As stated in the first post, the main PCBA contains a Fremont EEPROM. I used one of many Chinese flash tools (mine is a SP8-F made by fly-pro…)
ROM dump:
The first thing I do with a ROM dump is to analyze the data using a website called : http://binvis.io I then upload my binary to the website.
This website will allow you to find readable text very quickly by index readable text with a color.

what do we see when we analyze this dump:

we see in ASCII: Smartmi_air_ma4. and that’s it.
Xiaomi is probably using this EEMPROM to identify its devices. On all their air purifiers they are probably running the same firmware (that’s what i would do) and they are using some cheap pre-programmed EEPROM to define what device it is.
nothing exciting here 🙁 more will come 😉
perfekter Artikel danke
Hello! How do you think where (and how) it generate token for MiApp?
No I have no clue how they are generated
Could it be possible to have a China-bound air purifier connect to Europe servers and viceversa by tampering with the EEPROM?
I think so yes! I have not tried anything like that before 🙂