Operation: Crappy Sewing Machine commences

This weekend, I went to a bra-making workshop and won a sewing machine in a raffle. It isn’t really crappy, but I spent a couple of hours un-jamming it, so I’m bitter.

The interesting thing about this machine is that it has a built-in camera, so you can take photos and video of exactly what you’re sewing and see them on the app. You can also buy new stitches from your phone and transfer them to your machine, so I started getting curious: what protocol is my sewing machine using? Could I write my own client?

I took a look at the manual, but there was nothing more technical than how to install the app in there. I checked the website, no other documentation there. I debated contacting customer service, but if I liked talking to people I wouldn’t be a programmer, so I fired up Wireshark and took a look at the network. I’m not too proficient with Wireshark, though, so I couldn’t figure out how to make it capture anything useful.

After a couple hours of fighting with it, I gave in and emailed customer support. I figured maybe they’d just forward me to a developer who would be happy to tell me about their protocol. Nope:

As far as the communication from the sewing machine to the app goes, I don’t know all the nuts and bolts but I do know it is proprietary information and is one of the features that makes the Spiegel 60609 so unique!

Bleh.

I realized that it would probably be easier for me to decompile the app, rather than sniffing the network, so I downloaded the APK using a sketchy service (I’m not sure if this is the best one out there, but it’s the least-offensive one I found) and undexed it using dex2jar:

$ chmod +x *.sh
$ ./d2j-dex2jar.sh path/to/Spiegel\ Social\ Sewing\ App_v1.0.4_apkpure.com.apk
dex2jar ../sewing-machine/Spiegel Social Sewing App_v1.0.4_apkpure.com.apk -> ./Spiegel Social Sewing App_v1.0.4_apkpure.com-dex2jar.jar

I opened it up in Intellij and boom, source code. Unfortunately, Intellij’s built-in decompiler choked on the one most interesting class (com.spiegel.android.spiegel.app.ui.settings.SpiegelMachineFacadeImpl). I tried to debug why (it could open every other .class file), but realized it would probably be easier to try another decompiler. I fired up JD-Gui and out popped the source!

Screen Shot 2016-04-12 at 9.13.51 PM

Turned out my sewing machine is running a PHP server, which is easy enough to communicate with. I think there are ~20 of these machines in the wild, so this is unlikely to be of any use to anyone, ever, but I look forward to writing my own client.

Here’s a video from it of it jamming the first time I attempted to use it:

  • So, is it running linux, and can you compile xdebug.so for that cpu,? Because that might be a better Avenue of exploit.

  • kristina1

    I think for now the things I’d want to do (add stitches, take photos and video) are covered by the existing app, so I think reimplementing that is probably easier than figuring out how to cross compile for my sewing machine 🙂

    Although I did notice that there’s a firmware upgrade request…

kristina chodorow's blog