Reverse engineering the PixMob wristband protocol

The idea behind the PixMob wristband is simple – during a concert, organizers hand them out to the audience, and during the show infrared spotlights are used to transmit commands so that they all light up in sync. Sometimes attendees were allowed to take these wristbands home after the event, and a few hackers attempted to reuse them.

The protocol is proprietary, however, and we’ve yet to see anyone re-use these wristbands without tearing them or reflashing the microcontroller. [Dani Weidman] tells us, how with [Zach Resmer]they laid the groundwork for reverse-engineering the protocol of these wristbands.

Our pair of hackers started by getting a number of recordings from a helpful stranger online, and then replayed those IR recordings on their wristbands. Most of them caused no reaction – presumably being configuration packages, but three of them caused the wristbands to flash in different colors. They translated these recordings into binary packets, and Dani went through different possible combinations, tweaking bits here and there, transmitting the packets and seeing which were accepted as valid. In the end, they had about 100 valid packets and even figured out some protocol quirks like color animation bytes and motion-sensitivity mode enable packets.

The GitHub repository provides decent documentation and even a video, sample code you can run on an Arduino with an IR emitter, and even some packets you can send with a Pinball Zero. If you want to learn more about the internals of this device, check out the teardown we featured in 2019.

Comments are closed.