The tool to check if Xiaomi router stock firmware exists on a server

tolerance1 · April 10, 2025, 6:52pm

Hi,
I have created a handy script, basically a tool, named "MiRF Pinger", that will ping Xiaomi router firmware web server to check if a certain firmware version exists for download. Some of devs could have created and keep a similar script for themselves, but those who don't, here you have it. The tool will be helpful for finding a certain exploitable firmware version, for example. Or a one could swap Xiaomi firmware URLs and adapt the script to ping firmware servers of different brands. That's all, thanks.
The tool link: https://github.com/dreamunlim/xiaomi-router-firmware-pinger

psherman · April 10, 2025, 10:07pm

Can you elaborate on how this is relevant to OpenWrt?

tolerance1 · April 10, 2025, 11:44pm

I had thought of the following scenario, based on the case that happened with the Xiaomi AX3000T router:
A router model 2025 rev. A comes to market, which has firmware version 1.0.10, exploitable by known exploits in the stock firmware, that gives opportunity to substitute the stock one with OpenWrt. Xiaomi tends to officially upload only a one subsequent stock firmware update, lets assume, for model 2025 the version 1.0.11 gets officially uploaded, still exploitable - everything is fine at this stage.
Next, in half a year, the model 2025 rev. B gets released to the market, with stock firmware v.1.0.20, this time with an updated switch chipset that holds a new driver in the stock firmware to be functional. The v.1.0.20 is not exploitable as reported by users, and users can't downgrade to the stock exploitable fw v.1.0.11, because it lacks the new switch driver. But then there is a one user that reports his model 2025 rev. B with the stock fw v.1.0.19 is still exploitable. At this stage, you need to find the v.1.0.19 on the Xiaomi fw server and publish to the public for them to downgrade. Here is where the MiRF Pinger tool comes in handy.
Now, the maintainers of the AX3000T router have a such tool of their own, which they keep for themselves. But newer models are most likely to be maintained by other people that won't have the pinger at hand in case the newer routers repeat the outlined scenario.
That is how I see the tool relevant to OpenWrt.

psherman · April 11, 2025, 12:08am

IMO, this is quite a stretch, as it implies that vulnerabilities in the vendor firmware are relevant to OpenWrt. There may be many reasons that the vendor issues an update, only some of them may be relevant to exploits necessary to install OpenWrt.

But, this thread can stay here.