Support for Xiaomi Router AC1200 (RB02)

Hi. I'm hoping someone can help me with this. I spent almost an entire day reading and learning about this. Finally got Docker going and then ssh fails. I then realised I had V2 and found this page.

I have the openwrt bin file from TaiKe's page. I have completed the step to enable SSH but then when I go the Docker route. It is still failing to connect.

Any advice or maybe baby steps to do this? Or should I be learning Ubuntu on VM instead of trying Docker? Thank you

Latest ROM are available here :

The vendor version can be found following link at https://www1.miwifi.com/wap_download.html
https://cdn.cnbj1.fds.api.mi-img.com/xiaoqiang/rom/r4av2/miwifi_r4av2_firmware_6bdd4_2.30.500.bin
2.30.500 at May 28 2023

Telnet login can be enabled using Invasion script avalable here :

If you use the std r4a image, no wifi, and wan don't work

In fact lan is on wan port

1 Like

Finaly everything seems to work including LEDs with snapshot version :
https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin

You can then install luci:
opkg update
opgk install luci
reboot

and voila

R4A-V2 version :

root@OpenWrt:~# lsmod | grep ^mt
mt76                   51477  4 mt7615e,mt7615_common,mt7603e,mt76_connac_lib
mt76_connac_lib        40978  2 mt7615e,mt7615_common
mt7603e                40252  0 
mt7615_common          70108  1 mt7615e
mt7615e                10277  0

R4A-V1 version

lsmod | grep ^mt
mt76                   45120  4 mt76x2e,mt76x2_common,mt76x02_lib,mt7603e
mt7603e                38560  0 
mt76x02_lib            40640  2 mt76x2e,mt76x2_common
mt76x2_common          11744  1 mt76x2e
mt76x2e                10208  0

The router was delivered with a firmware 2.30.28
I unbricked using 2.30.500

1 Like

hey can you give me details on how you got telnet access, mine is always denied. fw 2.30.500

Hello,

First you need to setup a password for the Router interface (this requires an internet connection)

I checkout lhe LordPinhead/OpenWRTInvasion form github
I launch
python3 remote_command_execution_vulnerability.py

It ask for Server IP and Local IP, then password you set in the interface

It happens that I had to close opened browser and sometime (often) launch the hack twice
You should be able to telnet the router then enter login and password (user: root, password: root)
For ssh you need some options like this:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa -o UserKnownHostsFile=/dev/null root@192.168.31.1

Only tested this on linux

Hope this helps, let me know :wink:

2 Likes

I had done this method on windows using docker and whenever I went through this step, it said that my firmware was not compatible with OpenwrtInvasion asking to consult the guide. and also appeared that I could try to connect via telnet, but it always refused. Perhaps, it could be due to windows or firmware 2.30.500 that is from Feb 23. Anyway, I'm going to emulate linux and I'll try there and for sure I'll be back here. Is your hardware dated 01/23? Thank you very much for your help! :slight_smile:

I suggest you using a native ubuntu PC to do it again, do not use any VM / Docker.

I continue with the same error that there was using docker, apparently without access. I installed ubuntu on my real machine.

I use this firmware from miwifi.com site

md5sum miwifi_r4av2_firmware_6bdd4_2.30.500.bin
639616a5b70983903ccdd019a7a6bdd4  miwifi_r4av2_firmware_6bdd4_2.30.500.bin
1 Like

hi friend, I managed to install the latest version of openwrt, I found out what I was doing wrong. Was using script v1 instead of v2. When I used v2 telnet pinged just fine. Thank you very much for your help!!

1 Like

Looks like your router don't access to your local server
When I run I get

python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default '192.168.31.1']: 192.168.31.1
Local Host IP address [press enter for using the default '192.168.31.xxx']:  192.168.31.xxx
Enter Router Admin ...

After that you should see 2 HTTP GET displayed
If you get only one you have to retry

Are you sure you use the LordPinhead/OpenWRTInvasion repo ?
To clone the git repo I used:
git clone https://github.com/LordPinhead/OpenWRTInvasion.git

1 Like

I wasn't using the correct one, I used the correct one and it loaded. See, there are no wireless options here, is the problem in the driver?

It looks like you used the std openwrt firmware

You need this one:
https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin

here it says my device is not supported by this image. Through sysupgrade.

I made several try some images, everytime I reset to the 2.30.500, using the unbricking procedure, until I found the snapshot one works.
On the sticker on the router box I can read 2023/01 the provided firmware was 2.30.28, that I unbricked with 2.30.500

my leds are broken and the wifi adapters do not appear for me, is it not possible to solve it through opkg?

i installed the firmware you sent me, now i'm without luci.

Everything went well here, I installed luci via opkg, now the unavailable tools have appeared and the leds have been fixed! Thanks a lot for the help!

1 Like

could you please tell me more what should i do ?? I using r4av2 with 2.30.25 version and I don't know how can install openwrt on this device and you can do this . please tell me full tutorials and give me all link that maybe need .
thanks

Hey, are you going to use openwrtinvasion v2 from LordPinhead, the script is v2