DRM air filter? Hacker retreats with NFC sticker
The [Flamingo-tech] Xiaomi Air Purifier has an interesting safety feature: it will refuse to work if a filter needs to be replaced. Of course, by "neat" we mean "boring". Especially when the purifier seems to deem a filter useless much sooner than it should. Your environment is relatively clean and the filter still has feet? Do you use a secondary pre-filter to extend filter life? Hard! Time is up. Not only is it inefficient, but it's wasteful.
Each Xiaomi filter contains an NTAG213 NFC tag with a unique identifier and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the Purifier could not be created. So far, that is. [Flamingo-tech] shared the discovery of how Xiaomi generates the password for the communication between the filter and the purifier.
A small NFC sticker is now enough for the purifier to recognize a filter as new.[Flamingo-tech] has long been a proponent of tricking Xiaomi purifiers into acting differently. In the past, this meant installing a microchip to hijack the DRM process. It's a classic method of circumventing nonsensical DRM on things like label printers and dishwashers, but in this case the reverse-engineering efforts paid off.
It's now possible to create simple NFC stickers that follow all the right rules. Is a filter timed out according to the NFC sticker, but it's clearly still good? Just peel off that NFC sticker and stick a new one, and as far as the purifier goes, it's a new filter!
If you're interested in the reverse engineering trail, there's a GitHub repository with all the data. And for those who want to buy compatible NFC stickers, [Flamingo-tech] has some for sale.
The [Flamingo-tech] Xiaomi Air Purifier has an interesting safety feature: it will refuse to work if a filter needs to be replaced. Of course, by "neat" we mean "boring". Especially when the purifier seems to deem a filter useless much sooner than it should. Your environment is relatively clean and the filter still has feet? Do you use a secondary pre-filter to extend filter life? Hard! Time is up. Not only is it inefficient, but it's wasteful.
Each Xiaomi filter contains an NTAG213 NFC tag with a unique identifier and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the Purifier could not be created. So far, that is. [Flamingo-tech] shared the discovery of how Xiaomi generates the password for the communication between the filter and the purifier.
A small NFC sticker is now enough for the purifier to recognize a filter as new.[Flamingo-tech] has long been a proponent of tricking Xiaomi purifiers into acting differently. In the past, this meant installing a microchip to hijack the DRM process. It's a classic method of circumventing nonsensical DRM on things like label printers and dishwashers, but in this case the reverse-engineering efforts paid off.
It's now possible to create simple NFC stickers that follow all the right rules. Is a filter timed out according to the NFC sticker, but it's clearly still good? Just peel off that NFC sticker and stick a new one, and as far as the purifier goes, it's a new filter!
If you're interested in the reverse engineering trail, there's a GitHub repository with all the data. And for those who want to buy compatible NFC stickers, [Flamingo-tech] has some for sale.
What's Your Reaction?
