Yes, you can download more by seaching in software for theme's then swap the theme here:
Just a note, this is probably not a queston for this device specific forum.
Just a note, this is probably not a queston for this device specific forum.
2 Likes
Greetings,
been a happy owner of the 100M version, I bought the Gigabit version. I'm using the build from @Zorro (thank you for your build 
) , however I'm noticing that the range from the 5G wireless is too weak. Everything else is ok and stable. Anybody with the same issue?
Thank you
1 Like
The proprietory drivers in the stock firmware are a bit more polished I think. It's worth checking you have the transmit power as high as you can for your region and it may help to change your channel and width I found. Also setting the Distance Optimization may help.
But yeah I've found the wirless range to be slightly less.
Installed the last snapshot (r13527-61307544d1) and now I got 200mb on ethernet cable instead of 1GB 
The link is established as 1Gbps
But why is it still in chinese?
The latest versions are unstable currently, I can't tell you exactly what versions are good and bad for now but I'm running r11063-85e04e9f46 by Zorro that works well, otherwise you can compile your own version from:
I am trying to use OpenWRTInvasion with my Xiaomi Mi Router 4A Gigabit Edition with - what it seems to be - a global English firmware 2.28.132. It is set as wired repeater with an cable inserted into one of the LAN ports. The router is getting an IP from a DHCP server. The exploit does not work and - after adding some debugging lines - I am getting the following response text:
{"code":401,"msg":"Invalid token"}
The full output with headers, urls, etc. is below:
gleber@ubuntu-vm:~/code/OpenWRTInvasion$ python3 remote_command_execution_vulnerability.py
Router IP address: 192.168.1.168
stok: 0150712eac08a29b11fe4dd8c591c335
****************
router_ip_address: 192.168.1.168
stok: 0150712eac08a29b11fe4dd8c591c335
****************
start uploading config file...
http://192.168.1.168/cgi-bin/luci/;stok=0150712eac08a29b11fe4dd8c591c335/api/misystem/c_upload
<Response [200]>
{"code":401,"msg":"Invalid token"}
start exec command...
{"code":401,"msg":"Invalid token"}
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.1.168
gleber@ubuntu-vm:~/code/OpenWRTInvasion$ less remote_command_execution_vulnerability.py
gleber@ubuntu-vm:~/code/OpenWRTInvasion$ python3 remote_command_execution_vulnerability.py^C
gleber@ubuntu-vm:~/code/OpenWRTInvasion$ zile remote_command_execution_vulnerability.py
gleber@ubuntu-vm:~/code/OpenWRTInvasion$ python3 remote_command_execution_vulnerability.py
Router IP address: 192.168.1.168
stok: 0150712eac08a29b11fe4dd8c591c335
****************
router_ip_address: 192.168.1.168
stok: 0150712eac08a29b11fe4dd8c591c335
****************
start uploading config file...
http://192.168.1.168/cgi-bin/luci/;stok=0150712eac08a29b11fe4dd8c591c335/api/misystem/c_upload
<Response [200]>
http://192.168.1.168/cgi-bin/luci/;stok=0150712eac08a29b11fe4dd8c591c335/api/misystem/c_upload
200
{'Server': 'nginx', 'Date': 'Thu, 11 Jun 2020 10:02:04 GMT', 'Content-Type': 'text/html; charset=utf-8', 'Transfer-Encoding': 'chunked', 'Connection': 'close', 'Cache-Control': 'no-cache', 'Expires': 'Thu, 01 Jan 1970 00:00:01 GMT', 'MiCGI-Switch': '1 1', 'MiCGI-Client-Ip': '192.168.1.170', 'MiCGI-Host': '192.168.1.168', 'MiCGI-Http-Host': '192.168.1.168', 'MiCGI-Server-Ip': '192.168.1.168', 'MiCGI-Server-Port': '80', 'MiCGI-Status': 'CGI', 'MiCGI-Preload': 'no'}
[]
{"code":401,"msg":"Invalid token"}
start exec command...
{"code":401,"msg":"Invalid token"}
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.1.168
The telnet port is closed after attempting the exploit.
Is this the right place to ask for help? Any ideas what else I could try?
The router must connect to the internet and the stok changes after every reboot.
@gleber
Seems as if the Router-Invasion worked well ?!
If not jinglei207 is right. The STOK Number need to be copied
from a browser-2-router-connection to the Stock-firmware.
It is in the Site-Link then. If you copy don't reboot,
otherwise STOk changes again.
Some suggestions:
- I had to give the username when using
"telnet -l root 192.168.1.x" to connect. - What surprises me is the Router Adress itself - mine was much lower.
192.168.1.1 or 192.168.1.2 don't remember. Do you use the client IP
or is this the real router IP.
Just give it a try.
Hello, i get, ftp server not found, I also edited main.py file with my stok and router ip address, and it says all done. But when i get to writeOS.py, it says ftp server not found.
(1) EN.2.28.132.bin
Select OS firmware: 1
ftp server not found
Hello hoddy, thank you for your answer. I tried the @Byte version and it bricked my router 
I'm now testing the snapshot from today, which includes mt7621 ethernet driver improvements
1 Like
I used a new stok every time. I do believe the router has access to internet (it can check for updates). I also tried OpenWRTInvasion 0.0.1 to ensure that internet access is not the culprit.
1 Like
The invasion did not work (the messages it wrote are incorrect, since the script has no error handling) and the telnet port is not open. Telnet command does not work.
I did get a fresh stok token from the router web admin session url for each attempt. I retried it many times.
The IP address I used is the address that the router got from my main DHCP server, since this router is configured as wired repeater (i.e. it acts as an access point only).
Also, make sure the stok code is issued to the same PC as is running the exploit, e.g if your using a ubuntu vm don't use the windows browser to get the stok code.
2 Likes
Ah! That was it! Thank you, it allowed me to move forward.
Now I am getting a new behavior. Uploading a zip file results in {"code":1629,"msg":"Unzip error, file is not intack"} and the telnet port does not get opened. I will dig deeper now.
1 Like
Just reset the router then.
Some shared that Byte's build was slower than Zorro's. I have been testing Byte's build for 4 days and found that the performance is same.
Here is the iperf test result on 5Ghz .
Just for the comparison, here is the same test on stock firmware:
3 Likes
If it's setup was an AP than it won't work. It needs to be on router mode to work.
2 Likes
It worked! I did get root access via telnet now.
So for future users of OpenWRTInvasion. You need to:
- use the same host to retrieve stok token and to run the exploit
- make sure that the device is set to router mode
5 Likes
Do share your experience too in comparison to stock.
1 Like