Ben Jabituya Brings Basis Smartwatches Back From the Dead with a Little Reverse Engineering
Bricked following a safety recall in 2016, Basis Peak and B1 smartwatches can be brought back to life β if you're willing to risk it.
Developer Ben Jabituya has published a guide to bringing Basis fitness-tracking smartwatches back from the dead, after company owner Intel recalled its B1 and Peak devices over safety issues in 2016.
"Inspired by some of the fitness device hacks and a massive drop in used Basis watch prices (average I spent on a few was around $20 each), I recently set out to restore a Basis watch to a useable level and try and extract raw health data," Jabituya explains. "Note that to do this hack you need a watch that has already been activated β if the watch is boxed etc then it is only good for spares and parts."
Jabituya's efforts were somewhat hampered by the Android applications used to communicate with the watches having been de-listed from Google Play. "Legacy APKs are usually archived somewhere on the web," he writes, "so these were easy to source. I started with the B1 just because I already had the original app on my phone and therefore had some existing data cached from around 2016, which I figured might prove useful to have at hand."
To get at the data, Jabituya decompiled the software;s APK and reviewed the underlying code with Jadx, a Java to Dex decompiler. "It became clear that the developers had left a lot of information in the production version of the app that you wouldn't normally find," he adds.
"At the login page, if you used the username and password pair 'Jersey' 'Shore', you would get into a developer options section. This allows you to change the domain the app connects to for the API and a whole host of other debugging options that aided reverse engineering. There was also a folder called 'fake web-data' that had example cached outputs from API requests, this helped in understanding the response format."
Using the information he found, Jabituya created a limited web API and retrieved the data transmitted by the watch β then set about decoding it, by looking for repeating patterns and using trial-and-error to parse the data. "I actually had an advantage in this part because someone had previously made an independent app for the basis B1," he notes, "and had got some way into decoding the data, which they kindly shared."
Using this, Jabituya was able to decode heart rate, skin temperature, galvanic skin response, accelerometer readings for each axis, and a single value which he interprets as "possibly air temp."
The source code for the project, along with examples of the raw data, can be found on GitHub; more details on the hack are available on Jabituya's blog.
