We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

IoT VILLAGE - How to modify ARM Cortex M-based firmware: A step-by-step approach for Xiaomi IoT Devices

Formal Metadata

Title
IoT VILLAGE - How to modify ARM Cortex M-based firmware: A step-by-step approach for Xiaomi IoT Devices
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Many IoT devices use an ARM Cortex-M based MCU and run some kind of RTOS/"bare metal" OS. In comparison to Linux-based firmwares it is a lot more difficult to modify the firmware. If you want to change the functionality you usually have the choice between rewriting the whole firmware yourself or do binary patching manually. In this talk we would like to demonstrate an easier method and show a step-by-step approach. You will see how to get access to the firmware of different Xiaomi Cloud products like lightbulbs or smart home gateways. Their IoT devices are unable to function fully without cloud connection. The connection to the cloud is protected by AES and a unique device key. Data generated by the devices gets uploaded to the cloud of the vendor (e.g. Logfiles, etc.). In May 2018 a subcontractor of Xiaomi, Yeelight, denied EU-based users and their devices access to their cloud infrastructure due the GDPR. To become independent from the vendor the way to go might be to modify or replace the firmware in the device. For that, we are not only using methods that require opening the devices but also methods which leave the devices intact. The Nexmon framework (by the SEEMOO Lab) is used to alter the firmware of the ARM-based IoT devices. The modified firmware is then used to extract secrets which are needed to run the IoT devices with your own cloud software. It is also possible to easily implement completely new functions into the firmware using C code.