Posts Shame on IFit
Post
Cancel

Shame on IFit

Many IFit exercise equipment users have suddenly found themselves unable to use their equipment the way they expect and this post is a public service to help them take back control over their $2000-$4,000 investments. Before I go into the details on how to do this, I need to be clear about a few things.

The Preamble

  • I researched Treadmills extensively and chose a NordicTrack IFit based system with a beautiful 30” display given the understanding that I could use it for other things. I never would have purchased their equipment in the first place if not for the pre-existing work arounds to watch other things; I use mine for watching Udemy and Pluralsight. I don’t give 2-shits about running on the beach, they have zero “content” I care about and they never will!
  • With the above context, I have deployed many advanced reconnaissance and troubleshooting techniques, but for legal and ethical reasons I cannot divulge the vast majority of things I’ve learned. The only thing I am trying to accomplish is to give people back what is already their property and IFit randomly deciding to “force” everyone into non-privileged modes through mandatory updates & authorization codes is just wrong; that isn’t what their customers purchased!
  • I have an Android version 9 system (seemingly the more evasive models) and the below steps worked quite well, but does leave 1 periodic (non-intrusive) update error dialog you’ll have to hit close on.
  • I cannot say “all” of this will work on older models, but based on everything I know about their configuration, It honestly should…

The Process

The general plan is to perform a factory reset, enter privileged mode, perform a few system tweaks, configure some form of DNS filtering to block updates, connect the machine to the internet, and then manually install a newer version of the IFit workout app, but NOT the IFit manager app. You will have to geek out a little bit to follow this, but I will try to be concise and the type of router you have almost entirely determines the degree of difficulty. Basically, I can’t tell you exactly how to configure your router because they are all different, with that said you may want to skip to the DNS section below and start there. If your successful at that step, then everything else should be smooth sailing.

Step 1: Factory Reset

I am not well versed on all the various models of NordicTrack equipment and how to reset them, but I do know (from my research) that all the newer models have a pin hole somewhere around the main interface. To perform the factory reset, you first power off the machine, next put a paperclip in the pin-hole and finally you will hold that internal button down while the machine is then powered back on. You may need a 2nd person to help with this, but I found a small piece of masking tape over the location of the button and a broomstick works fairly well. You can stop holding the pin-hole button as soon as you see any non-IFit related screen, from there just wait until it is completely done and fully booted into the IFit app; typically this shows a screen with just a “Getting Started” button.

Note, you should “feel” the reset button being pressed, it requires some pressure, but not a lot; be careful not to damage anything.

Step 2: Enter Privileged Mode

I am sure NordicTrack will start shipping pre-locked down models any day now, but if you’ve owned yours since pre-October of 2021, then your system should boot up capable of entering privileged mode. To accomplish this, you will perform a special screen tapping sequence. Tap 10 times at any location and speed, wait at least 7 full seconds and then do another 10 screen taps at any location and speed. If you did it correctly, then you should see a message quickly flash at the bottom of the screen. If you didn’t get the message and your machine was never connected to the internet after the factory reset, then I can almost promise you the “wait 7 full seconds” step was not long enough.

Step 3: Android System Tweaks

This is where different versions of Android could become a problem. Since I cannot speak to anything except android 9, you may have to do some additional research to find comparable settings on older models. Note that anywhere the term “ERU” is used below, this is referring to the IFit Management App and is 100% responsible for causing all of these issues. The IFit app itself does not handle the “special tap sequencing” or the new “PIN Code” lockout. The one thing the IFit app does participate in is the updates, but by the end of this entire process it won’t be able to force updates anyway.

  • Go into the Android “Settings”
  • Go into the “Apps & Notifications” section.
  • Go into the “Special App Access” section.
  • Go into the “Modify system setting” section.
  • Find and turn off this privilege for the ERU
  • Go back to “Special App Access” section
  • Go into the “Display over other apps” section
  • Find and turn off this privilege for the ERU

Step 4: DNS Block the Update Servers

For this step, you will head over to a desktop computer connected to the same internet the exercise equipment will be using. If you are a non-technical person, then this is probably going to be painful; maybe you could screen share with a geeky friend? If you don’t have a geeky friend, then you should really start diversifying your life, but if you want it bad enough the information is here and I think “you can do it” if you really put the effort in.

First, you need some way to block URL’s. The majority of home routers have some form of “content filter” built into them, however they are not all equal. So, even if you find the correct section in your router configuration and do everything right, there still is no guarantee it will work. Unfortunately, these manifest differently by vendor and even by the same vendors different models. With that said, I literally cannot tell you “how” to do this, but I can point you in the right direction. Basically, you need to login to your router and start looking for “content”, “url” or “domain” filtering or blocking options; these are often in an “advanced” or “parental” sections. When you find those, you need to create rules for each of these IFit app update distribution servers:

  • ifit-wolf.s3.amazonaws.com
  • ifit-wolf.s3-cdn.ifit.com

Tip: the vast majority of routers are accessed with a web browsers by entering 192.168.0.1 into the URL location. If that doesn’t work, then google “how to find my default gateway” and that should get you the required magic number. Accessing these will often throw a security warning, but there is always some form of an “advanced” button that will let you ignore and continue. You can also expect to need a login name and password. If they aren’t printed on your equipment, then google for “Default login” with your device manufacturer and model number. Finally, router settings are not something you should just “change to see what happens”, they can have very difficult to repair consequences, so don’t play with things I didn’t actually mention.

Monologue for Advanced Users

It is possible to take just about any old PC or even a Raspberry Pi, install a Linux distro (like Ubuntu) and turn the WiFi card into a hotspot. Any newer version of Linux should be able to block the 2 update servers using the commands below. However, you should also install netfilter-persistent to make sure they are always active. IE, you can’t give the NordicTrack equipment any opportunities or you’ll be starting over again.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
iptables --append OUTPUT \
		 --protocol udp \
		 --dport 53 \
		 --match string 
		 --hex-string "|09|ifit-wolf|02|s3|09|amazonaws|03|com|" \
		 --algo bm \
		 --jump DROP

iptables --append OUTPUT \
		 --protocol udp \
		 --dport 53 \
		 --match string 
		 --hex-string "|09|ifit-wolf|06|s3-cdn|04|ifit|03|com|" \
		 --algo bm \
		 --jump DROP

Monologue for All Users:

If you “think” that you’ve now blocked those 2 domains, next you need to test it. The best way to do that is with a “ping” command. The following instructions are for Windows 10, but on a MacOS I would just use spotlight and start typing “terminal” to get there.

  • Left click the Windows icon
  • Type “CMD” without the quotes
  • Hit the “Enter” key

In that black (sometimes blue) screened program, you will type ping ifit-wolf.s3.amazonaws.com and hit the “enter” key. If it doesn’t really do anything for a quite a while and eventually returns an error message saying Please check the name and try again, then you know you’ve successfully blocked the update servers. If your getting a bunch of results with various numbers, then you need to keep trying to find a way to block those servers. Again, all hardware is different, the only version I can definitively say will work is the “Advanced Users” method that creates a dedicated Linux hotspot. However, the cost of replacing your router with a more feature rich one is probably going to be less expensive than creating a dedicated Linux box hotspot.

Step 5: Install Newer IFit App Manually

Assuming step 4 is doing its job, you can now connect the internet to your IFit without it doing anything that will kick you out of privileged access. Note that many users with newer equipment who have successfully blocked the IFit apps from updating are all complaining about stability issues. Apparently the stock app is a really garbage build and it did work for me, but was not enjoyable. This step does resolve all the obvious performance issues on newer models.

Now that the internet is connected, if/when it trys to update, it will error. Don’t worry about this and in fact close and (seriously) uninstall the IFit app. You can do this by following these steps:

  • Go into the Android “Settings”
  • Go into the “Apps & Notifications” section.
  • Go into the “IFit” app (not the ERU)
  • Touch on “Force Stop”
  • Touch on “Uninstall”

Next you will open the exercise machines stock web browser

  • Punch in this (new faster) link https://sundryfiles.com/54c4
  • Download the file. Note, SundryFiles is trying to confuse you. Its the “download button” right above the “agree” checkbox.
  • When this download is complete (90mb so give it some time) click the file in the download manager to start the install
  • You will be prompted to grant permissions to install a 3rd party app, mine has its own screen with a toggle button.
  • Once that is toggled on, click back and find the “Install” button
  • Open this new version of the IFit app and go through whatever process it wants to do.

Note: you can expect an error to occur while updating and it did seem very finicky when I first installed/setup the new app version. After you reboot the machine the vast majority of the weirdness will be gone. The only remaining “oddity” is a perfectly acceptable periodic “failed to update” error, just hit close and there are no real issues; machine works like it once did otherwise…

EDIT regarding the failed to update error

So, the error message that is popping up eventually seems to “stack” and cause the app switching to not work well at all until I reboot the machine. One work around for this is to install an app capable of creating its own swipes out with links to the other apps you care about. I am currently using Meteor Swipe and I tested this one because it works all the way down to Android 4.1. I really like this app and it has made any lingering issues with that error dialog stacking up negligible.

Short link if your typing it:

https://bit.ly/2YDy7pF

Actual link if you have this page pulled up on your equipment:

https://www.apkmirror.com/apk/francisco-barroso/meteor-swipe-edge-themes/meteor-swipe-edge-themes-1-9-release/meteor-swipe-sidebar-themes-1-9-android-apk-download/

The Finale

You’ll notice this doesn’t talk about “developer mode” or “Security PINs” at all. If you follow these steps, then you shouldn’t need them, but there is also nothing wrong about doing those things for additional precautions.

The overly aggressive effort to force every square into a round hole is absurd and not what I as a consumer ever wanted. So, I really hope this absolutely tanks their equipment sales and IFit is forced to do a 180° turn on this. To be clear, their equipment is great, it truly is… However, they are just selling an “experience” that many of us simply don’t want and “now” its the only option they want to allow. It really has zip to do with me wanting to “take money from the IFit subscription coffers”, its just that “escapism” is not a product I have any interest in using and if that was the only option their products offered, then I certainly never would of bought their equipment in the first place.

This post is licensed under CC BY 4.0 by the author.