This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| 2021:xiaomi_flash [2021/07/31 17:12] – [Requirements] admin | 2021:xiaomi_flash [2021/11/03 15:43] (current) – [Flashing the new firmware] admin | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| ==== Overview ==== | ==== Overview ==== | ||
| * Its always good to understand actually what is happening when you do something so that when things do go wrong you will have a better ability to do troubleshooting. | * Its always good to understand actually what is happening when you do something so that when things do go wrong you will have a better ability to do troubleshooting. | ||
| - | * With the latest version of OpenWRTInvasion you need will need to | + | * With the latest version of OpenWRTInvasion you need to |
| * Connect the Xiaomi router to the Internet (Using the WAN port) | * Connect the Xiaomi router to the Internet (Using the WAN port) | ||
| * Connect your computer (ours is running Ubuntu 20.04) to the LAN. | * Connect your computer (ours is running Ubuntu 20.04) to the LAN. | ||
| Line 23: | Line 23: | ||
| * If things go wrong there is an easy way to install the original Xiaomi firmware again onto the device and start from scratch. | * If things go wrong there is an easy way to install the original Xiaomi firmware again onto the device and start from scratch. | ||
| * This makes the devices very robust. | * This makes the devices very robust. | ||
| + | |||
| + | ===== Finding the stok code on the router ===== | ||
| + | * This section will show a couple of screenshots from the Xiaomi 4C router to get to the **stok** code needed when using **OpenWRTInvasion**. | ||
| + | * These routers are easy to source in most countries. I got one from a local online store in South Africa for ~15USD delivered to my door. | ||
| + | * I connected the WAN port to my TLE router and connected my laptop to the LAN side of the 4C. | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * The very first screen you are met with can be a bit confusing, since your natural reaction is to hit the **Try it now** button. | ||
| + | * You however have to first select the country. So click the **Click to select** link to select the country first. | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * Not all countries are listed in the select, so I choose **United Kingdom** | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * Once it is selected you can hit the **Try it now** button again. | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * On the **Internet guide** screen you can leave the default and click it through | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * Provide a password for the router and Wireless and click next. | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * Setup is now complete and you can log in using the password you just provided. | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | * Here we are logged in. | ||
| + | * As you can see in the URL Address bar there is a query string with an item called **stok** which you will use with **OpenWRTInvasion** | ||
| + | * Note that this value changes with each session so if you rebooted the router or logged out and then log in again the value will be different. | ||
| + | * Only the most recent value will work with **OpenWRTInvasion** | ||
| + | |||
| ===== Invading the Router ===== | ===== Invading the Router ===== | ||
| - | * We assume you are on a working | + | * We assume you have an installation of Ubuntu 20.04. |
| * Make sure python3-pip and git is installed | * Make sure python3-pip and git is installed | ||
| <code bash> | <code bash> | ||
| Line 37: | Line 75: | ||
| git clone https:// | git clone https:// | ||
| </ | </ | ||
| - | * Install the requirements and run it. You will need Admin rights to run the program else if will not work. | + | * Install the requirements and run it. You will need Admin rights to run the program else it will not work. |
| <code bash> | <code bash> | ||
| cd OpenWRTInvasion/ | cd OpenWRTInvasion/ | ||
| Line 45: | Line 83: | ||
| </ | </ | ||
| * This will start the program and ask two questions for it to complete the invasion | * This will start the program and ask two questions for it to complete the invasion | ||
| - | * Router IP address. The default as stated and specified will be 192.168.31.1. | + | |
| - | * Stok value. This is the value shown after you went through the initial setup wizard of the router. | + | |
| * Mine was http:// | * Mine was http:// | ||
| * Note that this value is generated on the fly and changes next time the router boots again. | * Note that this value is generated on the fly and changes next time the router boots again. | ||
| - | |||
| <code bash> | <code bash> | ||
| Line 67: | Line 104: | ||
| * The invasion is now complete and you should be able to access the router. | * The invasion is now complete and you should be able to access the router. | ||
| * Note it takes ~2-3 minutes for the invasion to complete. | * Note it takes ~2-3 minutes for the invasion to complete. | ||
| + | |||
| + | ===== Flashing the new firmware ===== | ||
| + | |||
| + | * As you can see from the snippet above there are a couple ways of reaching the invaded router. | ||
| + | * Please note that the router is fairly robust making it almost impossible hard brick the router. | ||
| + | * // | ||
| + | * We will | ||
| + | * SCP the firmware image onto the router | ||
| + | * SSH into the router | ||
| + | * Write the firmware to the OS1 flash partition using the **mtd** program. | ||
| + | * Copy the firmware file to the router. | ||
| + | |||
| + | |||
| + | <wrap em>**!! Please change the name of the firmware file to match yours !!**</ | ||
| + | |||
| + | <code bash> | ||
| + | scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/ | ||
| + | </ | ||
| + | * SSH into the device | ||
| + | |||
| + | <wrap em>**!! Here also change the name of the firmware file to match yours !!**</ | ||
| + | |||
| + | <code bash> | ||
| + | ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/ | ||
| + | |||
| + | BusyBox v1.19.4 (2019-06-28 10:13:42 UTC) built-in shell (ash) | ||
| + | Enter ' | ||
| + | |||
| + | | ||
| + | | ||
| + | | ||
| + | $$$$$$\ | ||
| + | | ||
| + | $$ / $$ |$$ | $$ |$$ | $$ | $$ | $$ / $$ |$$ |$$ / | ||
| + | | ||
| + | | ||
| + | $$ | $$ |$$ | $$ |$$ | $$ | $$ | $$ | $$ |$$ |\$$\ | ||
| + | $$ | $$ |$$ | $$ |$$$$$$$$\ | ||
| + | | ||
| + | |||
| + | |||
| + | root@XiaoQiang: | ||
| + | root@XiaoQiang:/ | ||
| + | root@XiaoQiang:/ | ||
| + | Unlocking OS1 ... | ||
| + | Erasing OS1 ... | ||
| + | </ | ||
| + | * If all goes well the device will reboot. | ||
| + | * Keep an eye on the orange LED if it flashes you're in business since it is related to OpenWRT. | ||
| + | * While it flashes it means OpenWRT is busy creating its working filesystem on the flash chip. | ||
| + | * Remember that devices with 128M flash will take longer to settle down eventually. | ||
| + | * Once everything settles down you should have two blue LEDs. | ||
| + | * Now you can try out your new firmware. | ||
| + | * If things however did now work according to plan the next section is for you. | ||
| + | |||
| + | ===== De-Bricking The Xiaomi Router ===== | ||
| + | * There is an awesome write-up with some YouTube videos on how to de-brick and restore the router' | ||
| + | * https:// | ||
| + | * One point if interest is if you run a Linux environment you can simply install **Wine** and run the **pxesrv.exe** program as root. | ||
| + | <code bash> | ||
| + | sudo wine pxesrv.exe | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | |||