How to find out the token vacuum cleaner Xiaomi Mi Robot Vacuum: 5 proven ways

Why Xiaomiโ€™s vacuum cleaner token is so important โ€“ and where to look for it

The Mi Home Token is a unique digital key that connects your Xiaomi Mi Robot Vacuum robot vacuum cleaner to the company's cloud services, and without it, you can't connect your device to third-party applications like Home Assistant, ioBroker, or alternative firmware like Valetudo. But here's the problem: Xiaomi doesn't provide the token in plain sight. It needs to be extracted yourself, and that's where the trouble starts.

In this article, we will discuss 5 working methods for obtaining a token (including current ones for 2026), explain why some methods have stopped working, and warn against common errors. Particular attention will be paid to Mi Robot Vacuum-Mop 2 Pro, S7 and X10+ models, where the process is different from the old versions. If you plan to integrate a vacuum cleaner into a smart home or just want a backup of a token, read on.

โš ๏ธ Important: Token extraction may violate the terms of Xiaomiโ€™s user agreement.We do not recommend using the token for illegal purposes (for example, bypassing regional restrictions.

Method 1: Retrieval of the token through Mi Home (official application)

The easiest method is to get the token directly from the Mi Home app, but it only works for devices connected to a Xiaomi account before November 2021. After that, the company tightened the protection, and the token stopped showing up in the logs. If your vacuum cleaner is connected later, go to Method 2.

Instructions for Android:

  1. Open Mi Home and make sure the vacuum cleaner is online.
  2. Go to Profile โ†’ Settings โ†’ About the program โ†’ Application version.
  3. Slip 5 times on the line with the version until the wording โ€œDebugging is enabledโ€ appears.
  4. Return to the main menu and open the device. โ†’ Your vacuum cleaner. โ†’ Three-pointed (โ‹ฎ) โ†’ About the device.
  5. Scroll down and click Logs (or Export Logs).
  6. In the file that opened. mihome_logs.zip Find the folder with the name of your vacuum cleaner and open the file device_token.dat.

โš ๏ธ Note: On iOS, this method does not work โ€“ Apple blocks access to application logs. Xiaomi can close this โ€œloopholeโ€ at any time with an update of the application.

The device is connected to the Xiaomi account until November 2021

Mi Home is not newer than 6.4.100 (the latest versions block logs)

On the phone enabled debugging over USB (for backup logs)

Log file saved to a safe place (token may be needed later)-->

Method 2: Using a Python script miio extractor

If the official method doesnโ€™t work, youโ€™ll have to resort to automated extraction through Python, which is suitable for all Xiaomi Mi Robot Vacuum models, including the new S7 MaxV and X10+, but requires minimal technical skills.

You'll need:

  • ๐Ÿ’ป Computer with Python 3.8+ (Windows, macOS or Linux)
  • ๐Ÿ“ฑ Android smartphone with Mi Home and enabled debugging USB
  • ๐Ÿ”Œ Cable USB connect phone to PC
  • ๐Ÿ“ฆ Installed packages: adb, python-miio

Step-by-step:

  1. Download the repository mihome_extractor and unpack it.
  2. Connect your phone to your PC, allow debugging over USB and execute the command: adb backup -f mihome.ab com.xiaomi.smarthome A backup request will appear on the phone - confirm (do not set a password!).
  3. Stop the copying process (sufficiently enough) 1-2 MBT).
  4. Run the extraction script: python mihome_extractor.py mihome.ab
  5. In the output folder, the device.csv file will appear โ€“ there will be tokens of all your Xiaomi devices.

๐Ÿ’ก If the script gives a Java heap space error, reduce the backup size by interrupting it earlier, or add a flag. --no-compress adb backup.

What to do if the script does not find the token?
If there is no token in the device.csv file, check: 1. Mi Home version is in newer versions (6.5).+) The data is encrypted differently. 2. The region of the account is for China (cn server) the token is extracted differently. 3. The presence of root rights on the phone - without them, some data may not be copied. MITM-proxy (Method 4).

Method 3: Receiving a token through a terminal (for firmware with ADB)

This method is suitable for vacuum cleaners on custom firmware (for example, Valetudo) or devices with enabled ADB-If your Xiaomi Mi Robot Vacuum runs on Xiaomi stock firmware, skip this section.

Instructions:

  1. Connect to the vacuum cleaner SSH or ADB (For example, through adb connect [IP-address]).
  2. Execute the command to read the token from the configuration file: cat /mnt/default/miio/miio_conf.json | grep "token"
  3. If the file is missing, try the alternative path: cat /mnt/UDISK/miio/device.token

โš ๏ธ Attention: On new models (S7, X10+) The token can be stored in encrypted form. its decoding will require a key that is extracted separately (see Method 4).

Model vacuum cleanerThe path to the tokenIs root required?Notes
Mi Robot Vacuum 1S/mnt/default/miio/miio_conf.jsonNo.Token in plain form
Mi Robot Vacuum-Mop 2/mnt/UDISK/miio/device.tokenYes.File secure, need a key
Xiaomi S7 / X10+/mnt/data/miio/device.confYes.Token encrypted, MITM required

Method 4: Intercepting a token through MITM-Proxies (for experienced users)

If previous methods have failed, the most difficult, but universal way is to intercept traffic between the Mi Home app and Xiaomi servers. MITM-Proxies (such as Charles or Fiddler) and trick your phone into sending requests through your computer.

What will be required:

  • ๐Ÿ–ฅ๏ธ PC with Charles Proxy or mitmproxy installed
  • ๐Ÿ“ฑ Android smartphone with proxy certificate (rooting is not necessary)
  • ๐ŸŒ Stable Internet connection

Step-by-step:

  1. Install and run Charles Proxy on PC.
  2. On your phone, connect to the same Wi-Fi network as your PC.
  3. In the Wi-Fi settings on your phone, specify a proxy server (your PCโ€™s IP and port 8888).
  4. Install the Charles certificate on your phone (instructions in the program documentation).
  5. Start Mi Home, log in and wait for the devices to sync.
  6. At Charles, filter queries by domain api.io.mi.com.
  7. Find the request with the path /home/device/list โ€“ the answer will be JSON with tokens.

๐Ÿ” How to find a token in the answer: Look for the token field in the device objects:

{


"did": "123456789",




"token": "5f4dcc3b5aa765d61d8327deb882cf99",




"name": "Mi Robot Vacuum"




}

1.The phone has disabled a VPN or other proxy.

2.Charles has SSL Proxying enabled for api.io.mi.com.

3.Charles Certificate is set as Trusted in Android Settings.-->

Method 5: Requesting a token through the Xiaomi cloud (alternative API)

This method is suitable for users who have access to the Xiaomi Cloud API. It does not require hacking or interception of traffic, but you need credentials from the Xiaomi account (login and password).

Instructions:

  1. Get userId and ssecurity (session key) through the request to API: curl 'https://account.xiaomi.com/pass/serviceLogin?sid=miui_intl&_json=true' \ -H 'Content-Type: application/x-www-form-urlencoded' \ --data-raw '_json=true&sid=miui_intl&user=your email&hash=MD5(password)'
  2. Use the data to request a list of devices: curl 'https://api.io.mi.com/app/home/device_list' \ -H 'x-xiaomi-protocal-flag-cli: PROTOCAL-HTTP2' \ -H 'Cookie: userId=your userId; serviceToken=your security'
  3. In the answer, find the array "list" - there will be tokens of all devices.

โš ๏ธ Xiaomi may block the account for frequent requests to the API. Do not abuse this method and use official SDK, If you plan to automate.

Mi Home (logs)|Python script |Terminal (ADB)|MITM-proxy|Xiaomi|Cloud Hasn't tried-->

Frequent Mistakes and How to Avoid Them

Even following the instructions, users often encounter problems, and here are the most common mistakes and solutions:

  • ๐Ÿ”„ Token not found in Mi Home logs โ†’ Check the version of the application (should be no newer than 6.4.100) or use a Python script.
  • ๐Ÿ”’ The authentication error in Charles Proxy โ†’ Make sure the certificate is installed as trusted and disabled VPN.
  • ๐Ÿ“ฑ ADB can't see the device โ†’ Put the debugging on. USB in the developer settings and confirm the connection on the phone.
  • ๐ŸŒ Request to API returns the 403 error โ†’ Xiaomi has blocked your IP Wait 24 hours or use another method.
  • ๐Ÿ”‘ Token found, but it's not working โ†’ Make sure you copy it completely (32 characters) without spaces.New models may require an encryption key.

๐Ÿ’ก If you are not sure about your skills, start with the simplest method (Mi Home or Python script). MITM-proxy and cloud API Leave it for an emergency โ€“ they require experience and can lead to the blocking of the account.

๐Ÿ’ก

Save the token in a safe place (for example, in the password manager) - when you dump the vacuum cleaner or reconnect to the account, it will change, and the procedure will have to be repeated.

Can I get a token without a phone (only from a vacuum cleaner)?
No. The token is generated by Xiaomi servers when you link the device to an account. Without access to Mi Home or the cloud, you can't extract it. The exception is if the vacuum cleaner is already stitched with custom firmware (for example, Valetudo), where the token can be stored locally.
Why did the token change after the vacuum cleaner was dumped?
When you reset to factory or untie your account, Xiaomi generates a new token. The old one becomes invalid. To avoid losing access, save the token immediately after you first connect.
Does the token extraction for vacuum cleaners from the Mainland China (cn) server work?
Yes, but the process is different.=cn) the token is encrypted using a different algorithm. Use modified scripts, for example, mihome_extractor flag-headed --region cn.
Can I use one token for several vacuum cleaners?
No. Each device has a unique token tied to its DID, and trying to use a token from one vacuum cleaner to another will lead to an authentication error.
Is it legal to extract a token for personal use?
Legally, it is a grey area: Xiaomi does not prohibit the use of a token to connect to personal smart home systems (such as Home Assistant), but does not explicitly allow it, and violating the terms of use can lead to account blocking, although such cases are extremely rare.