com.xiaomi-miio
com.xiaomi-miio copied to clipboard
Easy way to obtain tokens using iOS (NO jailbreak, NO backup, NO computer)
Obtain Mi Home device token on iOS without a jailbreak! It doesn't need any other device to get the tokens and can use the latest version of Mi Home for iOS.
Pros:
- Fast
- No jailbreak needed
- No backup needed
- No computer needed
- Works with the most recent version of the Mi Home app
Cons:
- Requires the paid Charles Proxy iOS app: https://apps.apple.com/app/charles-proxy/id1134218562
How it works
Your device should already have been setup using the Mi Home iOS app.
- Make sure to force close the Mi Home app. We want a fresh start.
- Download the Charles Proxy iOS app.
- Once asked for permission to install VPN Configurations, tap Allow.
- The app will start the proxy and should show it’s active.
- Tap the gear icon in the top left. Then tap SSL Proxying.
- At the bottom of the screen you can find instruction for or installing and trusting the Charles Proxy CA Certificate. Follow the instructions, install the Certificate and make sure that the Certificate Status shows “Trusted” when you come back in the Charles Proxy app.
- Now toggle the Enabled switch in the SSL Proxying screen to on and go back (close the settings menu) to the main screen of the app.
- Open the Mi Home app and let it fully load.
- Switch back to the Charles Proxy app and tap on the Current Session.
- You should see a lot of request, but we’re looking for “de.api.io.mi.com”. Tap on it.
- Tap Enable SSL Proxying.
- Go back to the main screen of the app and clear the Current Session by swiping to the left and tap “Clear”.
- Force close the Mi Home app and open it again. Let it fully load.
- Go back to Charles Proxy and tap on the new Current Session.
- Look for “de.api.io.mi.com” again, and tap it.
- Look for “app/v2/home/device_list_page”, and tap it.
- Scroll down to the Response Body and tap View body.
- BOOM! You should now see a (json) list of your devices, including their device tokens, local IP and device id’s!
Example output for the Xiaomi Air Purifier 3H:
{"code":0,"message":"","result":{"list":[{"did":"30XXXXXXX","uid":155XXXXXXX,"token":"3aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX","name":"Mi Air Purifier 3H","pid":0,"localip":"192.168.86.XX","mac":"5C:XX:XX:XX:XX:XX","ssid":"Google Wifi","bssid":"70:XX:XX:XX:XX:XX","rssi":-37,"longitude":"0.00000000","latitude":"0.00000000","show_mode":1,"model":"zhimi.airpurifier.mb3","permitLevel":16,"isOnline":true,"spec_type":"urn:miot-spec-v2:device:air-purifier:0000A007:zhimi-mb3:1","extra":{"isSetPincode":0,"fw_version":"2.0.7","mcu_version":"0009","isSubGroup":false},"orderTime":1592583396}],"next_start_did":"30XXXXXXXX","has_more":false}}
Came here to share this as well. Looks like @basvdploeg already has!
man, thanks!!!! the only way to get it.
I’m curious if this would work with the Roborock app too. If it’s giving you the full decrypted traffic shouldn’t it work with Roborock too?
i can see all tokens, i have yeelights, mi hub, aqara hub, fan
I’m curious if this would work with the Roborock app too. If it’s giving you the full decrypted traffic shouldn’t it work with Roborock too?
No it is not, already tried that :(
UPDATE @2020-09-22: This method is not working anymore. The latest Mi Home App encrypted the response data of the API. It needs to do some reverse engineering with the Mi Home App to figure out how does the data decrypted in the client-side. Can anyone help with this?
I've found another ios app that can also obtain the token with the latest version of Mi Home
app, and much cheaper (Free). Also NO jailbreak, NO backup, NO computer.
Here is my step:
- Install the
Stream
app: https://apps.apple.com/app/stream/id1312141691 - Tap
HTTPS Sniffing
underSettings
, flow the instruction of theStream
to install and trust the CA. - Force close all your background app except the
Stream
and theMi Home
(NOTICE: You don't need to close the Mi Home app), so we can get a clean result after a sniff. - Tap
Sniff Now
on the top of the screen. - Switch to the
Mi Home
app, and turn on/off arbitrary one of your devices to make sure theMi Home
app had loaded the tokens to control the devices. - Switch back to the
Stream
app and tapStop Sniffing
, then tapSniff History
, then tap the history session which just generated. - Tap the
Search
icon on the top right of the screen, search for the keyword ofdevice_list_page
. - You may get one or two search results, tap into it. Switch the tab to
Response
and tap thePreview Response Body
on the bottom of the screen. - BOOM! You should now see a (JSON) list of your devices, including their device tokens, local IP and device id’s!
These steps work fine for now (2020/09/08), but they may fail in the future.
on my experience, I can't retrive the token with the roborock app. I used both Stream and another app for sniffing packets, but no token. It's a pitty because I see the name of my device for example. I tried from LTE, not wifi. I didn't think from my wifi network can change anything... You had a great idea, for now it didn't work on my iphone8.
arg.... I didn't switch off / on the device! I will try this evening when I return home
Looks like they encrypt the response body now. Damn
Check this script to extract from ios backup
https://github.com/LeoMartinDev/Mi-Home-token-extractor
Also trough openHAB binding i had the easiest way to obtain the tokens: https://www.openhab.org/addons/bindings/miio/
I tried the above method just now on MacOS 12.0.1 Monterey, and it worked like charm.
- Cloned the repo
- Installed nove V12
npm install -g n sudo n i 12
- Made a local backup (unencrypted) from my iPhone
- Ran the token extractor
npm i npm start
It produced a nicely colored output with IP and token.
Closing old issues. There are now easier and free ways to obtain tokens.
This app needs financial support for further development and upgrade to SDK3. For more info see: https://community.homey.app/t/app-pro-xiaomi-mi-home-app-for-wifi-devices/118/943