Mit dieser Anleitung schaffst du es, einen Xiaomi Redmi AX6000 WLAN-Router mit OpenWrt auszustatten.
Alles was du wissen und beachten musst, gibt es im Video zu sehen.
Darunter findest du alle notwendigen Anforderungen, Links und Befehle.
Vorraussetzungen:
– Einen Xiaomi Redmi AX6000 Router
– Ein LAN-Kabel
– Ein Linux-PC oder eine virtuelle Maschine mit einem Linux-OS (Linux Mint Empfohlen)
– Die aktuelle OpenWrt-Firmware
– Eine verwundbare Xiaomi-Firmware
– Etwas Zeit
Downloads
– OpenWrt-Firmware
– Verwundbare Xiaomi-Firmware Link1 | Link2
Die Befehle
Die nachfolgenden Befehle sind zwar in korrekter Reihenfolge, sind aber nicht in Textform kommentiert und nur Bedingt mit Hinweisen versehen.
Entnehme die einzelnen Schritte aus dem Video.
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20echo%20pVoAAA%3D%3D%20%7C%20base64%20-d%20%7C%20mtd%20write%20-%20crash%20%3B%20
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20reboot%20%3b%20
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20bdata%20set%20telnet_en%3D1%20%3B%20bdata%20set%20ssh_en%3D1%20%3B%20bdata%20commit%20%3B%20
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20reboot%20%3b%20
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20mtd%20erase%20crash%20%3b%20
# telnet 192.168.31.1 # vi /etc/init.d/dropbear
if [ "$flg_ssh" != "1" -o "$channel" = "release" ]; then return 0 fi
# /etc/init.d/dropbear start # passwd
# nano ~/.ssh/config
Host 192.168.31.1 HostKeyAlgorithms=+ssh-rsa
# ssh [email protected] # cat /proc/cmdline
Ausgabebeispiel:
console=ttyS0,115200n1 loglevel=8 firmware=1 uart_en=1
Bei firmware=1 – ubi1
# nvram set boot_wait=on # nvram set uart_en=1 # nvram set flag_boot_rootfs=0 # nvram set flag_last_success=0 # nvram set flag_boot_success=1 # nvram set flag_try_sys1_failed=0 # nvram set flag_try_sys2_failed=0 # nvram commit
Bei firmware=0 – ubi0
# nvram set boot_wait=on # nvram set uart_en=1 # nvram set flag_boot_rootfs=1 # nvram set flag_last_success=1 # nvram set flag_boot_success=1 # nvram set flag_try_sys1_failed=0 # nvram set flag_try_sys2_failed=0 # nvram commit
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-factory.ubi [email protected]:/tmp
Bei firmware=1 – ubi1:
# ubiformat /dev/mtd8 -y -f /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-factory.ubi
Bei firmware=0 – ubi0:
# ubiformat /dev/mtd9 -y -f /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-factory.ubi
# reboot
# ssh [email protected] # fw_setenv boot_wait on # fw_setenv uart_en 1 # fw_setenv flag_boot_rootfs 0 # fw_setenv flag_last_success 1 # fw_setenv flag_boot_success 1 # fw_setenv flag_try_sys1_failed 8 # fw_setenv flag_try_sys2_failed 8 # fw_setenv mtdparts "nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),2048k(factory),2048k(fip),256k(crash),256k(crash_log),30720k(ubi),30720k(ubi1),51200k(overlay)"
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin [email protected]:/tmp
# sysupgrade -n /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin
# cat /dev/mtdblock0 > /tmp/BL2.bin # cat /dev/mtdblock1 > /tmp/Nvram.bin # cat /dev/mtdblock2 > /tmp/Bdata.bin # cat /dev/mtdblock3 > /tmp/Factory.bin # cat /dev/mtdblock4 > /tmp/FIP.bin
# scp [email protected]:/tmp/BL2.bin /home/NUTZERNAME-HIER-EINTRAGEN/Downloads # scp [email protected]:/tmp/Nvram.bin /home/NUTZERNAME-HIER-EINTRAGEN/Downloads # scp [email protected]:/tmp/Bdata.bin /home/NUTZERNAME-HIER-EINTRAGEN/Downloads # scp [email protected]:/tmp/Factory.bin /home/NUTZERNAME-HIER-EINTRAGEN/Downloads # scp [email protected]:/tmp/FIP.bin /home/NUTZERNAME-HIER-EINTRAGEN/Downloads
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-factory.ubi [email protected]:/tmp
# ubiformat /dev/mtd7 -y -f /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-factory.ubi
# cat /proc/mtd
Ausgabe sollte wie folgt aussehen:
dev: size erasesize name mtd0: 00100000 00020000 BL2 mtd1: 00040000 00020000 Nvram mtd2: 00040000 00020000 Bdata mtd3: 00200000 00020000 Factory mtd4: 00200000 00020000 FIP mtd5: 07a80000 00020000 ubi
# opkg update && opkg install kmod-mtd-rw # insmod /lib/modules/$(uname -r)/mtd-rw.ko i_want_a_brick=1 # rm -f /sys/fs/pstore/* # ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5 # ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB # ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-recovery.itb [email protected]:/tmp
# ubimkvol /dev/ubi0 -n 2 -N recovery -s 10MiB # ubiupdatevol /dev/ubi0_2 /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-recovery.itb
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-preloader.bin [email protected]:/tmp # scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-bl31-uboot.fip [email protected]:/tmp
# mtd write /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-preloader.bin BL2 # mtd write /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-bl31-uboot.fip FIP
# scp openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-squashfs-sysupgrade.itb [email protected]:/tmp
# sysupgrade -n /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-squashfs-sysupgrade.itb
Hi,
First of all thanks for the tutorial. I need your help. When i use # sysupgrade -n /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin failed.
root@OpenWrt:/tmp# sysupgrade -n /tmp/openwrt-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin
verifying sysupgrade tar file integrity
Sat May 11 06:38:18 UTC 2024 upgrade: Commencing upgrade. Closing all shell sessions.
Command failed: Connection failed
root@OpenWrt:/tmp# Connection to 192.168.1.1 closed by remote host.
Connection to 192.168.1.1 closed.
What can i do?
Hello!
Since you don’t seem to speak German, I suspect that you have not understood the instructions 100% correctly.
Translators are sometimes extremely off the mark 😉
I suspect that you have not installed a vulnerable firmware from Xiaomi, but a newer one.
OpenWrt can only be installed with the firmware versions specified at the beginning.