Custom Firmware For Even Cheaper Bluetooth Thermometers

December 21, 2024 by Tom Nardi 33 Comments

Readers may recall when we first covered the $5 Xiaomi LYWSD03MMC temperature and humidity sensor back in 2020. Prolific hacker [Aaron Christophel] wrote a custom firmware for the affordable gadget that was so capable and well implemented that it kicked off a whole new community.

It’s recently been brought to our attention that the Xiaomi thermometer has become so popular that clones have started popping up. Often sold under the Tuya brand, these versions look very similar to Xiaomi’s offering but can be had for as little as $1 each from the usual Chinese importers. Even better, they’ve got their very own open-source custom firmware.

The firmware comes from [pvvx], who also helms the most active fork of [Aaron]’s original firmware for the Xiaomi thermometer. Doing a bit of spot-checking between the repositories, it’s not immediately clear that any meaningful code is shared between the two projects. However, once installed, they offer similar capabilities to the user, such as integration with Home Assistant. Perhaps the most significant difference between the two projects is that, at least for the initial flash, you need to hook the Tuya units up to your computer with a USB serial adapter. Considering that one of the highlights of the Xiaomi custom firmware was its exceptionally easy wireless installation, this is a considerable step backward.

Below is a video from a few months back that [Maker’s Fun Duck] put together, where he takes apart one of these clones and shows the installation process for the custom firmware. Our overall impression is that it’s probably worth the few extra dollars to get the original Xiaomi hardware, although the display on the clone seems much brighter. In any event, we’re always happy to see the community coming up with free and open-source firmware for an otherwise locked-down gadget.

Continue reading “Custom Firmware For Even Cheaper Bluetooth Thermometers” →

Hacking An Actual WiFi Toothbrush With An ESP32-C3

March 5, 2024 by Maya Posch 15 Comments

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

Continue reading “Hacking An Actual WiFi Toothbrush With An ESP32-C3” →

Bambu Lab To Allow Installing Open Firmware After Signing Waiver

January 12, 2024 by Maya Posch 26 Comments

On January 10th Bambu Lab published a blog post in which they address the issue of installing custom firmware on your Bambu Lab X1 3D printer. This comes hot on the heels of a number of YouTube channels for the first time showing off the X1Plus firmware that a number of X1 users have been working on as an open source alternative to the closed, proprietary firmware. Per the Bambu Lab blog post, there is good and bad news for those wanting to use X1Plus and similar projects that may pop up in the future.

After Bambu Lab consulted with the people behind X1Plus it was decided that X1 users would be provided with the opportunity to install such firmware without complaints from Bambu Lab. They would however have to sign a waiver that declares that they agree to relinquish their rights to warranty and support with the printer. Although some details are left somewhat vague in the blog post, it appears that after signing this waiver, and with the target X1 printer known to Bambu Lab, it will have a special firmware update (‘Firmware R’) made available for it.

This special firmware then allows for third-party firmware to be installed, with the ability to revert to OEM firmware later on. The original exploit in pre-v1.7.1 firmware will also no longer be used by X1Plus. Hopefully Bambu Lab will soon clarify the remaining questions, as reading the Reddit discussion on the blog post makes it clear that many statements can be interpreted in a variety of ways, including whether or not this ‘Firmware R’ is a one-time offer only, or will remain available forever.

It’s not the first time we’ve seen a 3D printer manufacturer give users this sort of firmware ultimatum. Back in 2019 Prusa added a physical “appendix” to their new 32-bit control board that the user would have to snap off before they could install an unsigned firmware, which the company said signified the user was willing to waive their warranty for the privilege.

Thanks to [Aaron] for the tip.

An Open Source Firmware For Cheap Geiger Counters

June 24, 2023 by Al Williams 11 Comments

It is a time-honored tradition: buy some cheap piece of gear and rewrite the firmware to make it work better. [Gissio] managed to do just that for a cheap FS2011 Geiger counter. Apparently, the firmware will also work with some similar Chinese models, too.

The new firmware boasts an improved UI and multiple measurement units, including Sievert, Rem, and counts per minute or second. You can hold the measurement or compute a dose or average rate. The new firmware also has a host of customizations and can accommodate different tubes.

There are, however, two really key features. First, the new firmware offers about 40% more battery life than the stock version. Second, there is now an onboard nuclear chess game! That way, you can enjoy yourself while you are getting irradiated. There are also a few suggested hardware mods that are optional to improve measurements and increase the buzzer volume, among other things.

If you get a Geiger counter, you might be surprised at what things are slightly radioactive. If you don’t need the microcontroller, you can make a workable counter on the cheap.

Continue reading “An Open Source Firmware For Cheap Geiger Counters” →

Low-Cost 433 MHz Door Sensors Get Open Firmware

January 8, 2023 by Tom Nardi 38 Comments

It’s an unfortunate reality these days that if you see a cheap piece of consumer electronics, there’s a good chance its only cheap because it’s designed to lock you into some ecosystem where you’ll either end up paying a subscription, or worse, have your personal information sold behind your back. One of the best tools we have against these sort of anti-consumer practices is the development of open source firmware replacements that put control of the device into the hands of the community, rather than a corporation.

Now, thanks to the work of [Jonathan Armstrong] we have such a firmware for the 433 MHz magnetic door and window sensors that you can pick up on AliExpress for $4 USD a piece. The new firmware not only ensures you can use these sensors with a wide array of receivers, but adds a number of new features over their stock configuration. Continue reading “Low-Cost 433 MHz Door Sensors Get Open Firmware” →