Xiaomi Mi Bluetooth LE Band Protocol reverse engineered!

Search This thread

motioncoding

Senior Member
Nov 23, 2011
53
17
Freiburg
www.motioncoding.com
Since there is no Forum for the Mi Band ...
After receiving my Mi Band yesterday I started digging inside the sourcecode of the Mi Band App to find out interesting stuff.

  1. It works with all BLE device, not only Xiaomi ones
  2. It uses an unsecure protocoll which can be reverse engineered, so you could build an API out of it or port it to other mobile OS.

I will update algorithms & the protocol asap, but there is already a lot of usefull stuff on the protocol inside my blog: http://allmydroids.blogspot.de/2014/12/xiaomi-mi-band-ble-protocol-reverse.html

If someone is interested in writing an API, contact me.
 

bitblaster

Senior Member
Sep 2, 2008
76
80
Padova
Great! But some questions:
1) when you say "I started digging inside the sourcecode" you mean the smali decompiled from the app apk, right? Or is there some open code I missed? :eek:

2) if we create an apk which exposes the API (for example via android intents) can it connect to the device at the same time with the original Mi app? Or is the pairing exclusive to an app so we have to hack the app itself (for example via an Xposed module)? (Note: I'm extremely ignorant about bluetooth LE).

Thank you!
 

motioncoding

Senior Member
Nov 23, 2011
53
17
Freiburg
www.motioncoding.com
Great! But some questions:
1) when you say "I started digging inside the sourcecode" you mean the smali decompiled from the app apk, right? Or is there some open code I missed? :eek:

Decompiled and looked at smali + java from smali (which skips stuff so make sure to check original smali, too)

if we create an apk which exposes the API (for example via android intents) can it connect to the device at the same time with the original Mi app? Or is the pairing exclusive to an app so we have to hack the app itself (for example via an Xposed module)? (Note: I'm extremely ignorant about bluetooth LE).

We are currently developing a BLE app to a customer and I agree that it is horrible. Android has really messed up everything they could when it comes to BLE.
Other apps could access at the same time. Pairing is done through the Android not the app itself. Although it could be that the band itself limits this somehow. I will check that soon.
 
  • Like
Reactions: bitblaster

NeoMatrixJR

Senior Member
Jun 25, 2009
253
14
Awesome...I'm glad I found this. I just got my band and didn't realize it only worked with the app from XIAOMI. Very disappointed. Also, I can't even set mine up right now. I set up an account and when I go to sign in it says I have the wrong password! When I go to reset the password it has to SMS me a verification code and it NEVER COMES. Total waste.

I hope you guys get this working soon and we can use it with apps that won't send our data back to mainland China. Do you know if this will work with 'Sleep as Android'? That's what I got this for. I thought it was a basic bluetooth device, not some proprietary POS.
 

motioncoding

Senior Member
Nov 23, 2011
53
17
Freiburg
www.motioncoding.com
Do you know if this will work with 'Sleep as Android'? That's what I got this for. I thought it was a basic bluetooth device, not some proprietary POS.

I uploaded a very first Android App today but it can do only very few things yet - but currently it doesn't do the setup. I don't know that app so I don't know if it can interact with other devices and if, how good. But the Miband can detect sleep phases (pretty good for me) and can wake you, so I guess it could be possible.
 

andbroe

Senior Member
Oct 17, 2007
90
20
I uploaded a very first Android App today but it can do only very few things yet - but currently it doesn't do the setup. I don't know that app so I don't know if it can interact with other devices and if, how good. But the Miband can detect sleep phases (pretty good for me) and can wake you, so I guess it could be possible.
Downloaded and tried to install your app. Unfortunately gave me an error. Looking forward to a new version.

Thanks for your effort [emoji106]
 

andbroe

Senior Member
Oct 17, 2007
90
20
Hello again,

downloaded and installed Android Studio. Compiled your project, all went quite smooth. Unfortunatly the app still does not quite work. Without the band close it quickly complains that there is no band around (good). With my miband close, it scans for ever (not good). Somehow it does not communicate with it.

The BLE Device Monitor detects it well.

Regards
 

tklim

New member
Mar 1, 2009
2
0
Hello again,

downloaded and installed Android Studio. Compiled your project, all went quite smooth. Unfortunatly the app still does not quite work. Without the band close it quickly complains that there is no band around (good). With my miband close, it scans for ever (not good). Somehow it does not communicate with it.

The BLE Device Monitor detects it well.

Regards

Hi,
I tried the same actions. Seems problem with discovering.
According to google:
startLeScan: Added in API level 18 This method was deprecated in API level 21.

Changed API from default 21 to 18 - nothing has changed.
MI device is visible in other BLE apps, in Bluetooth settings as well. Original translated app working well.
Nexus 4, android 4.4.4
Android Studio 1.0.1

Regards,
Klym
 

darren1

Senior Member
Oct 31, 2010
387
124
Could you get the Mi Band to sync with Google Fit?

---------- Post added at 09:45 PM ---------- Previous post was at 08:49 PM ----------

I uploaded a very first Android App today but it can do only very few things yet - but currently it doesn't do the setup. I don't know that app so I don't know if it can interact with other devices and if, how good. But the Miband can detect sleep phases (pretty good for me) and can wake you, so I guess it could be possible.

There is an api for Sleep as Android.

https://sites.google.com/site/sleepasandroid/doc/sleepcloud-api
 

jolle-pe

Senior Member
Aug 18, 2010
168
6
Near Hannover
Hi,

i try to connect my miBand with my laptop.
I found this site with some source code:
https://bitbucket.org/OscarAcena/mibanda

I installed all dependencies and run this as sudo python miband.py:

Code:
from gattlib import DiscoveryService

service = DiscoveryService("hci0")
devices = service.discover(2)

for address, name in devices.items():
    print("name: {}, address: {}".format(name, address))

But after 10 seconds, I get an empty result.

My hciconfig shows this:
Code:
[email protected]:~$ hciconfig
hci0:	Type: BR/EDR  Bus: USB
	BD Address: 00:C2:C6:59:91:73  ACL MTU: 310:10  SCO MTU: 64:8
	UP RUNNING PSCAN ISCAN 
	RX bytes:1475 acl:0 sco:0 events:71 errors:0
	TX bytes:1723 acl:0 sco:0 commands:47 errors:0

Does anyone know, what to do? :)
 
I just have a quick questions about the possible functionality of the MiBand and what has been discovered thus far. Can the LEDs be individually controlled? Also, I know you can dismiss an alarm by touching the MiBand, does it detect this touch through motion or is there a capacitive switch in the MiBand?

I don't know how much help I can be, but I'm just curious about the technologies that they've been able to pack into the band.
 

Bonoboo

Senior Member
Dec 30, 2012
2,561
3,949
Redmi Note 10 Pro
I know you can dismiss an alarm by touching the MiBand, does it detect this touch through motion or is there a capacitive switch in the MiBand?
Seems there is no "touchpad", when needed (alarm and pairing) bracelet just detect vibrations from finger knocks.
Very likely it's internal firmware function and can't be accessed outside.

Also some advertising: useful additions for Mi Band
 
  • Like
Reactions: Devo7v

ashutosh90

Member
Jan 4, 2015
47
9
@motioncoding
Can you please tell me what Bluetooth profiles are supported by Mi Band ?
For this:
1. Go to the Bluetooth settings on your phone
2. There you will see the names of Bluetooth devices listed including the Mi Band
3. There will be a gear (or options) icon beside the name... tap on that and please post a screenshot of the screen that appears.
Thank You
 

Top Liked Posts

  • There are no posts matching your filters.
  • 10
    Since there is no Forum for the Mi Band ...
    After receiving my Mi Band yesterday I started digging inside the sourcecode of the Mi Band App to find out interesting stuff.

    1. It works with all BLE device, not only Xiaomi ones
    2. It uses an unsecure protocoll which can be reverse engineered, so you could build an API out of it or port it to other mobile OS.

    I will update algorithms & the protocol asap, but there is already a lot of usefull stuff on the protocol inside my blog: http://allmydroids.blogspot.de/2014/12/xiaomi-mi-band-ble-protocol-reverse.html

    If someone is interested in writing an API, contact me.
    1
    Great! But some questions:
    1) when you say "I started digging inside the sourcecode" you mean the smali decompiled from the app apk, right? Or is there some open code I missed? :eek:

    Decompiled and looked at smali + java from smali (which skips stuff so make sure to check original smali, too)

    if we create an apk which exposes the API (for example via android intents) can it connect to the device at the same time with the original Mi app? Or is the pairing exclusive to an app so we have to hack the app itself (for example via an Xposed module)? (Note: I'm extremely ignorant about bluetooth LE).

    We are currently developing a BLE app to a customer and I agree that it is horrible. Android has really messed up everything they could when it comes to BLE.
    Other apps could access at the same time. Pairing is done through the Android not the app itself. Although it could be that the band itself limits this somehow. I will check that soon.
    1
    Yes and yes. The problem is during installation. "Error parsing the package"

    Ah you tried the .apk from /bin? Thats not working. You have to compile it. I will upload a working one when it has some more features.
    1
    I know you can dismiss an alarm by touching the MiBand, does it detect this touch through motion or is there a capacitive switch in the MiBand?
    Seems there is no "touchpad", when needed (alarm and pairing) bracelet just detect vibrations from finger knocks.
    Very likely it's internal firmware function and can't be accessed outside.

    Also some advertising: useful additions for Mi Band