Awesome
Welcome to our (outdated) repository for reverse engineering and rooting of the Xiaomi Smart Home Devices. We provide you methods how to root your device without opening it or breaking the warranty seal (on your own risk).
** This repository is outdated for most usecases! It was meant as a reference cloud emulation for Xiaomi devices. For vacuum robots, it has been now integrated in Valetudo **
You find more information about my projects here: My Website Technical information and teardowns about robots can be found here: Robotinfo
Outdated info
The (again outdated) documentation of the devices (photos, datasheets, uart logs, etc) was moved to a new repo dustcloud-documentation
Please take a look at the (outdated) Dustcloud Wiki, which also contains instructions on how to root and flash your device: (https://github.com/dgiese/dustcloud/wiki)
Talks
The content of the presentation differs from event to event. If you want to get an overview of the topics I am talking about, you find the overview here: Overview my talks
[Sep 2018] I was invited by BeyondSecurity to give a talk at BeVX 2018 in Hong Kong: BeVX 2018 slides
[Aug 2018] I have given two talks at DEFCON26 (101-track and IoT-Village), both are recorded:
"Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices": DEFCON26 101-track Slides
"How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices": DEFCON26 IoT Village Slides
[Jul 2018] I was on tour in Taiwan@HITCON14 Community: HITCON14 CMT slides
[Feb 2018] We had a talk at Recon BRX 2018. The presentation can be found here
[Dec 2017] Our talk at 34C3: Recording hosted at media.ccc.de, updated PDF.
Recommended resources / links
Valetudo https://valetudo.cloud/
More information about my projects and talks https://dontvacuum.me
Technical information and teardowns about robots https://robotinfo.dev
Python-miio: Python library & console tool for controlling Xiaomi smart appliances. https://github.com/rytilahti/python-miio
Communication for the community
Yes, there is a telegram channel (check the pinned message).
In theory you can contact me via twitter.
Please inform yourself in the forums and with the howtos before you post in this channel. Otherwise your message is very likely to be ignored.
Contact
- Dennis Giese <dennis[at]dontvacuum.me> / twitter
Press information
IoT will very likely become a very important topic in the future. If you like to know more about IoT security, you can visit me at Northeastern University in Boston, US. Please contact me.
Acknowledgements:
Prof. Matthias Hollick at Secure Mobile Networking Lab (SEEMOO)
<a href="https://www.seemoo.tu-darmstadt.de"></a>
Prof. Guevara Noubir (CCIS, Northeastern University)
<a href="http://www.ccs.neu.edu/home/noubir/Home.html"></a>
Ilfak Guilfanov / Hex-Rays: for their great tool "IDA Pro"
<a href="https://www.hex-rays.com/"></a>
Media coverage:
- https://dontvacuum.me/media.html
- https://www.golem.de/news/reverse-engineering-das-xiaomi-oekosystem-vom-hersteller-befreien-1802-132878.html
- https://www.kaspersky.com/blog/xiaomi-mi-robot-hacked/12567/
- https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsauger-rooten-1712-131883.html
- http://www.zeit.de/digital/datenschutz/2017-12/34c3-hack-staubsauger-iot
- https://hackaday.com/2017/12/27/34c3-the-first-day-is-a-doozy/
- https://m.heise.de/newsticker/meldung/34C3-Vernetzter-Staubsauger-Roboter-aus-China-gehackt-3928360.html
- https://www.notebookcheck.com/Security-Staubsauger-sammelt-neben-Staub-auch-Daten-ueber-die-Wohnung.275668.0.html
- https://derstandard.at/2000071134392/Sicherheitsforscher-hacken-Staubsaugerroboter-und-finden-Bedenkliches