Xiaomi Miwifi BE3600
jdmpower opened this issue · 20 comments
Hello
Will there be an update for Xiaomi Miwifi BE3600 SSH access?
BR
+1 also interested
Interested too :)
im too BE3600 and BE5000
im also
+1 also interested
I bought this router for use with Quest3 and 160 band. Unfortunately, in the standard range of 36-64, in the range of 36-48, I have several neighbors with a powerful signal who actively use WiFi; as a result, it is not possible to use the 160 band when they use their WiFi; delays constantly arise.
I would like to use SSH access to change the region and use the range 100-128. When purchasing a router, I expected that the principle of obtaining SSH would not be different from other devices. As a result, now the router is lying idle :(
+1
This post may be helpful:
@GJCav
right.com.cn is inaccessible without Mainland China QQ account.
Can you post the script from right.com.cn here?
curl -X POST http://192.168.31.1/cgi-bin/luci/;stok=xxx/api/xqsystem/start_binding -d "uid=1234&key=1234'%0Anvram%20set%20ssh_en%3D1'"curl -X POST http://192.168.31.1/cgi-bin/luci/;stok=xxx/api/xqsystem/start_binding -d "uid=1234&key=1234'%0Anvram%20commit'"curl -X POST http://192.168.31.1/cgi-bin/luci/;stok=xxx/api/xqsystem/start_binding -d "uid=1234&key=1234'%0Ased%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%22debug%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear'"curl -X POST http://192.168.31.1/cgi-bin/luci/;stok=xxx/api/xqsystem/start_binding -d "uid=1234&key=1234'%0A%2Fetc%2Finit.d%2Fdropbear%20start'"
@GJCav right.com.cn is inaccessible without Mainland China QQ account. Can you post the script from right.com.cn here?
Sorry for the delay. aqiyuyue gave the core commands. A more readable version in powershell is shown here:
$stok='<magic token shown in the URL after loggin in to the web admin panel>'
$ip='<ip of your router>'
curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20set%20ssh_en%3D1'"
curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20commit'"
curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Ased%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%22debug%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear'"
curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0A%2Fetc%2Finit.d%2Fdropbear%20start'"you may need to modify the script for linux environment.
After starting the ssh server (dropbear in the case of XiaoQiang), the password of root can be calculate by https://miwifi.dev/ssh
@GJCav right.com.cn is inaccessible without Mainland China QQ account. Can you post the script from right.com.cn here?
Sorry for the delay. aqiyuyue gave the core commands. A more readable version in
powershellis shown here:$stok='<magic token shown in the URL after loggin in to the web admin panel>' $ip='<ip of your router>' curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20set%20ssh_en%3D1'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20commit'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Ased%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%22debug%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0A%2Fetc%2Finit.d%2Fdropbear%20start'"you may need to modify the script for linux environment.
After starting the ssh server (dropbear in the case of XiaoQiang), the password of root can be calculate by https://miwifi.dev/ssh
I was very happy to open SSH access but.
although I edited the network and port_map file, the 8021q vlanid definition (such as be7000,be6500pro) does not work on the pppoe side, I hope someone can help, I wonder if the switch is not located in the SOC.
@jdmpower I have limited knowledge about the Ethernet and its physical layer specifications. My goal in enabling ssh was to set custom IPv6 firewall rules and port forwarding, which operate at the network and transport layer. So I cannot help you. But I think these resources may be helpful:
This post provides a detailed teardown of Xiaomi BE3600. Though it is written in Chinese, you can use a web translation tool to read it. Here is a brief summary:
As you can see, the switch is not intergrated into the SoC.
The switch chip, YT8215S, is manufactured by a Chinese company called 裕太微电子, and you can find the chip is listed here. Although the official website does not provide the datasheet, I found this from 嘉立创, a well-known Chinese PCB manufacturer.
According to the datasheet of YT8215S, it supports lite-L2-management (the translation might not be perfect), so I believe the 8021q vlanid definition is supported by the switch, but may be not supported by the official XiaoQiang system.
If you have time and enthusiasm to dig deeper into the system and the underlying chip-2-chip PIN connections, you may achieve your goal. So, good luck!
does anyone managed to get VLAN working in BE3600? I´ve edited network file:
config interface 'internet_wan'
option ifname 'eth1.6'
config interface 'wan'
option proto 'pppoe'
list dns '192.168.2.7'
list dns '1.1.1.1'
option peerdns '0'
option username 'adsl'
option mru '1480'
option special '0'
option password 'adsl'
option ifname 'eth1.6'
But nothing works (vlan=6)
Miwifi BE3600 2.5G
system version: 1.0.68
run above http POST command can hack the system.
My device just stay with orange light. Don´t appear Ip number...Please guys, help me....how i fix that? umbrick?
@GJCav right.com.cn is inaccessible without Mainland China QQ account. Can you post the script from right.com.cn here?
Sorry for the delay. aqiyuyue gave the core commands. A more readable version in
powershellis shown here:$stok='<magic token shown in the URL after loggin in to the web admin panel>' $ip='<ip of your router>' curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20set%20ssh_en%3D1'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Anvram%20commit'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0Ased%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%22debug%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear'" curl -X POST "http://$ip/cgi-bin/luci/;stok=$stok/api/xqsystem/start_binding" -d "uid=1234&key=1234'%0A%2Fetc%2Finit.d%2Fdropbear%20start'"you may need to modify the script for linux environment.
After starting the ssh server (dropbear in the case of XiaoQiang), the password of root can be calculate by https://miwifi.dev/ssh
SSH worked, but the files that lock the channels are either uneditable or get restored to default every restart. Also tryed to change region to unlock but it seems the only region available is CN. Has anyone been able to unlock 100 - 144 channels?
Ssh worked for me too, but I cannot change vlan tag or region. I edited network file but it doesn’t seem to work.
any ETA for Openwrt for this router? I’m sure a custom firmware would fix all these problems
Guys, someone can help me? my device just stay in orange light. I reset it but nothing fix that. How i do a super hard reset? reinstal a firmware can fix that?
does anyone managed to get VLAN working in BE3600? I´ve edited network file:
config interface 'internet_wan' option ifname 'eth1.6'
config interface 'wan' option proto 'pppoe' list dns '192.168.2.7' list dns '1.1.1.1' option peerdns '0' option username 'adsl' option mru '1480' option special '0' option password 'adsl' option ifname 'eth1.6'
But nothing works (vlan=6)
Hello! you can need edit only the port_map File
this config works for me with the VLAN 881:
config port '4'
option speed '2.5G'
option link_mode '0'
option base_iface 'eth1'
option type 'eth'
option label '4(2.5G)'
option ifname 'eth1.881'
option service 'wan'
@MaCK1e how would port_map file be if i want to use LAN1 as wan port?