Ideas regarding reverse engineering the WHOOP:

[eliaspfeffer]

Okay so what I have come up with is the following: read out the data of the sensors directly (needs physical manipulation), read out the raw data from the sensors to jump over the part where the sensor data probably gets encrypted. Then get the raw data that got sent to whoop and the results where you need the subscription for. Then let some datascience algorithms figure out the combination of the raw sensor data results, how to combine those together, to achieve the same results regarding the interpretation of the raw sensor data.

[bWanShiTong]

First thing is sort of problem device is very small and hard to wear if opened and tinkered, but I will try to do it.

Data doesn't get encrypted between device and app, this is actually big problem, because you are able to use device and read data from anyone near.

On data readings I am able to read heart rate and rr, for all times, I am currently unable to find out how to read temperature and blood oxygen, I think that temperature is constantly measured, but not shown, but blood oxygen is measured when device detects sleep.

[kristianschneider]

One thing I tried looking into was to disassemble the APK with JDAX With that you are able some degree find fun stuff. I was not able though to find a smoking gun

[bWanShiTong]

I also decompiled apk using jadx, it has few useful things, like they way app recognizes whoop device, I was able to find some code used to connect to device, but it's very slow/hard to read decompiled code, I also tried using android studios decompiler that gives about same results, but you can recompile it and run it.

On other note, I did find some useful data in databases when I pulled app directory from phone, but nothing huge