deviceID and serialNumber have been modified!
It contains my deviceid and a timestamp.
The field s= seems to contain a md5sum.
When I've changed any parameter (except the token), the request was answered with HTTP-401
Why do you consider this as spamming? This is the purpose of the forum and especially this thread to discuss what's needed in order to support OpenWrt on this router
It is very slow to help people here with the script because developing requires a more fluent conversation. For example, all issues in the last 10-15 messages could have been resolved in 10 to 15 minutes in a fluent conversation in Slack.
Because of that, it is very common during development in many open source projects to have a Slack/IRC channel for developers. You can see OpenWrt already has IRC channels for such purpose: https://openwrt.org/contact#irc_channels. IRC channels do not keep a history of the conversation, that is why I prefer Slack.
Understandable. Still, the conversation was being interesting (speak for myself). Don't forget to announce here if anything new comes from your research please, and if you're stuck don't hesitate to ask here. Good job guys.
@rogerpueyo : I would like to update to openwrt.
Do you think that simply using "mtd write xy.bin OS1" should do the trick?
Which image should I use?
Thanks for your support!
I have not been following the discussion in this thread since I don't have access to the device anymore. The whole OpenWrt flashing process I followed is described in the first posts.
I don't know if your command will work. 10 days ago, user Double-G kindly wrote this:
Could you tell us what was the stock firmware version you performed OpenWRTInvasion successfully on? 2.28.132? Was it the one that came with the device, or did you download it from somewhere else?
I'll be adding it to the ToH in the wiki (or, please, feel free to do it).
It is easy. or you can follow my summary below. Please thanks @acecilia for his root access script. and flash command by @rogerpueyo
gain root using OpenWRTInvasion (mine running stock 2.28.132)
you can follow his guide (very clear) or
-download OpenWRTInvasion here
-install requirement (I use pi4 raspbian, python ready)
-open terminal and run "python3 remote_command_execution_vulnerability.py"
-put your mir4a ip
-put your mir4a stok (can be found in your router web url, just type router ip your browser)
the script will upload exploit to your router now you can access using telnet with login "root" without password
you can dump your firmware using a ch341a programmer but i didnt backup my original firmware and running openwrt now i dont need stock firmware anymore i'm enjoying openwrt thanks to @acecilia
I got a bunch of dumps right here, because I flashed 20+ devices this way. So it should be no problem, to send you one of them.
But the problem could be, that the mac-address of your device would change to that one in the dump.
Also I don´t know, if there is some kind of device-specific calibration data in the dump of if calibration processes are done while booting the device (I think I read something about calibration in the console while the device was booting...).
Can you upload a dump somewhere please? or even better, two or three dumps, so we can compare them and check what you are saying about the mac address.
(speak for myself). Don't forget to announce here if anything new comes from your research please, and if you're stuck don't hesitate to ask here. Good job guys.
