Xiaomi Air purifier 3H/C/PRO NFC MOD, How does it work?

After opensourcing the mod chip I wanted to give some insights on how the mod-chip itself works. open source info: click As can be seen in the image above, the system consist out of several sub systems.The two most important sub-systems are: NFC Filter Stm32F412RET6 There are two ways to bypass the NFC filters, Make… Continue reading Xiaomi Air purifier 3H/C/PRO NFC MOD, How does it work?

Xiaomi Modchip open source!

The following will be released: Schematic B.O.M (Bill Of Materials) Geber Files Software binaries (see below) I will write the following tutorials: How to flash your Modchip How to order your Modchip see below Explanation of how the software works. Schematic: Downloadable PDF: B.O.M. This is quite a simple schematic, the hardest part was finding… Continue reading Xiaomi Modchip open source!

Xiaomi Air Purifier 3H/C/PRO MODCHIP is here!

After a couple of nights tinkering ,PCBA designing , software writing and a couple of PCBA revisions later success: (see GIF , above) Why: Using these air purifiers is a wasteful and expensive experience. There are no third party filters on the market , and no options to disable the NFC check. I wanted to… Continue reading Xiaomi Air Purifier 3H/C/PRO MODCHIP is here!

Xiaomi Air Purifier 3H Reverse Engineering Part 3: ESP32 DUMP

Yesterday, I received a mail! By a user named : tuxuser. I thought I was alone in the world of Xiaomi Air purifier poking… Since more people are getting involved I decided to update some more information on the web! I dumped the ESP Flash contents using : Link (look closely and you will see… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 3: ESP32 DUMP

Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump

As stated in the first post, the main PCBA contains a Fremont EEPROM. I used one of many Chinese flash tools (mine is a SP8-F made by fly-pro…) ROM dump: The first thing I do with a ROM dump is to analyze the data using a website called : http://binvis.io I then upload my binary… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump

Installing and using ESPtools

Step 1.Install Python (On Windows 10) Option 1: On Windows 10, you may type “python” in the Windows search box beside the Windows Start button and download Python from the Windows App Store. Option 2: Download the latest version of python from their website: click Don’t forget to check the “Add Python X to PATH”… Continue reading Installing and using ESPtools

Xiaomi Air Purifier 3H Reverse Engineering Part 1: Probing Around

Welcome to the family Xiaomi Air Purifier H3! If something enters my house I open it as quickly as possible and start probing around. The following information is for educational Purposes only! Note, I absolutely love Xiaomi stuff since it is cheap, of decent build quality, and it’s fun to probe around in! How to… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 1: Probing Around

Xiaomi Xiaofang S1 RTSP hack 2

Xiaomi-xiaofang-S1

As I suspected in the previous post (16 Feb 2019, i know its been a while) this firmware is not really safe. stacksmashing made a nice video about a firmware hack. Full explanation in the video below: it’s really cool to watch a software hacker do its thing!    

Xiaomi Xiaofang S1 RTSP hack

Xiaomi-xiaofang-S1

how to flash custom firmware: download: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/raw/master/hacks/cfw/xiaofang/cfw-1.0.bin 1:Format your microSD to FAT32 (use a micro SD card smaller than 4GB) my 16GB kingston  cards where giving me trouble. 2:put the CFW-1.0.bin file on the MicroSD and rename CFW-1.0.bin to demo.bin 3: insert micro SD card into camera 4:hold reset buton & power on, keep pushing the… Continue reading Xiaomi Xiaofang S1 RTSP hack