lecture: Create your own Fitness Tracker Firmware
Reverse-Engineering the Fitbit Flex
The Fitbit ecosystem is briefly introduced to show how server, tracker
and smartphone app work under normal conditions when transferring all
data to the proprietary Fitbit cloud.
We explain in detail how we reverse-engineered Fitbit Flex firmware,
including functions such as encryption libraries, BLE communication,
proprietary protocol parsing, and accelerometer processing.
Apart from understanding the software running on the trackers we also
introduce modifications in the firmware via binary patching. We show
how we modified the Nexmon framework to alter Fitbit firmware.
A demonstration of wirelessly flashing custom firmware on a Fitbit
Flex is shown. Firmware flashing requires understanding of the
proprietary protocol, encryption, and a bunch of validity checks. In
contrast to wired flashing, no hardware teardown is required.
We publish new firmware modifications along with this talk that enable
raw accelerometer readings.