Giter VIP home page Giter VIP logo

Comments (5)

atc1441 avatar atc1441 commented on August 20, 2024 2

It is very simple to deactivate the ota function. It is also possible to do something like a password you can set before the ota update is working. See the ota part in the firmware.

The stock firmware is spoof proog with the encryption because if someone would repair the device and "spoof" something the encryption key would change you and the previous encryption does not work anymore and your will not get false positives. It is of course still possible to load a new firmware on to it and brake it but not in a spoof way, only talking about stock firmware here

from atc_mithermometer.

atc1441 avatar atc1441 commented on August 20, 2024

You are right with the OTA update
A more secure version could be implemented but is not right now.

When you use the stock firmware with the encryption key it should be spoofproof. Right now the custom firmware does not use any encryption

from atc_mithermometer.

bangom avatar bangom commented on August 20, 2024

You are right with the OTA update
A more secure version could be implemented but is not right now.

When you use the stock firmware with the encryption key it should be spoofproof. Right now the custom firmware does not use any encryption

But because anybody in the BTLE range can Activate the device and reset Token, even original Firmware is not hackproof? Because you are Telink expert... is there a HW option to disable OTA updates? I really don't like the idea that any thermometer is open to OTA updates / reactivation by anybody...

from atc_mithermometer.

ejalal avatar ejalal commented on August 20, 2024

Good spot @bangom, but this is the case for the original firmware too. You should go complain at Xiaomi for not securing the original firmware first but if they listen it will not be possible to hack them like @atc1441 did brilliantly.

from atc_mithermometer.

wwwouter avatar wwwouter commented on August 20, 2024

I would love to have an option where I can set a password, and then afterwards every action will need that password, or it will fail.

from atc_mithermometer.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.