Hacking BLE to Liberate your Exercise Equipment eg for the Domyos EL500 elliptical trainer

Diagram representing how the Bluetooth protocol notifications communicate back and forth between an elliptical trainer and an Androi device with a RF connector.

It’s a story we’ve heard many times before: if you want to get your data from the Domyos EL500 elliptical trainer, you need to use a proprietary smartphone application that talks to the device over Bluetooth Low-Energy (BLE). To add insult to injury, the only way the software will export your workout information is by producing a JPG image of a graph. This just won’t do, so Juan Carlos JimĂ©nez gives us yet another extensive write-up, which provides an excellent introduction to practical BLE hacking.

Yes, the process may seem like a bit more effort, but it could have three major potential advantages:

  • If the supplier decides to no longer support the app or device, or goes out of business, this won’t affect the hack.
  • It looks like some additional data may even be able to be extracted.
  • Your data need not be captured and read by the app any longer, meaning increased privacy.

The project is not yet completed though, as it seems the data capture and analysis is still being worked on. Looks like a project well worth keeping an eye on.

The unpacking and analysis of how the BLE GATT comms works is also very interesting.

See https://hackaday.com/2024/01/04/hacking-ble-to-liberate-your-exercise-equipment/

Comments