Avatar for fanoush

fanoush

Member since Jul 2018 • Last active Feb 2024

Most recent activity

  • in Projects
    Avatar for fanoush

    btw in this listing https://www.aliexpress.com/item/10050065­27342041.html which is not nrf chip it can be seen that some of them are actually transparent so you can really see where the chips are. This one is said to be FR8016HA

  • in Projects
    Avatar for fanoush

    Cool, let us know when you get it and what is its bluetooth name. We may already have its firmware and could tell if it is nrf52 inside. Some aliexpress listings even allow to return for free, not this cheap one though. I think hx3605 is used in Magic3/Rock/C6/C17/QY03 watches(?), getting raw data should not be big problem.

  • in Projects
    Avatar for fanoush

    How about reaching to the manufacturers and ask for a custom firmware with Espruino?

    I think that so far there are exactly zero cases out of many tries where it worked like this before (including both bangle.js watches). But maybe next time.

    But still, if you can spare the money, get it and take it apart than that is still something that could be interesting. At least we would know there is indeed nrf52 chip inside.

  • in Projects
    Avatar for fanoush

    Yes you can write modified data there as the sha256 hash is checked after it is all written, but then it will mark it invalid and won't execute it. So either you have bricked device sitting in DFU waiting for correct package or with dual banked update (when there is enough space) the new invalid code is sitting in empty space above the real application waiting for you to jump into it via some clever exploit of original application over BLE
    EDIT: or softdevice, I think there is a reason why S132 2.0.0 and S132 3.0.0 are no longer available from downloads here https://www.nordicsemi.com/Products/Deve­lopment-software/s132/download

  • in Projects
    Avatar for fanoush

    Yes had same ideas but found out it is about finding SHA256 collision = different binary having same hash that is signed in init packet. this currently takes more time than the universe exists, or you get lucky and win a lottery.

    init packet is signed so it must stay as it is and part of it is sha256 hash of whole binary - at least that is the core idea behind it, looks solid

  • in Puck.js, Pixl.js and MDBT42
    Avatar for fanoush

    ios may cache it too but the NRF.setConnectionInterval(7.5) is for connection not advertising, for that you need to set interval:xx inside NRF.setAdvertising call, default is 375ms

  • in Projects
    Avatar for fanoush

    It is marked in red on that wiki page https://github.com/joric/nrfmicro/wiki/A­lternatives
    search for "Workarounds". I just crush it in the middle with small flat screwdriver but could be desoldered too.

    Also down on that page for nice!nano v1 "Regulator: AP2112K (code G3P, up to 600 mA, leaks 55uA), you can replace it with XC6220 (up to 1A, leaks 8uA)" so the voltage regulator leaks less than half of this cheap board. however if you power LED from it it draws much more anyway and if you need much less then the VDD pad could work (or GPIO pins).

  • in Projects
    Avatar for fanoush

    OK, so I had to scratch it off. When it was there and D13 was pulled down it draw like 500uA, when pulled up it was still about 145uA (from 4.2V battery). When I scratched it off it still draw about 145uA when pulled up as before however when pulled down it turned off power to VCC pin and went down to normal 5uA idle when radio is not used. So the 140uA is the 3.3V voltage regulator when it is turned on. Which is not that great if you need to power something from 3.3V like the display. Does nice!nano have more efficient 3.3V regulator going to EXT_VCC pin? Anyway, nrf52840 can produce 3.3V (or 1.8V) by itself too when powered from VDDH (5v from usb or 4.2 from battery). And indeed the VDD pad near SWD gives 3.2V even if the regulator is turned off so maybe it could handle that low power display more efficiently.

    So overall it is good board with that resistor scratched off. Also the antenna is as good as my other boards, better than watches like Magic3. It can find xiaomi thermometer advertising over coded phy behind several walls which Magic can't. And rssi for that thermometer is about the same as on my phone or 52840 dongle from same location.

  • in Projects
    Avatar for fanoush

    interesting but that one is over usd50 for me, here it is possibly same one for half https://www.aliexpress.com/item/10050064­67962445.html
    however I am afraid that if it can't be taken apart without damage it quite likely won't be updatable as the firmware updates are typically signed

  • in Projects
    Avatar for fanoush

    yes, it is documented that scratching off some specific resistor near usb connector helps, it is 5K pull up to vcc by mistake but cpu can drive that pin too after the resistor is removed, have that cheap board too but did not test this yet. and the leak is when driving that pin low which turns off power to external stuff so if not used for anything it may be pulled high to prevent the leak(?)

Actions