This is a story we've heard many times before. If you want to retrieve data from the Domyos EL500 elliptical trainer, you will need to use a proprietary smartphone application that communicates with the device via Bluetooth Low-Energy (BLE). Even worse, the only way the software exports workout information is by creating a JPG image of the graph. This alone is not enough, so [Juan Carlos Jiménez] More extensive articles addedis a great introduction to practical BLE hacking.
He describes BLE GATT (Generic Attribute Profile), the most common way such devices work, the different stages of the connection process, and the tools that can be used to intercept active connections.after that [Juan] Now I'll show you some captured messages, show you how to identify the packet type, and move on to the juiciest part: making the connection man-in-the-middle (MITM) using ESP32.
MITM consists of two parts. Python script Talk to Domyos EL500, ESP32 This disguises the EL500 as a smartphone app and connects it with a serial link. You can capture every message the app and your trainer exchange, make changes in real time to see reactions, and find out how to extract all the data you dream of. This is enough to conquer the next frontier: creating a third-party app to capture your workout data. this experiment To conclude.
BLE is ubiquitous and is used in what seems to be every IoT device under the sun. So it's even better that we have more tutorials on how to turn BLE into your will. Tools are also easy to find. You can use an ESP32, Raspberry Pi, or nRF dongle. You can get pretty far with something as rare as an Android device. No matter what approach you take, the journey will be rewarding.
