I have Xiaomi YI (YHS-113) camera at home and once I was wondering what servers does it connects to and what information it transmits. I had caught camera traffic on my router while it was booting and working.
Analysis revealed the following:
- Camera tried to connect to more than 20 servers.
- A part of connection is TCP, and other part is UDP.
- Not all connections were established (a part of servers didn't answer).
- Most of servers are in China, but several servers are in Amazon Cloud.
- Camera transfers to the "log.xiaoyi.com" server information about settings and WiFi name & ssid (see below).
- Camera checks is your router is Xiaomi Router or not.
- Connection to the "api.xiaoyi.com" server is secured by HTTPS with TLS 1.2.
List of supported ciphers:
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_RC4_128_MD5
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
For clarity prepared scheme.
Dashed line is not established session.
Example of GET request to "log.xiaoyi.com":
/info.gif?p=home_v1&sysVersion=1.8.7.0C_201705091058&mac=00:11:22:33:44:55&key=1&didm=1&sn=1&tfstat=10000&hdSize=5832928&hdLeftSize=320160&silentmode=0&lightmode=1&isdaymode=0&packetloss=0&out_packetloss=100&is_video_viewing=0&p2pconnect=0&p2pconnect_success=0&ssid=ROUTERNAME&bssid=11:22:33:44:55:66&ptz_horizontal_flip=0&workmod=0&doreset=0&xiaomirouter=0&bind_success=0&start_with_reset=0&miio_send=11&miio_recv=0&motion=0&p2ptype=0&alarm_enable=0&record_num=0&systick=112&video=0&pic=0&gen_url_fail=0&gen_url=0&ban_dev=0&cgi_check_mirouter_ok_cnt=0&nslookup_check_mirouter_ok_cnt=0&tnp_init_status=1&tnp_p2p_mode_cnt=0&tnp_relay_mode_cnt=0&tnp_check_login_success_cnt=0&tnp_check_login_fail_cnt=0&tnp_connect_success_cnt=0&tnp_immediate_bitrate=0&uid=12345678901234567890 HTTP/1.1
Host: log.xiaoyi.com
Accept: */*
No comments:
Post a Comment