##Update: I created a newer video with a more up-to-date guide that you can find by clicking here!##
I bought the Xiaomi 4A router a while back because it’s quite cheap when considering the specifications of the router, it really is good value for money. Though the performance of the stock firmware was ok, I personally had a few concerns about how it runs, for instance checking my PiHole you could see the 4A polls home to a Xiaomi address every few seconds, in fact, it was one of the highest traffic devices on my network with this polling alone. Also, although having an App that I could change setting from anywhere is good but triggers my internal security worries, if I can access this and make changes anywhere so could someone else if hacked or leaked, I prefer something I can fully trust and fully configure… Enter OpenWrt, open-source firmware for any router that will take it.
I had originally ordered a CH341A to install OpenWrt but found that while waiting for it to be delivered another method had been found named “OpenWrtInvasion” a clever little exploit that works by uploading a backup file that can be tricked to be placed in any directory, with that it changes a speed test script with its own that removes the root password and starts a telnet server allowing us to login and upload our own firmware and flash it. OpenWrtInvasion doesn’t only work for the 4A, it also works for the 4C, 3Gv2, 4Q, miWifi 3C and no doubt other Xiaomi routers.
In the video, I run the exploit from a Ubuntu VM, personally I find Linux more stable for these of things but I will do a Win version eventually. It’s important to note the STOK code is generated for whatever machine is connected, so for me, if I was to login to the router with my windows PC (running the VM) take the code and try to run the exploit in the Ubuntu VM it wouldn’t work, I have to login via Ubuntu and have it generate its own code for this to work. I noticed this when people were SSH’ing to RPI’s remotely and failing to run the exploit, also if you reboot the router a new STOK will need to be generated.
Some firmware images are better than others, unfortunately at the time of writing the most current version of OpenWrt isn’t working but if you search the OpenWrt forum there are plenty of builds that are working well, currently, I’m using is version DB260179 that works perfectly as far as I can tell, some tweaking of the WiFi settings can be needed to make it as almost as good the stock firmware these are my current settings for both 2.4 and 5GHz:
As part of the guide we also added a quick and easy way to debrick the router, with testing of lots of new firmware images, comes the risk of bricking the router, thankfully its trivial (TFTP pun!) to repair the router. If the router is booted with the reset button pushed it starts in safe mode which looks for a firmware image named “test.bin”, if it finds it it will install it and overwrite any other firmware on the device, unfortunately, we can’t use this to install OpenWrt (because the header of the file is checked) but we can reinstall the stock firmware and then reattempt the OpenWrt install. We have made a download page for debrick tools that you can find here, it’s a preconfigured TFTP server and DHCP server and has the 4A Gigabyte firmware (and other routers) already in the file (named test.bin) if you are using one of the other routers supported by this method make sure you have the correct stock firmware image, other images can be found here (google translate is your friend!) and have put it in the folder and renamed it to test.bin before attempting to repair the router.
To use open invasion the router will need access to the internet via the WAN port.
The debrick tool sometimes takes a few attempts, ensure you have nothing else connected, that you have set your IP correctly and that you leave it plenty of time to work, if you see something about test.bin in the log it has done what it should.
If you can’t access the web interface, most likely the version you installed has no web interface (Luci) follow these steps to install it:
Login via SSH (command line in windows or terminal in linux or mac):
Now we need to get the latest infomation on our installed software:
If you have any issues with the previous step ensure you have an internet connection and that it’s not being firewalled. Next, we issue the upgrade command to install the newer versions:
opkg install luci
This may take a few minutes to complete, then reboot:
You should now be able to access the web interface.
The opkg tool used above and be really useful, although you can achieve this in luci from the software tab, you can use opkg to install software as well, it’s very much like apt for ubuntu. To install a software package:
opkg install package-name#Where package name is the name of the software you wish to install, don’t forget pressing tab can help to auto-complete the name if you don’t know the full name of the package.
Let me know how you get on in the comments here or on youtube!