Initially when this Hello Barbie was announced I was super eager to do a teardown and even try to do a reverse engineering attempt. However, the Somerset Recon team did a great job of this and I cannot even attempt to match it (I extracted the binary if anyone wants to bring me a decompiler and join in otherwise I need more time than I’m willing to put in at the moment). Instead I’m looking at how they deal with manufacturing issues and basic interfacing here. I initially did this back in December so at this point this is more to make sure my thoughts get collected than anything else. Let’s dive in.
WARNING: There are weird, art school-ish photos of a dissection of Barbie even before we get to the electronics.
These IoT buddies are effectively wearables for kids. Kids don’t have the developed sense of boundaries that adults develop through years of trial and error. Furthermore, given how friendships develop in this day and age, it can be difficult to discern between superficial and deep friendship but that’s a topic for another blog post on another blog.
For a sample click here.
The questions Barbie/Toy Talk ask are meant to produce marketing demographic info so Barbie can become a better friend to you. She misses you. She asks about your day. She asks about your siblings and tells you its ok if you don’t have any. She doesn’t care if you swear at her, she remains sweet. However, she doesn’t listen to your protests about the games she suggestion you play or if you don’t wanna talk. I mean why else would you press her belt buckle/extreme belly button?
You get a sense that she’s more of a talking figurine by the lack of moving legs. Her belt controls here power, recharge, and acceptance of your answers. You are expected to talk to her boobs and she talks from her rib cage.
Her clothes aren’t really removable except insomuch as to allow you to reset her. Her pants are cheaply glued to her. Once removed you see how to proceed.
Battery is in her leg and clearly connected on the vertical JST.
The other JST connectors are:
- Right grey is the mic
- left yellow is the speaker.
They are not very sturdy for teardown.
There is a clear plastic used over the front and back of PCB in a multi-function capacity:
- Protect wires from getting in the way of the button function on the back during function and assembly.
- Provide mechanical support when the front “Talking” belt buckle is pressed in the event of misalignment, etc…
- It’s all cheaply taped together which means it’s easy non-skilled “quick” labor station in the assembly process.
Since the Somerset teardown the links to these chips have gone away… even finding them via the way back machine was painful.
The btle/wifi chipset is a pre-certified module called Asurewave, model QW-CU300 (https://fccid.io/TLZ-CU300 closest sheet is electric IMP https://www.electricimp.com/docs/attachments/hardware/datasheets/AW-CU300E_datasheet_V0.2_3.pdf) which is mainly comprised of a Marvell chip 88MW300.
Anyway, most of the firmware was disassembled but covered by Somerset so I’m skipping that. However, many of the certificates were clearly readable.
When I have more time I’ll be teardown the Barbie Digital Dress. Yes, it’s kinda fun to play with.