I found an amazon basics color changing smart light bulb attached to a lamp my neighbor threw in the apartment dumpster.
-
Brute force works
@MLE_online the tip of the socket is a ribbed pin that can be force-pulled out, it locks in a wire.
-
@nickzoic @MLE_online The part poking into the LED area is the antenna. The rest of the board is fine inside of the base of the bulb surrounded by metal, but that faraday cage ain't going to work for the the wifi antenna.
-
Brute force works
It's free! And it looks like all the relevant pins are broken out
-
@MLE_online I was thinking from a perspective of "an ESP32 is generally useful for lots of things" (assuming it hasn't been locked out with secure boot)
I guess an instinctual slide into thinking about rescuing microprocessors etc. from landfill and putting them to other purposes, which I think about not-infrequently
but of course re-using the LEDs and associated fixins would be nice too
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
-
@MLE_online I was thinking from a perspective of "an ESP32 is generally useful for lots of things" (assuming it hasn't been locked out with secure boot)
I guess an instinctual slide into thinking about rescuing microprocessors etc. from landfill and putting them to other purposes, which I think about not-infrequently
but of course re-using the LEDs and associated fixins would be nice too
@SnoopJ oh yea, that would be a good thing, too. It just already have a bunch of esp32s around here though
-
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
@scribblesonnapkins guessing that's beyond the scope of what @MLE_online is after here, but it *is* making me wonder what people have done in this vein to try and defeat the secure boot
-
@SnoopJ @MLE_online
Going at it with power supply tricks to glitch around the security and reflash could itself be valued science.Likewise microprobing with narishige micromanipulators on the die to get past it might be cool too.
@scribblesonnapkins @SnoopJ I wouldn't know how to do any of that
-
It's free! And it looks like all the relevant pins are broken out
@MLE_online Oooh that's handy!
-
It's free! And it looks like all the relevant pins are broken out
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
-
@scribblesonnapkins guessing that's beyond the scope of what @MLE_online is after here, but it *is* making me wonder what people have done in this vein to try and defeat the secure boot
@SnoopJ @MLE_online
They have on other processors but I don't know about this one. -
@MLE_online I like to think of it as percussive maintenance lol
@larrybiggs You can only call it that when you hammer on it. I just sawed the case open
-
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
I have no idea which pins of the esp32 those lines going to the LED driver are associated with, btw. They put a giant blob of very stiff silicone over all of that
-
@SnoopJ @MLE_online
They have on other processors but I don't know about this one.@scribblesonnapkins @MLE_online it looks like the kind of fault injection you're thinking of was performed on a cousin chip, I would guess the secure boot is pretty much the same across the family of chips and would be susceptible to the same attack:
Espressif ESP32: Bypassing Secure Boot using EMFI
Raelize provides top-notch embedded device security serrvices like consultancy, testing, research and training.
(raelize.com)
pretty neat, I like that write-up quite well
-
Ok, it's controlling a BP1838 3 channel dimmable LED driver chip: https://datasheet4u.com/datasheets/BPS/BP1638CJ/1495890
If someone out there is smart and wants to try throwing some code together to see if it will work outside of the amazon ecosystem, let me know and I'll try loading it onto the ESP32
@MLE_online oh easy, but I bet someone would beat me to it. so, I'll hold off trying.
-
@MLE_online oh easy, but I bet someone would beat me to it. so, I'll hold off trying.
@RueNahcMohr what if everyone says that and no one does it?
-
I have no idea which pins of the esp32 those lines going to the LED driver are associated with, btw. They put a giant blob of very stiff silicone over all of that
@MLE_online I remove conformal coating (which is usually silicone-based) with acetone. Maybe put some on the pcb and let it work its way under the blob?
-
@RueNahcMohr what if everyone says that and no one does it?
@MLE_online then there will still be someone who tips first and finishes before I do.
I would like to see the blob side of the pcb tho. -
@MLE_online then there will still be someone who tips first and finishes before I do.
I would like to see the blob side of the pcb tho.@RueNahcMohr here you go. I got most of the blob off
-
Hey yeah! Esp32 pico!
@MLE_online
Aside from everything else, it is simply utterly ridiculous to have a computer in a fucking lightbulb. -
@MLE_online
Aside from everything else, it is simply utterly ridiculous to have a computer in a fucking lightbulb.@botvolution that's because it's not a lightbulb. It's bezosnet spying device
