Air purifier with integrated DRM: the Xiaomi case

Air purifier with integrated DRM: the Xiaomi case

Xiaomi is one of the best-known manufacturers of electronic devices. It not only makes smartphones and tablets but also TVs, lighting devices, video surveillance solutions, earphones, robot vacuum cleaners/floor cleaners and much more. THE air purifiers they represent an important business line of the company: they are aesthetically appealing and efficient products, particularly skilled in removing particles suspended in the air, including allergens, dust, pollen and other pollutants. To get an idea, you can also find a wide selection of Xiaomi Air Purifier on Amazon Europe.

In general, however, Xiaomi brand air purifiers are reliable products, characterized by excellent quality value for money when compared to other options on the market. Many Xiaomi models implement a system three layers of filtration: pre-filter, HEPA filter and activated carbon filter. They are also equipped with sensors to constantly monitor the air quality.

How the DRM present on the filters works

However, a group of users noticed the presence of a chip in the lower part of the filters installed in air purifiers. This is a mechanism with which the device keeps track of the use of each filter and, once a certain period of time has passed, stops the operation of the machine by displaying an information on the screen (exhausted filter, with the indication 0%) .

The choice has been contested because, as an independent researcher observes, the result is the imposition of a system DRM (Digital Rights Management) on a consumable part such as a filter. In other words, the manufacturer does not allow you to reset the life cycle of the filter, especially if the user takes care to clean and sanitize it with the utmost care and regularity.

By resorting to the use of a device Proxmarka hardware accessory designed to perform research, development and analysis of radio frequency identification (RFID) systems, researchers were able to trace the password used to authenticate communications between the filter and the actual air purifier.

As can be seen from this Python code published on GitHub, the password calculation it is a direct function of the so-called UUID that is, the hexadecimal code associated with each filter on the market. Simply, an array of bytes is created starting from the UUID then the hash is calculated with the SHA-1 algorithm and finally the first 4 bytes of the string are taken into consideration to form the password, extracting the various parts – with a simple algorithm – from the previously calculated hash.

Writing data via an application that supports NFC

Thus, the Unethical developer created a simple JavaScript code that automates the process and, starting from the UUID code of a specific filter installed in the air purifier, instantly generates the password to be used to reprogram it. Bringing back his 100% autonomy.

This only involves using the free Android or iOS versions of the app NFC Tools, downloadable from the official project website. By holding your smartphone close to the filter, you can read and note the filter serial number (form Reading).

Touching the section instead Other Therefore Advanced NFC commandsand finally choosing NfcA (ISO 14443-3A)you can type the command of filter reset obtained previously in the field Data. To communicate with the NFC chip installed on the filter, you need to select the button Send command.

Obviously, as the author of the discovery explains, any changes always occur under the exclusive responsibility of the user who purchased the product. Furthermore, it is specified that the information shared is intended solely and exclusively for educational and personal study purposes.

The opening image is taken from the Xiaomi Air Purifier 4 Pro sheet.

Leave a Reply

Your email address will not be published. Required fields are marked *