'''Why?'''
Medtronic has been developing Continuous Glucose Monitor devices and Insulin Pumps for people with diabetes. The devices work with their respective applications which have not so great user experience and also lack some features. The apps are locked down, they use Google's Play Integrity checks to disallow rooted phones and also contain custom white & black lists for specific mobile phones and Android versions (possibly due to tests for medical reasons?). These make the product almost a pain to use, so that's why I started reversing the applications and the communication between the glucose sensor and the insulin pump (or mobile phone). They use BLE with their own crypto library called [https://github.com/palmarci/OpenGuardian4/blob/main/sake_whitepaper.pdf SAKE]. You have to perform a handshake to be able to do anything useful with the device, but the key comes from their servers, effectively enabling you to lose access to your device (which you very much depend on because of the disease). Currently the work is in its early stage, and sadly I had to get off of the project for a little while to focus on my studies, but I assure you, the development will continue :))
'''Current progress:'''
- Got sidetracked with the API because it's key to receiving FW update packages to disassemble
- This API knowledge enabled different open source projects which retrieves retrieve sensor data from the Medtronic cloud ([https://github.com/ondrej1024/carelink-python-client carelink-python-client], [https://github.com/benceszasz/xDripCareLinkFollower/ xDripCareLinkFollower])
'''Future work:'''