Hacking A Xiaomi Air Purifier’s Filter DRM To Extend Its Lifespan

When [Unethical Info] was looking at air purifiers a while back, their eye fell on a Xiaomi 4 Pro, with a purchase quickly made. Fast-forward a while and suddenly the LCD on top of the device was showing a threatening ‘0% filter life remaining’ error message. This was traced back to an NFC (NTAG213) tag stuck to the filter inside the air purifier that had been keeping track of usage and was now apparently the reason why a still rather clean filter was forcibly being rejected. Rather than give into this demand, instead the NFC tag and its contents were explored for a way to convince it otherwise, inkjet cartridge DRM-style.

While in the process of reverse-engineering the system and doing some online research, a lucky break was caught in the form of earlier research by [Flamingo Tech] on the Xiaomi Air Purifier 3, who had obtained the password-generating algorithm used with the (password-locked) NFC tag, along with the target area of the filter’s NFC tag to change. Using the UID of the NFC tag, the password to unlock the NFC tag for writing was generated, which requires nothing more than installing e.g. ‘NFC Tools’ on an NFC-capable Android/iOS smartphone to obtain the tag’s UID and reset the usage count on the filter.

A password generating tool is provided with the [Unethical Info] article, and this approach works across a range of Xiaomi air purifiers, making it an easy fix for anyone who owns such a device but isn’t quite ready yet to shell out the big bucks for a fresh DRM-ed filter. This approach also saves one from buying more NFC tags, which was the case with the previous solution.

Polish Train Manufacturer Threatens Hackers Who Unbricked Their Trains

A week ago we covered the story of a Polish train manufacturer who was caught using software to brick their products after they had been repaired by in independent railway workshop. Now 404 Media has a follow-up story with more information, including the news that the hackers responsible for the discovery are now being threatened by the manufacturer.

The more we learn about this story the more interesting it becomes, as the Newag trains in question began failing after service as far back as 2021. In desperation after services were affected by the number of non-functional units, an employee searched online for Polish hackers and found a group called Dragon Sector. The group was able to find the issue, and are now being threatened with legal action by the manufacturer, who are citing possible safety issues.

It’s clear from where we are standing that Newag have been caught red-handed in some extremely dubious practices, and seem to have little sense of how their actions might not be the best in terms of protecting their reputation. We are guessing that the European regulators will become very interested in this case, and that meanwhile the order books of a company which puts DRM in its trains will start to look very empty indeed. You can catch our original coverage as the story broke, here.

Thanks [JohnU] for the tip.

The Deere Disease Spreads To Trains

If the right-to-repair movement has a famous story, it’s the familiar green and yellow John Deere tractor. Farmers and mechanics have done their own repairs as long as there have been tractors, but more recent Deeres have been locked down such that only Deere-authorised agents can fix them. It’s a trend that has hurt the value of a second-had Deere, but despite that it appears to be spreading within the machinery world. Now there’s a parallel on Polish railways, as Polish-made Newag electric passenger trains have been found to give errors when serviced by non-Newag workshops.

At the heart of the problem are the PLCs which control all aspects of a modern rail traction system, which thanks to a trio of Poland and Germany based researchers have been found to play a range of nasty tricks. They’ll return bogus error codes after a set date which would presumably be reset by the official service, if the train has been laid up for a while, or even if they are detected via GPS to have visited a third-party workshop. Their work will be the subject of a talk at 37C3 which should be worth watching out for.

It will be especially interesting to juxtapose the reaction to this revelation with cases such as the Deere tractors, because of course Poland is part of the European Union. We’re not specialist EU competition lawyers, but we know enough to know that the EU takes a dim view of these types of practices and has been strong on the right to repair. Who knows, Polish trains may contribute further to the rights of all Europeans.

2600 Breaks Free From DRM With PDF/EPUB Subscription

Hackaday has been online in some form or another since 2004, which for the Internet, makes us pretty damn old. But while that makes us one of the oldest surviving web resources for hacker types, we’ve got nothing on 2600 — they’ve been publishing their quarterly zine since 1984.

Summer 2023 Issue of 2600

While the physical magazine can still be found on store shelves, the iconic publication expanded into digital distribution some time ago, thanks largely to the Kindle’s Newsstand service. Unfortunately, that meant Amazon’s recent decision to shutter Newsstand threatened to deprive 2600 of a sizable chunk of their income. So what would any group of hackers do? They took matters into their own hands and spun-up their own digital distribution system.

As of today you’re able to subscribe to the digital version of 2600 in DRM-free PDF or EPUB formats, directly from the magazine’s official website. Which one you pick largely depends on how you want to read it: those looking for the highest fidelity experience should go with PDF, as it features an identical layout to the physical magazine, while those who are more concerned with how the content looks on their reader of choice would perhaps be better served by the flexibility of EPUB. After signing up you can download the current Summer issue immediately, with future issues hitting your inbox automatically. Load it onto your home-built Open Book, and you can really stick it to the establishment.

While the ending of this story seems to be a happy one, we can’t help but see it as a cautionary tale. How many other magazines would have the means and experience to offer up their own digital subscriptions? Or for that matter, how many could boast readers savvy enough to utilize it? The reality is many publications will be injured by Amazon’s decision, some mortally so. That’s a lot of power to be put into the hands of just one company, no matter how quick the shipping is.

3D Model Subscriptions Are Coming, But Who’s Buying?

We’ve all been there before — you need some 3D printable design that you figure must be common enough that somebody has already designed it, so you point your browser to Thingiverse or Printables, and in a few minutes you’ve got STL in hand and are ready to slice and print. If the design worked for you, perhaps you’ll go back and post an image of your print and leave a word of thanks to the designer.

Afterwards, you’ll probably never give that person a second thought for the rest of your life. Within a day or two, there’s a good chance you won’t even remember their username. It’s why most of the model sharing sites will present you with a list of your recently downloaded models when you want to upload a picture of your print, otherwise there’s a good chance you wouldn’t be able to find the thing.

Now if you really liked the model, you might go as far as following the designer. But even then, there would likely be some extenuating circumstances. After all, even the most expertly designed widget is still just a widget, and the chances of that person creating another one that you’d also happen to need seems exceedingly slim. Most of the interactions on these model sharing sites are like two ships passing in the night; it so happened that you and the creator had similar enough needs that you could both use the same printable object, but there’s no telling if you’ll ever cross paths with them again.

Which is why the recent announcements, dropped just hours from each other, that both Thangs and Printables would be rolling out paid subscription services seems so odd. Both sites claim that not only is there a demand for a service that would allow users to pay designers monthly for their designs, but that existing services such as Patreon are unable to meet the unique challenges involved.

Both sites say they have the solution, and can help creators turn their passion for 3D design into a regular revenue stream — as long as they get their piece of the action, that is.

Continue reading “3D Model Subscriptions Are Coming, But Who’s Buying?”

The World’s First Agricultural Right To Repair Law

Long time readers will know that occasionally we mix up our usual subject matter with a dash of farm equipment. Usually the yellow and green variants that come from John Deere, as the agricultural manufacturer has become the poster child for all that is wrong in the fight for the right to repair. An old Deere is worth more than a nearly new one in many places, because for several years now their models have had all their parts locked down by DRM technologies such that only their own fitters can replace them. Now after a long legal fight involving many parties, the repair and parts company iFixit sound justifiably pleased as they announce the world’s first agricultural right to repair law being passed in the US state of Colorado. (Nitter)

This may sound like a small victory, and it will no doubt be followed by further rearguard actions from the industry as similar laws are tabled in other states. But in fact as we read it, with this law in place the game is de facto up for the tractor makers. Once they are required to release any access codes for the Coloradans those same codes will by extension be available to any other farmers, and though we’re guessing they won’t do this, they would be best advised to give up on the whole DRM idea and concentrate instead on making better tractors to fix their by-now-damaged brands.

It’s exciting news for everybody as it proves that right-to-repair legislation is possible, however since this applies only to agricultural machinery the battle is by no means over. Only when all machines and devices have the same protection can we truly be said to have achieved the right to repair.

We’ve reported on this story for a long time, here’s a previous piece of legislation tried in another state.

Hackaday Links Column Banner

Hackaday Links: March 12, 2023

With a long history of nearly universal hate for their products, you’d think printer manufacturers would by now have found ways to back off from the policies that only seem to keep aggravating customers. But rather than make it a financially wiser decision to throw out a printer and buy a new one than to buy new ink cartridges or toners, manufacturers keep coming up with new and devious ways to piss customers off. Case in point: Hewlett-Packard now seems to be bricking printers with third-party ink cartridges. Reports from users say that a new error message has popped up on screens of printers with non-HP cartridges installed warning that further use of the printer has been blocked. Previously, printers just warned about potential quality issues from non-HP consumables, but now they’re essentially bricked until you cough up the money for legit HP cartridges. Users who have contacted HP support say that they were told the change occurred because of a recent firmware update sent to the printer, so that’s comforting.

Continue reading “Hackaday Links: March 12, 2023”