OpenWrt support for Xiaomi AX9000

taken out russian forum 4pda, works correctly on ax9000, others not tested

The bdata patch to receive telnet and ssh (so far it only added ax3600, ax6000, ax9000, ax6)

create_exploit_ax_xioami.zip

  1. Make a backup of the configuration if necessary, because telnet will require a factory reset to activate.
  2. Go to the admin panel on the web muzzle (miwifi.com or by IP address)
  3. Copy the content of the create_exploit.js file to the browser console and press Enter.
  4. If everything is ok, a window will appear where you can change the bdata region or leave it at that.
  5. Wait 10-15 seconds for the patch file to be generated. Then it should download automatically, so if the browser has crashes on this, it is better to remove them.
  6. Unpack the contents of the downloaded file.
  7. After unpacking, there should be 3 files: 1.bin, 2.bin, 3.bin. In the same order, upload it to the webmord where the firmware for the update is manually uploaded. If everything is fine, after each load, the router should restart. If after the first filling you stop connecting via wifi, you need to connect via cable and continue (I never had this, but people write what happens).
  8. Factory reset.
  9. Go to the admin panel and run the script calc_passwd.js in the browser console to find out your password for telnet. (This step can be done once and at any time. The default password depends on the serial number and will not change if the serial number is not changed)
  10. Try to connect via telnet, if it says the password is wrong, You can also repeat from step 7 until it works. (In ax3600, there is often a glitch that after factory reset the default password is not accepted and the router needs to be reset again.)
  11. You can enable ssh:

Connect via telnet and turn on the ssh server:

sed -i 's / channel =. * / channel = \ "debug \" / g' /etc/init.d/dropbear
/etc/init.d/dropbear start
6 Likes