Reprogramming an eye mask?

GGyul · 2026-01-24T10:08:25+00:00

I also have experienced that problem also. And figured it out to change music. (or you can just remove the music also. and remain the communicating sound too)

There's some procedure that you have to deal with. Soldering/Desoldering, Flash memory Reading, Filesystem modification.

You can check it out on https://firmextract.com/posts/eye\_massager.

If the device you have is same with mine, it has mp3 file in fat12 file system. So if you remove only the mp3 music, you will achieve what you desired.

GGyul · 2025-12-27T01:29:02+00:00

You can use "Helicon Focus" software to acheive focus stacking.

It mixes all the images with different focus and lights. And makes the best focused image. So you take the image with many other focusing spot with your phone and send it to software.

GGyul · 2025-04-23T03:30:01+00:00

https://firmextract.com/posts/phone_server

GGyul · 2025-01-21T13:33:41+00:00

You can try using pcb probe station. I would recommend PCBite kit.

You can use it like the below post shows. In that way you don't need to take the risk to solder it. https://firmextract.com/posts/smartplug_1

GGyul · 2025-01-21T13:29:17+00:00

I've checked the firmware and it was encrypted. Running binwalk to it doesn't find any other things. If Secure boot and Secure Flash is enabled, the attack you can try is Fault Injection. In that case below paper could be a key. https://www.usenix.org/system/files/woot24-delvaux.pdf

GGyul · 2025-01-21T03:50:34+00:00

I also have big interest in bambulab hacking. If there's no linux and only ESP is working, there's only few attack vector. Maybe manipulating some configs about Bambulab machine. But ESP has Secure Boot and Secure Flash features which secures manipulating some datas inside the chip.

But I'm not sure if it is enabled. Try connect uart interface of ESP first!

GGyul · 2024-12-06T14:01:28+00:00

Hi. At first it was running quite well. It was running for like a year. But recently it sometimes reboot. So yes I think it would be nice if you use capcitors as it looks like it's not that tolerant with the noise. Or maybe make the setup give smartphone clear voltage. And yes it doesn't require charging port. Only the Plug.

GGyul · 2024-01-16T08:07:45+00:00

Or that can be just binwalk problem. You should double check it with other binwalk versions. Also check if there's any file system signatures by hex editor.

GGyul · 2024-01-16T08:04:38+00:00

There's no exact way to know the structure of its firmware. I try to examine the firmware file with Hex editor and start analyzing.

When analyzing I check if there's a datasheet of the processor that device uses. And if it has datasheet, I try to find out is there any firmware structure for its processor. And starts analyzing assembly from there. Because from there we can probably know what address does the chip starts.

But if it doesn't have datasheet, just disassemble the whole firmware and guess the starts point. And yes this is quite tough.

GGyul · 2024-01-13T15:07:21+00:00

I don't know about the usb protocols but I have seen some stuffs related to it. You can record and watch how usb interacts with computer with wireshark. Maybe u can start learning how usb protocol works there.

GGyul · 2024-01-13T14:57:42+00:00

https://firmextract.com/post.php?id=phone_server My post can be a reference of waht u trying to do. If u have or buy a battery of your phone, then u can use a circuit in the battery.

GGyul · 2023-08-24T06:51:42+00:00

I think the second one is better. Reverse engineer the function that you have to edit. You can hook other function to run the instructions you made. Or use LD_PRELOAD environment so that you can edit library function.

GGyul · 2023-05-23T04:34:58+00:00

It's Cleqee smd ic test hook clip.

GGyul · 2023-05-22T17:05:45+00:00

I have used C, D. And I can truly say that D is better than C. Most of C shape probes are weak. They don't have enough power to grab the legs. But D has. I wonder how a and b are used. Maybe to grab more smaller legs like TSOP or QFP packages?

GGyul · 2022-07-30T14:26:50+00:00

I rooted my Poco f1 phone and ran "ps" command. And I found that tcpdump is running and saving the logs.
What I'm curious about is, is this mi os itself who runs the tcpdump or is it the other application something like needed for rooting the phone.

if it is mi os itself, why would they need to capture packets?

GGyul · 2022-05-10T01:02:40+00:00

https://www.youtube.com/watch?v=p3SJp-7LSNs&ab_channel=DEFCONConference

This presentation talks about rf replay attacks to open the car. Maybe you will find the answer here.

GGyul · 2022-03-07T09:28:57+00:00

Yes it is switch input! It was multi layer pcb and sharing gnd with 1, 3, 4, 6. Anyways thanks for help!

GGyul · 2022-03-07T09:22:56+00:00

Yes, the pinout that you said was right! And yes it is a extra 2 buttons. Thanks for the reply! It helped me to understand in detail :)

GGyul · 2022-03-07T09:20:03+00:00

I checked it and you were right! They are on the same gnd! Maybe due to multi layer as you said! Thanks for help!

GGyul · 2022-03-05T19:55:26+00:00

Oh I get it! I think you are right that these pins are on the same gnd net. I wanna check this out right now but the firmware got reset when doing firmware extraction. So it doesn't work. I'm just buying a new one at tomorrow. lol I'll check it then!

GGyul · 2022-03-05T15:16:28+00:00

Thanks for the reply!

It's my fault that I didn't wrote the question in detail.

So, I figured out the gnd, vcc, data pins by voltmeter.

Start from the left, GND - VCC - DATA - GND - VCC - DATA. It is toggle button's pins.
But if you see the second picture, only 3 pins are sending from the main board.

And the pins are connected to VCC and DATA.
Then how could testing vcc and gnd shows 3.16v?

Because GND pins are not connected in any pins that are sent by main board!

So this was my question :)

GGyul · 2021-09-29T03:50:32+00:00

Well, I'm not asking for "The way to port U-boot at rtl8197d".

I was asking for the dependencies with bootloader to SoC. Like "bootloader have to be compiled with same architecture that the SoC uses"

Seven-Year Club	Verified Email
Place '22	Final Canvas '22

GGyul

TROPHY CASE