libfitbit compatible with "Fitbit One"?

[gyhor]

The Fitbit One uses bluetooth 4.0 for the communication. Is it enough to get bluetooth 4.0 working in linux for using the Fitbit One? Or does it use a completly different protocoll?

[qdot]

So I was curious about which radios are in the FB1. On their page, they show bluetooth to phones, "Wireless sync" to desktop. Is it possibly they're running two radios?

(Obviously since I'm asking this question, I don't have one :) )

[gyhor]

you get a bluetooth dongle for your computer. So i think the device has only a bluetooth connectivity.

[qdot]

Well crap. Good thing I know bluetooth now. :(

Will see about picking one up soon and starting work on this.,

On Wed, Nov 28, 2012 at 9:05 AM, gyhor notifications@github.com wrote:

you get a bluetooth dongle for your computer. So i think the device has only a bluetooth connectivity.

— Reply to this email directly or view it on GitHubhttps://github.com/openyou/libfitbit/issues/46#issuecomment-10810910.

[jonobacon]

Hey qdot,

I have a Fitbit One - is there anything I can do to capture bluetooth traffic to help you get a better understanding of how the device works. I did try to 'hcitool scan' for the device, but I didn't seething appear. I also scanned with blueman and see nothing.

I am not sure how to get more data that might be useful - I did post to http://askubuntu.com/questions/227393/how-to-get-data-from-a-bluetooth-device-that-is-not-visible to see if anyone can advise. Thanks!

[qdot]

Bluetooth doesn't work the same way as USB. Dumping logs might be a bit premature if the new fitbit conforms to HDP (health device profile) and we could discern things from the spec.

That said, reading and implementing yet another bluetooth spec is absolutely nowhere on my list of things I feel like doing with my spare time at the moment (I just finished helping implement bluetooth on FirefoxOS). If someone else wants to pick this up and run with it, be my guest.

[benallard]

So they stopped supporting the ANT protocol ?

Just out of curiosity, how do you reload the device then ?

[qdot]

Yeah, I think it's just bluetooth only now? Makes sense, cell phone manufacturers weren't really picking up ANT radios, which is what they're concerned with...

[n8willis]

Shouldn't be too hard to test if the device is using HDP; BlueZ supports the profile. There's a Python test tool called HDPy: http://gitorious.org/hdpy

[qdot]

Well if someone wants to dump the SDP records, we could just read the service UUIDs and go from there. I still don't have one. :)

[simcop2387]

It's possible that it's all over bluetooth, however the dongle that comes with the FB one reports itself as an HID device to the kernel. I haven't been able to contact it over bluetooth myself yet so I can't confirm anything of that nature yet.

[trtg]

If that's true, I have a hardware USB scanner I could use to sniff the traffic between the dongle and a windows machine.... it's just hard to justify getting another fitbit since I have the old ultra.

[n8willis]

Seems a little odd ... there is a HID-over-GATT (ie, LE) profile, but BlueZ only added support for it in 5.0 -- in Dec 2012. I'd think it might be a misidentification.

[simcop2387]

This is for the USB dongle itself, not the device over bluez (I haven't had any success at getting it to talk over bluetooth, it's apparently only supporting the iphone 5, and ipad 3 and the like that way at the moment).

Here's what it looks like in windows. I've attempted to get a sync captured with wireshark since I've got it working in an XP VM but I'm not sure I'm getting the proper data. Any advice on doing usb capture?

[theorbtwo]

The fitbit one itself may or may not be a bluetooth HID device, but the "bluetooth dongle" that comes with it doesn't show up over usb as being a bluetooth dongle at all -- rather, it shows as a hid device. I did, however, open up my dongle; it is a Texas Instruments cc2540 (http://www.ti.com/product/cc2540) plus a very little bit of supporting electronics. lsusb -vvv output for the dongle is at http://pastie.org/5713106

[qdot]

Huh. Was just talking to someone about that a couple of days ago, wondering if they'd gone with a dual band chip. Guess they did. Wonder why they're keeping ANT on as well as bluetooth le though.

So, ok, there's a chance the ANT stuff (and therefore libfitbit in its current state) /could/ still work on desktop, though I'm betting some of the initialization stuff has changed.

[tornewuff]

It's possible (likely?) that the HID device is how the bluetooth dongle shows up by default. Lots of generic bluetooth dongles appear as two HID devices to do dumb keyboard and mouse emulation for non-bluetooth-aware OSes (and BIOSes and the like), and rely on being kicked in a certain special way to disable the HID interfaces and enable the HCI interface: see the manpages for hid2hci and similar tools.

[scotte]

I hope I'm wrong, but I suspect that all fitbits now are using BT and ANT has been deprecated. I just bought a "zip", and have been unable to get libfitbit to work. The USB device is 2687:fb01 just like the "one". See dmesg and lsusb output here if it helps: https://gist.github.com/4565123

[n8willis]

It's possible that the ANT chip is there so that one adapter can still sync multiple generations of tracker, even if the newer model trackers are BT only.

[iluetkeb]

I just did a capture of the USB data that was sent during the registration and synchronization process between the Fitbut USB dongle and a Fitbit One. Anybody interested in having a look at it?

[benallard]

Sure,

Would you mind putting it on a pastebin somewhere ?

On 19 jan. 2013, at 13:50, Ingo Lütkebohle notifications@github.com wrote:

I just did a capture of the USB data that was sent during the registration and synchronization process between the Fitbut USB dongle and a Fitbit One. Anybody interested in having a look at it?

— Reply to this email directly or view it on GitHub.

[iluetkeb]

Okay. The setup is here http://pastebin.com/xVNFJuRn and the sync is http://pastebin.com/KZS2inpq

[ghost]

If anyone gets the Fitbit Zip working with Libfitbit let me know :) :+1:

[kelnos]

I just gave hid2hci a try (using each of the 3 supported methods) and it failed each time. It shows up as 2 different hidraw devices, tried on both. Also tried on (what I assume is) the root device "hiddev0", but that didn't do anything either.

[thre3eye]

Hey, this ain't about connectivity but since many crafty folks are playing with the Fitbit One here I thought I might ask... I picked up a used One and it doesn't have the charger. Can I just charge it with 5V on the electrodes? Does anyone have a volt meter and charging cable and could quickly measure if it just passes through the USB 5V? Thanks!

[simcop2387]

I'll check when I get home but that's what I'd assume. I'll get you the polarity too.

On Thu, Mar 28, 2013 at 12:26 PM, enalposi notifications@github.com wrote:

Hey, this ain't about connectivity but since many crafty folks are playing with the Fitbit One here I thought I might ask... I picked up a used One and it doesn't have the charger. Can I just charge it with 5V on the electrodes? Does anyone have a volt meter and charging cable and could quickly measure if it just passes through the USB 5V? Thanks!

— Reply to this email directly or view it on GitHubhttps://github.com/openyou/libfitbit/issues/46#issuecomment-15609192 .

[thre3eye]

@simcop2387 Thanks man, you rock.

[simcop2387]

5V directly, negative on the left side of the device looking from the back. So hold the device with the screen facing away from you and the pads down then the negative pole is on the left.

On 03/28/2013 02:05 PM, enalposi wrote:

@simcop2387 https://github.com/simcop2387 Thanks man, you rock.

— Reply to this email directly or view it on GitHub https://github.com/openyou/libfitbit/issues/46#issuecomment-15614503.

[thre3eye]

@simcop2387 Thank you very much! I still have to concoct a holder to maintain the contact for a while but it definitely didn't fry the device after an initial 30 sec test :-)

[thre3eye]

Ok, this actually worked and its charged now - see pic :) The One is also recognized by my PC and connecting on Bluetooth without any fuss and shows in Device Manager (Windows 8 here...). But the rotten FitBit app seems to demand the FitBit dongle and refuses to pair.

[Hofi2010]

If the FB1 has a TI cc2540 radio/processor than this is a Bluetooth Low Energy setup, which makes sense. So you cannot directly connect from your PC to this type of connection you need a dongle which comes with the FB1 as described above. If you have an iPhone 4S or later you can download the TI SensorTag App from iTunes and should be able to connect with the FB1. You can download the complete source code of this App from the TI website, just search in google for "TI SensorTag". I also wrote an iPhone app connecting this processor and accelerometer https://itunes.apple.com/us/app/weight-training-genie/id650541393?mt=8, this app is designed for weight training and I would be interested to also utilize the FB1 as it is much nicer than the SensorTag which is a prototyping platform. It should already connect to the sensortag. The ANT connection will no longer work with the FB1, this is a completely different technology. On the other hand the iPhone radio would probably be able to from a frequency perspective they all use 2.4 GHz, but you would need to alter the bluetooth stack and the BTServer. You cannot not do this easily even on a jailbroken iPhone. Interestingly the current bluetooth stack on the iPhone has some special code in for the Nike+ sensor that makes the proprietary Nike+ protocol based on NRF24L01 (so not bluetooth in anyway) available as a bluetooth device in iOS, so it should be possible to do the same with ANT.But for FB1 don;t waste your time it will not work with ANT.

[RAndrewThomas]

I've done some analysis using my Flex and have figured out how to get a "megadump" (Fitbit's word) from the tracker. I should be able to upload the server data (reset counters) to the tracker too, but I'm afraid I'll brick my tracker if I screw it up! My Python code is too ugly right now to share or integrate with libfitbit, but here's my preliminary writeup (PDF):

https://docs.google.com/file/d/0BwJmJQV9_KRccWlRZ0tibHc1cFk/edit?usp=sharing

[benallard]

Well done !

What library do you use to connect to the dongle ? just open /dev/usb/hiddev like regular files, or do you use something else ?

[benallard]

got it, pyusb ... I'm trying to get it run on a mac based on your document, and now I'm getting: usb.core.USBError: [Errno 13] Access denied (insufficient permissions) ...

Let's see further ...

[RAndrewThomas]

Yes, pyusb and I've just been running as root. For linux, I made a udev rule for Flex dongle VID:PID, but haven't actually tested it yet! I ought get on that. I've got another person looking at it too, a guy who's not having to teach himself Python along the way!

[RAndrewThomas]

Also, in the document there are a couple of places where I think I've confused responses/handshakes between the control and data interfaces. Should be easy to spot.

I do have a question: do the example data dumps (at the end of my doc) look anything like the older Fitbit data? I've been assuming it is a different format for the new ones because I couldn't see any correlation to the older tracker data as described in the libfitbit docs.

[RAndrewThomas]

A few updates to the document: https://docs.google.com/file/d/0BwJmJQV9_KRcSE0ySGxkbG1PbVE/edit?usp=sharing

Also my crappy, not-quite-working pyusb code (doesn't get expected handshake on "Enable TX pipe" and times out on "Init airlink" handshake)... warning, ugly, ugly code ahead:

http://pastebin.com/rk9HMK5N

[RAndrewThomas]

BTW, I'm starting to conclude that the data encryption is non-trivial. I think the last 4 bytes of the dump header may be a crypto key of some sort, but I doubt it stands alone. It's probably more of a public key - perhaps a lookup of sorts for a corresponding private key that only the servers and trackers know.

Edit: For background that I've mentioned elsewhere but probably should be here too... I interrupted a "megadump" by closing the tracker in a metal box (think Altoids tin). After verifying that the transfer was aborted, I exposed the tracker and let the base retry and make a successful dump. All this occurred while using WireShark to capture the USB traffic and using maximal logging in FitbitConnect. On inspection, the data were completely different between the two dumps. Also those last four bytes of the dump header were different.

I did try several variations of using the 4 byte "crypto" key as an XOR key (simple encryption) to no avail. That put me near my limit of crypto knowledge. It was observed by others that a solitary, 4 byte key is not strong encryption, which leads me to believe that it's probably a public or shared key that both the trackers and the servers use to access their private encryption method. Fitbit got some flack for their previously unencrypted data and server auth methods being vulnerable to tampering, etc ( http://www.ieee-security.org/TC/SP2013/posters/Mahmudur_Rahman.pdf ) so I guess they responded by encrypting the data on their newer trackers.

[mithro]

It is likely that the encryption method is the same for the new and old fitbit. Do we have any data on the old one?

On 30 August 2013 05:39, sansneural notifications@github.com wrote:

BTW, I'm starting to conclude that the data encryption is non-trivial. I think the last 4 bytes of the dump header may be a crypto key of some sort, but I doubt it stands alone. It's probably more of a public key - perhaps a lookup of sorts for a corresponding private key that only the servers and trackers know.

— Reply to this email directly or view it on GitHubhttps://github.com/openyou/libfitbit/issues/46#issuecomment-23517605 .

[qdot]

There was no encryption on the old fitbit.

[pc-coholic]

I guess, this is no longer necessary, but here is also a(nother) annoted dump I created a while ago... https://github.com/pc-coholic/galileo

[avross]

It's wonderful to see that a lot of other people are interested in getting data from FitBit.

I'm struggling with getting raw data (steps, time intervals, etc.) from my FitBit One that I bought last month. I would like to download the raw data to .csv file so that I can import it to mathematics software for analysis. I have acquired quite a few libraries in Ubuntu for 'hacking' the fitbit one and raw data import. However, I've still been stuck going from downloaded packages to writing/using something that extracts the data to a .csv (or a file type like it) for data analysis.

I was wondering if anyone could give me any type of help in terms of extracting data from a fitbit, if they have an experiences or knowledge of doing this. I'm still really struggling to get this working. I am extremely new at this but I would really like to work through and getting this going so I can begin coding for my mathematics software. I would appreciate any help at all. Thank you.

[maks]

@avross I'm not sure which libraries you have, but afaik no one has reverse engineered anything at all about how the data is stored or even transmitted by the Fitbit One or any other of the BTLE based fitbits (ZIp, Flex, etc), though there was at one point a somewhat cryptic post by a person on the Fitbit-API google group claiming he'd done some initial work on that.

I'm pretty sure that even with libfitbit working with the the older ANT based fitbits, the data was merely uploaded to the Fitbit webservices as is and was not being interpreted/decoded in any way by libfitibit, though @qdot would be able to confirm or refute that.

[qdot]

Actually, I did start parsing the data. I got per minute steps and... I think it was action points or something. Really weird format, like a timestamp then every reading after the timestamp was 1 minute until the next timestamp which meant there was a gap.

There was LOTS of other data I didn't decypher.

Not sure I ever published any of this though. Kinda lost interest and forgot. >.>

Anyways, yeah, if someone does know if another library that does fitbit one downloading and decyphering, definitely lemme know, I'll be happy to add it to documentation here or whatever.

[maks]

@qdot hey thats great! - I didn't realise you had started on that. If you do get a chance, if you could even dump any notes you have into a txt file in the repo here, it would be very helpful and might be a good starting point on figuring out the dumps from the One that others have already done.

[benallard]

I went pretty far in the decoding of the data and the exploration of the protocol. However, at some points, I lost my tracker, and, obviously, at the same time the interest.

This was for the other Fitbit though, the one communicating via ANT. My findings are here:

https://github.com/benallard/libfitbit/blob/master/doc/fitbit_data.rst

Writing a library for the HID (BTLE) one is on my list though, I experimented with go an the preliminary results some other guy posted a few month ago, but as I'm on a Mac, the software from Fitbit is just working fine, which is not helping me finding time and motivation to write my own library.

On 14 Oct 2013, at 02:22, Maksim Lin notifications@github.com wrote:

@qdot hey thats great! - I didn't realise you had started on that. If you do get a chance, if you could even dump any notes you have into a txt file in the repo here, it would be very helpful and might be a good starting point on figuring out the dumps from the One that others have already done.

— Reply to this email directly or view it on GitHub.

[RAndrewThomas]

@maks

As mentioned above, the data dump from the One, Flex and Zip (and presumably the brand new Force) is encrypted. I don't think anyone has or will be able to make any headway in understanding the data format unless the encryption is broken. I have left the Fitbit Connect logging set to "logTrackerCommandBytes = True" which logs all of the dump data on every transaction. The idea was to capture data when the 4 "key" bytes in the dump header repeat and see if a pattern emerges in the data. So far I've captured two cases where the same key was used (4 data sets) and I can't see any patterns. Still gathering data, though.

Hope that makes sense... I haven't had my coffee yet.

[emnullfuenf]

Any hint how to dump the Fitbit data on OS X? I tested USB Prober and usbtracer but i don't get the data.

[RAndrewThomas]

@emnullfuenf

Assuming the FitConnect app for Mac is from common, cross-platform source, then it should work the same as for Windows. In that case there should exist a configuration file "fitbit_connect_config.xml" to which you can add the following lines:

logEnabled = True logTrackerCommandBytes = True

Then it should put every USB IO byte (along with other handy info) in a dated log file that rotates. Where those files would live on a Mac I do not know.

[emnullfuenf]

Thanks for the hint. On OS X it works this way:

1. Edit /Library/LaunchDaemons/com.fitbit.galileod.plist: Change /usr/local/bin/galileod

   to

   /usr/local/bin/galileod -e

and

Debug

1. Kill galileod process in Activity Manager (it will restart itself)
2. Open the log at /private/var/run/com.fitbit.galileod.log

[emnullfuenf]

There are some interesting plain text regions in /usr/local/bin/galileod like

/Users/kukeev/HG_Galileo/common/TrackerSession/TrackerUpdateTransaction.cpp ... Firmware download complete ... N17TrackerSessionLib24TrackerUpdateTransactionE ... ZNK17TrackerSessionLib11SLIPEncoder3crcEv ZN17TrackerSessionLib11SLIPEncoder10nextPacketEm__ZNK17TrackerSessionLib11SLIPEncoder14remainingBytesEv

Maybe there's a hint.