Xiaomi Mi Router 4A Gigabit Edition (R4AG/R4A Gigabit) -- fully supported and flashable with OpenWRTInvasion

podlaha · May 11, 2020, 8:56pm

They are all python scripts, only executed by .bat files.

I'm no big expert so cannot tell if they can be run on Linux

horacio21 · May 11, 2020, 9:00pm

i have this error:

help me please

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa0 in position 1: invalid start byte

Zorro · May 11, 2020, 9:41pm

scripts are only for windows x64 ..
1)download set of scripts and unzip it.
https://anonfile.com/X3B8e4xdo2/R3GV2_patches_21.04.2020_zip
2)put "openwrt-ramips-mt7621-xiaomi_mir3g-v2-squashfs-sysupgrade.bin" into scripts folder in the "firmwares" subdirectory.
3) Run 0.start_main.bat enter the password of your router wait for completion it will run telnet+ftp server on the router until router reboot, run 1.start_create_backup.bat , wait for completion.
4)Copy the backup.bin file from the data subdirectory to a safe place. This is a full dump of your official firmware with data unique to your device.
5) Run 5.start_write_OS.bat , select the firmware in the script window by pressing the corresponding number. Upon completion, the router will boot into openwrt.(wait 7-10 minutes and don't touch your router. do not power off it)

horacio21 · May 12, 2020, 12:17am

thanks but i get this error when running any .bat file

how can I solve it?

Traceback (most recent call last):
  File "main.py", line 10, in <module>
    line4 = subprocess.check_output(["cmd","/c","chcp","437","&","tracert","-d","-h","1","1.1.1.1"]).decode().split("\r\
n")[4].strip().split(" ")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa0 in position 1: invalid start byte

makku71 · May 12, 2020, 1:50pm

@hectorcamp had a similar problem. May be it works for you too ..
See here.
Solution for him is here.

horacio21 · May 12, 2020, 2:12pm

how to configure the dhcp server?

hoddy · May 12, 2020, 2:56pm

I've made a quick video for you on how to set it up, sorry its a bit rough. Over the next few days, I will do a full video guide on how to debrick and install if anyone's interested give me a like and a sub on Youtube, please.
DHCP Setup Video Here
Just a note this is for use with the DHCP server from here: dhcpserver.de
Hope this helps!

hoddy · May 12, 2020, 5:43pm

Sorry, I've fallen a little behind on this. Can anyone tell me the latest and most stable version? I would like to make a full video guide and want it to be as up to date as possible.

Zorro · May 12, 2020, 5:54pm

well, here is an easy debrick method :

1)download TinyPXE.zip and unpack it.
https://anonfile.com/lep8Caybo9/TinyPXE_zip

2)connect ethernet cable to the router, set static ip to your local network(192.168.1.x)
2020-05-12 21_28_15-Window

3)turn off your router and hold down the reset button then power on your router when power LED start flashing slowly release it .
4)run pxesrv.exe (it is fully configured), click "Online"

2020-05-12 21_29_16-Window

wait 7-10 minutes when power led turns blue power off your router then power on it.

hoddy · May 12, 2020, 6:03pm

Very nice, thats the simplest method yet, and you've even included the firmware thanks Zorro. Can i ask whats the latest version of OpenWrt firmware that is working stable?

hoddy · May 13, 2020, 5:37pm

Sorry, excuse my ignorance:

hernan · May 14, 2020, 12:25am

Hi guys!

Just posting to say that I'm using the 19.07.2 build that @Zorro uploaded (the one of the #2 link) and it's working great on my Mi 4 Gigabit Edition, way better than the old snapshots from when I first modded my router to install OpenWRT. It's fast, with flow offloading my 300/15 connection works without any issue at full speed and so far very stable. Totally recommended.

darfir · May 14, 2020, 8:22am

Hello, if you find any bug, I appreciate that you can report it here. I would like to flash my router

tmomas · May 14, 2020, 8:43am

@rogerpueyo Nitpick regarding the topic title: The correct spelling is OpenWrt.

rogerpueyo · May 14, 2020, 9:31am

I am fully aware of it but the tool is indeed named OpenWRTInvasion

makku71 · May 14, 2020, 2:25pm

You can flash it. One of my two Devices runs this image for a couple of days now in daily use without any trouble. You will do fine until there is a fully supported Version 20 of OpenWRT for this device.
Follow the excellent descriptions and enjoy !

hoddy · May 14, 2020, 6:12pm

I've just made a video showing the complete install method and debrick method if needed. Hopefully its helpfull!

maxencep02 · May 15, 2020, 1:48pm

Hello,
Thank you for you works and also for the video.
I am stuck and need your help.

I was able to run OpenWRTInvasion but I cannot connect to telnet. I don't know how to solve that. I am now running on firmware 2.28.62. Initialy my router was with chinese firmware.

pi@raspberrypi:~/OpenWRTInvasion $ python3 remote_command_execution_vulnerability.py
Router IP address: 192.168.1.66
stok: c8f27652af5b21d497cc68e9e9d453ea
****************
router_ip_address: 192.168.1.66
stok: c8f27652af5b21d497cc68e9e9d453ea
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.1.66
pi@raspberrypi:~/OpenWRTInvasion $ telnet 192.168.1.66
Trying 192.168.1.66...
telnet: Unable to connect to remote host: Connection refused

Thank you for your help
Maxence

fluffymadness · May 15, 2020, 1:56pm

after you've set the password in the stock firmware webinterface, do a reboot and try to connect to it again. I needed a reboot to be able to connect.

maxencep02 · May 15, 2020, 2:19pm

I tried a reboot, confirmed by the change of stok but same result.
I plug the router on the lan 2.
And I am doing the hack from my remote rpi3B trough SSH (my computer is under windows and the script of Zoro don't want to work Rrrr).

I configured the router as an access point to be able to reach it though my normal network.

I don't know if one of these elements can explain my problem.