Not working R4A (Xiaomi 4a Gigabit) 2.30.20

[teammate100]

Script appears to work, but ftp/ssh/telnet can not connect.
However it gets stok automatically.
This is Ubuntu 20.04.3 completely stock.
I also tried with option 2 to download needed files from remote github repository, no difference.

*Please note the Docker would not build correctly with either docker or sudo docker, so I git cloned OpenWRTInvasion and put my OpenWRT firmware in there.

$ python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default 'miwifi.com']: 192.168.31.1
Enter router admin password: OpenWRTInvasion
There two options to provide the files needed for invasion:
   1. Use a local TCP file server runing on random port to provide files in local directory `script_tools`.
   2. Download needed files from remote github repository. (choose this option only if github is accessable inside router device.)
Which option do you prefer? (default: 1)1
****************
router_ip_address: 192.168.31.1
stok: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
file provider: local file server
****************
start uploading config file...
start exec command...
local file server is runing on 0.0.0.0:49557. root='script_tools'
done! Now you can connect to the router using several options: (user: root, password: root)
* telnet 192.168.31.1
* ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@192.168.31.1
* ftp: using a program like cyberduck

Then I try
telnet 192.168.31.1
But I get
telnet: connect to address 192.168.31.1: Connection refused
same with ssh and ftp.

I assume this person had success with this version 2.30.20, but their advice isn't clear.
#135 (comment)

[acecilia]

Seems your machine cannot connect to the router. I cant help much, as this depends on your network setup. My suggestion would be that you try to simplify your setup as much as possible

[teammate100]

Seems your machine cannot connect to the router. I cant help much, as this depends on your network setup. My suggestion would be that you try to simplify your setup as much as possible

This is not the issue, because I have no problem connecting to the router with DHCP or manual IP (192.168.31.2). The network is also working perfectly with modem connected to WAN.
No WIFI used, this is direct ethernet cable between the PC and the router.

I also tried power cycling the router several times and doing the script immediately upon bootup, no difference.

I also tried in Windows 10 with Docker, no difference.

My 4a Gigabit is manufactured 07/2022. Is there something I can check for you on the router itself?

[acecilia]

Is there something I can check for you on the router itself?

Not really :( I do not have access to a router to test it out, I do not think I can help

[MosesCN]

same situation, all works well until connecting to the router with telnet or ssh, any solution? thx

[Maxlinn]

same situation, i tried to invade in several versions of this tool, but none of them could allow me to connect through telnet.

i spent hours trying different version, other guys don't waste time on it, it won't work.

i think i would got refund on the router i bought, it disappointed me.

[acecilia]

Version 3.0.10 is reported to work: #145

[acecilia]

Added information to readme, thanks!

[tedestar]

Maybe the security issue has been fixed officially, I uncomment the result of upload code, and got the following error:
start uploading config file... {"code":1629,"msg":"解压失败，可能文件已经损坏"}

Means "Couldn't unzip, the file is corrupt"

[LordPinhead]

I've dumped the chip and will reverse engineer the differences and look for the reason and maybe a way to hack it again. The cgi-bin/upload file is the same, now I have to look which file will be executed for the c_upload api endpoint. The hack is pretty simple, as long we get a few files on the router

[mark4z]

any update

[tedestar]

I've dumped the chip and will reverse engineer the differences and look for the reason and maybe a way to hack it again. The cgi-bin/upload file is the same, now I have to look which file will be executed for the c_upload api endpoint. The hack is pretty simple, as long we get a few files on the router

I am afraid it's not about c_upload, maybe testing net speed will not evaluate the command in the url anymore, so it will be hard, or even impossible.

Anyway, it's my opinion, good luck.