MI router 4 - stok versions

Question

MI router 4 - stok versions

Closed this issue 4 years ago · 8 comments

Exploit script stop working after updating the router.
The last firmware version seems to be: 2.26.134

I think the problem is that I'm using the old stok version in script...but unfortunately I can't check the correct version myself.

Is it possible to get the list of possible stok versions on official forums, etc?

Answer 1 · 2020-09-07T06:51:06.000Z

python3 remote_command_execution_vulnerability.py
****************
router_ip_address: 192.168.31.1
stok: a5445597af88bf26af058d7098e67208
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.31.1
root@worktime:~/OpenWRTInvasion# telnet 192.168.31.1
Trying 192.168.31.1...
telnet: Unable to connect to remote host: Connection refused

Answer 2 · 2020-09-07T19:51:01.000Z

I am not sure if the exploit is compatible with the new firmware 3.0.24. I asked here. Please report if you manage to make it work :)

Answer 3 · 2020-09-07T19:58:53.000Z

I am not sure if the exploit is compatible with the new firmware 3.0.24. I asked here. Please report if you manage to make it work :)

Actually I don't think that firmware is 3.0.24 ver.

And my question was about "stok version hashes". If I understand correctly each firmware ver has it's own stok hash. Right?
If I will use incorrect stok hash, it will not work. Correct?

Is there any database with stok hashes depending on firmware versions?
For example: If I need to know a stok hash for firmware 2.26.134?

Answer 4 · 2020-09-07T20:16:41.000Z

No. You get a new STOK every time you login to the router using the web interface. You get the STOK from the url. See the readme, it is explained there in a big picture with a red square.

Answer 5 · 2020-09-08T03:17:46.000Z

So if I don't know the password from 192.168.31.1 - it's not possible to use the hack?

No. You get a new STOK every time you login you the router using the web interface. You get the STOK from the url. See the readme, it is explained there in a big picture with a red square.

Answer 6 · 2020-09-08T08:38:09.000Z

You are correct, it’s not possible to hack the router without knowing the password

Answer 7 · 2022-09-22T05:31:43.000Z

You are correct, it’s not possible to hack the router without knowing the password

Hi acecilia, in my case, it did not asked the stok, and auto generate the different stok compare to the one from the web browser. What can I do in this case please?

Answer 8 · 2022-09-22T14:00:02.000Z

See the README 🙏