Most recent activity
-
About this - the USB cable that comes with the watch, do you know if its pins that connect to the SWD contacts on the watch also hook up to anything on the USB side?
I'm thinking it'd be nice to have a fallback in case I did lock myself out, and SWD would provide a nice way in, but I'm not sure how easy it'd be. I do have a cmsis-dap probe which can talk SWD that I could attempt to manually attach
-
I've been thinking about this more and like the idea of
setPassword- my plan would be something like:- In
padlock.boot.js:
- Read
padlock.setting.jsonfor the password - Call
E.setPassword(password)(andE.lockConsole())
- Read
- Only allow
padlock.setting.jsonto be set from the apploader / IDE
- (If the password is setable from the settings app, anyone with physical access can unlock the watch)
- (If the password is setable from the settings app, anyone with physical access can unlock the watch)
Is there any existing standard setup for adding this into
.bootrst? I don't see any apps using it at the moment so I was going to generate it from all the<app>.bootrst.jsfiles, if that sounds like a plan?How cautious should I be with this file btw? Could I potentially brick my watch if I accidentally raise an exception or break BLE connections here?
- In
-
I like the sound of asymmetric keys or using phone IDs/mac addresses to encrypt too.
E.setPasswordsounds very useful for dealing with more technical attacks - I suppose an existing bluetooth whitelist will cover anyone accessing the console unless an attacker guess the allowed mac addresses too.I'm thinking the existing scramble GPS app works as a lightweight/ease-of-use "lock", and I have a few ideas for a more lockdown-mode which would incorporate these ideas along with encryption based on some key.
We could either encrypt just GPS and use
recorder's existing async prompting to add a password-prompt afterwards, or go for more of a whole-device lock and request a password at either boot or unlock time. -
regular or automatic sync (with auto delete in case no sync happened for a while) of the data to GadgetBridge
This is something I've been thinking about for a while - a bluetooth daemon running on a raspberry pi that regularly updates my watch's clock, fetches health/gps data off the watch and so on
-
Using the phone sounds like an idea, I've created an initial PR to do this without gadget bridge (as I don't have it currently) but would be interested in adjustments to encrypt using a key stored either on the phone, or using some property of the phone.
-
I was thinking recently, if I lost my watch (or more specifically, it was stolen) while I had GPS data on it, then my home address, work etc is all present there.
I'm interested in peoples' opinions on this - would a patch to runplus and/or a module for apps to encrypt and decrypt GPS data be useful?
Tech / CPU use
I feel like AES might be overkill, and we could instead perform some simple scrambling of the coordinates based on a code the user enters, perhaps offset them from the middle of the Pacific using the user's code as a seed for a PRNG.
Usability
Unless we saved the key on the watch (which defeats the point), the user would have to enter a code each time they wanted to read/write GPS - this wouldn't be great for usability, but I'm a little out of ideas.
-
I think that would fit more with the LCD clock's style, and if we're not dropping seconds at all, there's no information loss - leave it with me
-
Yeah I'd been thinking the second duration was a bit short. Thanks for checking it out! I like having the milliseconds and it makes the code more worth having if we keep it up to 1 minute, I'll go with that for now - will test out the 100m sprint next when I'm next at the track!
Speaking of settings, I'd quite like to drop the settings entirely - what are your thoughts on the format?
-
Thanks for checking it out! I've dropped the decimal point after 1 second, how does this change feel for you?
See github