Differences

This shows you the differences between two versions of the page.

--- 2021:xiaomi_flash [2021/10/20 09:25] – [Finding the stok code on the router] admin
+++ 2021:xiaomi_flash [2021/11/03 15:43] (current) – [Flashing the new firmware] admin
@@ Line 40: / Line 40: @@
 {{ :2021:xiaomi_w3.png?nolink |}}
-  * Once it is selected you can hit the **Try in now** button again.
+  * Once it is selected you can hit the **Try it now** button again.
 {{ :2021:xiaomi_w4.png?nolink |}}
@@ Line 56: / Line 56: @@
 {{ :2021:xiaomi_w7.png?nolink |}}
-  * Here we are logged in. As you can see in the URL Address bar the query string has an item called **stok** which you will use with **OpenWRTInvasion**
+  * Here we are logged in.
-  * Note that this value changes with each session so if you rebooted the router or logged out and then log in agin the value will be different.
+  * As you can see in the URL Address bar there is a query string with an item called **stok** which you will use with **OpenWRTInvasion**
+  * Note that this value changes with each session so if you rebooted the router or logged out and then log in again the value will be different.
   * Only the most recent value will work with **OpenWRTInvasion**
@@ Line 63: / Line 64: @@
 ===== Invading the Router =====
-  * We assume you are on a working installation of Ubuntu 20.04.
+  * We assume you have an installation of Ubuntu 20.04.
   * Make sure python3-pip and git is installed
 <code bash>
@@ Line 74: / Line 75: @@
 git clone https://github.com/acecilia/OpenWRTInvasion.git
 </code>
-  * Install the requirements and run it. You will need Admin rights to run the program else if will not work.
+  * Install the requirements and run it. You will need Admin rights to run the program else it will not work.
 <code bash>
 cd OpenWRTInvasion/
@@ Line 82: / Line 83: @@
 </code>
   * This will start the program and ask two questions for it to complete the invasion
-        * Router IP address. The default as stated and specified will be 192.168.31.1.
+        * **Router IP address**. The default as stated and specified will be 192.168.31.1.
-        * Stok value. This is the value shown after you went through the initial setup wizard of the router.
+        * **Stok value**. This is the value shown after you went through the initial setup wizard of the router.
         * Mine was http://192.168.31.1/cgi-bin/luci/;stok=c047480902024ca71370a39eace78b36/web/home#router.
         * Note that this value is generated on the fly and changes next time the router boots again.
 <code bash>
@@ Line 107: / Line 107: @@
 ===== Flashing the new firmware =====
-  * Please note that the router is fairly robust and things have to go South very badly for the router to be hard bricked.
+  * As you can see from the snippet above there are a couple ways of reaching the invaded router.
-  * So don't be to nervous when flashing the router as you always restore it again.
+  * Please note that the router is fairly robust making it almost impossible hard brick the router.
+  * //Don't be to nervous when flashing the router as you always restore it again.//
   * We will
-        * Telnet into the router
+        * SCP the firmware image onto the router
-        * Download the firmware image we want to install
+        * SSH into the router
-        * write it to the OS1 flash partition.
+        * Write the firmware to the OS1 flash partition using the **mtd** program.
-  * To download the firmware image we use **wget**.
+  * Copy the firmware file to the router.
-  * Unfortunately this version of wget can not download from HTTPS websites.
-  * For this reason we also installed **NGINX** on the Ubuntu machine where we installed OpenWRTInvasion. (Not in these instructions, but easy to get elsewhere)
-  * We will then copy the firmware files to the webroot directory where **NGINX** serves its content from to fetch it locally.
+<wrap em>**!! Please change the name of the firmware file to match yours !!**</wrap>
 <code bash>
-system@one:~/Documents/xiaomi_flash/OpenWRTInvasion$ telnet 192.168.31.1
+scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin  root@192.168.31.1:/tmp
-Trying 192.168.31.1...
+</code>
-Connected to 192.168.31.1.
+  * SSH into the device
-Escape character is '^]'.
-XiaoQiang login: root
+<wrap em>**!! Here also change the name of the firmware file to match yours !!**</wrap>
-Password:
+<code bash>
+ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@192.168.31.1
 BusyBox v1.19.4 (2019-06-28 10:13:42 UTC) built-in shell (ash)
@@ Line 144: / Line 146: @@
 root@XiaoQiang:~# cd /tmp
-root@XiaoQiang:/tmp# wget http://192.168.31.152/openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin
-Connecting to 192.168.31.152 (192.168.31.152:80)
-openwrt-ramips-mt762 100% |*********************************************************************************************************************************************************************************|  7425k  0:00:00 ETA
 root@XiaoQiang:/tmp# mv openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin openwrt.bin
 root@XiaoQiang:/tmp# mtd -e OS1 -r write openwrt.bin OS1
@@ Line 159: / Line 158: @@
   * Now you can try out your new firmware.
   * If things however did now work according to plan the next section is for you.
+===== De-Bricking The Xiaomi Router =====
+  * There is an awesome write-up with some YouTube videos on how to de-brick and restore the router's original firmware.
+  * https://hoddysguides.com/xiaomi-debrick-tools-all/
+  * One point if interest is if you run a Linux environment you can simply install **Wine** and run the **pxesrv.exe** program as root.
+<code bash>
+sudo wine pxesrv.exe
+</code>

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences