how do you push the patch to your fitbit? about fitness-firmware HOT 13 OPEN

Hi @Jeffrey-Remien,
It only works with older models. The unencrypted firmware transfer was a vulnerability in the older protocol that has been patched with subsequent firmware updates and never existed in trackers released later on. Note that Google also claims that they have improved Fitbit security recently, which is also the reason why they doubled the bug bounty. Looking into the old firmware might give you some ideas how everything works, but probably, except from such insights, this project does not have any impact on the latest generation of Fitbits.

from fitness-firmware.

No, the whole protocol stack and also the underlying operating system changed. If you don't want a cloud-based fitness tracker, you should definitely avoid buying products like Fitbit, the Apple Watch, etc. AFAIK, all flagship trackers are cloud-based.

from fitness-firmware.

Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.

This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.

What's your goal exactly?

If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime. It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.

This project quite new, firmwares are under very active development and improving every month ! You should give it a try, especially considering the cost of this device...

My goal was to either write an application that uses the google cloud but without sending the data to them which seems inpossible - or to write my own firmware. I'm learning C++...

Does the watch break after opening?
I'd like to rather use it without the smartphone than breaking it...

They sell development kits that are already open so you can easily test a new firmware before flashing the final version using OTA (over the air update) on a sealed watch. It's a feature provided by the nRF SoC I believe.

Good luck 😉

from fitness-firmware.

Either wireless by using our app (https://github.com/seemoo-lab/fitness-app) or by attaching the debugging pins.

from fitness-firmware.

the app seems to be for Android, and the device does not appear on bluetooth.
i am sure i am missing something, what is it ?

from fitness-firmware.

Detecting a Fitbit via Bluetooth is a bit slow, but works in general (that is why the setup with the original app also takes so long). Only a Fitbit that is currently not connected with another device can be detected. Note that if you already synchronized your Fitbit with the official servers, encryption was activated and you can only flash the software using the debug pins.

from fitness-firmware.

so it s for a virgin fitbit only, never connected to your phone. correct?

from fitness-firmware.

You can connect it to your phone but never press the update firmware button otherwise you'd have no other choice than using the physical debug pins.

from fitness-firmware.

Does this work with any model or is this only usable with models released until 2018?

from fitness-firmware.

Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions?
I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.

from fitness-firmware.

Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.

This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.

What's your goal exactly?

If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime.
It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.

This project quite new, firmwares are under very active development and improving every month !
You should give it a try, especially considering the cost of this device...

from fitness-firmware.

Is there still a chance that I (a person that never hacked hardware) could find out how to hack the newer versions? I don't want to waste too much time without getting a result. I want to escape the Fitbit surveillance but still having the ability to sync or upload my own firmware.

This would require a huge amount of knowledge and skills. I think it would even be easier to write a brand new firmware and flash the Fitbit with it than trying to find a vulnerability in newer firmwares.

What's your goal exactly?

If you're looking for an open source and non-cloud based product I advise you to have a look at the PineTime. It's an open-hardware product made by Pine64 with entirely open-source firmwares written by the community and it supports a few different companion apps with Gadgetbridge being one of them.

This project quite new, firmwares are under very active development and improving every month ! You should give it a try, especially considering the cost of this device...

My goal was to either write an application that uses the google cloud but without sending the data to them which seems inpossible - or to write my own firmware. I'm learning C++...

Does the watch break after opening?
I'd like to rather use it without the smartphone than breaking it...

from fitness-firmware.

Now I want a PineTime :) <3

from fitness-firmware.