Guys, there is my patch for r4av2/rb02
This patch inlclude correct code for the leds
Guys, there is my patch for r4av2/rb02
This patch inlclude correct code for the leds
Hi guys i just bought a router and want to use it only with openwrt i find now xiaomi is providing a v2 which may or maynot be supported but there is no way i can tell what version it comes with what is the status how can i flash i it comes with RB02 or R4AV2 i think you guys can tell me a proper answer thanks.
Need information asap.
I think exploit has also been patched for v2 https://github.com/acecilia/OpenWRTInvasion/pull/155#issuecomment-1313042473
But still have doubts about.
I've used this patch in the latest version of WRT with some config file that I find and optimizing it for my prefrences and it works fine without any problems.
Even the LEDs are working fine.
Thank you very much!
Hi. I'm hoping someone can help me with this. I spent almost an entire day reading and learning about this. Finally got Docker going and then ssh fails. I then realised I had V2 and found this page.
I have the openwrt bin file from TaiKe's page. I have completed the step to enable SSH but then when I go the Docker route. It is still failing to connect.
Any advice or maybe baby steps to do this? Or should I be learning Ubuntu on VM instead of trying Docker? Thank you
Latest ROM are available here :
The vendor version can be found following link at https://www1.miwifi.com/wap_download.html
https://cdn.cnbj1.fds.api.mi-img.com/xiaoqiang/rom/r4av2/miwifi_r4av2_firmware_6bdd4_2.30.500.bin
2.30.500 at May 28 2023
Telnet login can be enabled using Invasion script avalable here :
If you use the std r4a image, no wifi, and wan don't work
In fact lan is on wan port
Finaly everything seems to work including LEDs with snapshot version :
https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin
You can then install luci:
opkg update
opgk install luci
reboot
and voila
R4A-V2 version :
root@OpenWrt:~# lsmod | grep ^mt
mt76 51477 4 mt7615e,mt7615_common,mt7603e,mt76_connac_lib
mt76_connac_lib 40978 2 mt7615e,mt7615_common
mt7603e 40252 0
mt7615_common 70108 1 mt7615e
mt7615e 10277 0
R4A-V1 version
lsmod | grep ^mt
mt76 45120 4 mt76x2e,mt76x2_common,mt76x02_lib,mt7603e
mt7603e 38560 0
mt76x02_lib 40640 2 mt76x2e,mt76x2_common
mt76x2_common 11744 1 mt76x2e
mt76x2e 10208 0
The router was delivered with a firmware 2.30.28
I unbricked using 2.30.500
hey can you give me details on how you got telnet access, mine is always denied. fw 2.30.500
Hello,
First you need to setup a password for the Router interface (this requires an internet connection)
I checkout lhe LordPinhead/OpenWRTInvasion form github
I launch
python3 remote_command_execution_vulnerability.py
It ask for Server IP and Local IP, then password you set in the interface
It happens that I had to close opened browser and sometime (often) launch the hack twice
You should be able to telnet the router then enter login and password (user: root, password: root)
For ssh you need some options like this:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa -o UserKnownHostsFile=/dev/null root@192.168.31.1
Only tested this on linux
Hope this helps, let me know
I had done this method on windows using docker and whenever I went through this step, it said that my firmware was not compatible with OpenwrtInvasion asking to consult the guide. and also appeared that I could try to connect via telnet, but it always refused. Perhaps, it could be due to windows or firmware 2.30.500 that is from Feb 23. Anyway, I'm going to emulate linux and I'll try there and for sure I'll be back here. Is your hardware dated 01/23? Thank you very much for your help!
I suggest you using a native ubuntu PC to do it again, do not use any VM / Docker.
I continue with the same error that there was using docker, apparently without access. I installed ubuntu on my real machine.
I use this firmware from miwifi.com site
md5sum miwifi_r4av2_firmware_6bdd4_2.30.500.bin
639616a5b70983903ccdd019a7a6bdd4 miwifi_r4av2_firmware_6bdd4_2.30.500.bin
hi friend, I managed to install the latest version of openwrt, I found out what I was doing wrong. Was using script v1 instead of v2. When I used v2 telnet pinged just fine. Thank you very much for your help!!
Looks like your router don't access to your local server
When I run I get
python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default '192.168.31.1']: 192.168.31.1
Local Host IP address [press enter for using the default '192.168.31.xxx']: 192.168.31.xxx
Enter Router Admin ...
After that you should see 2 HTTP GET displayed
If you get only one you have to retry
Are you sure you use the LordPinhead/OpenWRTInvasion repo ?
To clone the git repo I used:
git clone https://github.com/LordPinhead/OpenWRTInvasion.git
I wasn't using the correct one, I used the correct one and it loaded. See, there are no wireless options here, is the problem in the driver?
It looks like you used the std openwrt firmware
You need this one:
https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin
here it says my device is not supported by this image. Through sysupgrade.
I made several try some images, everytime I reset to the 2.30.500, using the unbricking procedure, until I found the snapshot one works.
On the sticker on the router box I can read 2023/01 the provided firmware was 2.30.28, that I unbricked with 2.30.500
my leds are broken and the wifi adapters do not appear for me, is it not possible to solve it through opkg?
i installed the firmware you sent me, now i'm without luci.