I have two cheap smartwatches at my disposal. The one that we'll be focusing on for this post is this one. Now, don't let the picture fool you. This smartwatch isn't nearly as good looking as that. The screen resolution is probably 320x240, but it technically does everything that it says it does. The goal is to take it apart, see what it's running on the inside (chipset and whatnot), and see if we can load something back on that isn't stock software.
First and foremost, it is important to note that the cord that ships with the device is absolute garbage. You may be lucky if you get a single charge out of that cord before it fails, but it isn't very good at doing it. Luckily, it's a standard micro-USB plug, so you can charge it off of your Android phone charger (unless you have one of those phones that use USB-C, you hipster). The device charges relatively quickly. When you turn it on, it has this weird start up tone like an old videogame. Then, once you pair it up with your phone using the Bluetooth Watch app (which we'll take a part later), it'll sync the time and the whole of the watch will be open for you to use.
 |
| As you can see, it didn't set the time or date correctly but it's whatever, really. |
This watch can take pictures with the phone's camera (low resolution but the live preview is pretty nifty), it can make calls through it (my Moto360 can't even do that), and it will play music through it. It was able to use Google Play Music which was pretty cool as well. The only thing disappointing about this watch is the screen quality, the software quality, and the unresponsiveness of the touch screen. But this isn't a watch review. This is a watch deconstruction and hacking.
The first step was to remove the straps to make it slightly easier to work with.
Then I shoved an Xacto Knife under the back metal plate. Running it along the edges released the glue. The center of mine was not glued.
This revealed four screws. Removing these yielded the logic board. This is where we wanted to be!
This watch is sporting a MediaTek MT6261MA chip and a 3.7V 230mAh battery to power it. This was bad news for hacking it, because getting your hands on anything MediaTek is incredibly hard. So I think the next step here at some point in the future is to make the screen do something off of the watch. I guess we'll have to learn what kind it is, first. But that's for another time. My life is being consumed with final exams and what have you, so that'll have to wait for now.
The first step was to remove the straps to make it slightly easier to work with.
Then I shoved an Xacto Knife under the back metal plate. Running it along the edges released the glue. The center of mine was not glued.
This revealed four screws. Removing these yielded the logic board. This is where we wanted to be!
This watch is sporting a MediaTek MT6261MA chip and a 3.7V 230mAh battery to power it. This was bad news for hacking it, because getting your hands on anything MediaTek is incredibly hard. So I think the next step here at some point in the future is to make the screen do something off of the watch. I guess we'll have to learn what kind it is, first. But that's for another time. My life is being consumed with final exams and what have you, so that'll have to wait for now.
Did you go any further than just opening up the case?
ReplyDeleteI have made a few attempts since publishing this to get something useful here, but I haven't gotten very far. Even dumping the firmware using some of the methods I could find yielded nothing useful. MediaTek's stuff is wrapped up nicely in NDAs, so getting documentation on chips and whatnot would be more than a challenge. I've been working on some other stuff, so I haven't looked at this recently. My guess at a next step would be to reverse engineer the app and see if there are any firmware features on it.
DeleteI've known that anything MTK6261xx is bad news in terms of reverse engineering.
ReplyDeleteHave you tried anything with the other smartwatch? It's just a really interesting idea
ReplyDeleteTürkce dökümanda bekliyoruz
ReplyDelete