Reverse engineering a Cat Printer with the help of an LLM (mertol.substack.com)

An enthusiast reverse-engineered a cheap Bluetooth “cat” thermal printer by sniffing the app-to-device traffic and using an LLM to speed up development. Rather than buying special hardware or fighting Wireshark on macOS, they used Apple’s PackageLogger (from Additional Tools for Xcode) to capture ATT Bluetooth packets, then bootstrapped a CoreBluetooth client with ChatGPT to scan, connect, discover characteristics and issue reads/writes. Inspection revealed concrete command formats (e.g. header packet "2221 A900 0400 2B00 3000 FFFF" and darkness-set write "2221 A100 0100 (0000) FF") where line indices and darkness scale are encoded as value*2^8. The key technical breakthrough: pixel rows are not per-pixel grayscale but bit-packed monochrome. Sending 384 raw values produced overflow artifacts; experimenting showed each printable line is 48 bytes (384 bits), i.e., 48 bytes × 8 bits = 384 pixels per line. The author built an image pipeline (image → grayscale → resize → dither → line arrays → packBitsToData) to produce correct bit-packed rows and discovered that sustained, properly paced writes are needed for long continuous printing. The official app’s HD mode appears to use a different encoding for grayscale, which remains to be reverse-engineered. The work highlights how LLMs and platform-native tooling can rapidly accelerate Bluetooth device reverse engineering and practical programmatic control of low-cost IoT printers.