Batman, as found within an application during reverse-engineering

Libérer mon poignet SVP!

There’s something very strange to having smart tech in your house. It’s tech that knows who you are, what you’re doing and, scarily enough, what you are. We’ve begun living in an era where our devices know more about us than we really want to let on. Sometimes, we become scared of the technology that follows us:

Google’s got my haunts plotted to my profile, no biggie it always “knows.” But this time its different. No more random addresses from the last thousand jobs, but saved coordinates.

The future is damning. But, it’s here, so let’s get the hell on with it. But what is really personally scary is the fact we’re strapping more and more complex devices to our body that we have no control over, which have things like GPS and 4G cellular connections. We’re throwing money on our wrist. Where’s that data going?

The answer is simple: The highest bidder.

I recently picked up a wearable device. Looking to keep track of my steps, etc, the contenders came down to a few options:

The Microsoft Band, at $200.

Any of the Fitbit devices at $100–200.

Pick something from China for less than both.


A little company called Xiaomi

I’ve had a strange infatuation with Xiaomi for quite some time. The company has been producing smartphones at a breakneck pace — their line of Mi phones has made them number 3 in the market worldwide.

Their flash sales go in seconds. Xiaomi is now right up behind Fitbit in sheer number of devices sold. I was sold: It did everything I wanted to have it do and some more. They don’t sell internationally for the most part; Only four products of theirs show up in the US store: A pair of headphones at US$80, their hulking 10Ah battery pack for a measly US$14, their 5Ah “slim” battery pack for US$10 and the coup de grace: the Mi Band at a paltry US$15.

And it works. The app is functional, the device is as accurate as I could ask for, and what do you know, it does everything it says on the tin. There’s only one problem: I can’t export the data. I’m locked into Xiaomi’s ecosystem. There’s one part of me that goes “Oh damn, china knows my step count?” and another that goes “I’d like to do better information security, and be able to get statistics.”

So I’ve started reverse engineering the app and its protocol. I’m not the only one, either; several devlopers have tried documenting the protocol.


Bluetooth Low Energy in a nutshell.

The Xiaomi Mi Fit application, which is used with the Mi Band (used under fair use from Xiaomi, Inc)

BTLE as a protocol is fairly straightfroward. It’s “I want this thing from you now” or “tell me when this thing changes.” You can also say “I’d like this thing to be that value.” Hell, there’s even encryption support.

Polling isn’t as big a thing, which means you can have devices like the Mi Band which get 30 days and in some cases years of time sipping away at power. The advertised lifetime of the BTLE chip in the Mi Band is in the years when running on a few-hundred-Ah battery.

There’s a specified number of “things” by the Bluetooth board. It’s things like heart rate monitors and other such objects. It defines a vague standard on how to read them, too.

It sucks that nobody uses them. Companies like Xiaomi and Nike, Fitbit and others rely on the fact that BTLE totally allows arbitrary, vendor-defined services. Why? Because ecosystem. And also because the official list is pretty useless outside the defined ones.

Liberate my wrist, please.

I want open devices, open standards, open data. I understand that some algorithms are not going to be open — the firmware on the Mi Band will for as long as I can guess, be proprietary; I can but reverse its world-facing data.

But there are more devices that fall into the category of “in need of liberation.” Devices such as the Fitbit (which has a fairly known USB protocol, but no understood Bluetooth one,) Nike Fuel band (which recently got pwned like no other) have a closed API, limiting the information that can be extracted from them. In some ways, it marks an opening of a new chapter that Microsoft, once a leader in the keeping-secrets-secret world has opened up the API on their Microsoft Band, meaning developers can build on the platform that consumers use.

Bluetooth is not a scary protocol to live on top of. It’s not hard to reverse engineer these devices.

I I am calling any person who is technically capable and has the time, effort required to start documenting the Bluetooth LE devices that are around your world to start doing just that. Write an application and document the work you’re doing so that others may find creative uses for the data.