Xiaomi Mi Router 4A Gigabit Edition (R4AG/R4A Gigabit) -- fully supported and flashable with OpenWRTInvasion

hoddy · 2020-05-16T19:24:50.956Z

For me i had to reflash the original chip data back with the CH341, ive never had that issue with the OpenWRTInvasion method and not been able to gey it into recovery, its possible that because you tried to use the stock firmware for the 4A it could have caused you in issue im guessing?

horacio21 · 2020-05-16T19:33:33.661Z

Exactly I went back to stock by means of a backup, which I publicly zorro, using scrips

hoddy · 2020-05-16T19:43:45.372Z

As far as I'm aware all versions are currently exploitable, I don't think we've seen a version that isn't yet.

hoddy · 2020-05-16T19:49:18.471Z

To be honest with you I'm struggling hopefully others have suggestions. Is the router providing you DHCP? So with your IP on your PC set to automatic and in command prompt typing "ipconfig" does it show you have an IP and/or gateway?

horacio21 · 2020-05-16T19:55:26.600Z

yes

Connection specific DNS suffix. . :
Link: local IPv6 address. . . : fe80 :: f163: 124e: 6ecc: 7f2b%
Automatic configuration IPv4 address: 169.254.127.43
Subnet mask. . . . . . . . . . . . : 255.255.0.0
Default Gateway. . . . . :

woody4165 · 2020-05-16T19:55:31.685Z

It seems all has gone ok

Router IP address: 192.168.1.91
stok: xxxxxxxxxxxxxxxxxxxx
****************
router_ip_address: 192.168.1.91
stok: xxxxxxxxxxxxxxxxxxxxxxxxxx
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.1.91

But then telnet does not work (and also FTP doesn't)

vittorio@vittorio-Notebook ~/OpenWRTInvasion $ telnet 192.168.1.91
Trying 192.168.1.91...
telnet: Unable to connect to remote host: Connection refused

I've retried the exploit and rebooted copying the new stok.
What can I check?

Thanks

hoddy · 2020-05-16T19:59:11.214Z

Hmmm that's probably not given via DHCP so would say it's not working. When you tried the debrick method, I know the light didn't flash but did you get anything in the log saying that something tried to connect?

hoddy · 2020-05-16T20:01:15.775Z

As per the video, try run the exploit again. If that fails try reboot the router and run again (but remember that if you reboot the router it will can't your Stok code so you will need to relogin and copy the new one)

woody4165 · 2020-05-16T20:02:33.736Z

already done at least three times as below
exploit->exploit again->reboot and get new stok and repeat all three times

horacio21 · 2020-05-16T20:06:52.997Z

get the data when I don't set the IP on the PC, when I put a fixed IP it stops generating that data

Screenshot_20200516-160515_Gallery720×312 176 KB

hoddy · 2020-05-16T20:10:15.628Z

Try the method described here with that software, I always found bootp buggy. Also unplug the rest of the network if you have anything else on it

hoddy · 2020-05-16T20:14:39.951Z

That normally cures the issue, what OS are you using do you have anything firewalls outgoing?

@morhimi did you have any similar issues?

horacio21 · 2020-05-16T20:15:19.342Z

I've been testing for more than 2 hours without existing so far

when the IP of the ethernet in the PC changes, it stops generating the data of the previous picture

hoddy · 2020-05-16T20:16:37.703Z

Sorry I ment to post the link, try this method:

Xiaomi Mi Router 4A Gigabit Edition (R4AG/R4A Gigabit) -- fully supported and flashable with OpenWRTInvasion For Developers

well, here is an easy debrick method : 1)download TinyPXE.zip and unpack it. https://anonfile.com/lep8Caybo9/TinyPXE_zip 2)connect ethernet cable to the router, set static ip to your local network(192.168.1.x) [2020-05-12 21_28_15-Window] 3)turn off your router and hold down the reset button then power on your router when power LED start flashing slowly release it . 4)run pxesrv.exe (it is fully configured), click "Online" [2020-05-12 21_29_16-Window] wait 7-10 minutes when power led t…

woody4165 · 2020-05-16T20:19:04.087Z

I'm on a laptop with Linux Mint
The Xiaomi router is connected via WAN to a Fritz 7590 (no firewall) and the laptop is connected to the Xiaomi router via wireless and internet access works fine.

I have AdGuard on my network, but I've disabled during exploit and trying telnet

hoddy · 2020-05-16T20:24:36.885Z

The only thing that is different from how I've done it successfully in the past is that I've never done the exploit via wireless, try plugging into one of the LAN ports with your laptop and see if that works?

woody4165 · 2020-05-16T20:26:15.865Z

Don't know why, but if I connect wired, I loose internet connection, even if WAN is still connected to main router.
Xiaomi router is set as wired repeater

horacio21 · 2020-05-16T20:26:56.692Z

I already tried it, the same without success

hoddy · 2020-05-16T20:32:08.099Z

I'm sorry then, I'll have a think but hopefully someone else has some ideas. My final suggestion would be to get a CH341 and reflash the chip with a known working firmware for your exact model

woody4165 · 2020-05-16T20:33:40.644Z

That would be my last chance.

I will try to reset the router and start from scratch...

Thanks!!!