-
-
Save jmceleney/33c626a33960ac8a1764614cf57420cd to your computer and use it in GitHub Desktop.
| import ssl | |
| import socket | |
| # This script simply replays one side of an intercepted conversation between two Xiaomi | |
| # RB01 (International) AX3200 routers negotiating meshing. | |
| # In effect the script poses as a mesh slave, which causes the mesh master to enable netmode4. | |
| # Enabling netmode is needed as one step in unlocking the router and flashing OpenWrt. | |
| # The router should already have been taken through basic set-up before running this script. | |
| # Netmode4 can be confirmed with curl by requesting the following URL, where ${token} is the "stok" | |
| # variable from your admin session: | |
| # $ curl "http://192.168.31.1/cgi-bin/luci/;stok=${token}/api/xqnetwork/get_netmode" | |
| # {"netmode":4,"code":0} | |
| # Set the IP address and port number of the server | |
| SERVER_IP = '192.168.31.1' | |
| SERVER_PORT = 19553 | |
| # Create an SSL context object and configure it for the client | |
| ssl_context = ssl.create_default_context() | |
| ssl_context.check_hostname = False | |
| ssl_context.verify_mode = ssl.CERT_NONE | |
| # Create a TCP socket object | |
| sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| # Wrap the socket with SSL encryption using the context object | |
| ssl_sock = ssl_context.wrap_socket(sock, server_hostname=SERVER_IP) | |
| # Connect to the server | |
| ssl_sock.connect((SERVER_IP, SERVER_PORT)) | |
| # Send a hex string to the server | |
| hex_string = '100100a3000438633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a6237000061646435353662636461303730380000503151527567767a6d78746b35502f70316b2b46566a724a4c716d6568494546424a6563477062516a76383d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033433a43443a35373a32323a31433a36310000' | |
| byte_string = bytes.fromhex(hex_string) | |
| ssl_sock.send(byte_string) | |
| # Receive the response from the server | |
| response1 = ssl_sock.recv(1024) | |
| # Print the response | |
| print("{}:\n{}".format('Response1',response1)) | |
| # Receive the response from the server | |
| response2 = ssl_sock.recv(1024) | |
| # Print the response | |
| print("{}:\n{}".format('Response2',response2)) | |
| hex_string2 = '10010020000538633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a623700000100000000000000000000000000000000000000000000000000000000000000' | |
| byte_string2 = bytes.fromhex(hex_string2) | |
| ssl_sock.send(byte_string2) | |
| response3 = ssl_sock.recv(2048) | |
| print("{}:\n{}".format('Response3',response3)) | |
| hex_string3 = '10010020000738633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a62370000017265637620636f6e6669672073796e6320636f72726563746c792e0a000000' | |
| byte_string3 = bytes.fromhex(hex_string3) | |
| ssl_sock.send(byte_string3) | |
| response4 = ssl_sock.recv(2048) | |
| print("{}:\n{}".format('Response4',response4)) | |
| # Close the socket | |
| ssl_sock.close() |
Thank you @jmceleney for sharing this script!
Thank you @jmceleney
I ran into SSL issue when I tried to run the script on Python 3.11, but managed to fix it by adding the following line:
ssl_context.set_ciphers('DEFAULT')
I also needed @OPerepadia suggested change in order for the script to work.
I do have a question though. I successfully enabled netmode 4, which was confirmed with the curl command. However, telnet is NOT enabled. Am I missing a step somewhere? The router is not connected to the internet in case that matters.
Nvm. This post explained everything: https://forum.openwrt.org/t/adding-openwrt-support-for-xiaomi-redmi-router-ax6s-xiaomi-router-ax3200/111085/936?u=mushoz
@Mushoz I have the same problem. Netmode 4 is enabled, but telnet doesn't work. Bdata says telnet_en=0. I followed your link, but I'm not sure how that helps. What was the solution in your case?
@memark you need to follow the steps provided in that openwrt post, and it should enable telnet
Hello, thank you for your script. I can now use Telnet with a Xiaomi Mesh System AX3000 router.
I would like to know how can I come back to the previous (default) configuration ?
Indeed, now my router can't discover devices on the network anymore, so I would like to restore the router to the default configuration.
I have tried an hard reset and restoring the router to the default configuration but it's not working.
Thanks ;-)
@Mushoz I have the same problem. Netmode 4 is enabled, but telnet doesn't work. Bdata says telnet_en=0. I followed your link, but I'm not sure how that helps. What was the solution in your case?
So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?
So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?
Yep
doesn't work for me, still got netmode 2
Tried this recently on a Xiaomi AX3200 (International version) and it worked flawlessly. Many thanks !