
Jailbreaking the Microsoft Fitness Band - moyix
http://www.b0n0n.com/2016/04/20/ms-jailbreak/
======
tener
While he is able to run custom binary on the band, there doesn't seem to be
any sort of crypto signatures present securing the firmware. So all you have
to do is reverse engineer the binary format, change the code, update the CRCs
where needed and hijack the update process.

The article is well written and the feat is cool, but the device doesn't seem
to be very secure to begin with.

~~~
duaneb
Why on earth does a fitness band need security? What a waste of time and
effort for everyone involved.

~~~
halomru
Not sure if you're serious? The fitness band doesn't store your SSH keys, but
with a heartbeat sensor, GPS and an accelerometer it allows unprecedented
insights in your daily life (your heartbeat accelerated inside the maternity
ward? Just imagine the datamining possibilities). We are dealing with
extremely private data here, and a consumer device should be protected
accordingly.

~~~
slavik81
As long as the firmware update requires physical access to the band and the
paired computer, then it _is_ secure.

If this device is insecure just because its owner can install new software
onto it, then all laptops and desktops are also insecure.

~~~
userbinator
...and that "insecurity" is a _good_ thing, because it's insecurity that leads
to freedom. Nonetheless, there are plenty of groups who want to get rid of
that insecurity, which is even scarier.

[https://www.gnu.org/philosophy/right-to-
read.en.html](https://www.gnu.org/philosophy/right-to-read.en.html)

[http://boingboing.net/2012/01/10/lockdown.html](http://boingboing.net/2012/01/10/lockdown.html)

[http://boingboing.net/2012/08/23/civilwar.html](http://boingboing.net/2012/08/23/civilwar.html)

"Perfect security is a good idea only to those for whom freedom is worth
nothing."

~~~
johncolanduoni
How are Cory's predictions going? Apple dropped their TPM (without ever even
using it), UEFI Secure Boot _still_ allows you to put your own keys even on
the most vertically integrated platforms (like the Surface), you can buy
plenty of consumer routers that are already running DD-WRT and can be easily
flashed with whatever you fancy, Nexus devices still let you unlock the
bootloader, and Apple now lets you compile and run apps for your iPhone
without a developer's license. Even consumer GPUs are easily programmable now.

In what way have any general purpose computers become less general purpose
since the hysteria about the war on general purpose computers started?

------
m0atz
I thought this was an awesome article, the OP is obviously deep in the rabbit
hole and his code is well written. Top job. Keep on hacking.

------
pedalpete
I've got two bands (Microsoft shipped me two, charged me twice and refused to
take the 2nd back - brutal customer service), I suspect the Band can be looked
at as a failed experiment/product.

What I'd like to see is Microsoft open-source or somehow support hacking on
these devices so they can see what the small community of users does with them
when given full access.

------
snuxoll
While the title matches the article, it really isn't descriptive of the
content of the article (which is all about modifying and flashing the ROM,
there's no 'jailbreak' yet).

~~~
moyix
He achieved full code execution on the device. You can argue that it's not a
jailbreak because there wasn't much of a "jail" (checksums, rather than
crypto), but I'm not sure what more you would want in terms of capabilities.

------
wmccullough
Your comment is in line with my thoughts as well. I've come to accept that HN
is slowly becoming a pit of contrarian asswipes honestly.

~~~
dang
Please don't make this place even worse by posting unsubstantive dismissals of
it. More about this here:
[https://news.ycombinator.com/item?id=12053739](https://news.ycombinator.com/item?id=12053739).

We detached this subthread from
[https://news.ycombinator.com/item?id=12057792](https://news.ycombinator.com/item?id=12057792)
and marked it off-topic.

