I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
-
@nickzoic I see test pads for 108 and 109 on the PCB, so something isn't adding up here
@nickzoic "O7/IO8/IO9/IO10/IO20 belong to VDD_SDIO power domain and cannot work when VDD_SDIO power shuts down"
this means something, but I don't know what
-
@maehw I don't know how to do that
@MLE_online esptool.py can also be used to read from the flash, not only write to it. But it's possible that someone already has done it for such a device.
https://docs.espressif.com/projects/esptool/en/release-v4/esp32/esptool/basic-commands.html -
@nickzoic that's a good theory
-
@MLE_online esptool.py can also be used to read from the flash, not only write to it. But it's possible that someone already has done it for such a device.
https://docs.espressif.com/projects/esptool/en/release-v4/esp32/esptool/basic-commands.html@MLE_online I really have no clue about those devices, but that may be running something called Alexa Connect Kit (ACK) firmware.
Increment Your Device Firmware Version | Alexa Connect Kit
Learn how to set up a consistent versioning system for your HMCU application so that your device firmware is incremented correctly and released to the right users.
Amazon Alexa (developer.amazon.com)
-
@MLE_online I really have no clue about those devices, but that may be running something called Alexa Connect Kit (ACK) firmware.
Increment Your Device Firmware Version | Alexa Connect Kit
Learn how to set up a consistent versioning system for your HMCU application so that your device firmware is incremented correctly and released to the right users.
Amazon Alexa (developer.amazon.com)
@maehw yeah, i saw that too
-
I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
Apparently you can only change the color by giving the bulb access to your wifi network and using the alexa app on your phone. Very stupid.
@MLE_online ooo i bet you could extract their wifi password from it
-
Hey yeah! Esp32 pico!
@MLE_online I think people I know have run WLED on those bulbs or similar ones
-
@MLE_online esptool.py can also be used to read from the flash, not only write to it. But it's possible that someone already has done it for such a device.
https://docs.espressif.com/projects/esptool/en/release-v4/esp32/esptool/basic-commands.html@maehw That seems promising. I'm not really sure where to start though
-
I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
Apparently you can only change the color by giving the bulb access to your wifi network and using the alexa app on your phone. Very stupid.
@MLE_online how else are they supposed to spy on you and sell your data to surveillance companies so that they can determine if you qualify for housing 10 years from now?
-
@MLE_online hmmm...
@RueNahcMohr @MLE_online best opportunity to make a robot out of it!
-
@MLE_online I like to think of it as percussive maintenance lol
@larrybiggs @MLE_online
How did the term "hacking" come to be a thing?
-
Hey yeah! Esp32 pico!
@MLE_online
Oh cool. A new ESP32 board source.
It's even on a desolderable module.
And ESP32 is more hackable than the Silabs EFR32 in IKEA Trodfri's.
At least until I port the Gekkokapula firmware to the module I pulled form one and get on 2.4GHz FM with one. -
@MLE_online
Oh cool. A new ESP32 board source.
It's even on a desolderable module.
And ESP32 is more hackable than the Silabs EFR32 in IKEA Trodfri's.
At least until I port the Gekkokapula firmware to the module I pulled form one and get on 2.4GHz FM with one.@ftg I'm not getting anywhere with connecting to the module, however. I've got it wired up to an FTDI device, but esptools fails to connect to it, and I don't know why
-
@MLE_online @RueNahcMohr Cool. Cheaper than making an assembly line. Neat use for it.
@MLE_online Someone could sniff the bluetooth to see what it sends/receives, then create code for phone or PC (if it has bluetooth installed) to mimic transfers. Such a person would probably want a working app to watch, so they know which data each command sends/receives. Without that, it would be difficult. Unless the bulb came with an API, which should make it very easy.
-
@ftg I'm not getting anywhere with connecting to the module, however. I've got it wired up to an FTDI device, but esptools fails to connect to it, and I don't know why
@MLE_online @ftg
There's probably a requirement to pull a particular pin down at power on to enable the ROM loader. -
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
@MLE_online You could probably just throw tasmota32.factory.bin on there but I can’t see anything that says it supports the BP1838. http://ota.tasmota.com/tasmota32/release/
-
@MLE_online I'd be surprised if they took effort to lock people out, but I guess it's possible that they use a blanket approach with code signing, since it *does* represent attack surface
@SnoopJ @MLE_online Even if they set the 'no read' bit, what matters is the processor's approach to it. Some processors will still let you clear that bit (and thus wipe the on-board flash), while others won't, making the stupid thing e-waste (I'm scowling at you to Infineon). I've not done esp32, so I don't know their approach.
-
@projectgus @MLE_online From what I see, its an esp32. which, IS halarious.
-
@scribblesonnapkins @SnoopJ I wouldn't know how to do any of that
@MLE_online @SnoopJ
It's not as complicated as it sounds. Is it something you want to explore?
