[HN Gopher] Hacking the Philips Sonicare NFC Password ___________________________________________________________________ Hacking the Philips Sonicare NFC Password Author : nmstoker Score : 78 points Date : 2023-06-11 14:34 UTC (8 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | JasserInicide wrote: | Somewhat related: my 10 year old Sonicare is starting to shit the | bed so I started to look for a new one. Back then there was 2 | models. Now there's like 8, each with several variations and | fucking phone app integrations and are several hundred dollars. | It was headache-inducing to read through. | userbinator wrote: | I'd pay several hundred for a toothbrush that had easily | replaceable batteries and other components like shaft seals | (with them being standard commonly-available parts), and was | designed to last many decades. I don't want any of the "app" | crap. | culturestate wrote: | I just went through this too, and I ended up with a Philips | One. | | Its only smart-ish feature is the vibrating quadrant timer, it | feels like it cleans more or less the same as my old Sonicare, | it uses a normal AAA, and best of all it was like $30. | | There's no real third-party ecosystem for heads yet, but I'll | happily trade that for something that just works. | beebeepka wrote: | I bought the simplest one. No app, no 1000 "different" | vibration patterns, no charging glass, no nothing. | | To me, it looks like they are charging more for increased | inconvenience. What a crazy world | exmadscientist wrote: | Also, consider the Kids model. It's the real deal, just | with a kid-friendly sticker on it (designed to be | interchangeable by kids, so easy to remove). It's got the | full-featured, full-power previous(?) generation Sonicare | resonant motor, no NFC, no stupid "pressure sensor" button, | and no BS. If you can stand that sticker! | johnchristopher wrote: | > my 10 year old Sonicare is starting to shit the bed so I | started to look for a new one. Back then there was 2 models. | Now there's like 8, each with several variations | | Electric toothbrush marketing designations are out of control. | When I was looking for one I found a website that went out of | its way to identify which models were behind marketing wording | and numbers and what their specs were (mainly: movements per | minute and pulsations per minute). Companies love to rebrand | the same models with different numbers based on how many | additional brushes they put in the package but they rarely put | those specs on their own websites. Anyway, oral b 2700 still | looks good. | | > is starting to shit the bed | | Off-topic but... language, please ? | alpaca128 wrote: | > oral b 2700 still looks good | | I thought the same until I tried a Sonicare. The cheap Oral B | models feel more like power drills in comparison (and also | started destroying my gums). | johnchristopher wrote: | Which model ? | exmadscientist wrote: | > movements per minute and pulsations per minute | | According to an ex-Sonicare senior engineer I work with, this | is not actually what's important at all. The key thing they | looked at (and still do look at) is the amplitude/travel | distance of the bristle tips, and how that changes under | load. It should stay strong under light load, but collapse | under heavy load (so that when you mash the thing way too | hard into your gums, power transfer stops and your gums don't | get brutalized). It's a surprisingly delicate balance. | | We recently had cause to look at a few of these devices | (sorry for the vagueness, you know how it goes) and most of | the non-Sonicare ones are pretty awful. The rotary Oral-B | ones aren't bad at what they are, but they aren't the same. | There is one Sonicare clone that really impressed though, and | it's not expensive. | johnchristopher wrote: | > The key thing they looked at (and still do look at) is | the amplitude/travel distance of the bristle tips, and how | that changes under load. It should stay strong under light | load, but collapse under heavy load (so that when you mash | the thing way too hard into your gums, power transfer stops | and your gums don't get brutalized). It's a surprisingly | delicate balance. | | Isn't that what the pressure sensor is supposed to be for ? | bredren wrote: | We have a pair of 2019 Sonicare that need battery replacements. | | I picked up a compatible battery but haven't taken the time to | pull it apart yet. It does require soldering. | | The company scrambled the model numbers and it's not easy to | figure out which are similar or even the same. | | The obfuscation of product differences, release dates and nerfs | to longevity are all over consumer goods. | | I hope open product designs + micro hyper local manufacturing | capability will deeply erode the power of companies creating | these wasteful, capital-driven artifacts. | throw0101b wrote: | > _It was headache-inducing to read through._ | | So what did you decide on? | PreInternet01 wrote: | TL;DR: recent (2020-ish) Sonicare brush handles have an alert to | remind you when the attached tip has exceeded its useful life, | according to the manufacturer's recommendations (which are | printed on the packaging as well). | | This functionality is implemented using NFC, and as per protocol | recommendations, there is a password. Given the low cost | requirements and extremely low risks, this password is static, | and can be sniffed as described in this blog post. | | If you are at all offended by this, you can feel free to either | ignore the Sonicare handle's beeps/lights upon tip expiry, use | non-NFC third-party tips, use a non-Sonicare brush handle, use a | regular toothbrush, or not brush your teeth at all (not medical | advice). Big Toothbrush _may_ be out to get you, but they 're not | _quite_ there yet. | | If you think this is actually kind-of cool, good for you! | Analyzing NFC and other 'household' protocols is a really nice | hobby, and you can get started using low-cost tools. | | P.S. Just got a HN 'if this is _really_ your comment, please | press Submit again ' prompt that I hadn't seen before. Doing as | instructed worked, but escaped the formatting chars in my | comment, i.e. every asterisk got replaced by a backslash- | asterisk. Thrilling, I know... | GoToRO wrote: | Just to add: It's also used to change the cleaning mode of the | handle to match the type of the brush attached. | masklinn wrote: | I assume it's cleaning mode as in vibration pattern? | | I ask because I have an old base with an UV brush compartment | but I'm quite sure the base has no NFC. | exmadscientist wrote: | It's probably not even the pattern, just the drive | frequency. The system is operated just off resonance, so | getting the frequency right is really important. You can do | this easily with feedback from the drive assembly and no | NFC, or you can do with with NFC to tell you what's on the | other end and just do it open-loop. The feedback method is | cheaper (I think), so it's what was done previously. But if | you want brush head ID, you go the other route.... | GoToRO wrote: | My guess as well. | | I just tested it. The frequency seems to stay the same. | Tongue clean mode seems to move the brush left to right. | Normal clean mode seems to move it up and down as well. | Hard to tell it vibrates so fast on small distances. | politelemon wrote: | This is my favorite kind of HN content, people following their | curiosity. This a double-deal since the original story | (https://kuenzi.dev/toothbrush/) had someone trying to | investigate their toothbrush, someone else couldn't stop thinking | about the story, and decided to take it further. Thanks for | posting this! | buzer wrote: | Earlier discussion about the initial hack (sniffing the password | & resetting usage hours): | https://news.ycombinator.com/item?id=36128617 | _Microft wrote: | On Nitter if you don't want to visit the birdsite: | | https://nitter.net/atc1441/status/1667252413051424773 | snakey wrote: | An unrolled version kindly posted by a user in the original | thread: | https://threadreaderapp.com/thread/1667252413051424773.html | | Hopefully much easier to read. ___________________________________________________________________ (page generated 2023-06-11 23:01 UTC)