Comments (13)
Hi @Jeffrey-Remien,
It only works with older models. The unencrypted firmware transfer was a vulnerability in the older protocol that has been patched with subsequent firmware updates and never existed in trackers released later on. Note that Google also claims that they have improved Fitbit security recently, which is also the reason why they doubled the bug bounty. Looking into the old firmware might give you some ideas how everything works, but probably, except from such insights, this project does not have any impact on the latest generation of Fitbits.
from fitness-firmware.
No, the whole protocol stack and also the underlying operating system changed. If you don't want a cloud-based fitness tracker, you should definitely avoid buying products like Fitbit, the Apple Watch, etc. AFAIK, all flagship trackers are cloud-based.
from fitness-firmware.
Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.
This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.
What's your goal exactly?
If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime. It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.
This project quite new, firmwares are under very active development and improving every month ! You should give it a try, especially considering the cost of this device...
My goal was to either write an application that uses the google cloud but without sending the data to them which seems inpossible - or to write my own firmware. I'm learning C++...
Does the watch break after opening?
I'd like to rather use it without the smartphone than breaking it...
They sell development kits that are already open so you can easily test a new firmware before flashing the final version using OTA (over the air update) on a sealed watch. It's a feature provided by the nRF SoC I believe.
Good luck 😉
from fitness-firmware.
Either wireless by using our app (https://github.com/seemoo-lab/fitness-app) or by attaching the debugging pins.
from fitness-firmware.
the app seems to be for Android, and the device does not appear on bluetooth.
i am sure i am missing something, what is it ?
from fitness-firmware.
Detecting a Fitbit via Bluetooth is a bit slow, but works in general (that is why the setup with the original app also takes so long). Only a Fitbit that is currently not connected with another device can be detected. Note that if you already synchronized your Fitbit with the official servers, encryption was activated and you can only flash the software using the debug pins.
from fitness-firmware.
so it s for a virgin fitbit only, never connected to your phone. correct?
from fitness-firmware.
You can connect it to your phone but never press the update firmware
button otherwise you'd have no other choice than using the physical debug pins.
from fitness-firmware.
Does this work with any model or is this only usable with models released until 2018?
from fitness-firmware.
Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions?
I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.
from fitness-firmware.
Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.
This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.
What's your goal exactly?
If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime.
It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.
This project quite new, firmwares are under very active development and improving every month !
You should give it a try, especially considering the cost of this device...
from fitness-firmware.
Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.
This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.
What's your goal exactly?
If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime. It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.
This project quite new, firmwares are under very active development and improving every month ! You should give it a try, especially considering the cost of this device...
My goal was to either write an application that uses the google cloud but without sending the data to them which seems inpossible - or to write my own firmware. I'm learning C++...
Does the watch break after opening?
I'd like to rather use it without the smartphone than breaking it...
from fitness-firmware.
Now I want a PineTime :) <3
from fitness-firmware.
Related Issues (2)
- 143 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fitness-firmware.