105 pagesV  1 2 3 4 5 6 > »  
 
REPLY
> MiWiFi | Xiaomi Mi-router - Firmware | [firmware] publication and discussion of firmware for the older version of the router
Eugener
Message#1
23.09.14, 13:03
Southern Lion Sniper
*********
[offline]

Topics Curator
Group: Curators
Messages 3104
Check in: 17.07.06
Xiaomi Mi Max Standard

Reputation:-  311  +

MiWiFi | Xiaomi Mi-router (R1D) - Firmware.

, , , , . download


MiWiFi | Xiaomi Mi-router (R1D) - Discussion| MiWiFi | Xiaomi Mi-router (R1D) - Firmware |Xiaomi MiWiFi (client for Android) | Xiaomi MiWiFi (client for Windows)
Xiaomi Mi-router (R2D) - Discussion | MiWiFi mini | Xiaomi Mi-router mini | Xiaomi club


Attached Image


Official firmware
Custom firmware

Instructions:
For those who are actively working on firmware or software
Colleagues, I ask you, all the instructions and software lay out in one post, respectively, draw up and edit there. Links to throw me in koumiss to add to the cap. Software updates in one permanent post or each in a new one - at your discretion, but if in a new one and see that I’m braking with adding to the header - beacon. These measures are for our convenience, because if regular visitors rummage and find what they are looking for, almost all newcomers will break their brains.
Examples of properly designed instructions:
MiWiFi | Xiaomi Mi-router (Post # 33392546)
MiWiFi | Xiaomi Mi-router (Post # 32763047)

Useful:


suggestions for filling caps are welcome, contactQMS curator Eugener


Post has been editedEugener - 06.07.17, 15:36
Reason for editing: TimeCapsule
CBE4KA
Message#2
15.09.14, 01:17
/
********
[offline]

Group: Friendssavagemessiahzine.com
Messages 1399
Check in: 21.02.14
Xiaomi Redmi Note 3 Pro Prime

Reputation:-  216  +

Guys, simple question.
After opkg can standard Lucy (LuCi) be poked?


--------------------
Xiaomi products work as they should,onlyafter changing software.
Red eyes look into the nuclei of other worlds. (C)
lightvik
Message#3
15.09.14, 06:46
Guru
*********
[offline]

Group: Friendssavagemessiahzine.com
Messages 2385
Check in: 08.08.12
Xiaomi Mi 2S

Reputation:-  441  +

Guys, simple question.
After opkg can standard Lucy (LuCi) be poked?

will not work. Packages are placed in / data. what is a crutch. Before that, you need to cut out the native Lucy (the router will start yelling that something is wrong in the system, and will reboot into another section.)


--------------------
Trackscream
Message#4
15.09.14, 06:59
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* CBE4KA, * lightvik,even if it is possible to get by with “little blood” and unscrew the Chinese lucy so that the mechanism that checks the integrity of the firmware does not notice it, lucy with it pulls some more libraries. The architecture of libraries in the router and in the branch of OpenWRT that is most suitable for installing packages is different, which will lead, at best, to the impossibility of launching Lucy. If you take packages from a trunk, then opkg will request to upgrade almost all firmware packages, the consequences of this action are unpredictable, but the firmware in the current section is likely to become completely inoperable due to numerous conflicts and the lack of necessary functionality in the Chinese-supplied uclibc library. You can try to put Lucy in / data, rewrite the configuration scripts and attach it to a port other than 80 to work in parallel with the Chinese snout, but various pitfalls can also surface here.
Ichir0
Message#5
16.09.14, 00:46
Local
*****
[offline]

Group: Friendssavagemessiahzine.com
Messages 306
Check in: 28.05.11
Oneplus 5 8/128

Reputation:-  27  +

* lightvik,
on translation

The essence is this. the main interface files are here
\ usr \ lib \ lua \ luci \ view \
If you only merge this folder, everything works fine (there are only html templates and css they will not cause 500 either)
You can not copy anything to the lua folder anymore, it will in principle be a usable adequate translation without crashing.

in the www \ xiaoqiang \ folder
pieces of the interface lie (pictures. and lines tied on scripts LOL haven't been writing for so long)
here somewhere you were mistaken in them, I didn’t pick one too much, but I can in theory.
mb there are some other tails, but for 10min you can’t tell)

In general, the Chinese have built a strange interface, it would be easier to assemble it on a separate file with localization (although if it was done for China, it is not surprising), this can all be redone, but you can only do this if it is really necessary.

Thanks for attention.

PS if someone has already done the analysis, then I apologize for repeating, the device just got it, there is no time to particularly read the forum (I did not find the search)
Trackscream
Message#6
16.09.14, 06:17
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* Icir0,images / static error pages are in / www /. From the dynamics there are only a few js, but they are executed on the client. There is nothing there that could call 500. But in / usr / lib / lua there are lines tied up in scripts. And somewhere in them we made a mistake ...
Ichir0
Message#7
16.09.14, 08:33
Local
*****
[offline]

Group: Friendssavagemessiahzine.com
Messages 306
Check in: 28.05.11
Oneplus 5 8/128

Reputation:-  27  +

* TrackScream,
In this case, try copying the entire lua folder and don’t touch www, as I did, by the way, a quick comparison of files by content says only that the changes in lua are only in the luci \ view \ (Lucy) folder
the remaining pieces in lua are weakly related to the presentation of the interface, there is just its logic, and if there are pieces of translation there, then this is nonsense)

Post has been editedIchir0 - 16.09.14, 08:37
Trackscream
Message#8
16.09.14, 09:14
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* Icir0,if you read a thread, you’ll find out that I don’t have a router at the moment, so I don’t have the opportunity to debug the translation at the moment. In / www / xiaoquiang / web / js there are several js scripts with translated strings, timers, traffic graphs and various tooltips on the pages are translated there. In / usr / lib / lua, in addition to the luci / view directory, there is also Chinese, which has been translated. A striking example is the file util / xiaoquiang / XQErrorUtil.lua

If you have the opportunity, try replacing the scripts from the Russification one by one in addition to the view folder, so you can get an idea on which file the server starts to crash.

Post has been editedTrackscream - 16.09.14, 09:20
Ichir0
Message#9
16.09.14, 09:20
Local
*****
[offline]

Group: Friendssavagemessiahzine.com
Messages 306
Check in: 28.05.11
Oneplus 5 8/128

Reputation:-  27  +

* TrackScream,
I wrote that I got acquainted with my own crash within 10 minutes, leaving an adequate translation, for the rest I didn’t dig, I’ll take care of your work this week.

Post has been editedIchir0 - 16.09.14, 09:21
dggrinch
Message#10
16.09.14, 21:53
Visitor
**
[offline]

Group: Active users
Messages 24
Check in: 09.11.13
Asus memo pad

Reputation:-  1  +

Replaced HTML files under this scheme, everything works, rebooted, works !!! A couple of hieroglyphs do not spoil the overall picture. I think at the moment the safest translation option

\ usr \ lib \ lua \ luci \ view \
If you only merge this folder, everything works fine (there are only html templates and css they will not cause 500 either)
You can not copy anything to the lua folder anymore, it will in principle be a usable adequate translation without crashing.
klirichek
Message#11
20.09.14, 21:02
User
****
[offline]

Group: Friendssavagemessiahzine.com
Messages 72
Check in: 03.10.12

Reputation:-  24  +

I strained Google translator and rummaged a little in different forums / wikis (well, at the same time and in the router).
Found some interesting pieces (maybe for some, and so obvious, but still).
1. ssh (dropbear) is in fact in all firmware (both developer and stable). But its launch is hampered by two points:
a) need a secret (password or key).
b) starting the daemon must be enabled (nvram set ssh_en = 1; nvram commit)
The “official way” essentially does both of these points — resolves the daemon and sets the password (the password is obtained with the mkxqimage -I command. It, in turn, takes the router serial number (written below) and makes the substr (md5 (SN + "A2E371B0- B34B-48A5-8C40-A7133F3B5D88 "), 0, 8).
"Unofficial" on the latest developer firmware in the volume as described, does not work! (we will prescribe the password hash, but no one will do the nvram for us. In general, it is in another place and not on the disk that we connected to the computer and prepare). Conclusion - in addition to / etc / shadow, you also need to edit initscript (/etc/init.d/dropbear) and remove the ssh_en check there.

For ssh for some time there was another unofficial way - without interfering with the disk. It was necessary to go into the web-face of the router, overwrite it in url / web / home and instead add - / api / xqsystem / upgrade_rom? Url =% 3Bnvram + set + ssh_en% 3D1% 3Bnvram + commit% 3B% 2Fetc% 2Finit. d% 2Fdropbear + start% 3B
Inside the parameters were launched into the script: ("/usr/sbin/crontab_rom.sh '% s' '% s' '% s'", url, hash, filesize). Due to the lack of verification of input parameters, instead of the firmware, the transmitted commands were started, and all that remained was to go to the router. But in the latest firmware they added a filter - it tracks a single quote, a semicolon, and also tokens 'nvram', 'dropbear', 'bdata'. If you manage to bypass the semicolon, then you can probably try to add an abstraction level and disguise the necessary commands so that the filter does not catch them (for example, zip it into an inline script and put it in perl or lua, since their launch is not filtered). In the end, you can simply take the old firmware, where the vulnerability is still there - and get ssh. And then upgrade to the latest. It turns out such a "vanilla" way - without bindings in the mobile application and without pulling out the disk.

2. You can experiment with kernels / firmware. To do this, on the "big brother" you need to configure two addresses: 192.168.1.2 and 192.168.31.2 and pick up tftp there, which can give the kernel file (vmlinuz from / tftproot / vmlinuz), and also share the root file system from / tftpboot / rootfs).
Then we say nvram set flag_tftp_bootup = on; nvram set rootfs = nfs; nvram commit - and after the reboot, we no longer fall into the native firmware, but into our own core and root. And fs firmware is not affected; you can experiment!

3. nvram set uart_en = 1; nvram commit - turns on the serial console. A very important tool for the experiments according to claim 2! Another thing is that somewhere you need to find the contacts themselves (you have to jerk the case). Maybe someone has already connected, do not tell?
Trackscream
Message#12
20.09.14, 21:20
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* klirichek hereI posted photos of iron, the serial port is easy to find there. While not known only pinout.
klirichek
Message#13
21.09.14, 04:49
User
****
[offline]

Group: Friendssavagemessiahzine.com
Messages 72
Check in: 03.10.12

Reputation:-  24  +

Do you think this is J252, which is on the bottom right on your last photo?
Trackscream
Message#14
21.09.14, 12:20
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* klirichekYes, it is so signed.Take a lookbig picture andcomparewith Netgear on the same SoC.

Post has been editedTrackscream - 21.09.14, 12:23
crass1968
Message#15
21.09.14, 14:48
Guru
*********
[offline]

Group: Friendssavagemessiahzine.com
Messages 4299
Check in: 16.05.14

Reputation:-  367  +

opkg install /tmp/libgcc_4.8-linaro-1_bcm53xx.ipk


Installing libgcc (4.8-linaro-1) to root ...
Collected errors:
* opkg_install_pkg: Package libgcc md5sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
* opkg_install_cmd: Cannot install package libgcc.

Well, by itself, the following 2 packages are not set. I checked ipk integers myself.

Please tell me how to disable the check in opkg or where to put it manually!

to all: please unsubscribe what software do you use for dnla

Post has been editedcrass1968 - 21.09.14, 14:50


--------------------
(SD855): Xiaomi Mi9 6 / 64GB; (SD845): Xiaomi Pocophone F1 6 / 64GB; (SD636): Nokia X6 6 / 64GB; (SD652): Coolpad Cool1 Dual 4 / 32GB; (MT6771): Umidigi F1 4 / 128GB; (MT6763): Umidigi One 4 / 32GB;
klirichek
Message#16
21.09.14, 15:10
User
****
[offline]

Group: Friendssavagemessiahzine.com
Messages 72
Check in: 03.10.12

Reputation:-  24  +

Yes, there is a console!

1 - 3.3V (optional connection)
2 - TX (connects to the RX on the receiver)
3 - GND (connects to GND on the receiver)
4 - RX (connects to TX on the receiver)

From my ubunt, I connect to the console with the command:
$ screen / dev / ttyUSB0 115200

I want to try to build and run the kernel from Barrier Breaker (the latest release of OpenWRT) - as long as I have it on all routers already running
crass1968
Message#17
21.09.14, 19:50
Guru
*********
[offline]

Group: Friendssavagemessiahzine.com
Messages 4299
Check in: 16.05.14

Reputation:-  367  +

crass1968 @ 09/21/2014, 19:48*
Package libgcc md5sum mismatch

lightvik @ 09/21/2014, 11:59 PM*
he checksum does not converge


to be exact - the md5sum file is different from the one specified in the package list

lightvik @ 09/21/2014, 11:59 PM*
files get corrupted


I already wrote that I checked the files in the archives - everything is fine, all 3 ipk are perfectly unpacked. as indicated above, md5sum libgcc_4.8-linaro-1_bcm53xx.ipk is obtained, it does not beat the value specified in the package, which means there is probably a newer version.
Of course, ideally, it would be possible to get it (and for example, update files inhttps: //dl.dropboxuser…404844/opkg/pack.zip),but on the edge, disabling the check in opkg install or simply installing the hands with the same will do - the main thing that would work ...



Post has been editedcrass1968 - 22.09.14, 03:32


--------------------
(SD855): Xiaomi Mi9 6 / 64GB; (SD845): Xiaomi Pocophone F1 6 / 64GB; (SD636): Nokia X6 6 / 64GB; (SD652): Coolpad Cool1 Dual 4 / 32GB; (MT6771): Umidigi F1 4 / 128GB; (MT6763): Umidigi One 4 / 32GB;
lightvik
Message#18
22.09.14, 05:27
Guru
*********
[offline]

Group: Friendssavagemessiahzine.com
Messages 2385
Check in: 08.08.12
Xiaomi Mi 2S

Reputation:-  441  +

crass1968 @ 09/21/2014, 10:50*
her and get

opkg install libc
opkg install libgcc
opkg install kernel
it seems to be so


--------------------
klirichek
Message#19
22.09.14, 08:14
User
****
[offline]

Group: Friendssavagemessiahzine.com
Messages 72
Check in: 03.10.12

Reputation:-  24  +

I checked the gitbach assembly. Successfully launched!
I will describe a few points.

1. This assembly does not require any data modifications on the router (well, except for a couple of nvram variables that need to be set for it to start). The kernel is taken from the "big brother" by tftp; The root file system is mounted from there along nfs. In general - as a "bootable flash drive" - ​​allows you to boot, experiment - and at the same time do not spoil anything irreversibly.

2. Chinese instruction is posted on the githab face. Do not rush to run the translator! There's also a normalEnglish manual(it is not necessary to watch it from the site; this is the README file that you will receive when you clone this turnip).

3. The installation of the LZMA package mentioned in the instructions is obligatory! (even if the lzma starts in the console). Ignoring this will lead to the assembly of an inoperable kernel (will cause a panic out of memory when attempting to load).

4. Please note: the toolchain is 32-bit! Those. on a 64-bit system (I think most of these are now), you will most likely still have to install build-essential: i386 or something like that; carefully read the error messages and think head.

5. If byaka happened and the router turned into a "brick"
Most likely it's not so scary! The Chinese have deliberately duplicated all the important sections, so it’s really difficult to “distort”.
The first two sections on hdd are copies of each other. If it failed to boot from one - there will be an attempt to boot from the second.
The 'os' and 'os1' sections on the internal flash drive are also copies. flag_last_success in nvram indicates which partition to load from (0 - from os, 1 - from os1). So, if you managed, for example, to spoil the 'os' and set flag_last_success = 0, then the router will try to boot from this section until it is blue (note: the already loaded core responds to the button held for recovery and reset; but if you spoil the partition with the core, then the recovery flash drive will become useless! (it just won't work). To fix the problem - connect to the serial port, open the console - and hold Ctrl + C at the time of loading.

See something like this in the console:

CFE mem: 0x00F00000 - 0x0179FC50 (9043024)
Data: 0x00F581B0 - 0x00F586E8 (1336)
BSS: 0x00F586F8 - 0x00F9DC50 (283992)
Heap: 0x00F9DC50 - 0x0179DC50 (8388608)
Stack: 0x0179DC50 - 0x0179FC50 (8192)
Text: 0x00F00000 - 0x00F4CB64 (314212)
Boot: 0x017A0000 - 0x017E0000
Reloc: I: 00000000 - D: 00000000

Device eth0: hwaddr 8C-deleted-25, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Startup canceled
xiaomi>^ C
xiaomi>^ C
xiaomi>^ C


We fall into CFE (Broadcom Common Firmware Environment). Among others, the nvram command will be available there (you can see the list of all built-in commands with the help command). In the simplest case, it will be enough (just make nvram set flag_last_success = 1, then nvram commit and reboot). In more complicated cases, through CFE, you can do almost everything you need - download a new correct kernel, flash it, etc. Full instructions to his teams can be found.here.

6. There is a small inaccuracy in the manual: when running with tftp and nfs, the kernel and root will be pulled from the address 192.168.1.2 (the second address 192.168.31.2 mentioned there is not used and not required).

In general, the firmware turns out to be very similar to the stock one (it works; the password qwer1234 is mentioned in the README. It says that this is version 0.4.58). Unlike stock, this firmware is debian-based. Those. You can easily make apt-get update; apt-get install mc - and get your favorite blue windows :)

7. Oh by the way! In the stock firmware, the reset button by pressing it once causes the system to suspend. Pressing it again wakes it back.
lightvik
Message#20
22.09.14, 13:25
Guru
*********
[offline]

Group: Friendssavagemessiahzine.com
Messages 2385
Check in: 08.08.12
Xiaomi Mi 2S

Reputation:-  441  +

this debian-based firmware

Wow, this is generally a gun. And does the debian repository for this processor have a lot of software? as I understand it should be full of any software

Post has been editedlightvik - 22.09.14, 13:28


--------------------
Trackscream
Message#21
22.09.14, 14:12
Experienced
******
[offline]

Group: Friendssavagemessiahzine.com
Messages 403
Check in: 06.07.13
Xiaomi Mi 3

Reputation:-  178  +

* lightvik,so more than in OpenWRT. There are even desktop environments available, you can stick KDE in there and use it remotely, but I haven’t yet figured out why :) And so there is a fairly complete set of various software. Of the minuses: debian is not natively friendly with regular Lucy, you need crutches. In principle, it is possible to look for alternative routers gui.
Xiaomi
 

105 pagesV  1 2 3 4 5 6 > » 


 mobile version    Now: 20.06.19, 21:23