1. Brush back to the development version of the official specific version of Xiaomi's system:
First flash the system to the development version: miwifi_r1cl_all_59371_2.1.26.bin, which must be this version 2.1.26:
Download link: http://bigota.miwifi.com/xiaoqiang/rom/r1cl/miwifi_r1cl_all_59371_2.1.26.bin
Manually download this firmware, and then manually update the system
The routing status must be confirmed here, must, must, must: it must be a development board, it must be 2.1.26;
2. Turn on telnet login
Log in to the routing management interface
. Enter 192.168.31.1 in the address bar. After entering the account password, there will be a string of parameters in the address bar, similar to
http://192.168.31.1/cgi-bin/luci/;stok=07512192918557c27cdbcae2175281d9/web/home#router
Change the administrator password and the root password of the system. Change the
/web/home#router in the URL above to /api/xqsystem/set_name_password?oldPwd=the password of the current router&newPwd=the new router password,
Note that the old and new passwords cannot be the same here
Full example: http://192.168.31.1/cgi-bin/luci/;stok=07512192918557c27cdbcae2175281d9/api/xqsystem/set_name_password?oldPwd=12345678&newPwd=87654321
Then check the return result of the web page. If the returned JSON string is {"code":0}, then the task is completed. If the return indicates that the parameter is wrong, then it is almost impossible that the system is a new version, and Xiaomi has officially patched this Loopholes.
The telnet login method to enable routing is the
same as the modification URL in the previous step, and change /web/home#router to /api/xqnetwork/set_wifi_ap?ssid=xiaomi&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd, and then check The returned JSON data {"msg":"Failed to connect to the specified WiFi (Probe timeout)","code":1616}, the return code may be different, but here you can already log in to the router by telnet
Full example: http://192.168.31.1/cgi-bin/luci/;stok=07512192918557c27cdbcae2175281d9/api/xqnetwork/set_wifi_ap?ssid=xiaomi&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd
Log in with putty's telnet
connection type: telnet; host name: 192.168.31.1. After opening it, you will see login, enter root, and the password will be the new password modified in the second step above. Then execute the following three instructions in sequence:
sed -i ":x;N;s/if \[.*\; then\n.*return 0\n.*fi/#tb/;b x" /etc/init.d/dropbear
/etc/init.d/dropbear start
nvram set ssh_en=1; nvram commit3. Brush into breed
WINSCP select SCP protocol, account password is the same as ssh
Copy breed.bin to /tmp
breed.bin address: https://www.b612.me/usr/uploads/2017/07/1210871972.bin and
enter the following command to flash in. After flashing in, the machine will automatically restart, putty and WinScp will be disconnected and closed That's it.
mtd -r write /tmp/breed.bin Bootloader4. Flash in the Padavan firmware
Power off the router first, then press and hold the router reset button, and then power on the router. When the router light flashes, release the reset button, enter 192.168.1.1 in the browser on the computer, enter the breed console, and swipe in Padavan firmware (firmware name: MI-NANO)
Padavan firmware address: https://opt.cn2qq.com/padavan/MI-NANO_3.4.3.9-099.trx
As shown in the figure:
Reference materials:
https://www.b612.me/code/80.html