Hacking A Xiaomi Air Purifier’s Filter DRM To Extend Its Lifespan

January 26, 2024 by Maya Posch 10 Comments

When [Unethical Info] was looking at air purifiers a while back, their eye fell on a Xiaomi 4 Pro, with a purchase quickly made. Fast-forward a while and suddenly the LCD on top of the device was showing a threatening ‘0% filter life remaining’ error message. This was traced back to an NFC (NTAG213) tag stuck to the filter inside the air purifier that had been keeping track of usage and was now apparently the reason why a still rather clean filter was forcibly being rejected. Rather than give into this demand, instead the NFC tag and its contents were explored for a way to convince it otherwise, inkjet cartridge DRM-style.

While in the process of reverse-engineering the system and doing some online research, a lucky break was caught in the form of earlier research by [Flamingo Tech] on the Xiaomi Air Purifier 3, who had obtained the password-generating algorithm used with the (password-locked) NFC tag, along with the target area of the filter’s NFC tag to change. Using the UID of the NFC tag, the password to unlock the NFC tag for writing was generated, which requires nothing more than installing e.g. ‘NFC Tools’ on an NFC-capable Android/iOS smartphone to obtain the tag’s UID and reset the usage count on the filter.

A password generating tool is provided with the [Unethical Info] article, and this approach works across a range of Xiaomi air purifiers, making it an easy fix for anyone who owns such a device but isn’t quite ready yet to shell out the big bucks for a fresh DRM-ed filter. This approach also saves one from buying more NFC tags, which was the case with the previous solution.

Reviving A Sensorless X-Ray Cabinet With Analog Film

January 26, 2024 by Dan Maloney 12 Comments

In the same way that a doctor often needs to take a non-destructive look inside a patient to diagnose a problem, those who seek to reverse engineer electronic systems can greatly benefit from the power of X-ray vision. The trouble is that X-ray cabinets designed for electronics are hideously expensive, even on the secondary market. Unless, of course, their sensors are kaput, in which case they’re not of much use. Or are they?

[Aleksandar Nikolic] and [Travis Goodspeed] strongly disagree, to the point that they dedicated a lot of work documenting how they capture X-ray images on plain old analog film. Of course, this is nothing new — [Wilhelm Konrad Roentgen] showed that photographic emulsions are sensitive to “X-light” all the way back in the 1890s, and film was the de facto image sensor for radiography up until the turn of this century. But CMOS sensors have muscled their way into film’s turf, to the point where traditional silver nitrate emulsions and wet processing of radiographic films, clinical and otherwise, are nearly things of the past. Continue reading “Reviving A Sensorless X-Ray Cabinet With Analog Film” →

Reverse Engineering The Apple Touch Bar Screen

January 23, 2024 by Maya Posch 10 Comments

The Apple Touch Bar was an oddity on a fairly small number of Apple laptops which replaced the function key row with a touch display. Yet what is special about this display other than its odd form factor when you consider it as a generic touch display? As [Wenting Zhang] describes in a recent reverse-engineering video, this 2,170 x 60 pixel display is somewhat limited in that it doesn’t support the MIPI DSI video mode, only command mode, along with a special instruction (0x3C) for automatic address offsets. The results of this project can be found on the GitLab account.

In a way these limitations make sense when you consider Apple’s use case for these special MIPI-DSI displays. As a touch screen with dynamic controls being displayed on it, features such as video playback never were a goal, and thus Apple likely decided to save a few bucks, possibly also due to MIPI licensing costs. What this means is that if you had dreamed of snapping up an extremely long and narrow OLED display for a video project you’re in for somewhat of a bad time. Although animated content is possible – as [Wenting] demonstrates – this comes with all the limitations of command mode, meaning slower updates, higher power usage and a lot more overhead.

Continue reading “Reverse Engineering The Apple Touch Bar Screen” →

Fixing A PDP-11/03 Power Supply Is Easy When You Understand It

January 22, 2024 by Maya Posch 6 Comments

After we last saw [David Lovett] of [Usagi Electric], he was knee-deep in trying to fix a DEC PDP-11/03 power supply, which fortunately led to a fixed PSU and a very happy PDP-11/23 system installed in the enclosure, as he covers in today’s video. Previously, we had covered his debugging attempt of this very much dead power supply, which had led [David] down many fruitless rabbitholes. By the time he was taking various components off the board to try and induce certain results, he threw in the towel and went back to the drawing board, assisted with many community comments.

The 5V rail on a DEC PDP-11/03 power supply. (Credit: David Lovett)

Much of the confusion came down to not really understanding how this PDP-11/03 PSU design works, which isn’t that crazy in hindsight, considering how quaint it is. Although [David] originally focused on the +5V rail, a small detail that was in the schematics is that the 5V rail is based around a 7805 that has its ground referenced to the -15V rail.

It is this 7805 that provides a linearly regulated 5V rail up till its current limit, at which point the control transistor gets biased sufficiently to start conducting, which eventually triggers the driver transistor that is responsible for driving the pass switch transistor. This then charges L2 from the unregulated supply, which is used effectively as a switching mode power supply until the current across the 7805 drops sufficiently that it becomes the primary 5V rail source again. This repeats at a kHz rate, making it more or less an SMPS as we know it today, but heavily reliant on the -15V rail as can be observed in the schematic. Continue reading “Fixing A PDP-11/03 Power Supply Is Easy When You Understand It” →

Haier Europe Eases Off On Legal Threat And Seeks Dialogue

January 22, 2024 by Maya Posch 42 Comments

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.

Reverse-Engineering The Web-@nywhere Watch For 2001-Era Smartwatch Action

January 21, 2024 by Maya Posch 10 Comments

Although smartwatches seem to be just a recent fad, people have been strapping wristwatches to their wrists with all kinds of functionality. Whether a miniscule calculator, a remote control, an organizer or as in the case of the Web-@nywhere Watch a web browser. In the last case only sort of, naturally, as it was released in 2001 and this little early 2000s marvel cost only $85 (or $150 in 2024 USD), so what could it really be capable of? This is the million dollar question that [Cameron Kaiser] sought to find out as he found a new-in-box unit for sale.

The Web-@nywhere watch in action. (Credit: Cameron Kaiser)

Beforehand he knew already that the unit required interaction with a PC-based application to sync the 93 kB of on-watch data, with the required software and remote servers now being very much outdated and/or gone. This required some reverse-engineering to once more bring this watch widget back to life. Along the way it became also quite clear that this watch was designed as a cheap rip-off of the much better 1998 Seiko Ruputer – which later got sold also as the onHand PC – using the same joystick-driven interface.

After some poking around with the Windows-based software that came with the watch [Cameron] quickly realized that while it could establish a serial link with the watch in its cradle, it fully relied on a now defunct FTP server formerly run by the manufacturer, Kinger, along with any games and content on it. Since FTP servers were never archived like HTTP sites, this content is likely gone forever.

Fortunately, the protocol between the PC and the watch is a standard serial link (with parity), so [Cameron] was able to sniff the serial traffic and figure out the protocol, the results of which he has made available on GitHub in the form of a Perl script for transforming text and a C-based application to do the uploading. Now once again Web-@nywhere users can proudly roam the streets with 2024-era website content on their wrists.

Haier Threatens Legal Action Against Home Assistant Plugin Developer

January 19, 2024 by Maya Posch 109 Comments

Appliance manufacturer Haier has been integrating IoT features into their newer products, and as is so common these days, users are expected to install their “hOn” mobile application to access them. Not satisfied with that limitation, [Andre Basche] reverse engineered the protocol used by the app, and released a Python library and associated Home Assistant plugin to interface with a wide array of Haier appliances, which includes brands like Hoover, Candy, GE Appliances and others.

Unfortunately, it looks like his efforts have gotten him into a bit of legal hot water. In an issue recently opened on the project’s GitHub page, [Andre] explains the circumstances and legal options that have led him to consider pulling the repositories completely — mostly due to the cost of mounting a legal defense to the cease & desist from Haier Europe.

What’s ironic here is that Haier has been part of the Connectivity Standard Alliance (CSA) since 2022, whose goal is to ‘promote universal open IoT standards’, including Matter.

It’s possible that a legal defense will be mounted against this C&D from Haier within the coming days. Yet regardless of the outcome here, it remains problematic that these IoT-enabled Haier appliances are connected to the Haier servers. Ideally they would be controlled locally, which is the goal of projects like [Miguel Ángel López Vicente]’s ESP Haier, that uses an ESP8266 to connect Haier AC units to the local WiFi and e.g. HA instances, all without requiring internet access.

This is sadly just one more example of why building your own off-line smart home can be such an incredible struggle.

Thanks to [Ar3itrary] for the tip.