/hacktivite

Resources needed to create and install custom firmwares for Withings Activité

Primary LanguageCMIT LicenseMIT

Hacktivité

This repo contains two small programs - basefind and firmware_verification.

Basefind, a rewrite of @mncoppola's python version, can be used to find the likely load address of a firmware or other embedded binary. It tries to find the load address that results in the most strings being referenced from the resulting disassembly.

Firmware_verification does exactly what it says: It shows how firmware updates for Withings' Activité are being verified. Perhaps you have noticed that this verification is not really all that complicated. That is why this little tool also allows you to resign firmware images you modified. Beware though, the tracker might just accept any firmware with a valid header, so make sure it won't brick your device.

The paper "Attacks on Fitness Trackers Revisited: A Case-Study of Unfit Firmware Security" provides more detailed background information and documents how to install resigned firmware images onto real devices.