[HN Gopher] Hacking the Philips Sonicare NFC Password
___________________________________________________________________
Hacking the Philips Sonicare NFC Password
Author : nmstoker
Score : 78 points
Date : 2023-06-11 14:34 UTC (8 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| JasserInicide wrote:
| Somewhat related: my 10 year old Sonicare is starting to shit the
| bed so I started to look for a new one. Back then there was 2
| models. Now there's like 8, each with several variations and
| fucking phone app integrations and are several hundred dollars.
| It was headache-inducing to read through.
| userbinator wrote:
| I'd pay several hundred for a toothbrush that had easily
| replaceable batteries and other components like shaft seals
| (with them being standard commonly-available parts), and was
| designed to last many decades. I don't want any of the "app"
| crap.
| culturestate wrote:
| I just went through this too, and I ended up with a Philips
| One.
|
| Its only smart-ish feature is the vibrating quadrant timer, it
| feels like it cleans more or less the same as my old Sonicare,
| it uses a normal AAA, and best of all it was like $30.
|
| There's no real third-party ecosystem for heads yet, but I'll
| happily trade that for something that just works.
| beebeepka wrote:
| I bought the simplest one. No app, no 1000 "different"
| vibration patterns, no charging glass, no nothing.
|
| To me, it looks like they are charging more for increased
| inconvenience. What a crazy world
| exmadscientist wrote:
| Also, consider the Kids model. It's the real deal, just
| with a kid-friendly sticker on it (designed to be
| interchangeable by kids, so easy to remove). It's got the
| full-featured, full-power previous(?) generation Sonicare
| resonant motor, no NFC, no stupid "pressure sensor" button,
| and no BS. If you can stand that sticker!
| johnchristopher wrote:
| > my 10 year old Sonicare is starting to shit the bed so I
| started to look for a new one. Back then there was 2 models.
| Now there's like 8, each with several variations
|
| Electric toothbrush marketing designations are out of control.
| When I was looking for one I found a website that went out of
| its way to identify which models were behind marketing wording
| and numbers and what their specs were (mainly: movements per
| minute and pulsations per minute). Companies love to rebrand
| the same models with different numbers based on how many
| additional brushes they put in the package but they rarely put
| those specs on their own websites. Anyway, oral b 2700 still
| looks good.
|
| > is starting to shit the bed
|
| Off-topic but... language, please ?
| alpaca128 wrote:
| > oral b 2700 still looks good
|
| I thought the same until I tried a Sonicare. The cheap Oral B
| models feel more like power drills in comparison (and also
| started destroying my gums).
| johnchristopher wrote:
| Which model ?
| exmadscientist wrote:
| > movements per minute and pulsations per minute
|
| According to an ex-Sonicare senior engineer I work with, this
| is not actually what's important at all. The key thing they
| looked at (and still do look at) is the amplitude/travel
| distance of the bristle tips, and how that changes under
| load. It should stay strong under light load, but collapse
| under heavy load (so that when you mash the thing way too
| hard into your gums, power transfer stops and your gums don't
| get brutalized). It's a surprisingly delicate balance.
|
| We recently had cause to look at a few of these devices
| (sorry for the vagueness, you know how it goes) and most of
| the non-Sonicare ones are pretty awful. The rotary Oral-B
| ones aren't bad at what they are, but they aren't the same.
| There is one Sonicare clone that really impressed though, and
| it's not expensive.
| johnchristopher wrote:
| > The key thing they looked at (and still do look at) is
| the amplitude/travel distance of the bristle tips, and how
| that changes under load. It should stay strong under light
| load, but collapse under heavy load (so that when you mash
| the thing way too hard into your gums, power transfer stops
| and your gums don't get brutalized). It's a surprisingly
| delicate balance.
|
| Isn't that what the pressure sensor is supposed to be for ?
| bredren wrote:
| We have a pair of 2019 Sonicare that need battery replacements.
|
| I picked up a compatible battery but haven't taken the time to
| pull it apart yet. It does require soldering.
|
| The company scrambled the model numbers and it's not easy to
| figure out which are similar or even the same.
|
| The obfuscation of product differences, release dates and nerfs
| to longevity are all over consumer goods.
|
| I hope open product designs + micro hyper local manufacturing
| capability will deeply erode the power of companies creating
| these wasteful, capital-driven artifacts.
| throw0101b wrote:
| > _It was headache-inducing to read through._
|
| So what did you decide on?
| PreInternet01 wrote:
| TL;DR: recent (2020-ish) Sonicare brush handles have an alert to
| remind you when the attached tip has exceeded its useful life,
| according to the manufacturer's recommendations (which are
| printed on the packaging as well).
|
| This functionality is implemented using NFC, and as per protocol
| recommendations, there is a password. Given the low cost
| requirements and extremely low risks, this password is static,
| and can be sniffed as described in this blog post.
|
| If you are at all offended by this, you can feel free to either
| ignore the Sonicare handle's beeps/lights upon tip expiry, use
| non-NFC third-party tips, use a non-Sonicare brush handle, use a
| regular toothbrush, or not brush your teeth at all (not medical
| advice). Big Toothbrush _may_ be out to get you, but they 're not
| _quite_ there yet.
|
| If you think this is actually kind-of cool, good for you!
| Analyzing NFC and other 'household' protocols is a really nice
| hobby, and you can get started using low-cost tools.
|
| P.S. Just got a HN 'if this is _really_ your comment, please
| press Submit again ' prompt that I hadn't seen before. Doing as
| instructed worked, but escaped the formatting chars in my
| comment, i.e. every asterisk got replaced by a backslash-
| asterisk. Thrilling, I know...
| GoToRO wrote:
| Just to add: It's also used to change the cleaning mode of the
| handle to match the type of the brush attached.
| masklinn wrote:
| I assume it's cleaning mode as in vibration pattern?
|
| I ask because I have an old base with an UV brush compartment
| but I'm quite sure the base has no NFC.
| exmadscientist wrote:
| It's probably not even the pattern, just the drive
| frequency. The system is operated just off resonance, so
| getting the frequency right is really important. You can do
| this easily with feedback from the drive assembly and no
| NFC, or you can do with with NFC to tell you what's on the
| other end and just do it open-loop. The feedback method is
| cheaper (I think), so it's what was done previously. But if
| you want brush head ID, you go the other route....
| GoToRO wrote:
| My guess as well.
|
| I just tested it. The frequency seems to stay the same.
| Tongue clean mode seems to move the brush left to right.
| Normal clean mode seems to move it up and down as well.
| Hard to tell it vibrates so fast on small distances.
| politelemon wrote:
| This is my favorite kind of HN content, people following their
| curiosity. This a double-deal since the original story
| (https://kuenzi.dev/toothbrush/) had someone trying to
| investigate their toothbrush, someone else couldn't stop thinking
| about the story, and decided to take it further. Thanks for
| posting this!
| buzer wrote:
| Earlier discussion about the initial hack (sniffing the password
| & resetting usage hours):
| https://news.ycombinator.com/item?id=36128617
| _Microft wrote:
| On Nitter if you don't want to visit the birdsite:
|
| https://nitter.net/atc1441/status/1667252413051424773
| snakey wrote:
| An unrolled version kindly posted by a user in the original
| thread:
| https://threadreaderapp.com/thread/1667252413051424773.html
|
| Hopefully much easier to read.
___________________________________________________________________
(page generated 2023-06-11 23:01 UTC)