Saturday 28 December 2019

Reverse engineering the Flower Power app

"Flower Power" is an "internet connected" plant / soil monitoring device which was sold in 2016 by Parrot. The company subsequently decided to discontinue these products to concentrate on its better-known flying drone products.

We acquired some Flower Powers for an environmental study project.

How did it work?

A small low power, very clever monitoring device ( see Sylvia Wu's magnificent teardown ) monitors the environmental conditions, and logs them into a local non-volatile memory. It has a Bluetooth Low Energy (BLE) radio to communicate with smartphones.

Then periodically it synchronises with a smartphone app (available for Android and ios) to send the data up to a "cloud" internet server. The phone app doesn't need to connect to the sensor and the internet at the same time; it can buffer data and send them up later - which is useful if your plants are in a location where internet connection isn't available.

What's the problem?

Parrot have stopped supporting the devices and will switch off the (internet) API soon.

We still have working sensors and want to use them at least next year, maybe after.

There may also be more Flower Powers sitting in storage somewhere; those will become really useless if the API to update the firmware isn't available. I wanted to get the firmware before Parrot turn off their servers.

Reverse engineering


The Android app is a .apk file. I downloaded file from this "sideloading" site here:  


 - of course I don't know if this is the real, unmodified app (from "apkpure"), but it seems likely. I'm not going to load it on a real phone from here.

I extracted the files from .zip formats, and eventually found the "meat" of the application in the .dex files classes.dex classes2.dex and classes3.dex.

These are "Dalvik Executable" files, which are just packed in a different format to .jar - so I' used this utility "dex2jar"  to convert them into .jar

Then I used this Java Decompiler to extract the source code.

I was able to see that the app communicates with https://api-flower-power-pot.parrot.com - but it uses some weird authentication scheme.

Fortunately, the code https://github.com/growobservatory/MyData implements the authentication scheme for this API. 

The "secret" client id and client secret are also hard-coded in the Android app source code, so I was able to log in and call the APIs (and get the api token needed for authentication below).

Using this, I obtained the firmware download location:

wget -S  - 'https://api-flower-power-pot.parrot.com/sensor_data/v1/firmware_update/flower-power' --header="Authorization: Bearer myapitoken"

// Got API token by using MyData

// "flower-power" device
{
   "errors" : [],
   "firmware_version" : "2016-09-14_hawaii-2.0.3_hardware-config-MP",
   "user_config_version" : 39,
   "server_identifier" : "2.1.18 April 6th 2017",
   "firmware_update_url" : "http://hawaii2-web-service-prod-firmware.s3.amazonaws.com/2016-09-14_hawaii-2.0.3_hardware-config-MP.bin?1474470262",
   "garden_status_version" : 219
}

Then I could download (without authentication) the firmware image file.

What next?

Ultimately, if we have any new boxed Flower Powers, I will create an app which flashes the firmware image without using Parrot's cloud servers.

This should allow flashing the devices.

We can also call any of the APIs which the app uses, to get our data from the cloud, plus pictures, etc. (Grow Observatory's Getdata app does some of this)

To be continued... I have all the files downloaded. I suppose if Parrot's servers go away, it gets more interesting.

Also,  this NodeJS project claims it can talk to the Flower Power:

https://github.com/sandeepmistry/node-flower-power 

It also says it can update the firmware.

Sunday 17 November 2019

Tinyavr toolchain update

Attiny1614 / other tinyavr microcontrollers:

I had a quick go at automating the toolchain build from these instructions

https://github.com/vladbelous/tinyAVR_gcc_setup

After falling down a couple of rabbit holes, I have made a better toolchain build script which is mostly automated and works with many of the chips (attiny3217, 1614 are the only ones I'm targetting).

Build script is here:

https://github.com/MarkR42/robotbits/tree/master/avr_toolchain

The trick was to get a recent subversion avr-libc and patch it with a patch provided from somwhere... details are in the script and it should work.

Now I don't need ot use Vlad Belous hacky method of installing (but thanks anyway, Vlad, it worked ok before). Vlad's instructions to install binutils and gcc were flawless though.

YES!

If you need to build with an open source toolchain, for attiny1614, attiny3217 or others in the same series, try my build.sh script (obviously read it first!)

Sunday 13 October 2019

Using the ATTINY1614 microcontroller

Microchip / Atmel made some new microcontrollers. This adds to the already huge range of parts.

I've been playing with the ATTINY1614. This is part of the tinyavr 1-series, which is a relatively new (2018?). I get the idea that these new micros are the product of the merger of Microchip and Atmel, so they take the good bits from the older chips of each (but aren't compatible with either).

These are 8-bit MCU with a few kb of ram and a few k of flash (2k and 16k respectively, in this part) which can do quite a lot of work in a small package.

I like them because

  • Small package which is still hand-solderable (soic 14 pin)
  • Tolerate a wide range of supply voltage (2.5-6.5 I think)
  • Small number of passives / extra connections
  • The internal clock generator seems quite accurate
But also

The data sheet doesn't suck. At least, I can understand it.
Peripherals are fairly sane and consistent
One-pin (UPDI) programming interface

Programming with open source toolchain 

See  https://github.com/vladbelous/tinyAVR_gcc_setup - I followed these instructions and they worked.

Flashing the firmware

The firmware programmer is just a serial port, plus one resistor. See https://github.com/mraardvark/pyupdi/ 

 Example code

While it is a relatively new part, there is a bit of sample code "out there".

https://github.com/chromia/attiny1614example - is a useful source of examples.

Also some of the official samples


The product page


Has "Documents" which includes some samples and ideas.

Wednesday 9 January 2019

Right to repair

SO - if we agree that we have the right to repair things? Does that actually help?

https://therestartproject.org/restart-project/first-ever-protest/

"Right to repair" could be enshrined in law (EU or otherwise) but it won't really help, unless we also have the ability to repair.

Just like Brother/Sister Loretta in Monty Python's Life of Brian, fighting for the right to have babies, but without a womb it's not really useful.
REG: What's the point of fighting for his right to have babies when he can't have babies?!
FRANCIS: It is symbolic of our struggle against oppression.
REG: Symbolic of his struggle against reality.

My experience - Indesit Hob

The Indesit hob was brilliant. It was perhaps, the most amazing thing I've ever repaired. I pulled it to pieces - with standard tools - and the parts were all clear. I easily identified the failed part.

But the best thing was, Indesit supplied a replacement at a reasonable price and delivered it quickly. It was easy to fit and worked first time. The hob works to this day.

Unbranded / Screwfix hedge trimmer

The hedge trimmer worked fine until it hit some metal fencing wire, then it stopped. The culprit was found - despite Torx security screws holding the thing closed - to be a smashed metal helical gear. After reading all documentation and talking to Screwfix. it was clear that a replacement was never going to be forthcoming.

The trimmer got replaced under sale-of-goods "reasonable durability"  but it's definitely a lose. I expect they threw the broken one in the bin (along with a bunch of others with the same fault presumably)

Deraileur gear mech hangers

On bicycles, Deraileur  gears are the most popular. Each bike frame which uses them, has a "mech hanger" which is a sacrifical steel part designed to bend or break if the mech ever ends up in the spokes.

Unfortunately there is no standard for these parts and they come in a dizzying array of shapes and sizes. Manufacturers are not interested in providing spares for discontinued models (even though they might have some stock for current models).

How do we fix our bikes? Several companies now use modern (CNC) techniques to make any mech hanger - and keep databases of designs. These will be available essentially forever because they are made to order and the designs don't consume physical space.

Conclusion

We need companies to provide spares (like Indesit). If they can't economically provide spares, they should provide information which allows other companies to make spares using modern CNC or other techniques (like mech hangers). 
The right to repair is great. The right to have babies is great, if you have a womb.