This three-part writeup details the journey of finding and exploiting a vulnerability in Xiaomi AI Speaker (MICO S12A) without a physical peripheral (UART).
Part I focuses on the approach of obtaining the firmware and introduces the firmware structure in detail.