I never really used to drink Starbucks. “It’s too expensive!” I’d say while angrily waggling my aeropress in the air. “It’s all sugar! Not worth it!”
Then they came out with their damned mobile ordering app and suddenly I’m throwing fistfuls of cash at them. It’s just. too. convenient.
Hacker Ryan Pickren took the idea one step further: he built a physical button that orders his favorite drink with one press as he’s heading out the door.
The button itself is an Amazon IoT button — the generic, hacker-friendly version of the branded Dash buttons they pre-configure to sell you things like laundry detergent and cat food.
When he taps his button, it fires off a Python script that sends the same signal the Starbucks app would it pushes an order out. On Starbucks’ side, it just looks like any old order that would’ve come through via the app.
Getting all of that to work, though, is where things got fun. I’d recommend checking out Ryan’s full breakdown here. From ripping out cryptographic keys to batting away security measures like SSL certificate pinning, it’s a great look into how quickly an undocumented API can be torn apart and frankensteined into something totally new.
(Dear Starbucks: Please don’t make this a real thing. Sincerely, my wallet.)