Yesterday, I received a mail! By a user named : tuxuser. I thought I was alone in the world of Xiaomi Air purifier poking…
Since more people are getting involved I decided to update some more information on the web!
I dumped the ESP Flash contents using : Link (look closely and you will see that I used the air purifier to generate that content)
warning: don’t use this firmware to recover your devices if its bricked. I made some manual changes to it to remove some private info.
I will make a virgin dump that can be used for recovery purposes.
Lest do a visual analysis of the data:
Upload the Binary to https://binvis.io/
scroll through the data.. the first thing I saw was:
I was flabbergasted to see this… All my network information (SSID and location, passwords) in plain text..
Furthermore they save all the network data and password of previous networks as well.. don’t forget to wipe your ESP when you sell this thing secondhand…
more interesting: the PSM tokens of the device (these can be used with integration in something like Home assistant.) are located here as well.
From now on when I need someone’s WIFI password:
The following IP Addresses are hard coded in the device:
By Blocking these IP addresses the Air purifier wont be able to call home.