific battery, its behavior, and its features, it helps to dig in and actually take some measurements directly like [Tyler] has done with a vast array of embedded batteries in IoT devices.

[Tyler] is a firmware engineer by trade, so he is deeply familiar with this type of small battery. Battery performance can change dramatically under all kinds of scenarios, most important among them being temperature. But even the same type of battery can behave differently to others that are otherwise identical, which is why it’s important to have metrics for the batteries themselves and be able to measure them to identify behaviors and possible problems. [Tyler] has a system of best practices in place for monitoring battery performance, especially after things like firmware upgrades since small software changes can often have a decent impact on battery performance.

While working with huge fleets of devices, [Tyler] outlines plenty of methods for working with batteries, deploying them, and making sure they’re working well for customers. A lot of it is extremely useful for other engineers looking to develop large-scale products like this but it’s also good knowledge to have for those of us rolling out our own one-off projects that will operate under battery power. After all, not caring for one’s lithium batteries can have disastrous consequences.