-
-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fully isolated LAN only communication, without Mi Home #1049
Comments
I have an Xiaomi air purifier and vacuum (vacuum doesn't work with Home Assistant but it stays connected to the AP and the token doesn't change) that is in a house that has no internet connection but has a WiFi network for Home Assistant and a few other devices. I was able to trick the air purifier/vacuum into connecting to the WiFi network with no internet connection by turning off the router, naming my phone's internet sharing (tethering) name and password the same as the router, connecting the air purifier/vacuum to my phone using the Mi Home app, and then when everything is setup, turn off the phone tethering and turn on the router. The air purifier and vacuum seems to have connected to the original AP with no internet connection, and I can use the various methods to get the tokens from Xiaomi's servers. It's been a week and the air purifier is still working with Home Assistant, so I think the token only changes when you actually force reset the WiFi connection to something new... Unfortunately it requires a connection to get setup, but seems to work without one after that initial setup. |
I can confirm this method works fine with both the xiaomi air purifiers as well as my 1C vacuum. Initial setup on xiaomi's cloud, pull the token, once everything is working locally, isolate it from WAN access. I have had my air purifiers running like this for a couple of years now no problem. The 1C vacuum I have just bought but so far 1 week no problem. I have a xiaomi humidifer that does not like this. After some time, it will stop responding to locally issued commands (via miiocli) unless it has WAN access. EDIT : Most probably know this, but I'll restate... if it all possible isolate all your iot devices from accessing the WAN unless you need 'their' cloud for something... When at all possible I even go as far as blocking dns access so the device is completly in the dark as far as WAN connectivity is concerned.
|
Related: #334 — I made https://codeberg.org/valpackett/micloudfaker to replace the cloud (turns out the power strip only needs the "cloud" to respond to pings, all other messages can be ignored by the cloud). I wonder if this might be enough for your humidifier as well. |
Sorry for digging up long dead topic, but just in case someone reads this in the future :) This doesn't work for any modern (2020+) xiaomi device. Oldest ones I can note are air purifier 3h and air humidifier 2. Anything that connects to the cloud via https has to perform ssl handshake to bother about (encrypted!) heartbeats. No handshake - wifi reconnects every 15 minutes. Sending tcp/udp rejects, dropping traffic, even redirecting https traffic to netcat listening on 443 just to allow device to get response to tcp syn doesn't change this behavior. Unless someone can develop basic dummy server that supports ssl and uses mijia cloud's private key I don't think there is anything that we can do. |
@szymucha94 thanks for that comment! I have this issue without any traffic restriction on my router (yet), and it really reconnects in few seconds. I just wonder why this happened to me when I still have connection to Xiaomi server. Do you have any idea? |
@Silicon51 dump the traffic between xiaomi device and AP with tcpdump (on router's 2.4GHz wlan interface) and check it in wireshark. For me it's easy because my router (ap) has openwrt, so it's just a matter of installing tcpdump with opkg and downloading the dump file with ssh. |
Hello. I have purifier Pro, and AP with OpenWRT.
And then connect it to my WiFi (via python):
It join my net, I can ping it, but in tcpdump I don't see nothing like as new token. UPD: Some additional info.
Captured packets from device to Destination: ot.io.mi.com (20.47.118.125) contains |
@tonyich You might be able to liberate your device: https://github.com/dhewg/esphome-miot |
Thanks for posting this. I never would have found it otherwise. It doesn't seem to show up in search results even when specifically searching for it. I can confirm that it works on a 4 Lite, and not only fixes the requirement to have internet access, but it also fixes the bug in the Xiaomi firmware that prevents the device from responding to hosts in a different subnet. |
That project looks interesting! Feel free to create a PR to add it to the "other related projects" section of the README file, maybe that will help make it more discoverable. |
@rytilahti I submitted a change proposal |
@helgek sorry, I couldn't find your proposal, would you mind linking it here? |
Is your feature request related to a problem? Please describe.
Starting from 2019, Xiaomi devices started to reset the token after connecting to the WiFi network. Before that, I could have connected without Mi Home, just using miiocli from the node package, miio. Some says, that if the network is VLAN isolated, the problem isn't present, but it is. My network is in a VLAN, isolated from WAN, communicates only to and from LAN.
Describe the solution you'd like
I would like to look for a solution that makes it possible not to use Mi Home, and have the devices fully isolated from the WAN network
The text was updated successfully, but these errors were encountered: