Article directory
Preface
OpenWRT is a highly modular and highly automated embedded Linux system that can make routers smarter. Simply put, a router with OpenWrt is equivalent to a Linux system with wireless computers and multiple network cards.
For example: a router with USB function can realize multi-end file sharing, station hanging, remote monitoring and even smart home after flashing; it can be wirelessly bridged and can wirelessly connect to general chinanet hotspots and dial up; it can establish a LAN wireless network to transmit data, etc.
Today I will share how to flash OpenWRT on Xiaomi Router 4A Gigabit Edition and achieve remote access to the public network through the intranet penetration tool.
1. Install Python and required libraries
First open www.python.org to download a Python3 installation package and install it.
After the installation is complete, execute the following commands to upgrade pip and install the required libraries:
python -m pip install --upgrade pip
pip install pycryptodome
pip install requests
2. Use OpenWRTInvasion to crack the router
Open OpenWRTInvasion’s releases page and download an available version. The version I chose here is 0.0.7, which supports Windows.
The compressed package name obtained after downloading is: OpenWRTInvasion-0.0.7. Just decompress the file to a path without Chinese characters.
Connect the Xiaomi router to the Internet, log in to the router, find the parameter stok in the address bar and copy the characters after the equal sign, and keep the web page from closing.
Open cmd in the directory where OpenWRTInvasion was extracted (Windows PowerShell is used in this tutorial)
Enterpython remote_command_execution_vulnerability.py command to run the cracking script
Enter the router IP (192.168.31.1) according to the prompts, paste the characters after the stok equal sign that you copied before, and start cracking
After the crack is successful, there will be a prompt. You can copy the prompt instructions to connect to Telent or SSH. The username and password are root.
3. Back up the current partition and flash the new Breed
First execute the following commands to view and backup partitions
cat /proc/mtd #显示路由分区
dd if=/dev/mtd0 of=/tmp/all.bin #备份所有分区到/tmp/all.bin
dd if=/dev/mtd1 of=/tmp/Bootloader.bin #备份引导分区到/tmp/Bootloader.bin
Then use WinSCP or other FTP tools to create an FTP connection. The address is the router IP, the username is root, and there is no password. After connecting, copy the two files you just backed upall.bin, to the tmp directory. breed-mt7621-pbr-m1.binBootloader.binTransfer it out, and upload
Execute after the upload is completedmtd -r write /tmp/breed-mt7621-pbr-m1.bin BootloaderFlash Breed, and then restart the router
Use a browser to open 192.168.1.1 to open the Breed console and flash itopenwrt-ramips-mt7621-xiaomi_r4a-squashfs-sysupgrade.bin . After clicking OK, the reading will be updated.
After waiting for the reading to end, enter 192.168.31.1 in the browser to see the OpenWrt login interface.
The default account is root and the password is coolxiaomi. After logging in, the following interface is displayed and the flash is successful.
4. Install cpolar intranet penetration
At this time, you can successfully log in to OpenWrt and run it, but it can only be accessed locally. If you plan to access OpenWrt on the intranet at any time in the public network environment for file transfer and other operations, we need to install the cpolar intranet penetration tool to achieve this.
4.1 Register an account
Enter cpolar official website: https://www.cpolar.com/
Click免费注册 in the upper right corner, use your email to register a cpolar account for free and log in
4.2 Download cpolar client
After successfully logging in, click to download cpolar locally and install it (you can install it by default all the way). In this tutorial, you choose to download the Windows version.
4.3 Log in to the cpolar web ui management interface
Access on the browser127.0.0.1:9200, use the registered cpolar email account to log in to the cpolar web ui management interface (default is Local port 9200)
4.4 Create public network address
After successfully logging in and entering the main interface, we click on the left dashboard 隧道管理——隧道列表, and then click 创建隧道.
-
Tunnel name: The name can be customized and cannot be repeated with the existing tunnel name. I filled it in here.
website -
Protocol: Select
http -
Local address:
192.168.31.1:80 -
Domain name type: Free package selection
随机域名 -
area:
China Top
Click创建
At this time, click on in 状态 on the left. You can see the wamp tunnel you just created and two public network addresses are generated. There are two access methods, namely http and https. Just copy an address at will and open it in a public network computer browser. As shown in the figure below, it means that the public network has successfully accessed OpenWrt of the local intranet router. 在线隧道列表
5. Fixed public network address access
It should be noted that this tutorial uses a random temporary address on the public network generated by free cpolar. This address will change within 24 hours. For users who need to use OpenWrt outside for a long time, configuring a fixed address is very useful. necessary.
I usually use a fixed second-level subdomain name because such a fixed and easy-to-remember public network address (for example: open.cpolar.cn) makes it more convenient and faster to use a remote router.
Log in to the cpolar official website, click Reserve on the left, select to reserve the second-level subdomain name, set a second-level subdomain name, click保留, and copy the reserved second-level subdomain name after the reservation is successful. Subdomain name.
Take this tutorial as an example. Select the regionChina VIP, fill in the second-level domain nameopen, fill in 1 in the description, and click保留.
After the reservation is successful, copy the reserved second-level subdomain address, log in to the cpolar web UI management interface, and click 隧道管理——隧道列表 on the left dashboard , find the tunnel you want to configure: website, click on the right编辑
Modify the tunnel information and configure the successfully reserved second-level subdomain name into the tunnel.
- Domain name type: Select
二级子域名 - Sub Domain: Fill in the successfully reserved second-level subdomain name
open - Region: Select
China VIP
Click更新
After the update is completed, open在线隧道列表. At this time, you can see that the public network address has changed and the address name has become a reserved and fixed second-level subdomain name.
Finally, we use a fixed public network address for connection access, copy the second-level subdomain name: http://open.vip.cpolar.cn/ and open it in the browser of another public network computer. There is no error or connection exception. You can see Once the connection is successful, a fixed address access will be set up. You can use this domain name to access the intranet router OpenWrt from the public network anytime and anywhere for operation.
