1、win下载工具
2、解压运行“run.sh”
3、
运行并输入ip和密码
先输入1》路由器ip-》回车-》输入2-》数据路由器密码
成功后ssh的账号密码都为root
中文对照
1 -设置ip地址(当前值:192.168.31.1)
2 -连接设备(安装漏洞)
3 -读取完整的设备信息
4—创建全量备份
5 -安装EN/RU语言
6 -安装Breed引导程序
7- 安装固件(从“firmware”目录)
8 -{{{其他功能}}
9 -[[重启设备]]
0 -退出
==========================================================
Xiaomi MiR Patcher
1 - Set IP-address (current value: 192.168.31.1)
2 - Connect to device (install exploit)
3 - Read full device info
4 - Create full backup
5 - Install EN/RU languages
6 - Install Breed bootloader
7 - Install firmware (from directory "firmware")
8 - {{{ Other functions }}}
9 - [[ Reboot device ]]
0 - Exit
Select: 192.168.31.1 #输入自己的路由器ip
==========================================================
Xiaomi MiR Patcher
1 - Set IP-address (current value: 192.168.31.1)
2 - Connect to device (install exploit)
3 - Read full device info
4 - Create full backup
5 - Install EN/RU languages
6 - Install Breed bootloader
7 - Install firmware (from directory "firmware")
8 - {{{ Other functions }}}
9 - [[ Reboot device ]]
0 - Exit
Select: 2 # 选择2 然后根据提示输入密码
运行到这一步之后会发现重启路由器后ssh会关闭。
4、永久开启ssh
通过命令提示符/终端连接路由器的 SSH 后,输入以下指令并执行:
nvram set ssh_en=1
nvram set telnet_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram commit
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear restart
echo -e 'admin\nadmin' | passwd root
执行成功后,SSH 登录用户名将修改为root,密码将修改为admin
由于路由器重启后,Dropbear 文件将会自动恢复,因此需要添加一个自启动脚本,已便于设备每次重启后都可以自动修改 Dropbear 文件,开启 SSH 端口。
执行以下代码,添加自动开启 SSH 端口指令
mkdir /data/auto_ssh && cd /data/auto_ssh
curl -O https://cdn.jsdelivr.net/gh/lemoeo/AX6S@main/auto_ssh.sh
chmod +x auto_ssh.sh
./auto_ssh.sh install
网络无法连接用vi命令,手动创建
cd /data/auto_ssh
vi auto_ssh.sh
#!/bin/sh
auto_ssh_dir="/data/auto_ssh"
host_key="/etc/dropbear/dropbear_rsa_host_key"
host_key_bk="${auto_ssh_dir}/dropbear_rsa_host_key"
unlock() {
# Restore the host key.
[ -f $host_key_bk ] && ln -sf $host_key_bk $host_key
# Enable telnet, ssh, uart and boot_wait.
[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1 && nvram commit
[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1 && nvram commit
[ "$(nvram get uart_en)" = 0 ] && nvram set uart_en=1 && nvram commit
[ "$(nvram get boot_wait)" = "off" ] && nvram set boot_wait=on && nvram commit
[ "`uci -c /usr/share/xiaoqiang get xiaoqiang_version.version.CHANNEL`" != 'stable' ] && {
uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable'
uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version 2>/dev/null
}
channel=`/sbin/uci get /usr/share/xiaoqiang/xiaoqiang_version.version.CHANNEL`
if [ "$channel" = "release" ]; then
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
fi
if [ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ]; then
/etc/init.d/dropbear restart 2>/dev/null
/etc/init.d/dropbear enable
fi
}
install() {
# unlock SSH.
unlock
# host key is empty, restart dropbear to generate the host key.
[ -s $host_key ] || /etc/init.d/dropbear restart 2>/dev/null
# Backup the host key.
if [ ! -s $host_key_bk ]; then
i=0
while [ $i -le 30 ]
do
if [ -s $host_key ]; then
cp -f $host_key $host_key_bk 2>/dev/null
break
fi
let i++
sleep 1s
done
fi
# Add script to system autostart
uci set firewall.auto_ssh=include
uci set firewall.auto_ssh.type='script'
uci set firewall.auto_ssh.path="${auto_ssh_dir}/auto_ssh.sh"
uci set firewall.auto_ssh.enabled='1'
uci commit firewall
echo -e "\033[32m SSH unlock complete. \033[0m"
}
uninstall() {
# Remove scripts from system autostart
uci delete firewall.auto_ssh
uci commit firewall
echo -e "\033[33m SSH unlock has been removed. \033[0m"
}
main() {
[ -z "$1" ] && unlock && return
case "$1" in
install)
install
;;
uninstall)
uninstall
;;
*)
echo -e "\033[31m Unknown parameter: $1 \033[0m"
return 1
;;
esac
}
main "$@"
ESC
:wq固化 SSH 端口
1. 通过命令提示符/终端连接路由器的 SSH 后,输入以下指令并执行:⚡执行后设备将自动重启
zz=$(dd if=/dev/zero bs=1 count=2 2>/dev/null) ; printf '\xA5\x5A%c%c' $zz $zz | mtd write - crash
reboot2. 待设备重启后,重新 SSH 进入设备,输入以下指令并执行:⚡执行后设备将自动重启
nvram set ssh_en=1
nvram set telnet_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram commit
bdata set ssh_en=1
bdata set telnet_en=1
bdata set uart_en=1
bdata set boot_wait=on
bdata commit
reboot3. 待设备重启后,重新 SSH 进入设备,输入以下指令并执行:⚡执行后设备将自动重启
mtd erase crash
reboot4. 待设备重启后,固化完成。
发表评论 取消回复