After opensourcing the mod chip I wanted to give some insights on how the mod-chip itself works. open source info: click As can be seen in the image above, the system consist out of several sub systems.The two most important sub-systems are: NFC Filter Stm32F412RET6 There are two ways to bypass the NFC filters, Make… Continue reading Xiaomi Air purifier 3H/C/PRO NFC MOD, How does it work?
The following will be released: Schematic B.O.M (Bill Of Materials) Geber Files Software binaries (see below) I will write the following tutorials: How to flash your Modchip How to order your Modchip see below Explanation of how the software works. Schematic: Downloadable PDF: B.O.M. This is quite a simple schematic, the hardest part was finding… Continue reading Xiaomi Modchip open source!
I often get the question what tools do you use for Hacking Hardware/ Software.While making this list I realize the fortune of equipment that I’ve gathered over time.. (sorry for not including cheaper stuff… I’ve replaced allot over time) Non of the links are affiliate links. I’m not getting paid to list any of these… Continue reading (Hardware) Hacking tools
After a couple of nights tinkering ,PCBA designing , software writing and a couple of PCBA revisions later success: (see GIF , above) Why: Using these air purifiers is a wasteful and expensive experience. There are no third party filters on the market , and no options to disable the NFC check. I wanted to… Continue reading Xiaomi Air Purifier 3H/C/PRO MODCHIP is here!
Yesterday, I received a mail! By a user named : tuxuser. I thought I was alone in the world of Xiaomi Air purifier poking… Since more people are getting involved I decided to update some more information on the web! I dumped the ESP Flash contents using : Link (look closely and you will see… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 3: ESP32 DUMP
As stated in the first post, the main PCBA contains a Fremont EEPROM. I used one of many Chinese flash tools (mine is a SP8-F made by fly-pro…) ROM dump: The first thing I do with a ROM dump is to analyze the data using a website called : http://binvis.io I then upload my binary… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump
Step 1.Install Python (On Windows 10) Option 1: On Windows 10, you may type “python” in the Windows search box beside the Windows Start button and download Python from the Windows App Store. Option 2: Download the latest version of python from their website: click Don’t forget to check the “Add Python X to PATH”… Continue reading Installing and using ESPtools
Welcome to the family Xiaomi Air Purifier H3! If something enters my house I open it as quickly as possible and start probing around. The following information is for educational Purposes only! Note, I absolutely love Xiaomi stuff since it is cheap, of decent build quality, and it’s fun to probe around in! How to… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 1: Probing Around
As I suspected in the previous post (16 Feb 2019, i know its been a while) this firmware is not really safe. stacksmashing made a nice video about a firmware hack. Full explanation in the video below: it’s really cool to watch a software hacker do its thing!
how to flash custom firmware: download: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/raw/master/hacks/cfw/xiaofang/cfw-1.0.bin 1:Format your microSD to FAT32 (use a micro SD card smaller than 4GB) my 16GB kingston cards where giving me trouble. 2:put the CFW-1.0.bin file on the MicroSD and rename CFW-1.0.bin to demo.bin 3: insert micro SD card into camera 4:hold reset buton & power on, keep pushing the… Continue reading Xiaomi Xiaofang S1 RTSP hack