已刷机成功

在交流区开放前，收到一些小伙伴邮件告诉我刷机成功的喜讯。感谢大家的支持！

你好，我前面的命令行执行都是成功的，但是telnet失败了，请问你知道原因吗？

执行这条命令的时候提示有语法错误

pip3 install -r requirements.txt

C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(26): error C2061: syntax error: identifier 'intmax_t' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(27): error C2061: syntax error: identifier 'rem' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(27): error C2059: syntax error: ';' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(28): error C2059: syntax error: '}' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(30): error C2061: syntax error: identifier 'imaxdiv_t' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(30): error C2059: syntax error: ';' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(40): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(41): error C2146: syntax error: missing ')' before identifier '_Number' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(41): error C2061: syntax error: identifier '_Number' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(41): error C2059: syntax error: ';' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(42): error C2059: syntax error: ')' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(45): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(46): error C2146: syntax error: missing ')' before identifier '_Numerator' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(46): error C2061: syntax error: identifier '_Numerator' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(46): error C2059: syntax error: ';' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(46): error C2059: syntax error: ',' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(48): error C2059: syntax error: ')' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(50): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(56): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(63): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(69): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(76): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(82): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(89): error C2143: syntax error: missing '{' before '__cdecl' C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\inttypes.h(95): error C2143: syntax error: missing '{' before '__cdecl'

你好 我这里同样的telnet不通 我用的linux ,请问一下该怎么解决呢?

[LX@MiWiFi-R4-srv ~]$ telnet 192.168.31.1 Trying 192.168.31.1... telnet: connect to address 192.168.31.1: Connection refused

Running setup.py install for pycrypto ... error ERROR: Command errored out with exit status 1: command: 'c:\python\python36\python3.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\hzt\AppData\Local\Temp\pip-install-veo0d704\pycrypto\setup.py'"'"'; file='"'"'C:\Users\hzt\AppData\Local\Temp\pip-install-veo0d704\pycrypto\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\hzt\AppData\Local\Temp\pip-record-6q0tu156\install-record.txt' --single-version-externally-managed --compile --install-headers 'c:\python\python36\Include\pycrypto' cwd: C:\Users\hzt\AppData\Local\Temp\pip-install-veo0d704\pycrypto\

这是我得到最新的报错，请问我该怎么继续呢

之前的问题已经解决，更换python的版本解决的。我终于进行下一步，但是还是遇到问题。

Administrator@HZT MINGW64 /h/openwrt/OpenWRTInvasion (master) $ python remote_command_execution_vulnerability.py File "remote_command_execution_vulnerability.py", line 22 router_ip_address = input(f"Router IP address [press enter for using the default {router_ip_address}]: ") or router_ip_address ^ SyntaxError: invalid syntax

上面是我运行remote_command_execution_vulnerability.py这个文件时的报错，代码是不是要改

然后又遇到下面这个问题

没有提示这个GBK报错了，接下来有报错了

对于这个报错我看不懂，因为我没有学习过python编程，实在难搞。请大哥们帮我看看。

虽然我想尽办法，最后还是失败了。

root@XiaoQiang:~# cd /tmp root@XiaoQiang:/tmp# wget http://10.10.10.5/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin Connecting to 10.10.10.5 (10.10.10.5:80) openwrt-ramips-mt762 100% || 1874k 0:00:00 ETA root@XiaoQiang:/tmp# wget http://10.10.10.5/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin Connecting to 10.10.10.5 (10.10.10.5:80) openwrt-ramips-mt762 100% || 15616k 0:00:00 ETA root@XiaoQiang:/tmp# mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin kernel1 Could not open mtd device: kernel1 Can't open device for writing! root@XiaoQiang:/tmp# mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin rootfs0 Could not open mtd device: rootfs0 Can't open device for writing! root@XiaoQiang:/tmp# nvram set flag_try_sys1_failed=1 root@XiaoQiang:/tmp# nvram commit root@XiaoQiang:/tmp# reboot

root@XiaoQiang:/tmp# cat /proc/mtd dev: size erasesize name mtd0: 01000000 00010000 "ALL" mtd1: 00030000 00010000 "Bootloader" mtd2: 00010000 00010000 "Config" mtd3: 00010000 00010000 "Bdata" mtd4: 00010000 00010000 "Factory" mtd5: 00010000 00010000 "crash" mtd6: 00010000 00010000 "cfg_bak" mtd7: 00100000 00010000 "overlay" mtd8: 00d00000 00010000 "OS1" mtd9: 00b30000 00010000 "rootfs" mtd10: 00180000 00010000 "disk" root@XiaoQiang:/tmp#

能否帮忙看下？

我贡献一下吧，我自己的网站。。11月底前到期吧。 http://iovoz.org/openwrt-ramips-mt7621-xiaomi_mir4-initramfs-kernel.bin。

http://iovoz.org/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin。

http://iovoz.org/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin。

http://iovoz.org/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-sysupgrade.bin。

stok那个怎么取？？

R4a,卡在这一步了，执行没反应

C:\Users\RyanW\OpenWRTInvasion>python3 remote_command_execution_vulnerability.py

C:\Users\RyanW\OpenWRTInvasion>

已刷 感谢大大的耐心指导 附上本人千牛存储 希望能帮到大家

wget http://qhyt2t2b3.hn-bkt.clouddn.com/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin wget http://qhyt2t2b3.hn-bkt.clouddn.com/attachment%20filenameopenwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin wget http://qhyt2t2b3.hn-bkt.clouddn.com/attachment%20filenameopenwrt-ramips-mt7621-xiaomi_mir4-squashfs-sysupgrade.bin wget http://qhyt2t2b3.hn-bkt.clouddn.com/attachment%20filenameopenwrt-ramips-mt7621-xiaomi_mir4-initramfs-kernel.bin

请大神帮个忙,无法telnet

大佬的release里面已经不提供固件了。楼主能发个固件吗？xez8499@163.com。。谢谢楼主👍

➜  OpenWRTInvasion git:(master) python remote_command_execution_vulnerability.py
Router IP address [press enter for using the default {router_ip_address}]: 192.168.1.1
stok: 0012047c932c8df0236b7abd819b670d
****************
router_ip_address: 192.168.1.1
stok: 0012047c932c8df0236b7abd819b670d
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.1.1
➜  OpenWRTInvasion git:(master) telnet 192.168.1.1
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Connection refused
➜  OpenWRTInvasion git:(master)

执行脚本后无法 telnet

版本 2.28.62

请问用的小米路由器R4的版本是多少，我用的是2.26.127，运行后r1.text会报{"code":1629,"msg":"解压失败，可能文件已经损坏"}错误, r2.text会返回502

请问一下，是哪里有问题。

刷了之后 网速有提升么 ？

可以共享下软件吗？就是你成功的版本

小米路由4刷机成功

但版本要用0.0.1

操作略有不同，需要使用netcat

小米路由器4telnet无法连接，请问大神有没有办法解决？路由固件已从2.26.175降级为2.26.127，这两个固件都卡在telnet连接上

fly@fly:~/Desktop/Python-3.9.0/OpenWRTInvasion$ python3 remote_command_execution_vulnerability.py Router IP address: 192.168.31.1 stok: f9fc3d2201f28138c3b4b9228f6c4434

router_ip_address: 192.168.31.1 stok: f9fc3d2201f28138c3b4b9228f6c4434

start uploading config file... start exec command... done! Now you can connect to the router using telnet (user: root, password: none) In MacOS, execute in the terminal: telnet 192.168.31.1

fly@fly:~/Desktop/Python-3.9.0/OpenWRTInvasion$ telnet 192.168.31.1 Trying 192.168.31.1... telnet: Unable to connect to remote host: Connection refused

小米路由4 Telnet连不上可以参考下github原作者关于R4的回复：

[Mi Router 4]: user Firef0x claims that exploit version 0.0.1 works on firmware version 2.26.175.

需要使用0.0.1版本结合netcat使用：

1. 下载0.0.1版本：https://github.com/acecilia/OpenWRTInvasion/archive/0.0.1.zip
2. windows下载netcat参考，netcat可能会被查杀，先关闭杀毒软件：https://blog.csdn.net/nicolewjt/article/details/88898735
3. 根据代码提示打开新的终端使用netcat监听4444端口
4. 连接后和Telnet操作一样

注：

1. 在0.0.1版本未对中文优化，运行remote_command_execution_vulnerability.py可能报gbk错误

解决办法：用文档编辑器打开py文件，windows自带的记事本就可以：

remote_command_execution_vulnerability.py脚本中有4个with open：

with open("speedtest_urls_template.xml","rt")

在其中标明解码，改为：

with open("speedtest_urls_template.xml","rt", encoding="UTF-8")

2. 可以在remote_command_execution_vulnerability.py中改ip、stok，省的每次运行都要复制粘贴：

   router_ip_address = "192.168.31.1"
   
   attacker_ip_address = "192.168.31.114"
   
   stok = "你的stok"
   

已经用了0.01这个版本，然后用netcat监听了4444端口，输入路由器ip和stok之后，提示done完成之后就又没反应了。不知道怎么操作了，用telnet命令还是提示无法打开到主机的连接。

在网上翻来覆去，在传统xxx账号+小米路由的方式上，在小米路由刷开发机+xxxx的方式上，迷茫着倒腾快两周了，单是能确定到这两个倒腾方向上来，已经很不容易了。本来已经倾向于换小米路由器3或者mini这些看起来网友们倒腾成功率较高的设备了，或者可以说，这几个版本好赖有官方提供开发版固件，自己可能稍微不至于走入死胡同一些。不过当地市区好几家小米实体店都表示这些已经是旧版本了，没有货。

看着自家仓库一箱子又一箱子的路由4，和路由3无货的现状，我又限入了绝望。割腕自杀的最后一丝之际，我遇到了你，结果就是。。。。。这清晰可行的步骤带着我刷成功了！！你可真是个大好人，希望你永远活着，永远发光~~~~~

git、python3、pip3、telnet，这几个东西哪里下载？

提示22端口没有打开是怎么回事

请问包在哪儿下载

root@XiaoQiang:/tmp# wget http://192.168.31.153/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin
Connecting to 192.168.31.153 (192.168.31.153:80)
wget: can't connect to remote host (192.168.31.153): Connection refused

帮忙看看这是什么问题

Trying 192.168.31.1... telnet: Unable to connect to remote host: Connection refused

到telnet那里连接被拒绝，断电重启了还是被拒绝。咋弄？

windows telnet进入后也输入不了命令啊。是需要linux系统嘛

小米路由4 使用0.0.1，刷入成功。不过由此我的电脑多了一个ubuntu。油管上有个老外用博主的方法也能成，不过他用的MacOS，这我就搞不到了。

在执行 mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin kernel1时出现Could not open mtd device: kernel1 Can't open device for writing!求解

ubuntu操作环境下执行 pip3 install -r requirements.txt

WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip. Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue. To avoid this problem you can invoke Python with '-m pip' instead of running pip directly. Defaulting to user installation because normal site-packages is not writeable ERROR: Could not open requirements file: [Errno 2] No such file or directory: 'requirements.txt'

这往下该怎么办

OpenWRTInvasion$ git clone https://github.com/acecilia/OpenWRTInvasion

Cloning into 'OpenWRTInvasion'... remote: Enumerating objects: 243, done. remote: Counting objects: 100% (21/21), done. remote: Compressing objects: 100% (21/21), done. Receiving objects: 32% (79/243), 9.69 MiB | 29.00 KiB/s

最后这行一直到32%，就没变化了

已经到stok输完这步，再用telnet不管用额

start uploading config file... start exec command... done! Now you can connect to the router using several options: (user: root, password: root)

• telnet 192.168.31.1
• ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@192.168.31.1
• ftp: using a program like cyberduck

/OpenWRTInvasion/OpenWRTInvasion$ telnet 192.168.31.1 Trying 192.168.31.1... telnet: Unable to connect to remote host: Connection refused

经过几天尝试，已经刷成功。借用了刷R3G的办法来刷R4

2021.06.25 by taylor: 成功刷机，很完整的教程，感谢大佬！！

轶哥，请问这个是什么问题？

已经刷机成功

如果telnet不通的话,可以用另外一个工具来开启telnet

参考这个页面的步骤2

https://www.right.com.cn/forum/thread-4089487-1-1.html

不能telnet成功的原因找到了，是因为在openwrt root的插件里，有俩需要从GitHub上wget，然而因为政策原因部分地区上不了。解决方法有两个，第一把里面的链接换成自己在七牛上的存储，第二就是上边接一个可以上外网的路由器。

载release页面大佬编译好的固件，并将openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin和openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin

你好，最新github 上下载的releases 解压后，没有看到固件啊，这两个固件在哪里下载？能否发一下，谢谢 249842796@qq.com

我到sysupgrade时，下载了https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mi-router-4-squashfs-sysupgrade.bin

，升级完再进入192.168.1.1就进不了，咋办

小米路由器4C,我0.01/2/6/7/8都试过了，脚本运行没问题，就是connection refused连不上，能ping通，咋办👀️

哥，我版本不够，降级提示校验失败，有啥办法吗

小米路由4A 千兆版

失败了，connection refused，不知为何.....

16:08:42 with vincentko in OpenWRTInvasion on  tags/0.0.3 via 🅒 openwrt took 18s 
➜ python3 remote_command_execution_vulnerability.py
Router IP address: 192.168.31.1
stok: d70d8f8bf11c70ec40cb73f8a1e65fe8
****************
router_ip_address: 192.168.31.1
stok: d70d8f8bf11c70ec40cb73f8a1e65fe8
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.31.1
(openwrt) 
16:09:17 with vincentko in OpenWRTInvasion on  tags/0.0.3 via 🅒 openwrt took 33s 
➜ telnet 192.168.31.1
Trying 192.168.31.1...
telnet: connect to address 192.168.31.1: Connection refused
telnet: Unable to connect to remote host
(openwrt) 

尝试了很多次，都不行，虽然脚本运行提示了成功，但是telnat总是连不上T_T

解决完telnet就卡在这了

root@XiaoQiang:/tmp# mtd write kernel1.bin kernel1 Couldn't open image file: kernel1.bin!

教程可以的 但我想请教一下 怎么更新？官方的固件是用不了还是为什么？我刷官方的mi4固件后arp -a是没有路由器的