I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
-
@SnoopJ yeah but there's also the matter of me having to figure out how to reverse engineer everything else so I can come up with some code to control the LEDs and connect to it over WiFi
@MLE_online @SnoopJ You've seen https://github.com/wilco375/ESP-Firmware-Toolbox ?
EDIT: and RX/TX pins are shown on page 9 of https://documentation.espressif.com/esp32-pico-v3-zero_datasheet_en.pdf . Not sure which one is GPIO0.
-
@MLE_online I was wondering if you wanted to re-use that hardware, but I'm not shocked that you're thinking along those lines, yea.
here's hoping
@SnoopJ what else would someone do?
-
I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
Apparently you can only change the color by giving the bulb access to your wifi network and using the alexa app on your phone. Very stupid.
@MLE_online We had a stove with a built-in air fryer that required access to a wifi network. Why???
-
Brute force works
-
@SnoopJ what else would someone do?
@MLE_online I was thinking from a perspective of "an ESP32 is generally useful for lots of things" (assuming it hasn't been locked out with secure boot)
I guess an instinctual slide into thinking about rescuing microprocessors etc. from landfill and putting them to other purposes, which I think about not-infrequently
but of course re-using the LEDs and associated fixins would be nice too
-
Brute force works
@MLE_online I like to think of it as percussive maintenance lol
-
@MLE_online this is why i follow you. for the weird shit you do with power tools
-
Brute force works
@MLE_online the tip of the socket is a ribbed pin that can be force-pulled out, it locks in a wire.
-
@nickzoic @MLE_online The part poking into the LED area is the antenna. The rest of the board is fine inside of the base of the bulb surrounded by metal, but that faraday cage ain't going to work for the the wifi antenna.
-
Brute force works
It's free! And it looks like all the relevant pins are broken out
-
@MLE_online I was thinking from a perspective of "an ESP32 is generally useful for lots of things" (assuming it hasn't been locked out with secure boot)
I guess an instinctual slide into thinking about rescuing microprocessors etc. from landfill and putting them to other purposes, which I think about not-infrequently
but of course re-using the LEDs and associated fixins would be nice too
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
-
@MLE_online I was thinking from a perspective of "an ESP32 is generally useful for lots of things" (assuming it hasn't been locked out with secure boot)
I guess an instinctual slide into thinking about rescuing microprocessors etc. from landfill and putting them to other purposes, which I think about not-infrequently
but of course re-using the LEDs and associated fixins would be nice too
@SnoopJ oh yea, that would be a good thing, too. It just already have a bunch of esp32s around here though
-
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
@scribblesonnapkins guessing that's beyond the scope of what @MLE_online is after here, but it *is* making me wonder what people have done in this vein to try and defeat the secure boot
-
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
@scribblesonnapkins @SnoopJ I wouldn't know how to do any of that
-
It's free! And it looks like all the relevant pins are broken out
@MLE_online Oooh that's handy!
-
It's free! And it looks like all the relevant pins are broken out
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
-
@scribblesonnapkins guessing that's beyond the scope of what @MLE_online is after here, but it *is* making me wonder what people have done in this vein to try and defeat the secure boot
@SnoopJ @MLE_online
They have on other processors but I don't know about this one. -
@MLE_online I like to think of it as percussive maintenance lol
@larrybiggs You can only call it that when you hammer on it. I just sawed the case open
-
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
I have no idea which pins of the esp32 those lines going to the LED driver are associated with, btw. They put a giant blob of very stiff silicone over all of that
-
@SnoopJ @MLE_online
They have on other processors but I don't know about this one.@scribblesonnapkins @MLE_online it looks like the kind of fault injection you're thinking of was performed on a cousin chip, I would guess the secure boot is pretty much the same across the family of chips and would be susceptible to the same attack:
Espressif ESP32: Bypassing Secure Boot using EMFI
Raelize provides top-notch embedded device security serrvices like consultancy, testing, research and training.
(raelize.com)
pretty neat, I like that write-up quite well
