Valetudo

Valetudo aims to be a vendor-agnostic abstraction and cloud replacement for vacuum robots which started as a standalone binary on rooted roborock vacuums.

View the Project on GitHub Hypfer/Valetudo

General

Newcomer Guide Late 2021 Why Valetudo? Getting Started Supported Robots Capabilities Overview Rooting instructions Upgrading Buying supported robots

Installation

Roborock OTA Viomi

Companion Apps

Valetudo Companion (Android) Valeronoi Lovelace Valetudo Map Card I can't believe it's not Valetudo node-red-contrib-valetudo Fun & Games Other Noteworthy Projects

Integrations

MQTT Home Assistant Node-RED openHAB

Misc

FAQ Frequently requested features Roborock, Files to backup Troubleshooting

Development

Building and Modifying Valetudo Valetudo core concepts MQTT

Archive

Supported Dreame Devices Supported Roborock Devices Supported Viomi Devices Newcomer Guide Early 2021

Rooting instructions

This page contains an incomplete overview of installation instructions for various robots

Dreame

Dreame rooting is currently possible for

It has been released with Dennis Giese’s DEF CON 29 Talk Robots with lasers and cameras but no security Liberating your vacuum. For more information, head over to the Dustbuilder.

It is also recommended to join the Dreame Robot Vacuum Telegram Usergroup for rooting support etc.

Reset-Button UART

This was patched in many new firmwares. Do NOT update your robot via the Mi Home app if you want to root.

There are other ways to root as well, however this one is very easy and very reliable so use that if you can. What we’re doing is basically just injecting a custom OTA update including hooks for valetudo, and sshd etc.

To do this, you’ll only need a 3.3V USB to TTL Serial UART Adapter (like CP2102 or Pl2303) and dupont cables. Basic linux knowledge and a pry tool will help as well.

Note: If this doesn’t work on your robot, and it is an 1C, D9, F9 or Z500, your firmware might be too old. In that case, try this guide.

How to open a Dreame

To open the robot, gently pry up with a pry tool or your fingers on the smaller half with the buttons. Taking this plastic off is probably the hardest step.

Once you have the cover off, you need to connect your USB to Serial UART adapter to the robot. Make sure your adapter is set to 3.3V if has the option to change to something else. You only need 3 wires for this connection (GND, RX, and TX). Connect GND on the adapter to any of ground ports on the robot first and then connect RX on the adapter to TX on the robot and TX on the adapter to RX on the robot. Lastly, plug the adapter into your laptop.

Dreame Debug Connector

Now you have to open a serial connection from your laptop to the device, this can be done with putty, miniterm, minicom or through a tool like screen with the following command: screen /dev/ttyUSB0 115200,ixoff. The baud rate is 115200 and flow control (XIN, XOUT) needs to be off. Your user also needs to have permission to access /dev/ttyUSB0 which usually either means being root or part of the dialout group. If your tool supports it, activate logging of the session to a file, for screen use screen -L /dev/ttyUSB0 115200,ixoff, for putty go to Session -> Logging and activate “All session output”. When you execute the commands to backup the calibration and identity data (see below) the output will be saved to the log file. Make sure to check the log file and store it in a secure place.

Once your connection is ready, turn on the vacuum by pressing and holding the middle button (POWER) for at least 3 seconds.

You should see some logs and one of the last ones will say root password changed. If you instead see some random characters, check your cabling.

To use the Wifi Reset method, open up the other side of the robot and press the reset button shortly (<1 second) with a pen or paperclip. Your UART connection should pop up with the login prompt like "p2029_release login”

When connected, you can log in as root and then it will ask for a password. To calculate the password use the full serial number of your robot, which can be found on the sticker below the dustbin. Not the one on the bottom of the robot nor the one on the packaging. You’ll have to take out the dustbin and look below it into the now empty space.

Dreame Dustbin Sticker

To get the password, use the following Calculator or enter the full SN (all uppercase) into this command on Linux echo -n "P20290000US00000ZM" | md5sum | base64 or the following commands on Mac

echo -n "P20290000US00000ZM" | md5
echo -n -e "MD5HASHONLY"  -\n" | base64

Once logged in, build a patched firmware image for manual installation via the Dustbuilder. You’ll need to put in your email, serial number and SSH key if you have one. Make sure you settings match these

✅Patch DNS (requirement for valetudo deployment, disables real cloud!!)

✅Prepackage valetudo (only valid for manual install fw)

✅Preinstall Nano texteditor, curl, wget, htop, hexdump

✅Build for manual installation (requires SSH to install)

Then accept at the bottom and Create Job. This will send your build to your email once it’s built. Download the tar.gz file to your laptop.

While you are waiting for that email, now is a good time to backup you calibration and identity data before rooting (as you promised to do in Dustbuilder ). Copy and paste the output of the following commands in CLI into a text file somewhere besides your robot:

grep "" /mnt/private/ULI/factory/* 
grep "" /mnt/misc/*.json 
grep "" /mnt/misc/*.yaml 
cat /mnt/misc/*.txt 
hexdump /mnt/misc/*.bin

To get the new build file over to the robot, you’ll need to spin up a temporary webserver (e.g. by using python3 -m http.server) in the directory where you downloaded your firmware image to, connect the laptop to the robots WiFi access point and download the firmware image to the robot via e.g. wget http://<your-laptop-ip>/dreame.vacuum.pxxxx_fw.tar.gz.

Note: If you can’t see the robots Wi-Fi AP to connect to, it might have disabled itself because 30 minutes passed since the last boot. In that case, press and hold the two outer buttons until it starts talking to you.

After the successful download, make sure that the robot is docked, untar (tar -xvzf dreame.vacuum.pxxxx_fw.tar.gz) it and execute the ./install.sh script. The robot will then reboot on its own and greet you with a shell mentioning the Dustbuilder in the MOTD on successful root.

Switch to the tmp folder cd /tmp and repeat the previous steps (from wget to install.sh) to also install the firmware on the second partition which you are now booted to.

cd /tmp 
wget http://<your-laptop-ip>/dreame.vacuum.pxxxx_fw.tar.gz
tar -xzvf dreame.vacuum.pxxxx_fw.tar.gz
./install.sh

The robot will reboot automatically after it has installed the update. Make sure that it is docked during this procedure as otherwise the update might fail.

You now have a rooted Dreame vacuum robot running Valetudo.

Now, continue with the getting started guide.

Important note:

Another way of backing up the calibration and identity data is by creating a tar like so: cd / ; tar cvf /tmp/backup.tar /mnt/private/ /mnt/misc/. Since you need a temporary webserver to download the new firmware anyway, you can use the python module uploadserver and upload the file backup.tar with curl.

On your laptop run

python3 -m pip install --user uploadserver

to install the module and start the server with

python3 -m uploadserver

in the directory where you have downloaded your new firmware. On the robot use curl to upload the backup.tar:

curl -X POST http://<your-laptop-ip>>:8000/upload -F 'files=@/tmp/backup.tar'

If successful you will find the backup.tar on your laptop in the directory where you started the webserver.

You can also create the tar after rooting and use scp root@<robot-ip>:/tmp/backup.tar . to copy it to a safe location that isn’t the robot.

Roborock

For more information, simply click on the link if there is one. Overall, things got harder as time went by.

OTA

The Over-the-Air[-Update] rooting method is the easiest one requiring no disassembly nor attaching any cables. However, since Xiaomi disabled local OTA in newer versions of the miio_client (> 3.3.9), you might need to downgrade your firmware by factory resetting your robot.

Unfortunately, robots made after 2020-03 come with a non-local-OTA capable recovery firmware version so for those robots you will need to follow the instructions below.

This works by using the official OTA update mechanism to push a customized (rooted + valetudo) firmware image to the robot. It will happily accept that, because they aren’t signed. For more information, check out the talk Unleash your smart-home devices: Vacuum Cleaning Robot Hacking.

The procedure is documented here: https://valetudo.cloud/pages/installation/roborock-ota.html

This method applies to the following robots:

Vinda

The vinda file method unfortunately requires full disassembly of the robot as well as soldering some wires which will void your warranty.

In short, there’s a file called vinda which contains the root password XOR’d with 0x37. By dropping into the u-boot shell, you can use the ext4load u-boot command usually used for loading a kernel to load that file into memory and therefore read out the root password.

Then, you simply use an interactive shell via UART to achieve persistence.

Dennis made two videos explaining both disassembly as well as the actual root procedure. They can be found here: https://www.youtube.com/playlist?list=PL9PoaNtZCJRZc61c792VCr_I6jQK_IdSb

This method applies to the following robots:

Don’t be confused by the Video not mentioning your particular robot model. It’s the same procedure for all robots listed here.

Also, your robot might come with a newer firmware which doesn’t feature a vinda file. In that case, you’ll need to follow the instructions below.

Init override

Since there’s no vinda file on these robots/firmwares, the approach here is to drop into the u-boot shell and edit the kernel commandline so that init becomes /bin/sh which also gives you a rootshell, but requires you to quickly do some initializing, because otherwise the hardware watchdog will reboot the robot.

Furthermore, due to limited storage, the new firmware is actually streamed onto the device.

The disassembly process plus the testpoints used are the same as the vinda method above so make sure to watch those videos before attempting this.

The procedure is documented here: https://builder.dontvacuum.me/s5e-cheatsheet.txt

This method applies to the following robots:

Viomi

3irobotix is the manufacturer of vacuum robots sold under various brand names including

For now, only one vacuum robot is supported (WIP):

To install Valetudo on your Viomi V7, follow the instructions found here.

We’re currently looking into the possibility of reflashing other brands to Viomi so that they work with Valetudo without any additional code.