Cookie Settings

We use third-party cookies in order to personalize your site experience. See our Privacy Policy.

← Back

Hacking an alarm clock

AI Disclosure · Human Written
By Tyler Britten Tech
loftie-clock

Disclaimer: This post is really just a high level overview of my adventure to modify a semi-obscure wellness product, if you are interested in the technical writeup and are looking to free your Loftie from its shackles you’ll have to wait a little longer, I’m still working through some things with the firmware.

The Problem

My Loftie alarm clock requires an internet connection for full functionality. A completely self-inflicted issue because I made the assumption the open source community would have already produced an awesome solution for unchaining my clock and allowing it to be utilised with HomeAssistant alas I had already purchased the clock before making that first cursory search on Github. So now I needed to figure it out.

A ray of hope

Imagine my relief when a little bit of digging beyond Page #1 of Google uncovered Ian Kilgore’s work on patching his Loftie’s firmware not solely for the reasons of home automation but because of the glaring security issues in the clocks firmware; I won’t talk too much on it as I’m not a security researcher and Ian took his write-up down in good faith when Loftie finally returned his emails disclosing the issues; spoiler alert: they didn’t fix them.

Ian’s work provided a great starting point, this is a gross oversimplification but effectively by modifying some values within the firmware and patching in new Server and Client cert files he was able to repoint his Loftie from their Amazon IoT infrastructure to a self-hosted MQTT broker integrated with Home Assistant to modify the alarms on the Loftie.

Loftie / Lofted

I know effectively nothing about embedded development/programming beyond flashing the FPGA & CPLD of Aladdin modschips for the OG Xbox so figuring out Ian’s tutorial took all of the brainpower I could muster so I did what any sane/lazy person would do: pulled the Loftie apart, fabbed up a wiring harness as per Ian’s spec and dumped the full firmware off the Loftie, wired up Ghidra MCP to Claude Code and let her rip…

The result; something I am calling ‘Lofted’ firmware, digging through both the debug logs of the Loftie Android App and the dumped ota0.bin file helped me to figure out the syntax for issuing various other commands to the clock not just alarms, so the ability to change the tones (which are contained locally on the device, huge win), volume, nightlight functionality etc.

The plan moving forward will be to support custom clock faces and other visuals.

The ownership conversation

I want to be clear, I love my Loftie; it’s a product I can confidently say has improved my quality of life. What I take issue with is how in this day and age even physical products are being twisted and contorted into PaaS. In the event Loftie shut down their infrastructure I am stuck with a dumb alarm clock; having to use the physical buttons to tediously set the alarm (what a loser amirite). I acknowledge the average consumer probably doesn’t want/need HA functionality on their alarm clock but for the price you pay for it they should at least give the user the freedom of choice, they’re making enough money.

Related posts