Skip to content
Xiaomi Mi365 Scooter locker
Branch: master
Clone or download
Latest commit 3ad5f86 Feb 18, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app Init Feb 10, 2019
.gitignore Init Feb 10, 2019
LICENSE Create LICENSE Feb 11, 2019
README.md Update README.md Feb 18, 2019
build.gradle
gradle.properties Init Feb 10, 2019
gradlew
gradlew.bat Init Feb 10, 2019
settings.gradle Init Feb 10, 2019

README.md

XiaomiM365Locker

@RaniXCH

The app allows you to search for Xiaomi scooters lock & unlock the devices. This security concerned was put to the attention of Xiaomi and disclosed responsibly. Xiaomi responded it is publicly known and it is a third party.

PoC for iOS - https://github.com/chilik/Mi365Locker-iOS

References

Android library for BLE communication - https://github.com/Polidea/RxAndroidBle

Most of the BLE commands - https://github.com/maisi/M365-Power

Blog post - https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/

TODOs

  • Add check whether the BLE device is scooter by catching BadCharacteristic exception
  • Add remote install firmware from that code instead of different app.

Disclaimer

The app is intended to be used for education purposes only. Keep in mind not to risk your surroundings, add your scooter name or the mac address to whitelist.

You can’t perform that action at this time.