Firmware on these is pretty tight. They’re usually using CC2510s or CC2530s. The CC2510 has a voltage glitch hack that you can use to attempt to read the contents via the DCOUPL capcitor, but it’s not very effective and you can only read a few bytes per attack.
You can see a github some tools some have created here. Eventually someone is going to read the firmware off theses and be able to hack them, it’s just a matter of time.
I’d assume the firmware is the same shipped with the vendor or pretty much very close to the sample code.
Does it require something like an API key or password? Can these implement diff Hellman key exchange? Otherwise I’d just assume you can eavesdrop when someone is updating the contents.
Firmware on these is pretty tight. They’re usually using CC2510s or CC2530s. The CC2510 has a voltage glitch hack that you can use to attempt to read the contents via the DCOUPL capcitor, but it’s not very effective and you can only read a few bytes per attack.
You can see a github some tools some have created here. Eventually someone is going to read the firmware off theses and be able to hack them, it’s just a matter of time.
I’d assume the firmware is the same shipped with the vendor or pretty much very close to the sample code.
Does it require something like an API key or password? Can these implement diff Hellman key exchange? Otherwise I’d just assume you can eavesdrop when someone is updating the contents.