BrushOS is an exploration of a Philips Sonicare toothbrush and attempt at custom firmware with amazing and new features.
Status
Trying to dump firmware through SWD is currently failing on all available hardware.
Summary
Even though I started this myself, I quickly found out about another hacker starting research in May 2023: Cyrill Künzi: Hacking my “smart” toothbrush.
Luckily he didn’t crack the toothbrush side and I set out to solve that problem.
All my tries to guess to one-way function for generating the passwords failed. Depending on the care that the Philips engineers took, guessing this function could be almost impossible. But if you manage to solve this puzzle, feel free to hit me up with an E-mail.
Unfortunately this created some traction on Hacker News and Hackaday and Aaron Christophel did it in an afternoon while I was already working on it.
Update (August 16, 2023)
After publishing this article, I was pleasantly surprised to see it picked up by some big news sites such as Hacker News and Hackaday. The resulting discussions and comments proved to be both enlightening and entertaining. Thanks to everyone who dropped positive comments and messages! A special shoutout has to go to Aaron Christophel who got inspired by this post to:
Looking at Aaron’s research, he got lucky that his model of the toothbrush (Philips Sonicare 3100) had a different chip from ours and that wasn’t locked, so he could easily dump the flash.