You are reading a single comment by @fanoush and its replies. Click here to read the full conversation.
  • Hi guys.
    I bought that ring about 3 months ago and it was supposed to be waterproof but the charging connector started to rust on my finger so I more or less stopped wearing it (the Aliexpress seller never refunded me anything despite his promises...).
    Since then I have been desperate to hack into it.

    After analyzing the Bluetooth requests, I've developed an ESP32 code as well as a Python code that reads the accelerometer values (they are sent over BLE only ~1/sec unfortunately, so nothing really usable for actions).
    My Python code also triggers requests for HR readings.
    (Let me know if anyone is interested, it would be a good excuse to start publishing on GitHub).

    Besides that, I couldn't do much more. I can't update the firmware as the seller never gave it to me and it is nowhere to be found on the Internet.
    Using the app NRF Connect on Android, I have access to the DFU, but I can't extract the firmware that way.

    So yesterday after reading this post, I thought **** it, let's crack it open.
    It put it in a vice, and I slightly deformed it, very gently.
    I heard a "crack" and I saw that the outer metal ring cracked in a neat straight line (not sure if it was there from the factory and just glued before? or if I made that crack).
    From there on, it was very easy to open the ring delicately.

    I'm attaching detailed pictures.
    As I've only started learning about electronics/ESP32 programming a few months ago, could someone indicate how to extract the firmware (for backup) and create my own from here onwards?

    Also, it seems that by slightly unbending the flex PCB, I created a bad contact of some sort as my ring was turning on and off, and now not even on.. working on it 🤞

    Any help would be much appreciated 😁

  • could someone indicate how to extract the firmware (for backup) and create my own from here onwards?

    What is bluetooth name of that device and what is the name of android mobile app for it? If it is that VWAR ring and the name is R1 or R2 then maybe we have matching DFU zip. Also is there some firmware version info in the mobile app?

    EDIT: attached is some random nrf52 ring firmware, if the name is matching you may try DFU, either it will be refused or it will brick your device or it will still work. If it will still work then it can be later restored to it (over swd pins). Also the binary can be reverse engineered to get more info about the hardware.

    2 Attachments


Avatar for fanoush @fanoush started