Comments (28)
Btw: there is also a debug port on the top side. I didn't look at the pinout yet, but I'd assume you could even flash it without disassembling it, like you have to do no.
from dustcloud.
Here are some images of the robot:
Main board (has lots of tests points):
The connectors in the corners without soldered components look like USB:
The ESP32 is attached to the mainboard through the keyboard board:
Some pics of the robot as a whole:
from dustcloud.
@dgiese any ideas?
from dustcloud.
@phodina I think this uses the ESP32 as the CPU not only for bluetooth and wifi. Try to play with that pcb, maybe a serial output will give out some hints.
from dustcloud.
@xedsvg you mean there's actually no beefy processor running Linux but just tiny microcontroller like ESP32 running some RTOS or baremetal handling all the main tasks while the chip on the mainboard AM308S handles all the IO?
from dustcloud.
Don't take my word for it but that's my guess.
Linux would bloat the ESP32. You may be able to reverse engineer something from it tho.
If I were you, I would poke all the uart pins and see what's the deal between the AM308S and the ESP.
If you are lucky you might get some uart comunication and expand on that.
If that's not the case, see if you can dump the ESP. If it's encrypted use a power glitch.
If you can dump the firmware, search for strings inside of it, you may get the mqtt credentials. I would set up a mqtt proxy (IOXI) and replace them with the local proxy and see what's sending back.
from dustcloud.
The ESP32 is only doing WIFI/cloud communication. The robot also works with the ESP32 removed.
from dustcloud.
@xedsvg was able to extract the flash from the ESP32. no protection used. dump is readable.
ESP32 communicates with xiaomi cloud over tls-based protocol authenticating with device-specific keys. (derived from hardware, mac address?, fuses..?)
still need to find out what is sent over the UART between ESP and AM308S
from dustcloud.
protocol is simple text protocol using commands like: get_properties and action
from dustcloud.
I installed esphome on the ESP32 and am able to control it with it :-)
from dustcloud.
On the keyboard PCB there's debug port J1 which is exposed on the top of the robot if a plastic cover is removed. I haven't looked at the pinout though.
from dustcloud.
Nice @philhug, haven't had the time. I disassembled the device but didn't do into the pins.
Could you post the link to the firmware dump from the ESP32? I can I also dump mine and we can compare the differences.
from dustcloud.
I've been looking into routers/modems capable running OpenWrt. I can divert the attention to ESP32. And to make the robot be controlled by the commandes recived by the Wifi/Bluetooth. It's dirt cheap and would open new world of IoT devices.
from dustcloud.
@phodina I have it working as far to send commands to the robot to start/stop/dock get_properties,...
the only real thing I'm missing is the map.
from dustcloud.
Looking into this robot, could be interesting to replace the ESP32 with something like an Orange Pi Zero or similar board and install there Valetudo.
from dustcloud.
@daniel-dona no need to replace it, just flash esphome on it.
from dustcloud.
Valetudo does not run on ESP32, is a Node.js based tool/interface, too heavy for that SoC. https://github.com/Hypfer/Valetudo
from dustcloud.
I know, that's why I suggest to use esphome for the esp32.
from dustcloud.
Sure, but ESPhome is more like an interfacing software, Valetudo is an integrated dashboard... they can even integrate if Valetudo is installed outside the robot.
from dustcloud.
Some more information about this robot. The main chip is this one http://en.amicro.com.cn/?product/chip/master/1675.html
Looks like a purpose build SoC for vacuum cleaning robots with a custom SDK/RTOS (http://en.amicro.com.cn/?platform/open/), no Linux or something similar. Only 64 KB or SRAM anyway...
The debug port on the top looks like it's only an UART connection for debuging this Amicro AM380S chip. Nothing interesting but I logged it here: https://github.com/daniel-dona/xiaomi_MJSTG1_hacking/blob/main/main_bootlog.txt
from dustcloud.
Thanks for the log+finding the SoC.
I'm using the ESP32 mostly as an UART over Wifi bridge, so it would also be possible to run Valetudo externally.
The main thing I am missing at the moment are the commands for the map. Start/stop/dock are easy.
from dustcloud.
@daniel-dona I just looked at your dumps (ipc dump is what I am interested in) can you do a dump that contains some map updates during cleaning?
I replaced the firmware too early :-)))
from dustcloud.
@daniel-dona I just looked at your dumps (ipc dump is what I am interested in) can you do a dump that contains some map updates during cleaning? I replaced the firmware too early :-)))
I don't think so, the robot was just in my desk during the capture, but I will try to capture a whole cleaning session. Anyway I'm not sure the map is used for anything more than eye-candy in the Xiaomi App... no LiDAR or V/SLAM in this robot, so is more like the log of all the bumps with things around the house than something that is used during the cleaning session.
from dustcloud.
I don't think so, the robot was just in my desk during the capture, but I will try to capture a whole cleaning session. Anyway I'm not sure the map is used for anything more than eye-candy in the Xiaomi App... no LiDAR or V/SLAM in this robot, so is more like the log of all the bumps with things around the house than something that is used during the cleaning session.
Yeah, but it still builds some kind of map that resembles the room.
Also the reads/writes are somehow buffered in your log, so the commands are not in the correct order.
it should look like this:
> get_down
< down none
> get_down
< down ...
from dustcloud.
I don't think so, the robot was just in my desk during the capture, but I will try to capture a whole cleaning session. Anyway I'm not sure the map is used for anything more than eye-candy in the Xiaomi App... no LiDAR or V/SLAM in this robot, so is more like the log of all the bumps with things around the house than something that is used during the cleaning session.
Yeah, but it still builds some kind of map that resembles the room. Also the reads/writes are somehow buffered in your log, so the commands are not in the correct order. it should look like this:
> get_down < down none > get_down < down ...
That is because I captured only one line at a time, TX from the SoC or TX from the ESP32. I only have a cheap UART to USB adapter in hand currently :/
from dustcloud.
HI!
Do you have a firmware for ESP32 or dump? I need a dump to write flash.
from dustcloud.
@Petro0872 If you can write the flash you should also be able to dump it yourself.
What's the issue?
from dustcloud.
from dustcloud.
Related Issues (20)
- Privacy/homecalling of Dreame robots HOT 1
- Discussion: S6 MaxV UART pins HOT 1
- Replace soundpack on roborock s6 pure HOT 1
- Dreame Vacuum D9 is dead
- Which Xiaomi robot vacs ared supported?
- Roborock S5 Max firmware ver 1566 11/2021 confirmed rootable HOT 5
- SFTP support for Roborock HOT 4
- Support for Neato D8/D9/D10 HOT 2
- Support for Xiaomi Mi Robot Vacuum-Mop 2 Lite HOT 1
- Support for Dreame W10 rooting HOT 2
- Error while rooting xiaomi vacuum
- How to flash v8 to viomi v8 version? HOT 1
- Problem with voice generator
- docker-compose up -d --build fails with "SyntaxError: invalid syntax"
- Experience with STYTJ02YM robots HOT 14
- Vacuum mop 2 pro support?
- Roborock S5max update failed
- Region lock
- Roborock S5 Max soft-briked, then recovered
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dustcloud.