Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> XiaoMi AX3600 Hack SSH & Telnet forever

views
     
TSchong83
post Dec 12 2020, 01:16 AM, updated 7 months ago

Getting Started
**
Junior Member
87 posts

Joined: May 2009
From: Kuala Lumpur


Login AX3600 in browser
CODE
192.168.31.1


First Step
Downgrade Firmware Version to 1.0.17

Go To
CODE
https://www.oxygen7.cn/miwifi/

user posted image

Key in your Router SN Click Go Calculate Your Root Password Remember Save
CODE
266XX/E0P80XXXX

user posted image

Install Putty then SSH to Your Router
username : root
password : XXXXXXX
user posted image


SSH Run
CODE
nanddump -f /tmp/bdata_mtd9.img /dev/mtd9


Install WinSCP & Login
user posted image

Backup "bdata_mtd9.img" to Desktop
CODE
/tmp/bdata_mtd9.img


Upload "fuckax3600" to /tmp

Back to Putty SSH
CODE
chmod +x /tmp/fuckax3600


CODE
/tmp/fuckax3600 unlock

Router Will Auto Reboot

After Reboot Login SSH Continue
CODE
/tmp/fuckax3600 hack

This Step SSH, Telnet, Uart Permission Done, Please Save Your Password for SSH & Telnet

CODE
/tmp/fuckax3600 lock

Restart and Factory Reset

Upgrade Firmware to CN 1.0.67 or INT 3.0.22

After Upgrade Firmware SSH cannot Login, Please Use Putty Login By Telnet & Run
CODE
sed -i 's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear

CODE
/etc/init.d/dropbear start


SSH Work Again brows.gif


Attachment File :
Firmware, Putty, WinSCP
CODE
https://mega.nz/file/mEJ1Capa#jxenPjajUIYKe-Sgamvmg2CAEBq6wM8t3JhsOhJH5RQ


user posted image

=======================================================


Set VLan for Unifi, Maxis, Time
Login By WinSCP go to edit
CODE
etc/config/network


Add Vlan id .XXX behind eth1 example
CODE
option ifname 'eth1' to option ifname 'eth1.500'


config interface 'eth1'
option ifname 'eth1.500'
option keepup '1'

config interface 'wan'
option proto 'pppoe'
list dns '8.8.8.8'
list dns '8.8.4.4'
option peerdns '0'
option username '[email protected]'
option special '0'
option mru '1480'
option password 'admin1233'
option ifname 'eth1.500'
option ipv6 'auto'


user posted image

This post has been edited by chong83: Dec 12 2020, 01:49 AM
heidarren
post Dec 12 2020, 02:15 AM

Getting Started
**
Junior Member
238 posts

Joined: Aug 2018
Just remember to lock fuckax3600 or else you will lost you wifi, if it does, revert back and lock it again will solve.

This post has been edited by heidarren: Dec 12 2020, 02:15 AM
ajaxcbcb
post Dec 29 2020, 08:19 PM

Casual
***
Junior Member
417 posts

Joined: Apr 2011
From: Kuala Lumpur Malaysia



i couldnt get the vlan config to stick with the firmware 3.0.22

managed to get the vlan working for 1.0.67

This post has been edited by ajaxcbcb: Dec 30 2020, 10:08 AM
amirsubhi
post Dec 31 2020, 09:54 PM

The Power Is IN Your Hand!
******
Senior Member
1,437 posts

Joined: Apr 2005
From: SumwHeRe In MaLaYsIa



guys,

if you only want to set vlan, no need to go this way

Do u guys know, international firmware got additional setting for VLAN, which u can set and dial (Without need to go to SSH/Telnet)

First update your firmware to 3.0.22

and then factory reset and after reboot enter 192.168.31.1

Then you notice as below, click at additional setting, put your vlan

Attached Image

tadaa rclxm9.gif

This post has been edited by amirsubhi: Dec 31 2020, 09:55 PM
joq3 P
post Jan 20 2021, 06:22 PM

New Member
*
Probation
2 posts

Joined: Jan 2021
@chong83, thanks for the great guide. Worked flawlessly. I have one question, does this disable default functions too? Because I cannot connect to my router with the Mi WiFi app after using this script.
If it does, can you reverse only this part via SSH?

Thank you!
ajaxcbcb
post Jan 24 2021, 09:58 AM

Casual
***
Junior Member
417 posts

Joined: Apr 2011
From: Kuala Lumpur Malaysia



QUOTE(amirsubhi @ Dec 31 2020, 09:54 PM)
guys,

if you only want to set vlan, no need to go this way

Do u guys know, international firmware got additional setting for VLAN, which u can set and dial (Without need to go to SSH/Telnet)

First update your firmware to 3.0.22

and then factory reset and after reboot enter 192.168.31.1

Then you notice as below, click at additional setting, put your vlan

Attached Image

tadaa rclxm9.gif
*
If we could have the ssh backdoor. We can add more vlan ports. But sadly not much dev for this router
amirsubhi
post Jan 24 2021, 03:23 PM

The Power Is IN Your Hand!
******
Senior Member
1,437 posts

Joined: Apr 2005
From: SumwHeRe In MaLaYsIa



QUOTE(ajaxcbcb @ Jan 24 2021, 09:58 AM)
If we could have the ssh backdoor. We can add more vlan ports. But sadly not much dev for this router
*
you can always use the tutorial from Thread Starter to gain access to SSH though
ajaxcbcb
post Jan 24 2021, 07:47 PM

Casual
***
Junior Member
417 posts

Joined: Apr 2011
From: Kuala Lumpur Malaysia



QUOTE(amirsubhi @ Jan 24 2021, 03:23 PM)
you can always use the tutorial from Thread Starter to gain access to SSH though
*
I realized after reboot it reverts back the memory
joq3 P
post Jan 26 2021, 11:07 PM

New Member
*
Probation
2 posts

Joined: Jan 2021
How do I change the country inside the bdata?

QUOTE
bdata show| grep -i country

CountryCode=EU
I want to change it from EU to CN. Is this possible to do? bdata seems to be read only.
ajaxcbcb
post Feb 3 2021, 02:40 AM

Casual
***
Junior Member
417 posts

Joined: Apr 2011
From: Kuala Lumpur Malaysia



QUOTE(joq3 @ Jan 26 2021, 11:07 PM)
How do I change the country inside the bdata?
I want to change it from EU to CN. Is this possible to do? bdata seems to be read only.
*
Nvram commit
ajaxcbcb
post Feb 3 2021, 11:39 PM

Casual
***
Junior Member
417 posts

Joined: Apr 2011
From: Kuala Lumpur Malaysia



QUOTE(joq3 @ Jan 26 2021, 11:07 PM)
How do I change the country inside the bdata?
I want to change it from EU to CN. Is this possible to do? bdata seems to be read only.
*
https://oded.dev/2020/11/30/AX3600-1/

follow this.
harriss
post Jun 1 2021, 12:28 AM

Casual
***
Junior Member
319 posts

Joined: Jan 2009
From: OH YEAH



QUOTE(amirsubhi @ Dec 31 2020, 09:54 PM)
guys,

if you only want to set vlan, no need to go this way

Do u guys know, international firmware got additional setting for VLAN, which u can set and dial (Without need to go to SSH/Telnet)

First update your firmware to 3.0.22

and then factory reset and after reboot enter 192.168.31.1

Then you notice as below, click at additional setting, put your vlan

Attached Image

tadaa rclxm9.gif
*
3.0.22 5G strength is good or not?

 

Change to:
| Lo-Fi Version
0.0196sec    0.30    6 queries    GZIP Disabled
Time is now: 19th June 2021 - 05:08 PM