Xiaomi Air Purifier 001 PPM FIX!

I received an email from Pekka (Thanks!) who found out about this problem in a video/comment. Two distinct signs: Slow to respond to particle changes. Display only shows 001 Cause: The sensor used in the Xiaomi Air Purifiers is the: PMS9003M by Plantpower Datasheet: This sensor uses a pin named SET. The function of that… Continue reading Xiaomi Air Purifier 001 PPM FIX!

Xiaomi Air purifier 3H/C/PRO NFC MOD, How does it work?

After opensourcing the mod chip I wanted to give some insights on how the mod-chip itself works. open source info: click As can be seen in the image above, the system consist out of several sub systems.The two most important sub-systems are: NFC Filter Stm32F412RET6 There are two ways to bypass the NFC filters, Make… Continue reading Xiaomi Air purifier 3H/C/PRO NFC MOD, How does it work?

How to install Xiaomi Air purifier Mod Chip to your 3H 3C or Pro device.

Step 1:Remove the power cord and wait until the device is fully powered off.Failing of this step has a high risk of electric shock or damaging the air purifier. Step 2:Turn the device upside down. Step3:Remove the four rubber feet. (I used a flat screwdriver to wiggle them out) Step 3.5:Remove the four Phillips screws… Continue reading How to install Xiaomi Air purifier Mod Chip to your 3H 3C or Pro device.

Xiaomi Air Purifier 3H/C/PRO MODCHIP is here!

After a couple of nights tinkering ,PCBA designing , software writing and a couple of PCBA revisions later success: (see GIF , above) Why: Using these air purifiers is a wasteful and expensive experience. There are no third party filters on the market , and no options to disable the NFC check. I wanted to… Continue reading Xiaomi Air Purifier 3H/C/PRO MODCHIP is here!

Xiaomi Air Purifier 3H Reverse Engineering Part 3: ESP32 DUMP

Yesterday, I received a mail! By a user named : tuxuser. I thought I was alone in the world of Xiaomi Air purifier poking… Since more people are getting involved I decided to update some more information on the web! I dumped the ESP Flash contents using : Link (look closely and you will see… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 3: ESP32 DUMP

Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump

As stated in the first post, the main PCBA contains a Fremont EEPROM. I used one of many Chinese flash tools (mine is a SP8-F made by fly-pro…) ROM dump: The first thing I do with a ROM dump is to analyze the data using a website called : http://binvis.io I then upload my binary… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump

Xiaomi Air Purifier 3H Reverse Engineering Part 1: Probing Around

Welcome to the family Xiaomi Air Purifier H3! If something enters my house I open it as quickly as possible and start probing around. The following information is for educational Purposes only! Note, I absolutely love Xiaomi stuff since it is cheap, of decent build quality, and it’s fun to probe around in! How to… Continue reading Xiaomi Air Purifier 3H Reverse Engineering Part 1: Probing Around

Xiaomi Xiaofang S1 RTSP hack 2

Xiaomi-xiaofang-S1

As I suspected in the previous post (16 Feb 2019, i know its been a while) this firmware is not really safe. stacksmashing made a nice video about a firmware hack. Full explanation in the video below: it’s really cool to watch a software hacker do its thing!    

Xiaomi Xiaofang S1 RTSP hack

Xiaomi-xiaofang-S1

how to flash custom firmware: download:¬†https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/raw/master/hacks/cfw/xiaofang/cfw-1.0.bin 1:Format your microSD to FAT32 (use a micro SD card smaller than 4GB) my 16GB kingston¬† cards where giving me trouble. 2:put the CFW-1.0.bin file on the MicroSD and rename CFW-1.0.bin to demo.bin 3: insert micro SD card into camera 4:hold reset buton & power on, keep pushing the… Continue reading Xiaomi Xiaofang S1 RTSP hack