On what type of devices do you encounter this issue ? Android devices ?
i encounter this issue on windows,android,and linux machines too, i have to restart the router, and works for some time and bam, not able to provide internet again. this router is connected to other router for getting internet relayed.internet comes to my huawei router via rj45,my mi router is connected to the huawei router for internet, wifi works fine on my huawei router, and most of the times mi router goes to this mode, any logs which can help why this is happening?
Has anyone attempted this exploit on their device?
This exploit will not work on RB03, because there is an additional check for the region:
function setSysTime(time, tzone, index)
local ccode = XQCountryCode.getCurrentCountryCode()
local tz = nil
if TIME_ZONE[tzone] then
tz = TIME_ZONE[tzone][index + 1]
end
if "CN" ~= ccode then
tz = tzone
end
if tz and not XQFunction.isStrNil(tzone) then
....
local isMeshCap = XQFunction.isMeshCap()
if isMeshCap then
...
XQFunction.forkExec("/sbin/whc_to_re_common_api.sh action \'" .. j_msg .. "\'")
end
end
end
But on router RB01, this exploit can work, but you must set whc_cap mode.
I do not know how to achieve this, since I do not have a second device that supports the Xiaomi-Mesh.
P.S.: Device RB06 is in whc_cap mode by default. I even found a place in the code where this is set.
2 Likes
Can someone help me figure out how I can give my router internet access so that I can download packages etc?
Currently I have setup with 2 vlan on the AX6S and Wifi for different vlan. No WAN port. All ports have been group into brlan. The vlan and internet is managed on firewalla. There is another management vlan, vlan 1 on firewalla. Any help would be appreciated. Thanks.
root@AX6S-2:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf9:4f9e:92fc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'wan'
config interface 'lan'
option device 'br-lan'
option proto 'none'
config bridge-vlan
option device 'br-lan'
option vlan '8'
list ports 'lan2:t'
list ports 'wan:t'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'lan1'
list ports 'lan2:t'
list ports 'lan3'
list ports 'wan:t'
config interface 'securelan'
option device 'br-lan.8'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.8.2'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
config interface 'iot'
option proto 'static'
option device 'br-lan.99'
option ipaddr '192.168.99.2'
option netmask '255.255.255.0'
option gateway '192.168.99.1'
config interface 'wan'
option proto 'dhcp'
option auto '0'
config interface 'wan6'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
root@AX6S-2:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'AU'
option channel '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi2'
option key 'xxx'
option network 'iot'
option max_inactivity '3600'
option disassoc_low_ack '0'
option ieee80211w '0'
option encryption 'psk2'
option wmm '0'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option cell_density '0'
option channel '36'
option txpower '23'
option htmode 'HE80'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option key 'xxx'
option network 'securelan'
option ssid 'Wifi1'
option encryption 'psk2+ccmp'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi2'
option key 'xxx'
option network 'iot'
option hidden '1'
option encryption 'psk2+ccmp'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'Wifi3'
option key 'xxx'
option network 'securelan'
option encryption 'psk2+ccmp'
I advise you to create a new topic in "Installing and Using OpenWrt" category because you need help on configuration that is not specific to AX6S router.
More users from this forum will see it and may be able to help you.
Have a look on this topic, it looks similar to your issue :22.03.0 no Network > Switch menu
1 Like
When the issue comes back :
- You should look on the primary router if the Xiaomi router still have an assigned IP address
- You should also if possible try to ping Internet(ssh, Luci...) from the Xiaomi router
The WAN IP is DHCP generated or Static ?
Do you use IPv6 on the primary router ?
I don't use this router as a daily basis so I'm not sure if its a bug on this router model or might be your configurations.
Anybody else have this issue ?
Thanks, will do.
I have two RB01's (11/2021).
By default the device comes in netmode:0, so the method failed.
Master device became netmode:4 when other device was in mesh mode. The other device, meanwhile, became netmode:3.
Also in netmode:3 the method failed.
Telnet was activated without any problems. (netmode:4)
So, method succeeded only when netmode is 4.
1 Like
And write in more detail how you switched the device to whc_cap mode (4).
I will add this to the instructions.
1 Like
With the method I applied, two devices are required.
If an ethernet cable is connected from the lan port of the device to which the method will be applied to the wan port of the second RB01, and the second device is returned to its factory settings from the button, it is added to the first device in mesh mode (mode 3). So the main device will be in mode 4.
First we will confirm that the device is in netmode 4 from this link.
Login to the router, in another tab use your token with link
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/xqnetwork/get_netmode
If result is {"netmode":4,"code":0} proceed;
Note: Only use this method when the router is connected to the computer via ethernet connection. Because wifi connection will not be available from the first command, when you restart after the 3rd command, wifi connection will be fixed. After the procedure is complete, I recommend that you reset the device back to factory settings.
1- Login to the router, in another browser tab use your token with link;
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20zz%3D%24%28dd%20if%3D%2Fdev%2Fzero%20bs%3D1%20count%3D2%202%3E%2Fdev%2Fnull%29%20%3B%20printf%20%27%A5%5A%25c%25c%27%20%24zz%20%24zz%20%7C%20mtd%20write%20-%20crash%20%3B%20
Link returns with result {"code":0}
Restart the router from the interface
2- When the device is turned on login to the router, in another browser tab use your new token with link;
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20bdata%20set%20telnet_en%3D1%20%3B%20bdata%20set%20ssh_en%3D1%20%3B%20bdata%20set%20uart_en%3D1%20%3B%20bdata%20commit%20%3B%20
Link returns with result {"code":0}
3- After this, open another browser tab use same token (used in the second step) with link;
http://192.168.31.1/cgi-bin/luci/;stok={token}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20mtd%20erase%20crash%20%3b%20
Link returns with result {"code":0}
Restart the router from the interface.
After reboot check the result with the link;
http://192.168.31.1/cgi-bin/luci/api/xqsystem/bdata
{"ssh_en":"1"..."telnet_en":"1"..."uart_en":"1"...}
Enabling telnet on second device;
First you need to factory reset both devices. You need to start the process again by assuming the device to which the procedure will be applied as the first device, telnet enabled device as the second device.
After resetting the device to factory settings, power on both devices. Skip the initial setup screen only in first device, after connecting the first device's lan port to the other device's wan port with ethernet cable it will become netmode 4 in five seconds.
After the all process is complete, factory reset both devices.
7 Likes
Hi @hck - https://github.com/MeIsReallyBa/immortalwrt.git doesnt seem to exist? Did you mean https://github.com/MeIsReallyBa/immortalwrtmt7622 ?
If using immortalwrtmt7622 build seems to fail with:
openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/mt_wifi/mt_wifi_ap/../mt_wifi/os/linux/rt_profile.c:43:10: fatal error: net/ra_nat.h: No such file or directory
43 | #include <net/ra_nat.h>
| ^~~~~~~~~~~~~~
compilation terminated.
XMiR-Patcher: https://github.com/openwrt-xiaomi/xmir-patcher
Download: https://github.com/openwrt-xiaomi/xmir-patcher/archive/refs/heads/main.zip
Unzip xmir-patcher-main.zip into any directory.
Reboot your router before using these scripts.
-
SSH activation via 2 clicks:
Run file!START.bat(on *nix runpython menu.py).
Follow the menu items: 1, 2
Result: SSH is active (login:rootand password:root) -
Flash OpenWrt factory image:
Download OpenWrt factory image (AX6S) and copy into directory...\<XMiR_DIR>\firmware
Run file!START.bat(on *nix runpython menu.py).
Follow the menu items: 1, 2, 7
Result: flashed OpenWrt factory image.
10 Likes
Yet another success story for AX3200/RB01.
BusyBox v1.25.1 (2021-08-07 08:04:56 UTC), and 1.0.35 FW version. Meaning I received the ultimate medium for openwrt.
Thank you for the detailed instructions, mikeeq!
Does this mean that I will be able to install OpenWRT without the UART method on RB01 routers?
Of course, I activated telnet to 4 devices (RB01) in this way without any problems. After this method, you can install the Openwrt firmware on the device with the telnet method. It is installed without any problems with the factory file of the v22.03.0 version. Do not install RC versions as in the manual. Just don't start the Openwrt installation without activating the telnet connection of the two devices.
Thank you for the reply! I will check it out and report back when I have it enabled on my RB01 devices. Can't wait! 
Update: Using your method, I have both of my routers RB01 running on OpenWRT 22.0.3 stable. Thank you so much for the detailed instructions!
Also, is there a way to set up a wired mesh like in the stock Xiaomi firmware or guides to run two routers connected via LAN for a wired backhaul setup? I’ve seen tutorials for dumb APs but I can’t seem to get the 5Ghz network to work correctly.
You're welcome. I think minor issues will be fixed over time. You can also try MTK wifi drivers. There is a comparison of both in this post, I think it will be useful for evaluating the differences between them.
Thank you, it’s a helpful post. I’ve got it to work now, so far it’s been running great, appreciate the reply!