Xiaomi Air Purifier 3H Reverse Engineering Part 2: Fremont EEPROM dump

As stated in the first post, the main PCBA contains a Fremont EEPROM. I used one of many Chinese flash tools (mine is a SP8-F made by fly-pro…)

ROM dump:

The first thing I do with a ROM dump is to analyze the data using a website called : http://binvis.io I then upload my binary to the website.

This website will allow you to find readable text very quickly by index readable text with a color.

Binvis.io example

what do we see when we analyze this dump:

Xiaomi dump in Binvis.sio

we see in ASCII: Smartmi_air_ma4. and that’s it.
Xiaomi is probably using this EEMPROM to identify its devices. On all their air purifiers they are probably running the same firmware (that’s what i would do) and they are using some cheap pre-programmed EEPROM to define what device it is.

nothing exciting here 🙁 more will come 😉

5 comments

  1. Could it be possible to have a China-bound air purifier connect to Europe servers and viceversa by tampering with the EEPROM?

Leave a comment

Your email address will not be published. Required fields are marked *