
Extracting My Data from the Microsoft Band - lazyjeff
http://jeffhuang.com/extracting_my_data_from_the_microsoft_band.html
======
mabbo
That's a bit disappointing. I was hoping to get one of these bands, but to
hear them say that all data is stored on Microsoft's cloud is a bit
disconcerting.

I wanted to track my heart rate while I run. I didn't want to let a large
company have direct access to my health information.

~~~
blub
Is there any band that doesn't upload everything to some cloud? It's super
crappy that everything I looked at had some stupid cloud feature.

~~~
at-fates-hands
I've always used a polar heart rate monitor when I play hockey to help me find
my VO2 max and my target heart rate range. They're one of the few really
accurate heart rate monitors out there. These also have a myriad of other
functions.

[http://www.polar.com/us-
en/products/get_active/fitness_cross...](http://www.polar.com/us-
en/products/get_active/fitness_crosstraining/loop)

You can find a Polar Loop bracelet with the H7 heart rate monitor strap for
around $150.00, which is a lot less than the Microsoft Band:

[http://www.ebay.com/sch/i.html?_odkw=polar+h7&_from=R40&_osa...](http://www.ebay.com/sch/i.html?_odkw=polar+h7&_from=R40&_osacat=0&_from=R40&_trksid=p2045573.m570.l1313.TR0.TRC0.H0.XPolar+Loop+%2B+Polar+H7+heart+rate+monitor&_nkw=Polar+Loop+%2B+Polar+H7+heart+rate+monitor&_sacat=0)

I apologize in advance for the janky links.

~~~
e12e
I don't have experience with any, but after some searching, it appears the
various Mio[1] bands might be a good bet? Appears to be more open that the
polar products, unless I'm missing something. I also found:

[https://github.com/mlt/schwinn810](https://github.com/mlt/schwinn810)

Does anyone have any experience with either?

[1] [http://www.mioglobal.com/en-uk/compare-mio-heart-rate-
monito...](http://www.mioglobal.com/en-uk/compare-mio-heart-rate-monitors.htm)

------
Maarten88
It seems to use a standard odata format over ssl with oauth token security. I
wonder if it's possible to simply attach an Excel worksheet to the data feed
([https://support.office.com/en-us/article/Connect-to-an-
OData...](https://support.office.com/en-us/article/Connect-to-an-OData-
feed-4441a94d-9392-488a-a6a9-739b6d2ad500))

------
pgbovine
_" Clearly, to get sleep events, the app is constructing a REST call."_

This is gold :) Nice write-up, Jeff.

------
zamalek
I'd notice those URL parameters anywhere.

There is a very strong chance that it fully conforms to the OData spec:
[http://www.odata.org/documentation/odata-version-3-0/url-
con...](http://www.odata.org/documentation/odata-version-3-0/url-conventions/)
\- although I'm not sure which version (most recent MSFT stuff has been 3.0).

So what you could do is hit a URL such as:

    
    
        https://prodphseus.dns-cargo.com//v1/Events?$filter=AverageHeartRate gt 90
    

To get the events where you pushed yourself above 90.

~~~
robwilliams
The source code he posted dealt with the ODataRequest class, so that's not a
stretch :)

Also, the most recent OData version is 4.0:
[http://www.odata.org/documentation/odata-
version-4-0/](http://www.odata.org/documentation/odata-version-4-0/)

Disclaimer: MS employee, not on OData team however.

------
andsosayallofus
Where's the money here? It's not a subscription based service, so what
financial sense does it make to dump this data straight to a server?

I can't imagine there's complex data processing being done that a smartphone
can't handle, so I assume the data is being sent back because it's somehow
useful or valuable to Microsoft.. but how?

~~~
jzwinck
The network effect. Fitbit has a huge advantage right now because the user
base is so large. A lot of people use its social features to compete with
their friends, office mates, etc. This encourages more people to buy the
hardware to participate.

------
xg15
As he already decompiled the app, wouldn't a more promising route be to figure
out the Bluetooth communication between the app and the band? Using this
knowledge, you could eventually write your own (private) app and bypass
Microsofts's servers completely. (Provided they don't use some crazy
authentification and/or encryption schemes in the Bluetooth protocol.)

------
lhl
I started poking around w/ mitmproxy the other day as well, since I had
started to get a little tired of waiting (Microsoft has promised an open
API/SDK of some sort, but there haven't been any updates to any of the
software since release) w/ similar results. (I did this against the iOS app).

So I'll just post a couple notes:

* auth appears to be using OAuth WRAP (deprecated as a spec, but Microsoft appears to use it for Live logins), so I'm sure could be pretty easily extracted for an API library

* As mentioned the API mostly talks to an endpoint on and the returns are gzipped JSON _except_ for a PUT to prodwus0sts.blob.core.windows.net for the binary log of your actual data (there's a subsequent PUT that then sends the UploadId and some other metadata to the API server)

People have mentioned wanting to avoid sending your data to the cloud
completely, and that should be completely possible. The easy way atm is that
you could just mitm the endpoints and sync as normal w/ the app.

However, there are at least a couple of people that have successfully reverse-
engineered the BTLE protocol, although I haven't seen anything fully published
yet. This appears to mostly/primarly be based on digging through the Windows
client's DLL.

Pic of source w/ some of the BT protocol:
[https://twitter.com/JustinAngel/status/527955001436418048](https://twitter.com/JustinAngel/status/527955001436418048)

Some BT functions:
[https://twitter.com/JustinAngel/status/528383467742957571](https://twitter.com/JustinAngel/status/528383467742957571)

Methods extracted from the dll:
[https://twitter.com/JustinAngel/status/529876592479047682](https://twitter.com/JustinAngel/status/529876592479047682)

(On OSX, strings gives you significantly less useful information, although
apparently it was built by 'ianhowle' and there's a native Objective-C
"CargoKit" library)

Note, there's one open source project that has theming and plans on building
live sensor output: [http://unband.nachmore.com/](http://unband.nachmore.com/)

And there's a closed source phone already that _does_ access all the sensor
data in realtime: [http://www.windowsphone.com/en-us/store/app/band-sensor-
moni...](http://www.windowsphone.com/en-us/store/app/band-sensor-
monitor/68f97b41-de2f-4579-a473-5d476a5c5196)

I'm not too familiar with Windows Phone, but I believe you can access and
decompile an unencrypted XAP if you have a rooted Windows Phone to see what
it's doing.

I don't really have much experience/use/access to Windows stuff in general,
but for someone w/ that kind of experience, I can't imagine it being very hard
to deconstruct.

------
TazeTSchnitzel
Interesting they store so little on the device. Does the Band generate a lot
of data?

~~~
blub
Even if it did, the interesting stuff can be filtered from the raw data and
saved on the device.

Making customers depend on online service is a really hostile move. I wonder
if the protocol between app and band can be reverse engineered to allow
connecting other apps...

~~~
Animats
Right. He's only reverse engineered the phone-to-server data, not the band-to-
phone data.

Exercise equipment like treadmills should be able to read band data. They can
use it for feedback to control speed. That's a common treadmill feature, but
it's usually not wireless.

------
ubercow
The most amusing part for me is the domain name dns-cargo.com Seems like a
random choice. Wonder if this was just some spare throwaway domain they had
laying around.

------
sengstrom
A nice hack and a good list of the things you may want to fiddle with if you
want to explore phone applications calling home just in general.

------
zeinzig
i knew something had to be up when syncing between band and app required
internet access! my fitbit always synched with just bluetooth.

------
Tommyatomic
So far despite the decent specs the Microsoft Band is disappointing to pretty
much everyone I've spoken to who bought one. Now that I know how the data
storage functions additional disappointment abounds. This is clearly no
exception to equating the MS Band as the windows 8 of smartwatches. I am
fanatically thrilled I couldnt find one when I wanted to buy one.

