Gadgetbridge support for Fossil Hybrid HR is WIP, there is no sleep tracking yet
About the device
The Fossil Hybrid HR is an ePaper Hybrid smartwatch with real hands on a round epaper display with over two weeks of battery.
Known firmware versions:
||Pre-installed, probably no real functionality except firmware update
||reporded as v3 via BLE protocol, but v5 on the watch. Setting alarms with Gadgetbrige is broken. Reject calls option is not available
- Firmware update needs Gadgetbridge 0.43.2 (not yet released, code is in master)
- Downgrades seem possible, going from DN18.104.22.168r.v9 back to DN22.214.171.124r.v4 was successful
Obtaining the neccessary secret key
Unfortunately the device is pretty locked down and it is neccessary to use the official app at least once. This is has two reasons:
- The device seems to come with a demo firmware that is not functional and needs to be updated once
- There is a secret per-device key that gets negotiated with the Fossil servers. This process seems to be cryptographically secure, unfortunately.
Method 1: The hard way using mitmproxy (sniffing decrypted https traffic)
To do it this way, you need the following
- A rooted Android device (if you can use a junk tablet which is not your phone)
- A PC running Linux on the same network
- mitmproxy and knowledge of using of how to use it.
The procedure is generally speaking (there should be detailed tutorials on using mitmproxy elsewhere)
- Run mitmproxy
- Convert the auto-generated certificate to your rooted android phone in the appropriate folder
- Setup iptables to forward traffic though mitmproxy
- Test if mitmproxy works (you should see decryted output when you use the browser and go so some https site)
Running the Fossil App with mitmproxy enabled
- Now when you register a new device you can inspect the traffic from/to Fossil servers in mitmproxy. Facebook is also fed with data. You cannot opt out, but you can block the traffic.
- Look for a PATCH request to the Fossil server ending with /secret-key (even if it has a 404 response)
- press enter on that request and loop at the JSON. There your will see a 256 byte key that is base64 encoded, it will look something like this:
- Do the following (insert your key)
echo "eriwogvjmerighDFGWERj45jdfgsd345FDGdfgdfgdf=" | base64 -d | hexdump -C
- Take the first 16 bytes of the output, in our example this is
7a b8 b0 a2 0b e3 99 ea e2 82 10 c5 19 61 11 8f, remove the spaces and prefix with 0x, igrore the second 16 bytes (second line), we don’t need it.
- This is your key you need for Gadgetbridge (here: 0x7ab8b0a20be399eae28210c51961118f)
**NOTE: You need to fininsh the firmware installation to the Watch, and then activate your watch, if the process is interrupted, you need to start over, and you will get a new key, the old one will be invalid, so keep you mitmproxy running till the watch is usable. **
Method 2: The easy way using a patched app which will reveal the key
There is a patched original app which will reveal the keys, the code Gadgetbridge developers did not test it, this is not a recommendation, but it might work for you:
- Uninstall the fossil app if you plan to use Gadgetbridge on the same device you obtained the key on, unpair the Watch from Android settings if it is paired
- Press the + button in Gadgetbridge, long press on the Found “Fossil” Watch, enter the secret key (make sure you have no line breaks or spaces in your input)
- Go back and tap on the Fossil watch in the list
- Should connect