Reverse Engineering the Xiaomi Smart Band 10

Wearable devices present a paradox: the band measures your heart rate, sleep, and activity, but the manufacturer doesn't provide a ready-made open API to integrate this data into third-party systems (like a home monitoring setup or a local database). The official Xiaomi Mi Fitness app shows beautiful graphs, but the data remains 'locked' within the mobile ecosystem.
The initial task was purely practical: to set up automatic collection of health data into a local SQLite database and display reports in a family Telegram bot. Since the band syncs with the app, which in turn syncs with the Xiaomi cloud, the data is guaranteed to be transmitted over the network. I needed to understand the format in which it's transmitted and how to retrieve it.
This article is a technical breakdown of the journey from analyzing network traffic and setting up trust for a custom CA to reverse-engineering Xiaomi's RC4 protocol, decrypting AES/CBC objects from FDS storage, and parsing the proprietary binary sleep format.


















Google loves easter eggs. It loves them so much, in fact, that you could find them in virtually every product of theirs. The tradition of Android easter eggs began in the very earliest versions of the OS (I think everyone there knows what happens when you go into the general settings and tap the version number a few times).
