Get rid the default, embrace the new one for better privacy, installing Openwrt on Mi Router 4a Gigabit. penwrt is FOSS firmware that offers better flexibility, performance and security. Here we trying to install it on my own Router Xiaomi 4a Gigabit

Avatar

Zuhri

  |  3 min reads

Introduction #

The Xiaomi Mi Router 4A Gigabit Edition is an indoor wireless router based on the MediaTek MT7621 SoC, with three 10/100/1000 Ethernet ports (2xLAN + 1xWAN), dual band 802.11bgn+ac (dual radio) WiFi and four external non-detachable antennae. It is offered with either Chinese firmware, or Global International firmware.

The methodology what we using is Openwrt Invasion that mean we will do hacking right now.

  • NOTE: FROM VERSION 0.0.2 THE ROUTER NEEDS INTERNET ACCESS. If you require to run the exploit without internet access please try version 0.0.1. Find the versions here: https://github.com/acecilia/OpenWRTInvasion/releases

  • NOTE: THERE ARE REPORTED ISSUES WITH ROUTER IN AP MODE. If you’re not able to succeed in the AP mode, try to switch to some other (WiFi Repeater or Gateway)

  • NOTE: THERE ARE COMPATIBILITY ISSUES REPORTED WHEN USING WINDOWS. This script only runs on Mac or Linux. If you run from Windows, please use docker (explained below)

In summary what we gonna do is.

  1. Gaining access into root shell
  2. Installing FOSS firmware (Openwrt) on it.

I have internet connection and this step will reproduce in Linux Operating System, because the note up there said Windows is sucks!!! or u can use VM or Docker.

First thing you need to download the firmware from the official site here, and then type device version, download it.

The second is u need lan cable or ethernet cable to communicate with the device, and the Internet of course.

Installation #

To reproduce the step u can follow below here.

Get the STOK #

  • Reset router if necessary to restore default settings.
  • Connect computer to Ethernet LAN port.
  • Connect Xiaomi router to the internet with the wan port
  • Open in a browser http://192.168.31.1
  • Configure device
    • select language, accept terms
    • Enter a wifi password (that is the admin password)
    • go to http://192.168.31.1 and enter the root password
    • when you are in, your link changed and now it have a part with something similar to stok=3700b146c87e45fea51170f87f47d34c

Exploiting device #

git clone https://github.com/acecilia/OpenWRTInvasion
cd OpenWRTInvasion
python3 remote_command_execution_vulnerability.py

After u exploit that will open communication port, u need to type command in terminal using FTP then uploud openwrt firmware that u have download before.

  • Note:
    UsernamePassword
    rootroot
ftp 192.168.31.1
cd tmp
put change/path/to/openwrt-firmware.bin

After uploud the firmware u need burn into device storage, we will using telnet now, to login into telnet the username and password same as FTP before root:root.

telnet 192.168.31.1
cd /tmp
mtd -e OS1 -r write openwrt-firmware.bin OS1

After that, u need to wait the light will blinking! the default openwrt will not show SSID because u need to turn it ON manual by using lan cable. so, my advice! u need go to official site!

Link up there same as before and create custom config firmware with SSID active by default, if u dont know just click on “Customize installed packages and/or first boot script” lets all the pkgs by default, something u need to change in below there, click setting icon in corner below then uncomment or remove [#] at

# wlan_name="OpenWrt"

Then click Request Build, then wait for minute! a new firmware with custom build will show up, download it and update firmware with new one, go to 192.168.1.1 in browser find the upgrade firmware and of course within u do that u should connect with the device.

Turn Bloated Debian Based Distro into Lightweight Dietpi
Comprehensive Nmap (Network Mapper) Cheatsheet