Minut: a IoT sensor and the unfair change in company policy that makes it useless unless you subscribe to a paid plan.

Hello guys.

I bought this device a couple of years ago, useful and perfectly fitting my use case: long lasting battery to monitor noise, temperature and other things in an apartment. It is indeed a good device, even if the free plan offered a limited history and came with other restrictions. Not a problem, nothing new, I believe it is a common business strategy.

On May 26th, I received an email from the company where they told all customers that the free plan is no longer available, and that everyone must subscribe to a paid plan. Claimed reasons to be (quoting)

"The costs of servers, security, services, software and most importantly people to keep everything running indefinitely made a free service unsustainable."

I am in no position to evaluate this statement, but, as customer, I find it extremely irritating to be forced, coerced into an unforeseen and undeclared fee.

I sent an email to their support center, asking for information about the protocol their device is using. I received the following answer:

"Hello there,

Thanks for reaching out.

We do have documentation on data protocol but they are proprietary to Minut and we're not open to connecting the device to anything besides the Minut servers."

Now.. You tell me if this is fair. Servers cost too much but you can't use anything but our servers. If you don't comply, the device is utterly useless.

I don't like it.

I'm no expert in reverse engineering, but I have my share of experience, I spent an afternoon setting up some tools and I managed to capture some traffic.

On events (timed, triggered) the device connects to the saved WiFi network (common thing among IoT), then performs a DNS query to point.minut.com Then the device opens a TCP connection to port 25500 Sending the following payload

```00000000 66 6f 72 6d c0 84 7d 08 4b 24 6d 60 23 cc d2 35 |form..}.K$m`#..5| 00000010 30 09 61 83 77 6e 1b 04 d0 e7 |0.a.wn....|

There could be another connection, an UDP one but i focused on this first. 
I did not capture the response as I believe it won't serve any purpose if this whole thing brings to a custom made server. 


It is a constant 26 bytes payload, where
- first 4 are fixed 
- following 6 are the mac address of the device itself (also printed on a label on it) 
- remaining 16 to be understood 

I could not find any pattern in the ones I grabbed, and I'm asking if there's anyone who could help me with this small ethical battle. 

Thanks for your attention. 


Other payloads i captured

00000000 66 6f 72 6d c0 84 7d 08 4b 24 71 2c 4b 1f 0e 41 |form..}.K$q,K..A| 00000010 79 f2 b3 28 9d ab ad a8 7b 0a |y..(....{.|

00000000 66 6f 72 6d c0 84 7d 08 4b 24 d8 16 e8 a9 6a 89 |form..}.K$....j.| 00000010 70 55 9c 6d b2 df 77 24 59 41 |pU.m..w$YA|

00000000 66 6f 72 6d c0 84 7d 08 4b 24 85 0b 32 b2 cf a9 |form..}.K$..2...| 00000010 69 5a 99 e9 b0 e0 66 7e 5d d3 |iZ....f~].|