Hacking Smart Bracelet Wristband
I saw on local store that there is some cheap Smart Bracelet to buy with BTLE.
So I decided to do some research about it.
It was iDo 003, and after some articles online I have found one that was cool to try.
http://forum.espruino.com/conversations/280747/
I have lots of idea what can I do with it if I manage to hack it.
I carefully read comments, and find out that there is no backup for flash, and I decided to give it a try to get backup.
I bought it and start the struggle.
On ebay I have orders Mini ST-Link V2 stlink Emulator Downloader
Programmer was not arriving and bracelet was ready for hacking, so I decided to try raspberry pi for programmer.
I fallowed this guide to setup rasp as SWD programmer.
College Dobrica told me that it is probably protected and I will need to apply some patch for openocd.
https://devzone.nordicsemi.com/question/78890/programming-nrf52-with-openocd/
I had some problems with compiling but managed to get it after a while.
At first I have tried programmer with STM32
and that worked
I have tried to get and put firmware, and that worked to
After tests I have connected bracelet ant tried to get firmware
but there was no luck firmware was filled with all 0000000000
So it was true protection is enabled, but that was not the end I decided to get bit deeper, and after a bit of research I have find great article about a security flow on this chip so I decided to try that.
http://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html
On the bottom of page there is ruby script that I have run for a couple of minutes (about 30) and break script to check hex dump
That looked like some firmware dump, but it was so slow so I decided to left it over night to do the job.
In the morning I have found that script has failed with some message, and openocd could not connect to target.
I have tried to remove battery, and power device from rasp, but nothing is helping I have only message.
Error: Could not initialize the debug port
And bracelet is not powering up :)
Now I have a bit of firmware and a bit of a really nice firmware (if it is real one :)), bit of experience with hardware hacking, and lots of fun …