Support AIoT AC2350 Xiaomi?

For Developers
64

The password can be calculated from the serial number of the router. Either locally using a script (https://4pda.ru/forum/index.php?showtopic=996681&st=560#entry103458716), or online on https://www.oxygen7.cn/miwifi/.

65

I'm log in:
image

Why can I do next to install OpenWRT?

1 Like
66

I was try to use OpenWRT image bulid:

I go to numer 3 very quick, but i this step I don't know what to do.
We can use firmware 1.3.8 or only config for hardware?

67

First, we need to port OpenWRT to our router. I sketched a rough config and even ran the built image, but the router functionality is still very far away.
Now I have taken a break while waiting for the white version of this router. As soon as it is delivered to me, I will continue porting.

3 Likes
68

I will be waiting for your firmware, but for now I want to try to use Prometeus to creat Padavan firmware.

69

The main thing is not to forget to make a full backup of the router's flash memory in a working state... three times! :slight_smile:
On router (via SSH):

# dd if=/dev/$(cat /proc/mtd | grep ALL | cut -d':' -f1) of=/tmp/ALL.bin

On PC (router IP address may differ):

scp root@192.168.31.1:/tmp/ALL.bin ${HOME}/
1 Like
70

I read about Padavan and I think is the best way to wait for you. For now I must se what to do with my Connect Box because is main of the problem for my connection to Internet.

71

Maybe we can use complation from AC2100 from there:

What do you think?

72

This is a completely different hardware.

73

Well this is weird. I was fully prepared to write why it shouldn't work however when I looked at the firmware...

I can see D_FORTIFY_SOURCE=1 in the build options for a couple of things, but I don't see actual calls to the buffer overflow testing function replacements like __memcpy_chk? (Nor do they exist in their libc.so)

Also it does not appear that they actually patched pppd either...

Thus, if you rewrote it taking into account that this is big endian mips (The one you linked to I wrote for a little endian device), finding equivalent (or new) rop gadgets, and that you'd need to find out the memory layout of this device... (Quite easy if they still have that api endpoint that gives you syslog in a tar.gz)

This device is probably vulnerable to a modified version of this.

No, I won't write you the changes since I don't intend on getting one. :laughing:

Edit: Wait, you already have shell from the web ui exploit, what do you even need me for?

74

Could you describe in detail on which version of the firmware OpenWRTInvasion worked for you and what actions you did? Other people can't reproduce it (https://4pda.ru/forum/index.php?showtopic=996681&view=findpost&p=104198390). Thanks!

1 Like
75

Of course :slightly_smiling_face:

  1. I use Linux Mint 20 and router 1.3.8 CN firmware with connection to Internet.
  2. I install all recomended repo
  3. In first of try I have no success, but I run script as ROOT and see that script runs longer an try to login on SHH.
  4. I use command:
    ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@router-ip
    ,but not working, and then I try:
    SSH root@router_IP
    And it works - I can log AS root, but password is from generator that you send me:
    https://www.oxygen7.cn/miwifi/

P.s. of course i use newest OpenWRT Invasion ver. 0.0.6.

P.s. II - I don't think is have a matter but my Xiaomi is connect to Compal Connect Box AS Wireless Reapeater .

2 Likes
76

Is it possible to install chinese firmware on the international model?

77

Yep for sure!

1 Like
78

Yes - I have that model.
My oryginal firmware was 3.0.36 International.

2 Likes
79

I will wait for your firmware.

80

Hello.
I change configuration of my network and now AC2350 is connected to Connect Box as router (Connect Box is on modem mode). For first I use AC2350 with rom 1.3.8 - switch mode to router, but it runs without connection to ssh. Router it that firmware works not stable so I decidet to change firmware to 3.0.36 and it work great . Signal is not strong but connection is more stable and pages run quckly. For now I wait for your firmware to be stable because in this firmware it work for me not maximum of that power it have this router.

81

Do you get better signal if you ssh in and put

nvram set CountryCode=CN
nvram commit
uci set wireless.wifi0.country='CN'
uci set wireless.wifi1.country='CN'
uci commit
82

When I switch to router mode I lost my connection on ssh - for now I used firmware 3.0.36 because is more stable than 1.3.8 CN.

83

but with 3.0.36 on AP mode you acquired ssh connection? You modified sth with hw mod in-system/reprogramming or it was working?