[HN Gopher] Reverse engineering and dismantling Kekz headphones
___________________________________________________________________
Reverse engineering and dismantling Kekz headphones
Author : mtlynch
Score : 173 points
Date : 2024-10-04 06:55 UTC (16 hours ago)
(HTM) web link (nv1t.github.io)
(TXT) w3m dump (nv1t.github.io)
| taldo wrote:
| Ouch, open Cosmos DB with geolocation logs publicly accessible...
| bux93 wrote:
| It's only the locations of children.. Wait.. That doesn't sound
| good?
| altairprime wrote:
| Hopefully someone who is in the EU buys one of these and
| files a formal complaint! I can't from across the ocean,
| sadly.
| justinclift wrote:
| Ugh: ... the application tries not only uploading
| the ID3 Tags, but also geolocation data, which is most
| likely gathered from Wi-Fi triangulation from windows itself.
|
| That's likely breaking some EU GDPR rules, at the very least.
|
| Doesn't seem like that'd be an accidental thing?
| polartx wrote:
| I would assume so since much of the code seems to have been
| stolen in the first place
| consp wrote:
| Or made by a contractor or is cots in another region?
| zkirill wrote:
| Awesome article. Just wondering, how can a hardware company
| voluntarily submit their device for reverse engineering and
| dismantling as a show of good faith? Given the right
| circumstances this is basically a free security audit and
| marketing for the company.
| wpietri wrote:
| If a company wants somebody to do a hardware audit for
| marketing purposes, they should pay money for that. Please
| fairly value people's labor, especially when you seek to profit
| from it.
| cheschire wrote:
| Well, influencers are able to work out alternative means of
| compensation because the content is more valuable than the
| work performed. For example a blogger that is renowned for
| teardowns might do the work in exchange for access to early
| release models so that their content is highly relevant. That
| is worth more than the hourly cost to perform the teardown
| work. Compensation negotiation is part of the art of that
| deal.
| wpietri wrote:
| If an influencer is indeed able to monetize the content
| sufficient to match market price for the labor, then sure,
| that is also fairly valuing people's labor. But that's
| definitely not what's happening here.
| Jerrrrrrry wrote:
| right circumstances
| bigallen wrote:
| If someone wants to do the hardware audit for free, or in
| exchange for some kind of promotional exchange, is that a bad
| thing? I'd breakdown a lot of devices if I could get a
| duplicate one intact, for free
| wpietri wrote:
| This was a low-priced consumer good, so I don't think
| anything is stopping you from doing teardowns like this on
| your own.
| dylan604 wrote:
| They could just provided schematics, blueprints, parts
| explosion graphics, etc.
|
| I have been a fan of the Sony MDR-7502 headphones since Moses
| was in a basket. They provide an explosion of each of the parts
| and their numbers so that you can order replacements. Granted,
| these are "old skool" dumb wired headphones, so no software is
| needed, nor are chips necessary to look up and what not.
| spookie wrote:
| Same for the MDR-7506!
|
| Speaking of wireless, their battery problems over time have
| already bit me, will continue buying "dumb" ones in the
| future.
| justinclift wrote:
| Wouldn't it have been amazing if they'd taken that attitude
| with the PlayStation series? :)
| Retr0id wrote:
| Any company with sufficiently interesting hardware is welcome
| to send me a copy. Most hardware isn't very interesting though,
| so they'd likely have to pay me too.
| throwup238 wrote:
| iFixit offers their services to manufacturers:
| https://www.ifixit.com/solutions
|
| There are plenty of other consultants that do that too, but
| they don't have the same reach and brand recognition.
| augunrik wrote:
| I love when people do this! Now we only need alternative software
| and the hardware is finally purchasable!
|
| Would be cooler if the hardware was more OS before but I take
| what I can get...
| finaard wrote:
| This is pretty interesting to me for two reasons.
|
| First, I just came back from Germany where I've seen that thing
| in a shop. Didn't have much time to investigate due to the kids,
| but guessed that it's just NFC chips with data on the headphores.
|
| Second, I've been thinking about building a simple MP3-player for
| my kids for quite a while now, and (minus the obfuscation there)
| that's not far from what I've been thinking about doing.
| taldo wrote:
| There's also yotoplay.com, although that one does seem to
| require wi-fi and cloud thingies.
| dud3333 wrote:
| Google tonuino. There are readymade pcbs you can buy for it
| nuitgaspard wrote:
| There have been multiple devices. I have been looking into the
| jooki box as well, which is quite hackable, tonibox is nice
| hardware (with already good firmware replacement), yoto is
| weird.
| netsharc wrote:
| I was thinking of a steampunk music player using floppy disks:
| store a 32-bit (4 billion songs should be enough right?) ID
| onto a floppy, and have a player (it can be a Raspberry Pi with
| a USB floppy drive) read the ID, lookup the MP3 the ID
| corresponds to and play the MP3 from an attached storage
| device.
|
| Because floppies get bad sectors, the ID should be stored
| repeatedly on it, 4 bytes repeated to fill 1.38 MB should be
| redundant enough!
|
| I suppose without ID's, one can also store the artist name and
| song title, and do some text search to find the MP3. Or a
| YouTube video.
| finaard wrote:
| I was thinking child friendly, so using NFC tags isn't such a
| bad idea - plus I have a few hundred spare ones in nice
| plastic casings. I'd also just store IDs on them, and either
| have the media files preloaded (as seems to be the case
| here), or have it download it from my media server on first
| use.
|
| Other thing I want (which they don't do) is the ability of
| resuming playback at the same position, even when putting it
| into a different player - that's one reason I still have some
| audio cassettes for the kids. No other medium I'm aware of
| does that kind of easy state saving. My idea there is to have
| the tags locked in the player in a way that gives me enough
| time to write the position if the user tries to remove it.
| afandian wrote:
| I did this for my child and it worked well. Arduino
| compatible RFID module, ESP32 with and SD card and I2S. I
| ended up renaming the MP3s to match the card serial
| numbers, rather than program each one.
| Retr0id wrote:
| > We could brute force the 4 Bytes. Without any further
| assumption, this would be 255**4 possibilities, which is way to
| many.
|
| The author comes up with a much simpler attack in the end, but a
| 2^32 bruteforce would also have been perfectly doable, taking
| ~seconds with optimized code on modern hardware.
| consp wrote:
| While I agree, isn't figuring out what kind of obfuscation they
| used is part of the fun?
| nuitgaspard wrote:
| Agreed :) the problem is though, that you have to decrypt the
| whole file everytime and not just a few bytes, which makes this
| still a little bit longer. You get files, which identify as
| mp3, but are garbage, and have to check multiple frames.
|
| But agreed bruteforcing 2*32 key is possible. The "way to many"
| was: "Way to many " for my taste.
| Jerrrrrrry wrote:
| "ID3" should be the first few bytes.
|
| You could also put garbage data in nearly every frame and
| most modern codecs will fit it the best they can - for mp3
| anyway.
| nuitgaspard wrote:
| Jap...Checking for ID3 is not good enough in checking for
| correctly decrypted MP3. Brute Forcing with only small
| letters, you get approx 43k possibilities with "ID3" as the
| first 3 letters, that makes ~10% of all 26*4 possibilities.
| Jap, you only have to decrypt those 43k possibilities, but
| you have to look at the whole file.
|
| Even if you have garbage in the file, it is not the correct
| file, as the codec will ignore it, and the output is
| garbage.
|
| I haven't tried how many of these 43k actually work, or
| give you at least partialy good result.
___________________________________________________________________
(page generated 2024-10-04 23:01 UTC)