Hi! I'm a noob and had similar issue with missing channel 149 after setting up mesh with AX1800 Chinese firmware. Would you mind sharing your method to edit the channel with browser inspector? what browser did you use? Thanks in advance
Hi! Has anyone decoded what is being sent to the broker (http://eu.broker.miwifi.com/miwifi-broker/list) on MQTT protocol (port 1883) on "xqac" topic? A lot of bytes is sent from the router to the xiaomi cloud :(. Program responsible for research: /usr/bin/messagingagent.
Hi! Thanks for the reply!
I analysed binaries left on the device and I am worried too that there is a persistent connection to the Xiaomi network. I think this is how the mobile application for the router works - it sends commands to the Xiaomi network and the router receives them back via MQTT protocol. I think it is worth knowing for other users that this firmware is persistent-connected to receive many/different commands (RCE).
I've installed "Mosquito MQTT server" on my linux box and redirected the connection from the router to my server (option BROKER_HOST in /etc/config/messaging on the router).
Does it uses any authentication? Yes it does but I skipped it using 'allow_anonymous true' in mosquitto config.
Does it uses any encryption? Yes it does - messages from the router are encrypted. I think that messages from the xiaomi network may be encrypted too but I haven't seen any.
I haven't made a connection to xiaomi mqtt server (yet, no time).
Can it be used to root the router (...)?- I think this may be possible if we upload our own (PEM) certificates. This path should be definitely explored.
I'm using 3.0.34 global (AX1800 white), but there's some error that reset router can't fix. Could you send me global firmware (any version) for this router?