Xiaomi M365 Battery Fault? Just Remove A Capacitor

Electric scooters have long been a hacker’s friend, Xiaomi ones in particular – starting with M365, the Xiaomi scooter family has expanded a fair bit. They do have a weak spot, like many other devices – the battery, something you expect to wear out.

Let’s say, one day the scooter’s diagnostics app shows one section of the battery going way below 3 volts. Was it a sudden failure of one of the cells that brought the whole stage down? Or perhaps, water damage after a hastily assembled scooter? Now, what if you measure the stages with a multimeter and it turns out they are perfectly fine?

Turns out, it might just be a single capacitor’s fault. In a YouTube video, [darieee] tells us all about debugging a Xiaomi M365 battery with such a fault – a BQ76930 controller being responsible for measuring battery voltages. The BMS (Battery Management System) board has capacitors in parallel with the cells, and it appears that some of these capacitors can go faulty.

Are you experiencing this particular fault? It’s easy to check – measure the battery stages and see if the information checks out with the readings in your scooter monitoring app of choice. Could this be a mechanical failure mode for this poor MLCC? Or maybe, a bad batch of capacitors? One thing is clear, this case is worth learning from, adding this kind of failure to your collection of fun LiIon pack tidbits. This pack seems pretty hacker-friendly – other packs lock up when anything is amiss, like the Ryobi batteries do, overdue for someone to really spill their secrets!

Continue reading “Xiaomi M365 Battery Fault? Just Remove A Capacitor”

Converting Bluetooth Sensors To Zigbee

With the increase in popularity of Internet of Things (IoT) devices and their need to communicate wirelessly,  there’s been a corresponding explosion of wireless protocols to chose from. Of course there’s Wi-Fi and Bluetooth, but for more specialized applications there are some other options like Z-Wave, LoRa, Sigfox, and Thread. There’s a decent amount of overlap in their capabilities too, so when [SHS] was investigating some low-cost Xiaomi sensors it was discovered that it is possible to convert them from their general purpose Bluetooth protocol over to the more IoT-specialized Zigbee protocol instead.

These combination temperature and humidity sensors have already been explored by [Aaron Christophel] who found that it’s possible to flash these devices with custom firmware. With that background, converting them from Bluetooth to Zigbee is not a huge leap. All that’s needed is the Zigbee firmware from [Ivan Belokobylskiy] aka [devbis] and to follow the steps put together by [SHS] which include a process for flashing the firmware using an over-the-air update and another using UART if the wireless updates go awry. Then it’s just a short process to pair the new Zigbee device to the network and the sensor is back up and running.

Converting from one wireless protocol to another might not seem that necessary, but using Bluetooth as an IoT network often requires proxy nodes as support devices, whereas Zigbee can communicate directly from the sensor to a hub like Home Assistant. Other Zigbee devices themselves can also act as a mesh network of sorts without needing proxy nodes. The only downside of this upgrade is that once the Bluetooth firmware has been replaced, the devices no longer has any Bluetooth functionality.

Thanks to [RoganDawes] for the tip!

A Xiaomi 3 Lite dashboard with the panel taken off and the PCB visible, four wires connected to the SWD header.

Xiaomi Scooter Firmware Hacking Gets Hands-On

Scooter hacking is wonderful – you get to create a better scooter from a pre-made scooter platform, and sometimes you can do that purely through firmware modifications. Typically, hackers have been uploading firmware using Bluetooth OTA methods, and at some point, we’ve seen the always-popular Xiaomi scooters starting to get locked down. Today, we see [Daljeet Nandha] from [RoboCoffee] continue the research of the new Xiaomi scooter realities, where he finds that SWD flashing is way more of a viable avenue that we might’ve expected. Continue reading “Xiaomi Scooter Firmware Hacking Gets Hands-On”

Air Filter DRM? Hacker Opts Out With NFC Sticker

[Flamingo-tech]’s Xiaomi air purifier has a neat safety feature: it will refuse to run if a filter needs replacement. Of course, by “neat” we mean “annoying”. Especially when the purifier sure seems to judge a filter to be useless much earlier than it should. Is your environment relatively clean, and the filter still has legs? Are you using a secondary pre-filter to extend the actual filter’s life? Tough! Time’s up. Not only is this inefficient, but it’s wasteful.

Every Xiaomi filter contains an NTAG213 NFC tag with a unique ID and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the purifier could not be created. Until now, that is. [Flamingo-tech] has shared the discovery of how Xiaomi generates the password for communication between filter and purifier.

A small NFC sticker is now all it takes to have the purifier recognize a filter as new.

[Flamingo-tech] has long been a proponent of fooling Xiaomi purifiers into acting differently. In the past, this meant installing a modchip to hijack the DRM process. That’s a classic method of getting around nonsense DRM on things like label printers and dishwashers, but in this case, reverse-engineering efforts paid off.

It’s now possible to create simple NFC stickers that play by all the right rules. Is a filter’s time up according to the NFC sticker, but it’s clearly still good? Just peel that NFC sticker off and slap on a new one, and as far as the purifier is concerned, it’s a new filter!

If you’re interested in the reverse-engineering journey, there’s a GitHub repository with all the data. And for those interested in purchasing compatible NFC stickers, [Flamingo-tech] has some available for sale.

100% display from filter screen and the responsible mod chip

Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter

The “razor and blades model” probably set a lot of young hackers on their current trajectory. If we buy a widget, we want to pick our widget refills instead of going back to the manufacturer for their name-brand option. [Flamingo-Tech] was having none of it when they needed a new filter for their Xiaomi air purifier so they set out to fool it into thinking there was a genuine replacement fresh from the box. Unlike a razor handle, the air purifier can refuse to work if it is not happy, so the best option was to make a “mod-chip.”

The manufacturer’s filters have a Near-Field Communication (NFC) chip and antenna which talk to the base station. The controller receives the filter data via I2C, but the mod-chip replaces that transmitter and reassures the controller that everything is peachy in filter town. On top of the obvious hack here, [Flamingo-Tech] shows us how to extend filter life with inexpensive wraps, so that’s a twofer. You can create your own mod-chip from the open-source files or grab one from [Flamingo-Tech’s] Tindie store.

We usually hear about mod-chips in relation to games, but we are happy to extend that honor to 3D printers. Have you ever fooled a “razor?”

Continue reading “Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter”

19 Coils Make Charging Wireless

Wireless charging is conceptually simple. Two coils form an ad hoc transformer with the primary in the charger and the secondary in the charging device. However, if you’ve ever had a wireless charging device, you know that reality can be a bit more challenging since the device must be positioned just so on the charger. Xiaomi has a multi-coil charger that can charge multiple devices and is tolerant of their positioning on the charger. How does it work? [Charger Lab] tears one apart and finds 19 coils and a lot of heat management crammed into the device.

The first part of the post is a terse consumer review of the device, looking at its dimensions and features. But the second part is when the cover comes off. The graphite heat shield looks decidedly like an accidental spill of something, but we’re sure that’s just how it appears. The coils are packed in tight in three layers. We have to wonder about their mutual interactions, and we assume that only some of them are active at any given time. The teardown shows a lot of the components and even pulls datasheets on many components, but doesn’t really go into the theory of operation.

Still, this is an unusual device to see from the inside. It is impressive to see so much power and thermal management in such a tiny package. We wonder that we don’t see more wireless charging in do-it-yourself projects. We do see some, of course. Not to mention grafting a charging receiver to an existing cell phone.

Exploring Custom Firmware On Xiaomi Thermometers

If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.

Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.

You could probably build your own…but why?

It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.

We first brought news of his ambitious project to create an open source firmware for these low-cost sensors last month, and unsurprisingly it generated quite a bit of interest. After all, folks taking existing pieces of hardware, making them better, and sharing how they did it with the world is a core tenet of this community.

Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.

Continue reading “Exploring Custom Firmware On Xiaomi Thermometers”