Get Apple To Track Your Bluetooth Devices For You

Apple’s “Find My” service allows users to track their missing devices by leveraging a worldwide network of location-aware iGadgets. With millions of iPhones and Macs out in the wild listening for the missing device’s Bluetooth advertisements and relaying their findings to the Cupertino Mothership, it’s a highly effective way of tracking hardware so long as it stays in relatively urban areas. Unfortunately, the system is completely proprietary and non-Apple devices aren’t invited to play.

Or at least, that used to be the case. A project recently released by the [Secure Mobile Networking Lab] called OpenHaystack demonstrates how generic devices can utilize Apple’s Find My network by mimicking the appropriate Bluetooth Low Energy (BLE) broadcasts. Currently they have a firmware image for the BBC micro:bit, as well as a Python script for Linux, that will allow you to spin up an impromptu Find My target. But the team has also published all the information required to implement similar functionality on other BLE-capable devices and microcontrollers, so expect the list of supported hardware to grow shortly.

Diagram showing how the Apple Find My system worksSomewhat ironically, while OpenHaystack allows you to track non-Apple devices on the Find Me tracking network, you will need a Mac computer to actually see where your device is. The team’s software requires a computer running macOS 11 (Big Sur) to run, and judging by the fact it integrates with Apple Mail to pull the tracking data through a private API, we’re going to assume this isn’t something that can easily be recreated in a platform-agnostic way. Beyond the occasional Hackintosh that might sneak in there, it looks like Tim Cook might have the last laugh after all.

It’s not immediately clear how difficult it will be for Apple to close this loophole, but the talk of utilizing a private API makes us think there might be a built-in time limit on how long this project will be viable. After all, Big Tech doesn’t generally approve of us peons poking around inside their machinations for long. Though even if Apple finds a way to block OpenHaystack, it’s expected the company will be releasing “AirTags” sometime this year which will allow users to track whatever objects they like through the system.

Amazon Halo Teardown Is Supremely Thorough

We rarely see teardowns this detailed. [txyzinfo] wanted to know what hardware was under the hood, and did an amazing Amazon Halo Teardown.

Sometime around the middle of 2020, Amazon jumped on to the health and fitness tracker space with the introduction of the Halo — a $100 device with an add on $4 monthly subscription service if you wanted additional features, which Amazon calls “labs”, many of which are third-party services. The device does not have any display at all, and any metrics that need to be displayed (heart rate, steps, calories, etc.) show up on the Halo phone app. Halo’s focus is more on health, rather than fitness. It helps monitor your active and sleep states, keeps track of body fat, and reports your emotional state.

We won’t delve much in to the pros and cons of the device, other than mention two features which have the potential to creep out most folks. The device has a pair of microphones, which listen to the “tone” of your voice and report on your emotional state. The other is its use of your phone via the companion app, to take photos of you, preferably dressed in your undergarments. Your front, back and side photos get uploaded to Amazon servers, get converted to a 3D model, and then downloaded back to your phone. Amazon mentions that the photos are never retained and deleted from their servers once your 3D model is transferred back to the phone. Amazon’s ML algorithms then calculate your body fat percentage. More worryingly, the app offers a slider which you can move to see how you will “look” if you have higher or lower body fat percentages.

Fortunately for us hardware hacker types, [txyzinfo] wanted to unlock all the secrets Amazon poured into this design. Even if the device in particular does not interest you, the techniques he uses are very educational and will prove a useful addition to your skills. The device does not have any external fasteners, with the back cover being held together with glue. [txyzinfo] starts off by applying a solvent around the back cover to soften the glue, then works with his spudger to pry it open. The back cover appears to have an antenna with touch-contact terminations without a connector. The main body holds the rest of the electronics, and can be easily removed by unscrewing the four corner screws. Using a combination of solvent to soften the glue at various points, and snips to cut off retaining plastic tabs, he manages to untangle the hybrid rigid-flex PCB assembly from its plastic-metal clam-shell.

He uses a hot-air blower to cleanly separate the flex PCB parts attached to the rigid PCB. With all the flex pieces removed, he is left with the main part of the device — the rigid PCB with most parts potted under a metal shield filled with what appears to be a soft, grey compound. At this point, we are not sure if the potting compound is for heat dissipation, or just to obfuscate reverse engineering. His next action gives us a severe case of the heebie jeebies, as he clamps the PCB to a milling machine, and mills away the sides of the metal shield. Next, he heats the whole assembly with the hot air gun to melt all the solder, applying some generous amounts of flux, using the spudger to pull apart the PCB from the components embedded in the potting compound. Check out the video after the break to see his tear down techniques in action.

His plan was to identify as many parts as he could, but he wasn’t very successful, and managed to identify just a few — the two MEMS microphones, two temperature sensors and the LED driver on the flex PCB, and the photo-diodes, 6-axis IMU, battery charger and flash memory on the main board. The board has an uncommon 5-layer stack up, with the centre layer being ground. PCB de-layering is a time consuming process and requires a lot of patience, but in the end, he was able to get a pretty good result. He found some oddities in the track layout and was able to identify some of the more common connections to the I2C bus and between the micro-controller and its memory. He also located several test points which seem promising for a second round of investigations. Sometime in the future, he plans to get another Halo and have a go at it using the JTAGulator and GoodFET.

Tear downs are a favourite for all hackers, as is evident by the regularity with which we keep seeing them. If this one hasn’t whetted your appetite, then check out this other Fitness Tracker Teardown which is a lesson in Design for Manufacture.

Continue reading “Amazon Halo Teardown Is Supremely Thorough”

A Tracker For Radio Sondes

Radiosondes – the telemetry packages carried aloft by sounding balloons for atmospheric weather data measurements – are regularly used by weather bureaus around the world to collect data, and there are quite a number of launches daily. Most of them are in Europe, but they also happen at many locations in North and South America, Japan, and Australia. The balloons burst when they reach a high enough altitude, the radiosonde falls back, and most often there is no effort made to recover them since they are deemed “expendable”. So it’s Finders Keepers, and rich pickings for any hacker who is fortunate enough to grab the fallen radiosondes. For successful recovery, you need to first be able to track those radiosondes, and that’s why leet guy [Robert Stefanowicz aka p1337] built his Weather ballon tracker (sic) project.

The hardware is all off-the-shelf, packaged in a pretty cool 3D printed package designed to make it look like the hand held radio that it is. At its heart is the ESP32 based TTGO T-BEAM V1.0 which has almost everything needed for this project. Add an OLED display, 18650 Li-Po cells, antenna and connectors and you can put it all together in an evening over your favourite beverage.

[DL9RDZ] wrote the software which runs on the T-Beam, available at the RDZ-Sonde repo on Github, that allows hunting these balloons. Setup is straightforward, and you need to fiddle with just a couple of well-explained config parameters. Once connected to your WiFi, config and settings can be accessed via convenient web URL’s and the single user action button on the TTGO offers quick access to different functional modes. At the moment, the software is written to decode signals from the widely used Vaisala RS41, Graw DFM06 and Graw DFM09 radiosondes. This LINK provides details for some of the popular radiosonde models.

Once you’re done building this piece of hunting gear, you’ll need some additional help finding out when and where the launches are taking place. If you’re in Europe, you luck out – there is a live radiosonde tracker map, thanks to the great work done by [Michał Lewiński – SQ6KXY]. If you live else where and know of similar resources, let us know in the comments. As a side note, Wikipedia tells us there are about 1300 launch sites worldwide and twice a day missions, so there’s quite a number of fallen pieces of hardware lying around just waiting to be picked up. At the very least, each will have a GPS module and temperature and humidity sensors that you can recover.

So, what do you do with the recovered radiosondes ? Here’s a tip on a “Fallen Radiosonde reborn as active L-band antenna“. And If you’d like to get the skinny on radiosondes, check out “Radiosondes: getting data from upstairs

Thanks for the tip, [Alex aka MD23F3].

Bike Lock Secures Car

[Buttim] loses his car a lot, which might sound a little bit like the plot from an early-00s movie, but he assures us that it’s a common enough thing. In a big city, and after several days of not driving one’s car, it can be possible to at least forget where you parked. There are a lot of ways of solving this problem, but the solution almost fell right into his lap: repurposing a lock from a bike share bicycle. (The build is in three parts: Part 2 and Part 3.)

These locks are loaded with features, like GPS, a cellular modem, accelerometers, and in this case, an ARM processor. It took a huge amount of work for [Buttim] to get anything to work on the device, but after using a vulnerability to dump the firmware and load his own code on the device, spending an enormous amount of time trying to figure out where all the circuit traces went through layers of insulation intended to harden the lock from humidity, and building his own Python-based programmer for it, he has basically free reign over the device.

To that end, once he figured out how it all worked, he put it to use in his car. The device functions as a GPS tracker and reports its location over the cellular network so it can’t become lost again. As a bonus, he was able to use the accelerometers to alert him if his car was moving without him knowing, so it turned into a theft deterrent as well. Besides that, though, his ability to get into the device’s firmware reminded us of a recent attempt to get access to an ARM platform.

The CLUE Tracker Points You To A Target, Using CircuitPython

The main components are an Adafruit CLUE, Stemma GPS, and a lithium-polymer battery. No soldering required.

[Jay Doscher] shares a quick GPS project he designed and completed over a weekend. The device is called the CLUE Tracker and has simple goals: it shows a user their current location, but also provides a compass heading and distance to a target point. The idea is a little like geocaching, in that a user is pointed to a destination but must find their own way there. There’s a 3D printed enclosure, and as a bonus, there is no soldering required.

The CLUE Tracker uses the Adafruit CLUE board (which is the same size as the BBC micro:bit) and Stemma GPS sensor, with the only other active component being a lithium polymer battery. The software side of the CLUE Tracker uses CircuitPython, and [Jay] has the code and enclosure design available on GitHub.

[Jay] did a nice job of commenting and documenting the code, so this could make a great introductory CircuitPython project. No soldering is required, which makes it a little easier to re-use the parts in other projects later. This helps to offset costs for hackers on a budget.

The fact that a device like this can be an afternoon or weekend project is a testament to the fact that times have never been better for hobbyists when it comes to hardware. CircuitPython is also a fast-growing tool, and projects like this can help make it easy and fun to get started.

Is Solar Right For You? Find Out!

Solar panels are revolutionizing the electric power industry, but not everyone is a good candidate for rooftop solar. Obviously people in extreme northern or sothern latitudes aren’t going to be making a ton of energy during the winter compared to people living closer to the equator, for example, but there are other factors at play that are more specific to each individual house. To find out if any one in particular will benefit from solar panels, [Jake] and [Ryan]’s solar intensity sensor will help you find out.

The long-term intensity tracker is equipped with a small solar panel and a data recording device, properly contained in a waterproof enclosure, and is intended to be placed in the exact location that a potential solar installation will be. Once it has finished gathering data, it will help determine if it makes economical sense to install panels given that the roof slope might not be ideal, landscaping may be in the way, or you live in a climate where it rains a lot in the summer during peak production times.

As we move into the future of cheap, reliable solar panels, projects like this will become more and more valuable. If you’re not convinced yet that photovoltaics are the way of the future, though, there are other ways of harnessing that free solar power.

Self-Powered Sun Tracker Takes A Cue From NASA Solar Probe

Getting a solar array to track the sun has always been an interesting problem, and it has led to some complicated solutions. Controllers that use GPS and servos seem to be much in favor these days, but as this NASA-inspired sun tracker shows, the task needn’t be overly complex.

It’s pretty obvious from the video below that [NightHawkInLight]’s solar tracker is just a proof-of-concept for now, but it certainly shows promise. It’s based on NASA’s sun-skimming Parker Solar Probe, which uses sensors at the rear of the probe to maneuver the craft to keep sunlight from peeking around the sides of the shield. [NightHawkInLight]’s design simplifies that scheme even more, by using solar cells as the four sensors. The cells, mounted behind a solar shade, are directly connected to small gear motors that control azimuth and elevation. When a cell sees the sun, it powers the motor that moves the panel the right way to occlude the sun again, thereby cutting power to the motor.

[NightHawkInLight] mentions the obvious problem of what happens when the sun comes up and the array is pointing the complete opposite direction after the previous sunset, but we’re still not sure his solution – a larger array with tracking cells mounted further apart – will work. We’re also not sure how it will scale to larger arrays that need bigger motors to move. We’ve seen such arrays handled with more complicated trackers, of course, but we hope the simplicity of this design can be made practical for real-world use.

Continue reading “Self-Powered Sun Tracker Takes A Cue From NASA Solar Probe”