You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
rani-i 3ad5f867d8
Update README.md
1 year ago
app Init 1 year ago
.gitignore Init 1 year ago
LICENSE Create LICENSE 1 year ago
README.md Update README.md 1 year ago
build.gradle Init 1 year ago
gradle.properties Init 1 year ago
gradlew Init 1 year ago
gradlew.bat Init 1 year ago
settings.gradle Init 1 year ago

README.md

XiaomiM365Locker

@RaniXCH

The app allows you to search for Xiaomi scooters lock & unlock the devices. This security concerned was put to the attention of Xiaomi and disclosed responsibly. Xiaomi responded it is publicly known and it is a third party.

PoC for iOS - https://github.com/chilik/Mi365Locker-iOS

References

Android library for BLE communication - https://github.com/Polidea/RxAndroidBle

Most of the BLE commands - https://github.com/maisi/M365-Power

Blog post - https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/

TODOs

  • Add check whether the BLE device is scooter by catching BadCharacteristic exception
  • Add remote install firmware from that code instead of different app.

Disclaimer

The app is intended to be used for education purposes only. Keep in mind not to risk your surroundings, add your scooter name or the mac address to whitelist.