Hacking An Actual WiFi Toothbrush With An ESP32-C3

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)
Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for futureĀ  hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

Continue reading “Hacking An Actual WiFi Toothbrush With An ESP32-C3”

Bambu Lab To Allow Installing Open Firmware After Signing Waiver

On January 10th Bambu Lab published a blog post in which they address the issue of installing custom firmware on your Bambu Lab X1 3D printer. This comes hot on the heels of a number of YouTube channels for the first time showing off the X1Plus firmware that a number of X1 users have been working on as an open source alternative to the closed, proprietary firmware. Per the Bambu Lab blog post, there is good and bad news for those wanting to use X1Plus and similar projects that may pop up in the future.

After Bambu Lab consulted with the people behind X1Plus it was decided that X1 users would be provided with the opportunity to install such firmware without complaints from Bambu Lab. They would however have to sign a waiver that declares that they agree to relinquish their rights to warranty and support with the printer. Although some details are left somewhat vague in the blog post, it appears that after signing this waiver, and with the target X1 printer known to Bambu Lab, it will have a special firmware update (‘Firmware R’) made available for it.

This special firmware then allows for third-party firmware to be installed, with the ability to revert to OEM firmware later on. The original exploit in pre-v1.7.1 firmware will also no longer be used by X1Plus. Hopefully Bambu Lab will soon clarify the remaining questions, as reading the Reddit discussion on the blog post makes it clear that many statements can be interpreted in a variety of ways, including whether or not this ‘Firmware R’ is a one-time offer only, or will remain available forever.

It’s not the first time we’ve seen a 3D printer manufacturer give users this sort of firmware ultimatum. Back in 2019 Prusa added a physical “appendix” to their new 32-bit control board that the user would have to snap off before they could install an unsigned firmware, which the company said signified the user was willing to waive their warranty for the privilege.

Thanks to [Aaron] for the tip.

An Open Source Firmware For Cheap Geiger Counters

It is a time-honored tradition: buy some cheap piece of gear and rewrite the firmware to make it work better. [Gissio] managed to do just that for a cheap FS2011 Geiger counter. Apparently, the firmware will also work with some similar Chinese models, too.

The new firmware boasts an improved UI and multiple measurement units, including Sievert, Rem, and counts per minute or second. You can hold the measurement or compute a dose or average rate. The new firmware also has a host of customizations and can accommodate different tubes.

There are, however, two really key features. First, the new firmware offers about 40% more battery life than the stock version. Second, there is now an onboard nuclear chess game! That way, you can enjoy yourself while you are getting irradiated. There are also a few suggested hardware mods that are optional to improve measurements and increase the buzzer volume, among other things.

If you get a Geiger counter, you might be surprised at what things are slightly radioactive. If you don’t need the microcontroller, you can make a workable counter on the cheap.

Continue reading “An Open Source Firmware For Cheap Geiger Counters”

Low-Cost 433 MHz Door Sensors Get Open Firmware

It’s an unfortunate reality these days that if you see a cheap piece of consumer electronics, there’s a good chance its only cheap because it’s designed to lock you into some ecosystem where you’ll either end up paying a subscription, or worse, have your personal information sold behind your back. One of the best tools we have against these sort of anti-consumer practices is the development of open source firmware replacements that put control of the device into the hands of the community, rather than a corporation.

Now, thanks to the work of [Jonathan Armstrong] we have such a firmware for the 433 MHz magnetic door and window sensors that you can pick up on AliExpress for $4 USD a piece. The new firmware not only ensures you can use these sensors with a wide array of receivers, but adds a number of new features over their stock configuration. Continue reading “Low-Cost 433 MHz Door Sensors Get Open Firmware”