TL;DR: Result

Backstory

Recently I have been gaining weight and blaming it all on the COV-19 (jira issue).
So I thought I have to manage my food intake and count calories therefore I did what I do best, procrastinate and try to do other stuff while still thinking about the task at hand.
All of this + Amazon and my interest in IoT somehow convinced me to buy Etekcity Smart Nutrition Food Calorie Kitchen Digital Scale.

Having hard time waking next day after late night impulse buying, I tried the device, played a bit with the (meh) app and realized that this is just an overpriced kitchen scale with app function whose sole reason is data mining. After installing in VeSync app and skipping as much of the registration as possible and playing enough with it, I decided to try and somehow gain control of the device without having to use the (meh) app.

Disclaimer

Before I go into technical details I would like to mention that I have never worked with BLE devices before. Being armed with 0 technical knowledge of Bluetooth Low energy I was (not) equipped with all the knowledge I need and (definitely not) ready to start hacking.

Step 1: Take it apart 🛠

Having dabbled in some other IoT devices (ESP) my first instinct was to disassemble the device and try to find how this thing worked. I was hoping I could find the microcontroller name and model or some debug ports exposed and labeled but I was disappointed to see this.

PCB was labeled here and there but it was not too helpful as they were just "component ids" to pick and place. The communications device had some information for me.

The communications module is for Bluetooth 4 which is something that I can start investigating.

Step 2: Maybe there's a lib for it? 🥺

Next step was to try to somehow find how to communicate to this and maybe someone else has already done some hacking 💔 on this but I was not able to find information for this device 💔 . The one of the projects that was relatable to this was oliexdev/openScale

oliexdev / openScale

Open-source weight and body metrics tracker, with support for Bluetooth scales

   openScale

Open-source weight and body metrics tracker, with support for Bluetooth scales

Install openScale-dev-build.apk to get the latest development build generated by GitHub Actions. Also be aware that this version may contain bugs and you don't get any automatic updates.

Summary 📋

Monitor and track your weight, BMI, body fat, body water, muscle and other body metrics in an open source app that:

• has an easy to use user interface with graphs,
• supports various Bluetooth scales,
• doesn't require you to create an account,
• can be configured to only show the metrics you care about, and
• respects your privacy and lets you decide what to do with your data.

Supported Bluetooth scales 🚀

openScale has built-in support for a number of Bluetooth (BLE or "smart") scales from many manufacturers, e.g. Beurer, Sanitas, Yunmai, Xiaomi, etc. (see model list below). Together with our users we constantly improve and extend the set of…

View on GitHub

But it was only targeted towards body weight scales 💔.

I was also able to find a github issue asking about this particular device and model and it was rejected for obvious reason 💔.

Add Support for the ETEKCITY Bluetooth Scale #509

Dipan61241828 posted on Oct 17, 2019

Hi it's great app. it works like a charm for almost all devices. Thanks for this great creation. recently i bought new weight measurement scale of ETEKCITY and it is not supported by this app.

https://www.etekcity.com/product/100334

here the debug log file attached with your debug app

openScale_2019-10-17_12-57.txt

More debug Log, openScale_2019-10-17_16-04_new.txt

Scale information

Let me know if the above is sufficient or should I need to give more.

Thank you.

View on GitHub

Step 3: Down the rabbit hole 🐰

I love JS and Node.JS and I felt confident (for some weird reason) in worst case scenario I could use some linux tools with child_process or even hack something in C to communicate using BLE (via USB). It was already getting late and I was getting delirious :D .

Now I'm here and I want to be able to at least get the measurements read. I quickly googled up a module for node which was a good start.

sudo apt-get install bluetooth bluez libbluetooth-dev libudev-dev

sudo yum install bluez bluez-libs bluez-libs-devel

sudo pkg install gmake

sudo kldunload ng_ubt

And starting hacking away and logging output. With some luck and more luck I was able to guess the correct service, characteristic and ended up with some notes where I could start looking at the protocol.

And around 4 am in the morning finished writing the README and finally tired enough to just go to bed and rest.

> Service: 00001910-0000-1000-8000-00805f9b34fb
>> Characteristic: 00002c10-0000-1000-8000-00805f9b34fb [READ]
>> Characteristic: 00002c11-0000-1000-8000-00805f9b34fb [WRITEWITHOUTRESPONSE, WRITE]
>> Characteristic: 00002c12-0000-1000-8000-00805f9b34fb [NOTIFY, INDICATE]
> Service: 0000180a-0000-1000-8000-00805f9b34fb
>> Characteristic: 00002a23-0000-1000-8000-00805f9b34fb [READ]
>> Characteristic: 00002a50-0000-1000-8000-00805f9b34fb [READ]
> Service: 00001800-0000-1000-8000-00805f9b34fb
>> Characteristic: 00002a00-0000-1000-8000-00805f9b34fb [READ]
>> Characteristic: 00002a01-0000-1000-8000-00805f9b34fb [READ]

Next steps

I would like to write (at least half-) decent library to listen and possibly control the big display with nutritional information from outside the app. For now I need an Android device to sniff the packets and analyze the result.

I actually do not know which device to choose so maybe one late night I will pick a random cheap Android phone and invest more in my procrastination or maybe someone will tell me in comments which one to go for ¯\_(ツ)_/¯ .

The end goal would (probably) be to have it integrate with homebridge or home-assistant and have it comfortably enable the nutritional value display based on voice commands.