Looking into the messy and promising world of IoT
And of course, all the other wearable devices (well, I won’t explain for them right here but the list is very long and not limited to : the Vivofit, Vivofit 2, your educational radar (yeah those one telling you in RED that you are currently over-speeding the 50Km/h limit BY 1Km/h !), etc…
But Here we are… I was given a Misfit Flash device few weeks ago and after some research on Google (I really like the filters 😉 inurl, etc…), I finally grabbed a SDK – the first one I found was limited – in parallel, I also checked on the website how could I grab the official SDK since I really wanted to work on my own app to perform those actions :
- Grab my sleepin’ information
- Show me how well I worked out during the day B° (you know, sitting down, getting up to grab my food when I am working in from of my Desktop :p)
Making your way into the hood
Well, I found some interesting information when compiling the example app given with the zipped archive I found.
First of all, launching the app, it was not anymore possible to use the app the SDK seemed to limit the app usability to :
- having your Android devices connected to Internet
- having the “network time” inferior to a timestamp based barrier !
” Dam**** ” – I first thought but hey, I am “security researcher” – so grabbed the misfit-sdk-android.jar file and exploded it \o/
mkdir tmp ; cd tmp ; unzip ../misfit-sdk-android.jar
^ I am a rockstar
What tools did I used then ? * JD-GUI * JBE
JD-GUI : used to reverse engineered quick enough the library and look into the hood JBE : Well, rewrite the class to later simply do this (i.e.)
jar ufv ../misfit-sdk-android.jar com/misftiwearables/..../SDKSetting.class
Those two part were really funny to perform
Rewrite the world to conquer the universe
My way into the library was really informative. I found some fuc***** newbies errors in it. First, they assumed that everything was “proguarded” well enough (seriously dudes…). Secondly, “shut your a**** !?”, 0_0, you put hardcoded non-possible proguardable values into the code to check the current timestamp to this long value. Yikes!! And terrible to show self confid… – Hum not sure about this one
Those type of coding issue were present in few place in the library – very easy to find, easy to circumvent and easy to reinsert (go to jar uf)
Please note that I found a day later, a complete SDK without those coding garbages in it :p – this library was the one I will use for now !
Betrayed by the company
I looked into the Documentation and the SDK, ** I DID NOT FIND ANY INFORMATION ABOUT THE SLEEP INFORMATION /!\ **. Maybe it was beacause the SDK found was too old, I then checked on Internet and I was completely surprised to see THAT ALL SDK lacks of those information. Seriously Misfit ? You keep those lines for you.
I reversed engineered the app to look for those lines – B)
adb pull /data/app/com.misfitwearables.prometheus....
mkdir misfit_tmp ; misfit_tmp ; unzip ../com.misf.....apk
dex2jar classes.dex
open classes_dex2jar.jar -a JD-GUI # look into the source
mkdir ../misfit_decompiled ; cd ../misfit_decompiled ; unzip ../misfit_tmp/classes_dex2jar.jar
I then cross checked the two jars. I saw that the proguard feature was not used the same way (some classes were not proguarded in the app)
I finally erased all the non useful packages from the misfit_decompiled folder (the open sourced libraries, sdks etc…)
and applied the magic formula
jar uf path_to_misfit.jar com
AND TADAAA !
I now have a completely useful SDK (well, after copied the libstlport_shared.so and libSleepAlgorithm.so libs to the libs/armeabi folders
Final thing, I kept the Version file from the archive I found … but replaced the content to 1.x-codlab
Tidy things up
All this is not cleaned as for now. So what is currently needed to do :
- rewrite the current SDK Documentation provided by Misfit since even for the current SDK, the documentation pdf is outdated or wrong (wrong class names, missings methods, members) (1)
- add the whole Sleep information capability into the new documentation
- create a proper gradle implementation – 2015… Eclipse is at its Sunset in the Android Development branch regarding IntelliJ and Android Studio
- Create a github project
- bring the whole project into our real world
- rewrite internal classes for more clarity and efficiencies
Conclusion
To all companies out there – When you have successful products, open them, open the way for people to contribute, it is worth the risk – does your competitor did things like me before me, YES, did they will continue, YES. I consider opening a SDK is the minimum thing to do in 2015. Any script kiddies can achieve what I just did during those few days
Note : I will never mention here how I completely reversed the current firmwares in the archive and that I am currently able to change the way the Misfit behaves (seems that I can’t do anything but 80% is the current limit, I think)
Nota bene
People, CEO, CTO, I don’t care – please… MAKE SOMETHING ABOUT THE SECURITY OF YOUR DEVICES ! I can sniff around in the bus/trains/… and dump every non-synchronized data from your devices to your smartphone without having any user behing aware that I am doing this !!!