Since Twitter/X threads aren’t necessarily going to be accessible to unauthenticated users, I decided to unroll this classic manually.

Original thread here All text except in Italics and caption text is from the original thread.

Teardown time. OKSO this is a home test for that pandemic thing that I don’t want to mention. It’s a Fancy one: No screen, only one button. It bluetooths to your phone.

Inside the box you’ve got the testing device itself. You put the sample on the left side, there’s a blinky light, and a button.

On the back we’ve got the name, a reference of I-SRS-C-01, and an FCC ID: 2AWR4ISRSC01

So open it up and we’ve got a plastic guide on top of a PCB, an anti-moisture tablet, and a button cell battery. Looking pretty similar to a pregnancy test at this point.

The plastic guide is a little more complicated, though. You’ve got the test strip and a plastic cover on top of it

Removing the test strip, you can see it’s more complicated underneath, too: There’s lenses!

a close-up on the lenses

And the PCB itself is also more complicated. We’ve got 2 or three LEDs, and 2 light sensors

The bottom of the PCB has some names. It’s the BT Analyzer PCB – Stanley v3.0, and M1000169 (nice) A lot of test points all over the bottom.

ELMBTC15 08011053 (Data Matrix code)

It’s hard to get a picture because it’s black on black, but there’s an antenna here

SO! the chip! It’s a Nordic Semiconductor nRF52810. it’s an ARM Cortex-M4 that runs at 64mhz. 192 kilobytes of flash storage, 24 kilobytes of RAM, and built in 2.4ghz transceiver. It’s designed for Bluetooth LE, but can do proprietary 2.4ghz protocols and ANT.

It runs at 1.6v to 3.6v and has a 12-bit ADC built in. The product brief lists “disposable medical sensors” as one of the suggested applications for it.

Digikey lists these as 3.85$ each, going as low as 1.925$ each if you buy in bulk (1000 of them).

So you might ask “BUT CAN IT RUN DOOM!?” well, it has enough CPU power, but that’s not enough RAM. You’d need to add more to get a Doom running on it.

but it’s got both SPI and I2C interfaces, plus Nordic’s own Programmable Peripheral Interconnect bus, so adding more RAM is definitely possible.

so the hardware is one way to look at this thing. The software is the other way. Given that it’s all SMART, it’s got an app. 2.2 stars with 425 reviews.

apparently a key part of the app is “watch a video”. I wonder if the video is in the app or they’re streaming it off a server?

It’s in the app.

It needs your patient details, but it looks like the only required one is your birthdate.

It then wants your home address, but only state+zip is required

then it wants to confirm how old you are. which is weird, because you told it your birthdate. but okay

I’m slightly tempted to rebuild the APK and swap out the mp4. You click the button to watch the video and it’s like “ok, follow these instructions carefully. WE’RE NO STRANGERS TO LOVE! YOU KNOW THE RULES AND SO DO I!”

While starting to look at the app, I discovered that f-sercure has already done some reverse engineering on it, and discovered how to hack it to return false positives. [Link: Faking a Positive COVID Test]

or false negatives, for that matter. And the reason this thing asks personal info is to send you an email with some kind of certification on it, so you can show it to your doctor or employer or whatever, to “prove” a negative or positive test result

and that’s why it’s risky for this thing to be hackable: you could fake a positive test and get out of work or school or jury duty, or fake a negative test and fly while infected.

the app has a lot of GIFs in the APK. I like how Nintendo Wii they feel

the privacy and terms and conditions in the app just open the browser, going to the following urls. Privacy: https://www.ellumecovidtest.com/privacy

and terms and conditions: https://ellumecovidtest.com/terms

the video is an 960×540 at 24 FPS H264

It’s 3:15 for the adult version, 3:33 for the child.

Never Gonna Give You Up is, of course, 3:32

I have made progress. hang on, gotta go grab my cam

ok so I did a little video showing off how this home c0v1d test works. it really surprised me! [video]

BTW it’s easy to say this is wasteful, and it probably is, but just like with the pregnancy test, you should consider that there’s three main problems that can affect the accuracy of lateral flow tests like this: 1. inconsistent lighting 2. incorrect timing 3. human error

having a 2$ computer chip and 50 cents worth of plastic & lenses removes all those sources of error. And making it bluetooth removes a source of e-waste! it means it doesn’t need to have a screen, it can just talk to your phone.

it also might make the chip smaller? since your phone could do the heavy-lifting of analyzing the result. But at this point the chips is probably plenty powerful on its own. That’s not waste, that’s just… our cheapest chips are amazingly powerful these days.

But yeah. If you’re comfortable with a paper test, prefer those for less waste. But this is still a useful thing to have, because it’s less error-prone and may be more accessible.

for example, consider that a bit more than 1 in 12 people have some kind of colorblindness. Having a computer say “POSITIVE” or “NEGATIVE” is going to be easier to see then the uncertainty of “is that stripe red? can I just not see it?”

and part of why it’s phone-connected is the certification thing. You can enter your medical information before doing the test, and you’ll get some kind of certified email with Official Results in it, which you can send on to your doctor and employer and such