Oh right, they swapped stuff around in DumpFunction as well, so it's something like this now. Forgot to mention it the first time around.
DumpChar(f->numparams,D);
DumpString((f->source==p || D->strip) ? NULL : f->source,D);
DumpChar(f->nups,D);
DumpInt(f->linedefined,D);
DumpChar(f->is_vararg,D);
DumpInt(f->lastlinedefined,D);
DumpChar(f->maxstacksize,D);
DumpCode(f,D);
DumpConstants(f,D);
DumpDebug(f,D);
Hi everyone, I have a Redmi AC2100 wich is absolutely the same router, I after buying it I discovered that I can't create any VLAN with the xioami´s original firmware. I really hope that we can find a way to update the firmware. I can follow all the instructions you need to help, now the router is in its box, waiting a new firmware.
ty all.
Do you familiar with MIPS instructions?
I can confirm that Xiaomi's Lua VM has defined 42 opcodes, there's 3 duplicated form the official Lua VM and 1 looks like self-defined. In order to decompile, we should recover the definition of opcodes from MIPS instructions.
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
I have recovered the definition of opcodes, some may be incorrect 
:
map[0] = Op.LEN;
map[1] = Op.CLOSURE;
map[2] = Op.LEN; // ?
map[3] = Op.LT;
map[4] = Op.NOT;
map[5] = Op.LT;
map[6] = Op.LOADK; // ?
map[7] = Op.SETLIST;
map[8] = Op.RETURN;
map[9] = Op.TEST;
map[10] = Op.TFORLOOP;
map[11] = Op.FORPREP;
map[12] = Op.SUB;
map[13] = Op.TAILCALL;
map[14] = Op.DIV;
map[15] = Op.SELF;
map[16] = Op.CALL;
map[17] = Op.SETTABLE;
map[18] = Op.GETUPVAL;
map[19] = Op.EQ;
map[20] = Op.EQ;
map[21] = Op.CONCAT;
map[22] = Op.LE;
map[23] = Op.LE;
map[24] = Op.LOADBOOL;
map[25] = Op.MOD;
map[26] = Op.FORLOOP;
map[27] = Op.GETTABLE;
map[28] = Op.NEWTABLE;
map[29] = Op.CLOSE;
map[30] = Op.VARARG;
map[31] = Op.JMP;
map[32] = Op.UNM;
map[33] = Op.POW;
map[34] = Op.MUL;
map[35] = Op.TESTSET;
map[36] = Op.MOVE;
map[37] = Op.ADD;
map[38] = Op.GETGLOBAL;
map[39] = Op.SETUPVAL;
map[40] = Op.SETGLOBAL;
map[41] = Op.LOADNIL;
I am trying to decompile now.
How long have you been focusing on the firmware development of this router? I am a user from mainland China, and I have been using it for more than a month now. I really hope you can make a breakthrough as soon as possible! Then we can all enjoy the convenience it brings. I hope very much, even though I am a senior high school student. I'll be here for you all the time.
anyone willing to try this exploit?!:
Could try, however my version seems to be 2.0.340 already (didn't update in hope for an exploit). Also what is the "stok" parameter which is being used in the exploit?
It seems to be the session when you connect to luci (or MiWifi as they calls it) : http://192.168.31.1/cgi-bin/luci/;stok=7fced2cfbded35e4db05e581aed35ef1/web/home
Be aware that mobile browser shows a different UI by default
Just gave it a try and running the telnet command will just return connection refused. Expected it though since the firmware is higher.
https://www.adslzone.net/noticias/productos/novedades-xiaomi-marzo-2020/ This router along with Xiami new Wifi ax router will be on sale in spain according with this reputable website. Does than mean that if xiaomi decides to sell in Europe (Spain) a router which makes use of Openwrt (GNU) they will have to give free access to the router?
Just wait and see, I wouldn't place any bets on that. Legally (IANAL) it shouldn't make any difference where they sell it, if they're using GPL2 licensed code they'll have to provide the source. How much of a grasp you have to make them actually do it is another matter and I wouldn't be too confident that it changes perspective for them to change their 'reluctance' to comply with the licenses just because some of their devices are now sold abroad.
I'm affraid you are totally right, they already sell both versions of the mi4 router and they are far from complying with the GPL2 license... Btw just as curiosity, it looks like there would be a worldwide version of this router, because the one advertised in Spain has a dedicated IoT network and the name is AC2350 instead of AC2100 so it looks like an extra 2 stream hardware AN network.
spi flash connection between contacts 4 and 5
Type 7 at the prompt and send 1224ABORT.bin file to the flash. (Modified file u-boot.bin is located a couple of posts above)
TeraTerm File->Transfer->XMODEM->Send 1224ABORT.bin
ROM: V1.1.4
ROM: CFG 0x00000006
ROM: SFLASH-4
ROM: CFG 0x00000006
ROM: SFLASH-4
ROM: CFG 0x00000006
ROM: SFLASH-4
ROM: Boot? (0-9A-F<CR>) 7
ROM: CFG 0x00000007
ROM: XMODEM
CCCCCCCCCCCCCC
FALCON => setenv bootdelay 5
FALCON => saveenv
this way work with nand flash ?
Hi. I just got router today. And I pissed of that shittiy chinese GUI. Is OpenWRT port stable? And I can do hardware mods if its safe. Or I the software has exploit to use openwrt? This tread is contains too much codes which I don't understand. Can somebody help me ?
Same questions here
Take some time to read the supported hardware page next time and you should know that this router isnt supported yet.
Many thanks skuhu, you care about me.
I read those pages 1 minute after my registration.
By the way, it could be very interesting at least one of the first important things to know by those who (i.e. thorsten97) opened the router case (how?) If we can find on the motherboard a TTL serial interface as in other Xiaomi models (and if we get a cmd prompt at the end of the boot) ...
It would be curious even if what thorsten97 has achieved (desoldering and reprogramming the NAND memory) has evolved or not.
Although the procedure is very complicated and within the reach of a few.
The most interesting project seems to be just this in my opinion ...
Everything else seems to have a sad stop.
If there's a way to trick the router into installing or updating a package we could probably take advantage of this bug: https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
salty boy. We already did that.
The device is based on OpenWRT and the guy called @thorsten97 he is manage to instal fresh openwrt to that device with nand flasher. The china firmware has strange bugs. I cannot use upnp and port forwarding same time no vlan support. CrappyUI etc.etc. I just want to flash it with nand flasher but I don't know to how to that and don't know to which tools I need to use that. I just wanted article to learn that things. Or somebody to explain me. And I wondered latest port from @thorsten97 is stable or not, which bugs it have? Or If I wanted to get back to china firmware after openwrt flash can I go back without issue? Thanks. I'll be glad If some one answers my questions.