Following the trend of stuffing more electronics in everyday devices, the new Philips Sonicare electric toothbrush that [Cyrill Künzi] purchased ended up having a ‘brush head replacement reminder’ feature that wasn’t simply a timer in the handle or base of the unit, but ended up involving an NFC chip embedded in every single brush head containing the usage timer for that particular head. Naturally, this asked for it to be solidly reverse-engineered and hacked.
The NFC chip inside the brush head turned out to be an NXP NTAG213, with the head happily communicating with the NFC reader in a smartphone and the NFC Tools app. This also revealed the memory layout and a few sections that had write access protected by a password, one of which was likely to be the counter. This turned out to be address 0x24, with a few experiments showing the 32-bit value at this address counting the seconds the brush head had been used.
The antenna in an NFC-enabled card is a flexible PCB laminated between the plastic outer layers, with the tracks forming a coil round the outside of it. Using some solvent the cards can be easily separated and the antennas retrieved. Once the chip has been removed they can be cleaned up and soldered to, allowing wires to be connected.
What can you do with an NFC antenna? Not a huge amount as you can see in the (Russian language, English subtitles) video below the break, but he tries it as a not-very-good heating pad, a power harvesting antenna from NFC readers, and perhaps most promisingly, as the coil of a moving-coil speaker. We’re not sure how much effort would be worth making on that last front, but we think with a bit of care there might be room for audible improvement.
Smartphones are amazing tools, but sometimes they can be an equally amazing time suck. In an effort to minimize how much precious time goes down the drain, [Lance Pan and Zeynep Kirmiziyesil] decided to make a functional and beautiful smartphone sleeve to keep you on task.
Most modern smartphones have some form of Do Not Disturb mode available, but having the phone visible can still be an invitation for distraction. By tucking the phone into an accessible but less visible sleeve, one can reduce the visual trigger to be on the phone while keeping it handy in the even of an emergency.
Once in the sleeve, the NFC tag sandwiched between the felt and wood veneer triggers an automation to put the phone into Do Not Disturb mode. This hack looks like something that you could easily pull off in an afternoon and looks great which is always a winning combination in our book.
Consumer electronics aimed at young children tend to be quite janky and cheap-looking, and they often have to be to survive the extreme stress-testing normal use in this situation. You could buy a higher quality item intended for normal use, but this carries the risk of burning a hole in the pockets of the parents. To thread the needle on this dilemma for a child’s audiobook player, [Turi] built the Grimmboy for a relative of his.
Taking its name from the Brothers Grimm, the player is able of playing a number of children’s stories and fables in multiple languages, with each physically represented by a small cassette tape likeness with an RFID tag hidden in each one. A tape can be selected and placed in the player, and the Arduino at the center of it will recognize the tag and play the corresponding MP3 file stored locally on an SD card. There are simple controls and all the circuitry to support its lithium battery as well. All of the source code that [Turi] used to build this is available on the project’s GitHub page.
NFC hacking can be a daunting task with many specialized tools, a proliferation of protocols, and a multitude of different devices. [ElectronicCats] has done a lot of work to try to make this investigation accessible by creating an open-source, hardware-certified NFC tool called the HunterCatNFC that can read and emulate a multitude of NFC devices.
The HunterCatNFC device is meant to be portable and self contained, with LED indicator lights that can give information about the various modes, and feedback about what data is being received. At its core, the HunterCatNFC has an NXP PN7150 NFC controller chip to handle the NFC communication. The main processing controller is a Microchip SAMD21 which also provides USB functionality, and the whole device is powered by a 3.7V 150mAh Li-ion battery.
The HunterCatNFC has three main modes, ’emulation’, ‘read/write’ and ‘peer-to-peer’. Emulation mode allows the HunterCatNFC to mimic the functionality of a passive NFC device, only responding when an NFC reader issues a request. The read/write mode allows it to emulate an NFC reader or writer, with the ability to communicate with nearby passive NFC devices. The peer-to-peer mode gives the device the ability to have two way communication, for instance, between two HunterCatNFC devices.
We’ve covered NFC hacking before, including the Flipper Zero. The HunterCatNFC is a fine addition to the NFC hackers arsenal of tools with some very nice documentation to learn from. For those not wanting to send out their own boards to be printed and assembled, [ElectronicCats] has them for sale.
[Flamingo-tech]’s Xiaomi air purifier has a neat safety feature: it will refuse to run if a filter needs replacement. Of course, by “neat” we mean “annoying”. Especially when the purifier sure seems to judge a filter to be useless much earlier than it should. Is your environment relatively clean, and the filter still has legs? Are you using a secondary pre-filter to extend the actual filter’s life? Tough! Time’s up. Not only is this inefficient, but it’s wasteful.
[Flamingo-tech] has long been a proponent of fooling Xiaomi purifiers into acting differently. In the past, this meant installing a modchip to hijack the DRM process. That’s a classic method of getting around nonsense DRM on things like label printers and dishwashers, but in this case, reverse-engineering efforts paid off.
It’s now possible to create simple NFC stickers that play by all the right rules. Is a filter’s time up according to the NFC sticker, but it’s clearly still good? Just peel that NFC sticker off and slap on a new one, and as far as the purifier is concerned, it’s a new filter!
If you’re interested in the reverse-engineering journey, there’s a GitHub repository with all the data. And for those interested in purchasing compatible NFC stickers, [Flamingo-tech] has some available for sale.
Apple AirTags are useful little devices. They essentially use iPhones in the wild as a mesh network to tell the owner where the AirTag is. Now, researchers have shown that it’s possible to clone these devices.
The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this with relatively simple tools, using a Pi Pico fitted with a few additional components.
With the debug interface enabled, it’s simple to extract the microcontroller’s firmware. It’s then possible to clone this firmware onto another tag. The team also experimented with other hacks, like having the AirTag regularly rotate its ID to avoid triggering anti-stalking warnings built into Apple’s tracing system.
As the researchers explain, it’s clear that AirTags can’t really be secure as long as they’re based on a microcontroller that is vulnerable to such attacks. It’s not the first AirTag cloning we’ve seen either. They’re an interesting device with some serious privacy and safety implications, so it pays to stay abreast of developments in this area.