Air Filter DRM? Hacker Opts Out With NFC Sticker

August 13, 2022 by Donald Papp 55 Comments

[Flamingo-tech]’s Xiaomi air purifier has a neat safety feature: it will refuse to run if a filter needs replacement. Of course, by “neat” we mean “annoying”. Especially when the purifier sure seems to judge a filter to be useless much earlier than it should. Is your environment relatively clean, and the filter still has legs? Are you using a secondary pre-filter to extend the actual filter’s life? Tough! Time’s up. Not only is this inefficient, but it’s wasteful.

Every Xiaomi filter contains an NTAG213 NFC tag with a unique ID and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the purifier could not be created. Until now, that is. [Flamingo-tech] has shared the discovery of how Xiaomi generates the password for communication between filter and purifier.

A small NFC sticker is now all it takes to have the purifier recognize a filter as new.

[Flamingo-tech] has long been a proponent of fooling Xiaomi purifiers into acting differently. In the past, this meant installing a modchip to hijack the DRM process. That’s a classic method of getting around nonsense DRM on things like label printers and dishwashers, but in this case, reverse-engineering efforts paid off.

It’s now possible to create simple NFC stickers that play by all the right rules. Is a filter’s time up according to the NFC sticker, but it’s clearly still good? Just peel that NFC sticker off and slap on a new one, and as far as the purifier is concerned, it’s a new filter!

If you’re interested in the reverse-engineering journey, there’s a GitHub repository with all the data. And for those interested in purchasing compatible NFC stickers, [Flamingo-tech] has some available for sale.

ESP32 Brings Air Purifier Online With Home Assistant

November 25, 2021 by Tom Nardi 7 Comments

A lot of hackers are rightfully concerned about the privacy issues that surround many of today’s “smart” gadgets, but it’s hard to argue that the ability to remotely control devices around your home isn’t convenient. Enter self-hosted, open source projects like Home Assistant. This provides the framework for building out a home automation system without having your ~~soul~~ information sold, but as you might expect, you’re going to have to put some effort in to get the most of it.

For example, take a look at this Phillips AC4014 air purifier that [Anton] connected to Home Assistant by way of an ESP32. Rather than getting too bogged down in reverse engineering the purifier’s surprisingly complex internal electronics, he took the easy way out and wired a couple of relays across the power and fan speed buttons; this allows the device to be easily controlled by the microcontroller, without impacting the functionality of the original controls.

But since those front panel controls still work, that meant [Anton] needed a way for the ESP32 to detect the device’s status and report that to Home Assistant so everything stayed in sync. So he looked around on the PCB for a trace that got powered up when the air purifier was up and running, which he connected to a pin of the microcontroller through a transistor. This let’s the firmware determine if the machine is running or not just by checking if the appropriate pin has gone high.

Speaking of the firmware, [Anton] decided to use ESPHome rather than trying to write his own code from scratch. This project allows you to rapidly add new devices to Home Assistant by providing the firmware with a relatively simple YAML configuration file, which he’s provided as an example. In fact, he’s provided quite a lot of examples with this project, down to an annotated image of the PCB that shows where to tap your wires into. He’s done quite a service for anyone who’s got this same model of air purifier.

This unit doesn’t appear to have any capability of actually checking the quality of the air in the room, but we’ve recently seen a low-cost IKEA product that can do exactly that. Even better, it can be easily modified to report its findings over the network using the ESP8266.

100% display from filter screen and the responsible mod chip

Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter

August 28, 2021 by Brian McEvoy 16 Comments

The “razor and blades model” probably set a lot of young hackers on their current trajectory. If we buy a widget, we want to pick our widget refills instead of going back to the manufacturer for their name-brand option. [Flamingo-Tech] was having none of it when they needed a new filter for their Xiaomi air purifier so they set out to fool it into thinking there was a genuine replacement fresh from the box. Unlike a razor handle, the air purifier can refuse to work if it is not happy, so the best option was to make a “mod-chip.”

The manufacturer’s filters have a Near-Field Communication (NFC) chip and antenna which talk to the base station. The controller receives the filter data via I₂C, but the mod-chip replaces that transmitter and reassures the controller that everything is peachy in filter town. On top of the obvious hack here, [Flamingo-Tech] shows us how to extend filter life with inexpensive wraps, so that’s a twofer. You can create your own mod-chip from the open-source files or grab one from [Flamingo-Tech’s] Tindie store.

We usually hear about mod-chips in relation to games, but we are happy to extend that honor to 3D printers. Have you ever fooled a “razor?”

Continue reading “Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter” →