telink

3 Articles

$3 Smartwatch Can Run Python

June 26, 2024 by 8 Comments

[Poking Technology] doesn’t think much of his new smartwatch. It is, by his admission, the cheapest possible smartwatch, coming in at about $3. It has very few useful features but he has figured out how to port MicroPython to it, so for a wrist-mounted development board with BLE, it might be useful. You can check it out in the video below.

The first step is a teardown, which reveals surprisingly little on the inside. There’s a tiny battery, a few connections, a display, and a tiny CPU board. There are, luckily, a few test pads that let you get into the CPU. What do you get? A 24 MHz Telink CPU with 512k of flash and 16k of RAM, along with all the other hardware.

Continue reading “$3 Smartwatch Can Run Python”

the Logitech receiver in question next to the mouse it's paired to

Uncovering Secrets Of Logitech M185’s Dongle

June 15, 2024 by 14 Comments

[endes0] has been hacking with USB HID recently, and a Logitech M185 mouse’s USB receiver has fallen into their hands. Unlike many Logitech mice, this one doesn’t include a Unifying receiver, though it’s capable of pairing to one. Instead, it comes with a pre-paired CU0019 receiver that, it turns out, is based on a fairly obscure TC32 chipset by Telink, the kind we’ve seen in cheap smart wristbands. If you’re dealing with a similarly obscure MCU, how do you even proceed?

In this case, GitHub had a good few tools developed by other hackers earlier — a Ghidra integration, and a tool for working with the MCU using a USB-UART and a single resistor. Unfortunately, dumping memory through the MCU’s interface was unreliable and frustrating. So it was time to celebrate when fuzzing the HID endpoints uncovered a memory dump exploit, with the memory dumper code helpfully shared in the blog post.

From a memory dump, the exploration truly began — [endes0] uncovers a fair bit of dongle’s inner workings, including a guess on which project it was based on, and even a command putting the dongle into a debug mode where a TC32-compatible debugger puts this dongle fully under your control.

Yet another hands-on course on Ghidra, and a wonderful primer on mouse dongle hacking – after all, if you treat your mouse’s dongle as a development platform, you can easily do things like controlling a small quadcopter, or pair the dongle with a SNES gamepad, or build a nifty wearable.

We thank [adistuder] for sharing this with us!

Reverse Engineering A Very Cheap Fitness Band

July 8, 2021 by 10 Comments

With the rise of big-name smartwatches in the marketplace, there are also a smattering of lower-end offerings. The M6 fitness band is one of them, and [Raphael] set about hacking the cheap device with a custom firmware of his own creation.

The M6 band, which sells for around $6, appears to trade on name similarity to the more expensive (~$50) Xiaomi Mi Smart Band 6 fitness tracker. Upon disassembly, [Raphael] found that the system-on-chip running the show is a Telink TLSR8232. It’s paired with a 160×80 display, a small LiPo battery for power, and a vibration motor and what appears to be a fake heart rate sensor.

[Raphael] wanted to flash the SOC with a new firmware, and learned a lot from code for a similar part created by [atc1441]. It took some time to figure out how to program the chip using the somewhat oddball SWire interface, but [Raphael] persevered and eventually got things going after much research and experimentation.

From there, it was yet further work to figure out how to read the capacitive button input as well as how to drive the screen, but [Raphael] succeeded in the end. The final result was whipping up a firmware that allowed him to read Bluetooth Low Energy soil moisture sensors he has installed in his plants at home.

It’s not [Raphael], aka [rbaron]’s first bite at the cherry; we’ve featured his efforts in hacking similar fitness bands before! Video after the break.

Continue reading “Reverse Engineering A Very Cheap Fitness Band”