Blog: Internet Of Things
Glamoriser IoT Device Review
This product came to my attention over Christmas with it’s tv adverts. It piqued my interest because of the BLE connectivity and the fact the device had a mobile app, that you use while using the straighteners.
It’s a set of hair straighteners, that has Bluetooth connectivity so you can control the device from your phone. You can change temp, and change idle time before shutdown. The defaults for this device are a 20 min max idle time, regardless of what you set.
It also comes with a heat resistant silicone cap that you can slide over the hot part and keep them closed after use.
Googleplay Store: https://play.google.com/store/apps/details?id=com.fenda.diva
The APK decompiles well, with 99% of the code intact. This is helpful later on when we come to look for certain code.
The app can directly interface with Alexa and AWS services. There is a Generic API Key Stored in “Assets” Folder:
The api_key.txt file is in fact a JWT (Java Web Token):
The Android application has backup enabled:
With a BT4 dongle and BLEAH running we can look at the device in more detail:
The generic name for the device is “Bluetooth Styler”. It has its “Peripheral Privacy Flag” disabled and we can “WRITE” to the 0015 Handle…
Let’s look at some code.
Looking at how the app works with the BLE protocol, we can see that just about everything is logged to LOG:
Searching further through the code base we find the status UUID string for the BLE communications:
BES_DATA_CHARACTERISTIC_TX_UUID is the write characteristic from earlier.
There is also code outlining what the BLE commands look like:
From this we can see the command is built of different parts:
The CheckSum value is calculated like this:
So now we know how the BLE commands are sent, lets make sure we are correct.
By looking on the phone’s SD card we can see a number of files and folders created:
The Log.txt file created lists exactly what is going on with the BLE Communications:
2019-02-12 12:43:44V<BleService>---onConnectionStateChanged connected = false 2019-02-12 12:43:44V<BleService>---isHumanDisconnect = false 2019-02-12 12:43:44V<BleService>---quickyDisconnectCount = 0 2019-02-12 12:43:44V<BleService>---totalReconnectCount = 1 2019-02-12 12:43:44V<BleService>---totalReconnectCount < 10 and equels = 1 2019-02-12 12:43:44V<BleService>---totalReconnectCount < 5 and reconnect after 500 2019-02-12 12:43:44V<BleService>---handleMessage msg.what == RECONNECT reconnectMAC= F0:13:C3:00:4B:8C 2019-02-12 12:43:44V<BleService>---onConnectionStateChanged connected = true 2019-02-12 12:43:45V<BleService>---onConnectionStateChanged handle discoverServices 2019-02-12 12:43:45V<BleService>---onServicesDiscovered() + status = 0 2019-02-12 12:43:45V<BleService>---onCharacteristicNotifyEnabled() + status = 0 2019-02-12 12:43:45V<BleService>---READY TO SEND DATA IS = 54,45,eb,50,c8,00,05,f8, 2019-02-12 12:43:45V<BleService>---READY TO SEND DATA IS WRITH TO HAL RET IS = true 2019-02-12 12:43:45V<BleService>---onWritten() + status = 0 2019-02-12 12:43:45V<BleService>---onReceive BES_DATA_CHARACTERISTIC_RX_UUID 2019-02-12 12:43:45V<BleService>---onReceive 54,45,f8,
From this Logfile we can also see there is an acknowledgement transmission sent from the device confirming the command was receives and actioned.
By changing some values on the mobile app and then watching the logs, we are able to see what data is sent:
54,45,eb,50,50,00,05,70, 5 mins 80 °C 54,45,eb,50,5a,00,05,66 5 mins 90 °C 54,45,eb,50,64,00,05,5c, 5 mins 100 °C 54,45,eb,50,96,00,05,2a 5 mins 150 °C 54,45,eb,50,c8,00,05,f8 5 mins 200 °C
Let’s see if we can send some data and get the straighteners to do something. First, we need to calculate the checksum for when we change values.
So, we wrote a Java script:
This Java code calculates the Checksum for us and prints out the value we need to send.
One thing to note! There is no auth on the BLE communications between the device and the phone. Data can be sent to the device at any time as long as it is turned on (via the mains power socket).
bleah -b “f0:13:c3:00:4b:8c” -u “0783b03e-8535-b5a0-7140-a304f013c3ba” -d “0x5445EB50EB0014C6”
<INSERT BLEAH PICS HERE AS I DIDN’T SAVE THEM>
Hurrah! We can! Success.
So, we can send commands to the straighteners to change temparature if they are turned on! Great… Now what…
Well in all honesty… nothing. We tested to see if we could overheat the device and you cannot.
If you go over the 235 °C temp, or below 50 °C, it will not register on the device, so I suspect some form of min and max value to what it is expecting to receive! Also, you cannot make this stay on for any longer than 20 mins. There is a physical switch on the straightners, if it’s not pressed they will turn off regardless.
What you CAN do is override the settings as they are being used. For instance, if somebody was using the straighteners at 120 °C and had a sleep time of say 5 mins after use, you could change that to 235 °C and 20 mins sleep time. This could cause some issues from the heat generated- damaged hair, burnt bed linen, singed carpet, etc. FYI polyester starts softening at 235 °C.
There’s an interesting article on hair and the temperatures it can withstand. Here’s a snippet:
“The commonly accepted auto-ignition point of paper is 451 °F (233°C). Therefore, during the course of professional heat styling, it would be expected that human head hair could be subjected to brief direct contact with tools heated to no more than 233°C.”
So, 233°C is just about acceptable for hair, but we can get this device up to 235 °C. Burnt hair smells bad, looks bad, and makes people feel bad.
We recommend that you don’t buy heat sensitive hair styling devices that have Bluetooth controls.