ReSparker is currently a collection of information around the grinding rings for the Sparx skate sharpening machine. With this information, the right hardware and some technical know-how can grinding rings, which have been disabled by the Sparx skate sharpener after 320 grinding cycles, be reset and activated again. In the long run I would like to add an iOS and Android app to automate the process, but this is for another day.
At the 10th March 2025 I received an eamil by GitHub informing me they received a DMCA takedown notice from Velasa Sports Inc., the company behind the Sparx sharpener. To show good will and reduce the financial risk I decided to delete the ReSparker repository from GitHub.
At the 12th March 2025 I submitted a DMCA counter notice to GitHub.
At the 28th April 2025 GitHub notified Velasa Sports Inc. of my DMCA counter notice.
At the 14th May 2025 GitHub notified me that Velasa Sports Inc. has not filed an action to defend their DMCA takedown notice. Therefore I restored the ReSparker repository again.
All the details can be found in te dmca folder or here: https://github.com/MarkusBernhardt/ReSparker/tree/main/dmca
My main goal of this project is the protection of the interests, rights and freedoms of the owners of a Sparx skate sharpener machine.
I can fully understand the interest of a company to protect its intellectual property, copyrights, patents, whatsoever, and the need to give the user guidance on the lifetime of the grinding rings. But I also think this is not a one way street. The interests and rights of a company end where the interests and rights of their customers start. Where that exact border is, must be defined by the society through the lawmaker and not by companies or customers.
That said. Yes, i am „messing into chip and cycle setup made by Sparx“. But the relevant question for me is, whether this setup by Sparx is lawful. And there I strongly believe this is currently only tolerated (meaning it would be even lawful to reverse engineer the firmware) and will be unlawful from mid 2026 on in the EU.
Car manufacturers had to learn that. They wanted to decide, who is allowed to repair a car, who is allowed to produce parts, who is allowed to sell parts, who has access to the management software, and so on.
Telephone companies had to learn that. When I was young it was an indictable offense to connect a computer modem to a telephone line.
Printer manufacturers had to learn that. They wanted to control, who is allowed to refill consumables, produce generic consumables, and so on.
Sparx also needs to learn that disabling a ring by the skate sharpener machine is a no go. There are a lot more ways to ensure the quality of the grinding. Simply display a big, fat, scary warning. This is also how your car or your printer are doing it. They still work, when you miss the oil change interval of your car or use non-genuine printer ink. They only displays a warning and store that somewhere in the system, so you cannot sue them, when your engine or print head explodes.
Most of the data written on a grinding ring is decoded by now.
By now there are two problems left:
- The Sparx skate sharpener calculates from the first 4 bytes of the NFC UID on the grinding rings a password. Without this password only the first 9 (or 11) records of the grinding rings can be accessed. On the grinding ring is an additional copy of the relevant data stored in later records and when the Sparx skate sharpener detects a difference between both copies it erases the ring. So we cannot simply change the data in the unprotected records. I was not able so far to determine the algorithm how the sharpener calculates the password. Luckily there is a way to read the password from the sharpener itself, but this can at the moment only be done with a Flipper Zero. I tried to port the method to iOS and Android, but both systems block some required NFC commands.
- The Sparx skate sharpener itself stores a copy of the data from the last ?? rings. When the machine detects a difference between the ring and the stored data it again erases the ring. The machine identifies the ring by the Sparx serial of the ring. So, when you want to use a modified ring in the same machine, as it was used before, then you also must change the Sparx serial. But there is also a checksum in there that I do not know how to calculate right now. At the moment I simply overwrite the Sparx serial with the serial of another ring from a friend.
This is, how far we understand the layout by now: Data Layout
Current rings are locked with a password. For old rings is this step not required.
There might be multiple ways to read the password, but this is how I do it:
- Get a Flipper Zero
- Remove any ring from the Sparx sharpener machine
- Close the Sparx sharpener machine and switch it on
- On the Flipper Zero go to NFC -> Read
- Read the ring you want to unlock
- Press More -> Unlock -> Unlock With Reader
- Press the Flipper Zero at the glass of the Sparx machine, where the NFC ring is.
- Wait for the Flipper Zero to catch the password
- Write it down
- Get a Proxmark 3 Easy
- Mount the ring to unlock into the Sparx sharpener machine
- Keep the Sparx sharpener machine open
- Put a magnet on the left side of the machine. Look where the factory mounted little magnet is screwed to the left side of the base. Put your magnet at the same spot on the opened upper section.
- Activate sniffing on the Proxmark 3
pm3 --> hf 14a sniff
- Push the hf antenna of the Proxmark 3 directly on the black NFC reading ring of the Sparx sharpener machine
- Switch the Sparx sharpener machine on and wait until the ring is recognized. The orange LED on the Proxmark 3 should be on/flickering during this time
- Click the button on the Proxmark 3 to stop sniffing
- Show the sniffed data
pm3 --> hf 14a list
- Search for the password in the data
51639632 | 51647792 | Rdr |1B F8 91 38 6C A4 63 | ok | PWD-AUTH: 0xF891386C
For all this I am using a Proxmark3 V3 Easy NFC kit.
Check that everything works with a simple dump. Rings that require a password will only show the first records. Old rings all 45 rows.
pm3 --> hf mfu dump
If a password is needed, get it with a Flipper Zero and add it.
pm3 --> hf mfu dump -k DEADBEEF
Reset the counter to 320 cycles.
pm3 --> hf mfu wrbl -k DEADBEEF -b 06 -d 40014001
pm3 --> hf mfu wrbl -k DEADBEEF -b 10 -d 40014001
On my ES200 machine there is a maximum count of 4,095 cycles. If you feel adventurous you can try the following and never need to reset the counter again.
pm3 --> hf mfu wrbl -k DEADBEEF -b 06 -d FF0FFF0F
pm3 --> hf mfu wrbl -k DEADBEEF -b 10 -d FF0FFF0F
If there is any data in rows 16 to 33 (not 00000000), clean it.
pm3 --> hf mfu wrbl -k DEADBEEF -b 16 -d 00000000
pm3 --> hf mfu wrbl -k DEADBEEF -b 17 -d 00000000
...
pm3 --> hf mfu wrbl -k DEADBEEF -b 33 -d 00000000
This is needed, when changing a ring that should be used in the same Sparx machine again. The serial is stored in the first two bytes of record 7 and all bytes of record 8. The copy of the serial is stored in the first two bytes of record 11 and all bytes of record 12. Records 8 and 12 can be simply overwritten. Rows 7 and 11 must be read, the first 2 bytes changed and written back.
pm3 --> hf mfu rdbl -k DEADBEEF -b 7
pm3 --> hf mfu rdbl -k DEADBEEF -b 11
pm3 --> hf mfu wrbl -k DEADBEEF -b 7 -d 0000xxxx
pm3 --> hf mfu wrbl -k DEADBEEF -b 8 -d 00000000
pm3 --> hf mfu wrbl -k DEADBEEF -b 11 -d 0000xxxx
pm3 --> hf mfu wrbl -k DEADBEEF -b 12 -d 00000000
The machine type is encoded in the byte 4 of record 7 and 9. Commercial machines are defined as 14. Consumer machines use 6. The hollow of the ring is encoded in byte 3 of record 7 and coded differently for consumer and commercial rings. See the list in Data Layout. When you encounter a ring with an hollow not marked as confirmed, please give me a short notice.
pm3 --> hf mfu rdbl -k DEADBEEF -b 7
pm3 --> hf mfu rdbl -k DEADBEEF -b 9
pm3 --> hf mfu wrbl -k DEADBEEF -b 7 -d xxxx2506
pm3 --> hf mfu wrbl -k DEADBEEF -b 9 -d xxxxxx06
All files in this repository are covered by one of two licenses:
- Creative Commons Attribution Non Commercial Share Alike 4.0 International
- GNU Affero General Public License 3.0
The default license throughout the repository is CC BY-NC-SA 4.0 unless the file header specifies another license.