How to find out Xiaomi Mi Robot Vacuum token through PC

Integrating Xiaomi robotic vacuum cleaners into alternative smart home systems such as Home Assistant, OpenHAB or Domoticz often requires obtaining a unique device ID.This digital key, known as a token, is necessary to authorize third-party software in the Mi Cloud.Without this 32-character code, direct local device management or advanced customization via PC is impossible.

There are several ways to extract this information, and using a personal computer is the most reliable option here. Mobile methods using root rights or emulators can be unstable, whereas a PC allows you to use full-fledged debugging tools and traffic sniffers. In this article, we will discuss the technical methods for obtaining a token that work with most models of Xiaomi Vacuum, Roborock and Viomi.

The process of obtaining a token through a computer requires care and a basic understanding of how network protocols work. You do not need to be a programmer, but you need to follow the instructions for installing libraries and running scripts. Errors in the setting stage can lead to the utility not being able to intercept the desired data packet.

Why do we need a token and where is it used?

The token is a string of 32 hexadecimal characters that is generated when the device first connects to a Wi-Fi router. This key encrypts all traffic between your smartphone or computer and the vacuum cleaner itself. The MiIO protocol used by the Xiaomi ecosystem relies on this pair Β«IP-address + Token" for performing any commands, from starting cleaning to receiving a room map.

The main application of the token is local management without delay. Cloud management has lags and depends on the manufacturer's servers, which may not be available. Using the token in conjunction with software on a PC or a home server, you get an instant response. This is critical for creating complex automation scenarios where the vacuum cleaner must respond to the events of other sensors in real time.

⚠️ Attention: The token is a secret access key. Anyone who has this code and has access to your local network can have full control of the device. Never give the token to third parties or publish it publicly.

In addition, the knowledge of the token allows you to use advanced features hidden in the official application. Third-party integrations often provide access to the management of the cleaning zone by coordinates, adjusting the suction power in 1% increments, as well as data on the flow of filters and brushes in real time. For models Xiaomi Mi Robot Vacuum Mop P or Roborock S5 Max is the only possibility of full operation outside the Mi Home ecosystem.

πŸ’‘

Save the token in a safe place, such as a password manager. If you dump the vacuum cleaner before the factory settings, the token will change, and the procedure will have to be repeated.

Preparation of the software environment on the computer

To extract the token, we need Python runtime, a cross-platform programming language that allows you to run specialized scripts to interact with IoT devices. Installing Python on a computer is the first and mandatory step, without which further action is impossible. It is recommended to use version 3.7 or higher, since older versions may not support the necessary encryption libraries.

Once the interpreter is installed, you need to prepare a pip package manager that comes with modern versions of Python. Through it, we will install the python-miio (or miio) library developed by the community to work with Xiaomi devices. This library contains all the necessary functions for generating queries and decrypting answers from the vacuum cleaner.

It's important to make sure your computer and vacuum cleaner are on the same local network. If you're using a laptop, connect it to the same Wi-Fi network that the robot is attached to. Using a guest network or AP Isolation on the router will block the data exchange, and the script will not be able to find the device.

β˜‘οΈ Checking readiness for work

Done: 0 / 5

To install the required library, open the command line (Terminal in macOS/Linux or CMD/PowerShell in Windows) and type the command:

pip install python-miio

If the system gives you an access error, try adding a --user flag or running a terminal on behalf of the administrator, and if you have a successful installation, you will be confirmed by a message that you have completed the process, and your computer is now technically ready to interact with the smart home ecosystem.

Method of obtaining a token through a traffic sniffer (mitmproxy)

One of the most versatile ways that doesn't require root rights on your phone or complex database manipulation is to intercept traffic, and the idea is to get the official Mi Home or Roborock app to send a token to the server while it's on your computer, and we use a mitmproxy proxy server to do that.

First, install mitmproxy on your PC. It's an open source tool that lets you analyze. HTTPS-After installation, start the server. You will need to configure a proxy connection on your computer or Android emulator, specifying IP-The computer address and port that uses mitmproxy (usually 8080).

The key is to install the mitmproxy root certificate on the device from which you are logging in. Without it, the application will see a connection error and will not be able to transfer data. Once you install the certificate and configure the proxy, run the Mi Home app on the emulator or phone (if you set up a proxy at the Wi-Fi level of the router, which is more difficult) and perform an action that requires communication with the server, such as updating the status of the device.

Why is the emulator method more reliable?
Using an Android emulator (such as BlueStacks or Nox) on a PC makes it easy to install the root certificate mitmproxy in the system storage. On a real smartphone, this is more difficult to do without root rights, since Android blocks the installation of untrusted certificates for system applications.

You'll see a lot of queries in mitmproxy logs. POST-request to a domain containing api.io.mi.com or api.mi.com. The body of this request or the titles will contain JSON-The answer is where, among other things, the result.token field or just token will be the answer.

The good thing about this method is that it works even if you have two-factor authorization, because you log in through an official app, but it does require careful attention when filtering traffic, because the amount of data can be large.

Using Python script for tokenization

There is a more direct way to use the application logic: the miio script has a built-in token-receiving feature if you have access to certain session data, but most often, a script that emulates a Xiaomi account login is used.

For this method, you will need your username (phone number or email) and password from your Mi Cloud account. Create a file with the.py extension on your computer and paste the authorization code into it. The miio library allows you to log in and get a list of devices along with their tokens.

An example of a command to obtain device information, if the token is already known (for verification), looks like this:

miio device --ip 192.168.1.50 --token 1234567890abcdef info

But to get a token through an entry script, the process looks different: You need to use a utility that often comes separately or is part of a python-miio repository called miio-extract-tokens (if available), or write a simple script that uses the Xiaomi API.

Algorithm of action:

  • πŸ”‘ Enter the username and password from the Xiaomi account in the script.
  • 🌐 The script sends a request to the authorization server Xiaomi.
  • πŸ“± If two-factor protection is enabled, enter the code from the SMS into the console.
  • πŸ’Ύ The script receives a list of all devices and displays their tokens in text form.

⚠️ Note: Transferring your login and password to third-party scripts carries potential risks. Use this method only if you trust the source code of the python-miio library and run it in an isolated environment. For maximum security, it is recommended to temporarily change your password after receiving the token.

The result of the script will be a list where each device corresponds to it. DID (Device ID) And a token. Find your vacuum cleaner by name or MAC-address and copy the corresponding string of the token.

Alternative methods: emulators and databases

If Python methods seem too complicated, you can use Android emulators on a PC, such as BlueStacks, NoxPlayer or LDPlayer.The essence of the method is to install the Mi Home application inside the emulator, authorize and then extract the database, where the tokens are stored in an open (or easily decoded) form.

Procedure:

  1. Install the Android emulator and the Mi Home app.
  2. Log in and wait for the vacuum cleaner to appear on the list.
  3. Get root access inside the emulator (usually an embedded feature).
  4. Find the database file miio.db or smart_home.db appendix.
  5. Copy the file on your PC and open it through SQLite Browser.

Inside the database, you need to find a Device or similar table. The token can be stored in the token field. In some versions of the application, tokens are encrypted, but the decryption key is often stored there or is static for the application version.

This method is good because it does not require writing code, but requires the ability to work with the Android file system and the system. SQL-For the Xiaomi Vacuum models E10 or new firmware versions, the structure of the base may differ.

πŸ“Š Choose an option
Python script (quick and reliable)
Mitmproxy (universally)
Android Emulator (visually)
I'm afraid I'd rather buy a ready-made solution.

Comparison of methods and troubleshooting

Each of these methods has its advantages and disadvantages, depending on your technical background and the specific model of the vacuum cleaner, and below is a comparative table that will help determine the way to proceed.

MethodDifficultyI need a Root.The risk of blockingUniversality
Python (account login)MediumNo.Low.Tall.
Mitmproxy (sniffing)Tall.No (on PC)Low.Maximum
Emulator + DBMediumYeah (in emulator)Medium.Depends on the APK version
Home Assistant PluginLow.No.Low.Only for HA

Often users encounter an error called β€œInvalid token” or β€œUnable to discover device.” This may mean that the vacuum cleaner is on another subnet, or the router has access point isolation enabled. Make sure that the Windows firewall or antivirus does not block incoming connections for Python or mitmproxy.

It is also possible that Xiaomi changes its encryption algorithms or API. In this case, older versions of the python-miio library may not work. Always update the library to the latest version with the pip install command. --upgrade python-miio.

πŸ’‘

The fastest way for a beginner is to use a ready-made integration plugin in Home Assistant, which has a built-in interface for entering a login and password, automating the process of obtaining a token.

Frequently Asked Questions (FAQ)

Can I get a token if the vacuum cleaner is already set up and running?
Yes, all of the methods that I've described work for devices that are already configured. You don't have to dump the vacuum cleaner or re-tether it. The token is stored on the server and in the application until you complete the device reset before the factory settings.
What if the script says β€œLogin failed”?
Check the correct login and password. Make sure you select the correct server region (China, Europe, Russia, etc.) in the script settings, if you have one, and check if you need to confirm your login via SMS on your phone.
Will the token change after the vacuum cleaner firmware update?
In most cases, the token remains unchanged after a firmware update. OTA (However, if you reset the Wi-Fi settings on the vacuum cleaner itself (clutching the reset buttons), the token will change and the procedure will have to be repeated.
Is it safe to use the Chinese version of the app to get a token?
You can use any version of the application that your device is attached to, and if your vacuum cleaner is tied to China, you need to log in to a Chinese server. The token is the same for all regions, but the authorization servers are different.
Where exactly do you store the received token for Home Assistant?
In the configuration file configuration.yaml (or via the graphical integration interface) in the token field. For Xiaomi Mi Robot Vacuum, this field is often referred to simply as token and takes a string of 32 characters.