OpenWrt support for Xiaomi AX3000NE

lee320 · May 16, 2023, 5:07pm

A brief summary of how I enabled SSH service:

I extracted the firmware of Xiaomi CR8806 because I found that they have a similar interface. In the file system, I discovered a service called elink, which related to Home Automation. It establishes a connection with the gateway's port 32768 after establishing an internet connection and registers itself to the gateway.

By decompiling this file, I found that it uses wget %s -O /tmp/update.bin to download firmware during system upgrades, and it does not check if the URL address is valid. So, if we input ; reboot ; as the address, it will execute our command (in this case, "reboot").

I wrote a Python program to implement this idea, and it works well with my device. I have already pushed it to my repo. I haven't done a lot of testing, if it doesn't work properly, please let me know or submit a PR
@lazy.guy @hquu @shiguang55 @hank9999

hank9999 · May 16, 2023, 6:28pm

Thanks for your hard working, I will try it! I need flash my device to mi firmware first.

hank9999 · May 16, 2023, 8:06pm

I have tried this. It worked very well! My firmware version is 6.2.47(6.0.16)
I use a usb network share instead of a wifi netwrok to make sure my computer is online.

Thanks!

hquu · May 17, 2023, 2:12am

Thanks a million for your great works and generous sharing！

shiguang55 · May 17, 2023, 2:57am

This method is feasible, thank you

Werner · May 18, 2023, 7:29am

since we have access to ssh now, what else could we do to get a working openwrt firmware?

I see lots of MT7981 related pr recently so it seems to be supported.

shiguang55 · May 24, 2023, 12:20pm

Is your router a WR30U or an AX3000 NE

Werner · May 25, 2023, 12:24am

WR30U I know there's 3rd party firmware but still want to use the official one

shiguang55 · May 25, 2023, 2:58am

Maybe you can extract the official Xiaomi firmware for the AX3000 NE and flash it to work on the wr30u

hank9999 · May 25, 2023, 11:27am

I am waiting 360 t7 support pr to be merged. This pr have some useful changes to MT7981. After it merged, i will try adding wr30u to main branch.

Ronnie_Ng · July 8, 2023, 8:48am

AS unlocking the AX3000NE SSH function needs run the scrip of server_emulator.py, how can I get this scrip, is it this dts?

frollic · July 8, 2023, 9:00am

it's literally in the top three hits in (my) google search ("server_emulator.py") ...

hank9999 · July 13, 2023, 8:07pm

Check lee320's post, a repo link there.

hquu · July 14, 2023, 3:13am

You may find it on github link: https://github.com/PatriciaLee3/wr30u_ssh
Could you please share us the dumped rom file after enabled ssh.
Thanks

shiguang55 · July 16, 2023, 3:28am

you can find server_emulator.py atPatriciaLee3/wr30u_ssh (github.com)
Can you share the original partition backup information about AX3000 NE，
You can refer to this post https://www.right.com.cn/forum/thread-8255963-1-1.html，

Werner · July 18, 2023, 7:13am

any idea why its still not merged? its been there for 2 months

frollic · July 18, 2023, 7:22am

huh ?

https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/

Werner · July 18, 2023, 7:29am

no wr30u or ax3000ne?

frollic · July 18, 2023, 7:31am

ok, not the 360 t7 then

did you check the wr30u commit? it was updated no later than 5 days ago.

Werner · July 18, 2023, 7:41am

yeah its already merged to other openwrt forks hope it can be done here soon