I was gonna go to the hackspace and finish my hat, then bodies happened.

Instead, I'm doing some light Sunday reading.

I have a pair of chinese rave glasses that can display scrolling text, bitmaps, or animations. They also make you look way too cool for school.

They speak Bluetooth to a shady APK, I've put it on a disconnected phone and I'm reverse engineering the protocol. queer.af/media/kPpwoBGP0l_uV41

The protocol looks simple enough; it exposes a GATT service:

/org/bluez/hci0/dev_FF_FF_2A_00_52_DF/service0001/char0002/desc0004

char0002 has flags: read, write-without-response and notify, the device has no manufacturer info, and all the UUIDs are generic

Here's the catch: the GATT collection only includes a single descriptor (0004), and it's not writable.

Wireshark shows that the app, when you toggle them off and on, sends a GATT Command write (0x52) to handle 0x0003, with value: 01 00 02 06 09 02 05 03.

I'm not sure how to coerce BlueZ to let me do this.

Sign in to participate in the conversation
queer.af

queer.af, your cosy queer space queer.af is a mastodon instance for those who are queer or queer-adjacent who would like a more pleasant social media experience.