Drones? We got lasers, baby!
A quick, fast, and loose breakdown of the new Amazon Dash “Wand”.
I didn’t realize that I’d be taking this baby apart. I didn’t think I ordered this, but it was free so why not. I canceled Fresh because I don’t think it was serving my area of Brooklyn with particular zest — as in I could never get the slot I wanted, the first world problem of first world problems. So this is quite literally just something sitting around that I can’t use for its purpose.
If this isn’t fair use I don’t know w hat it is. It’s from the presskit.
I also didn’t figure I’d pimp myself out in such an unexpected way but here wer are. I spent some time reading the conditions as usual, cross-checking to see what clauses are enforceable and what rendered not a contract, and well, it’s simple enough — don’t reverse engineer or you lose access to the service provided. Great, I don’t use Fresh anymore, and the distinction between affiliate and its parent company, while unclear in Washington law, gave me enough room to argue that hey, my Prime membership is still good even if I screwed with this. You can take the bar card (which I haven’t lost, btw) away from counsel but you can’t take counsel away from the man. Anyway, this thing is pretty big, shaped like a certain human organ, and apparently, can scan items, recognize voice, and automatically order. Dash button x number of items they sell.
We all know the Dash pretty well. The newer versions are powered by ARM M4-Cortex, but out of the box it’s still a one trick pony that shoots out requests via wifi and gets API calls back in JSON format. What about this? My Torx finger got a little itchy a bit too quick so, well, I took it apart before I fully played with its capabilities, but at least I gathered some data, even if speculatively. All of what I’ve got including raw data can be found (at least shortly after this is posted) on github. https://github.com/promissory_estoppel/NewDash
Two buttons and a Mic
That’s pretty much it for the outside. One activates the scanner and the other the voice controller. There’s a very small LED as well, multi-colored. Since ConEd just sent me one of these fancy AC power controllers — useless since my room will never get down to 70 degrees, this is New York fer chrissakes — I figure the same principles apply, and probably a lot of the same stuff with the Dash button went into this as well. Indeed, clicking both buttons and holding it down brings up a hotspot, under “AmazonConfigureMe”. It’s open, so I connect to it, and it shows me the serial number, the MAC, and the firmware version. Checking nmap shows just 80 and 443 open, and 443 brings up a well-expired SSL cert for configuremydash.com that resolves to nothing but is owned by Amazon and registered to a GoDaddy. When wireshark is on, it consistently pings some very high 50000+ ports, so I’m guessing that’s the redirection into Amazon’s servers from where we can fake some JSON requests. And then, out comes the screwdrivers.
So no more SoC, there are 3 boards here, although it should have been pretty obvious that one ARMv7 isn’t going to power Wifi, TLS, Voice, A FUCKING LASER, a couple of LEDs,, WPA_suppplicant, and BLE. The main board bears similarities to cardiotach sensors. Google turns up nothing specific, but the jumpers look similar.
There aren’t any good ways to light these things, but you get the idea.
Back of the microcontroller seems to be where one pushes the buttons and serves the entry point, and it looks like something you can play around with with an Andruno Duo on a WICED SDK.
For size comparison, that’s a Nexus 6.
The top button, aka not the voice button, is linked to a ARM7 Cortex-M3 and also a WiFi Module BCM43362. This gives indication that voice is actually sent out to be processed instead of processed within, which makes sense, hopefully your internet is quick. There’s also a Ecliptic EMK41 something 26.000 clock oscillator. The chip in the U4 spot is the Winbond U4 25Q32BV 32MB serial flash it appears, which is, sad to say, more than what my router has.
The sharp end of the spear is nearly completely unmarked and soldered in. I’m not familiar with, well, the last time I took a class in any of this was in 3rd grade in China. And you wonder why all your iPods come from there. In any case. There’s a faint bluetooth signal coming from it when turned on, that should be somewhere in there, and I’m not convinced the same chip that powers the Dash Button can do this much more, but that’s it for me now.
I could also be completely wrong, since you know, 3rd grade was a long time ago.
https://github.com/promissory_estoppel/NewDash has my quick analysis at the licensing of the software (hint: WICED SDK + AMTEL)