openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin
By the way, the password is password
There are two types of firmware releases
1. CSW-LEDE-R22.10.1 Kernel 5.4.214 (use coolsnowwolf/lede R22.10.1)
2. Openwrt
1. LEDE and several version of opwrt-22.03.2 or 22.03.05 or 23.05, (v23.05 officially support R4AGv2)
- Note: LED lights NOT working properly with 22.03.2 . (LED start working properly with/from Openwrt-v23.03.03 )
If you want to learn about it, you can visit the followings:
- https://github.com/wbs306/Action_OpenWrt_Xiaomi_R4AG, Xiaomi R4A Gigabit Breed Flash (NOT for R4AGv2)
- https://github.com/wbs306/lede
Thanks to wbs306
-
Many Thanks to wbs306's codes for Xiaomi R4AG V2 hardware changes! wbs306/lede@a2a3a4a
- target/linux/ramips/dts/mt7621_xiaomi_mi-router-4a-gigabit-v2.dts
- target/linux/ramips/image/mt7621.mk
- target/linux/ramips/mt7621/base-files/etc/board.d/02_network
-
NOTE: from 23.03.3, you can fix LEDs, check hw2add folder
- target/linux/ramips/mt7621/base-files/etc/board.d/01_leds
- /include/kernel-defaults.mk
Successfully used @LordPinhead's code commit #99634522 to telnet XiaoMi R4A V2 Gigabit (RA4Gv2)
#Run the script
pip3 install -r requirements.txt # Install requirements
python3 remote_command_execution_vulnerability_v2.py
1. Refer to this instrution https://www.right.com.cn/forum/thread-4007071-1-1.html
(This instruction is just a reference, make your own judgements and adjustments to what you need)
2. Go to https://breed.hackpascal.net, For RA4Gv2, download breed-mt7621-pbr-m1.bin
After successfully Telnet 192.168.31.1, use ftp app, copy it over to router's tmp folder.
3. run the following script
mtd -r write /tmp/breed-mt7621-pbr-m1.bin Bootloader
1. Connect Ethernet Cable to LAN port rather than WAN port.
2. Hold & press reset, power on
3. Open browser, go to 192.168.1.1 for Breed Web Page
4. Flash these two bin files together at the same time!
- eeprom.bin
- openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-v2-squashfs-sysupgrade.bin
1. Connect Ethernet Cable to LAN port rather than WAN port
2. PLEASE NOTE: router IP might be changed to 192.168.31.1
3. Default wifi SSID: WiFi_R4AGv2, Defulat wifi Key: password
4. If Router doesn't have DHCP enabled, you will need to manually assign IP to talk to your router:
For example:
If router's IP is 192.168.N.2
Manually assign your computer's ip to be:
192.168.N.88
255.255.255.0
Breed doesn't officially support R4A that might cause endless reboot to 192.168.1.1
-
Chinese users can refer https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=8298740&page=1&extra=#pid18865861
-
Hold & press reset, power on, boot into Breed, then open cmd or terminal to telnet breed,
-
Use command: telnet 192.168.1.1,
-
Setup your local webserver, if your local machine address is 192.168.1.2 port:8080, place the sysupgrade bin at local webserver folder,
-
Use command to copy bin over to router: wget http://192.168.1.2:8080/sysupgrade.bin
-
-
Check and Verify the bin file size, Length: 10749035/0xA4046b (10MB), Saving to address 0x80001000
-
You MUST erase Enough Space for the bin file size from 0x180000 to 0xA80000.,Why 0xA80000? Big enought for 0xA4046b. Check yours!
-
0x180000 is set as the address where xiaomi would boot from in this case,
-
-
Use command: flash erase 0x180000 0xA80000
-
-
Use Command:flash write 0x180000 0x80001000 0xA80000
-
(Write from 0x180000 address, use data previously wget(saved) at 0x80001000, given writing space with size of 0xA80000)
-
-
Use Command:boot flash 0x180000 (Boot from 0x180000)
-
You need to enable environment configuration:
-
-
Restart again to breed Web interface,then you can add autoboot.command,and value: boot flash 0x180000
-
-
This is to tell breed boot system from 0x180000.