RT @hackaday: Playing DOOM on the Anker Prime Charging Station.

DOOM on the ANKER Prime Charging station😅. This internal SWM34S MCU is just way too nice!.8MB RAM + 16MB Flash directly mapped to memory allow goes brrrr. Also on Youtube:

Join millions who have switched to Grok.

Dump successful 🥳

Debugger aquired, custom firmware runs🙌.Time to dump the firmware out of the 2€ Hörmann Remote clones SoC

That thing does not offer a simple teardown 🤣.At least everything still working and all flashes dumped!

Quick teardown video of an Battery powered 4" LCD Screen Mirror device around 25€ from Aliexpress. TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000. Video Here:.

Sooo Anker also has this stationary "Anker Prime A2345" Charger, it includes BLE as well, and FCC Shows it consists an ESP32-C3 as well as an Synwit SWM34S so technically that could finally run DOOM(Just low FPS)😅.

RT @hackaday: Hacking the Bluetooth-Enabled Anker Prime Power Bank.

Here is the "More".

@travisgoodspeed Some info's. It was important to separate DVcc and AVcc as much as possible to prevent resets and glitch on DVcc. All expect the last byte of the read CMD was send and the glitch timed to the last byte to prevent any big jitter. After position was found a glitch takes ~1minute.

That's a success 🥳. Glitched and fully Dumped MSP430F417 in a non destructive way. Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once. By dumping the pass(vctr) area we can read the full flash after one glitch.@travisgoodspeed

Nice 🥳.More on that later

More details now also in this Youtube video about the Anker Prime Power Bank Hacking:.

In the latest Firmware 1.6.2 you have to press the button on the Power Bank to Add it to the Anker App which is good. Only that this is not enforced on the Power Bank and by using a custom tool you can bypass this completely and overtake any Anker Prime 27650mAh Power Bank.

Be careful out there😅.

No OTA signature bypass found so far 🥲 .But did create an WebBluetooth tool which allows you to connect to your Power bank and reads basic info's via the encrypted protocol. There is a potential bug which lets you set the OTA Size to uint32, read more about it in the GitHub Repo

Fun fact 50% of the (Latest)Firmware in the.BLE Enabled Power Bank Anker Prime 27650mAh.is just to for OTA checking and encryption. Fw version prior to 1.6.2 do not verify OTA at all so better update😅. Did take a look inside and reverse engineered it.

Teardown of the nearly "All in One" Zigbee Sensor from Aliexpress:.Contains:.- Telink TLSR Zigbee/BLE SoC 512KB/64KB.- PHO XBR818 I2C 10G Move Sensor.- WHT20 I2C Humidity Temp Sensor.- Light Sensor.- Led.- Button. Just missing a Door sensor to be perfect^^

RT @MarcelD505:

Digged into the Gantner ECO NFC Lock. The unlocked STM32L151 did give the Firmware and their Android MoLa App is nice to Reverse engineer still no Luck finding any holes😅. Learned a lot about NFC! The App will emulate an NFC Tag to configure incl. a both way Unique key Handshake