Skip to content

Instantly share code, notes, and snippets.

@jmceleney

jmceleney/xiaomi-enable-mesh-telnet.py

Last active March 12, 2024 05:33
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save jmceleney/33c626a33960ac8a1764614cf57420cd to your computer and use it in GitHub Desktop.
Save jmceleney/33c626a33960ac8a1764614cf57420cd to your computer and use it in GitHub Desktop.
Download ZIP
Python3 file that enables netmode4 on a Xiaomi RB01 AX3200 router
Raw
xiaomi-enable-mesh-telnet.py
import ssl
import socket
# This script simply replays one side of an intercepted conversation between two Xiaomi
# RB01 (International) AX3200 routers negotiating meshing.
# In effect the script poses as a mesh slave, which causes the mesh master to enable netmode4.
# Enabling netmode is needed as one step in unlocking the router and flashing OpenWrt.
# The router should already have been taken through basic set-up before running this script.
# Netmode4 can be confirmed with curl by requesting the following URL, where ${token} is the "stok"
# variable from your admin session:
# $ curl "http://192.168.31.1/cgi-bin/luci/;stok=${token}/api/xqnetwork/get_netmode"
# {"netmode":4,"code":0}
# Set the IP address and port number of the server
SERVER_IP = '192.168.31.1'
SERVER_PORT = 19553
# Create an SSL context object and configure it for the client
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
# Create a TCP socket object
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Wrap the socket with SSL encryption using the context object
ssl_sock = ssl_context.wrap_socket(sock, server_hostname=SERVER_IP)
# Connect to the server
ssl_sock.connect((SERVER_IP, SERVER_PORT))
# Send a hex string to the server
hex_string = '100100a3000438633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a6237000061646435353662636461303730380000503151527567767a6d78746b35502f70316b2b46566a724a4c716d6568494546424a6563477062516a76383d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033433a43443a35373a32323a31433a36310000'
byte_string = bytes.fromhex(hex_string)
ssl_sock.send(byte_string)
# Receive the response from the server
response1 = ssl_sock.recv(1024)
# Print the response
print("{}:\n{}".format('Response1',response1))
# Receive the response from the server
response2 = ssl_sock.recv(1024)
# Print the response
print("{}:\n{}".format('Response2',response2))
hex_string2 = '10010020000538633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a623700000100000000000000000000000000000000000000000000000000000000000000'
byte_string2 = bytes.fromhex(hex_string2)
ssl_sock.send(byte_string2)
response3 = ssl_sock.recv(2048)
print("{}:\n{}".format('Response3',response3))
hex_string3 = '10010020000738633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a62370000017265637620636f6e6669672073796e6320636f72726563746c792e0a000000'
byte_string3 = bytes.fromhex(hex_string3)
ssl_sock.send(byte_string3)
response4 = ssl_sock.recv(2048)
print("{}:\n{}".format('Response4',response4))
# Close the socket
ssl_sock.close()
@onemarcfifty
Copy link

Tried this recently on a Xiaomi AX3200 (International version) and it worked flawlessly. Many thanks !

@xabolcs
Copy link

xabolcs commented Aug 2, 2023

Thank you @jmceleney for sharing this script!

@OPerepadia
Copy link

Thank you @jmceleney

I ran into SSL issue when I tried to run the script on Python 3.11, but managed to fix it by adding the following line:

ssl_context.set_ciphers('DEFAULT')

@Mushoz
Copy link

Mushoz commented Aug 26, 2023
edited

I also needed @OPerepadia suggested change in order for the script to work.

I do have a question though. I successfully enabled netmode 4, which was confirmed with the curl command. However, telnet is NOT enabled. Am I missing a step somewhere? The router is not connected to the internet in case that matters.

Nvm. This post explained everything: https://forum.openwrt.org/t/adding-openwrt-support-for-xiaomi-redmi-router-ax6s-xiaomi-router-ax3200/111085/936?u=mushoz

@memark
Copy link

memark commented Sep 4, 2023

@Mushoz I have the same problem. Netmode 4 is enabled, but telnet doesn't work. Bdata says telnet_en=0. I followed your link, but I'm not sure how that helps. What was the solution in your case?

@OPerepadia
Copy link

OPerepadia commented Sep 6, 2023
edited

@memark you need to follow the steps provided in that openwrt post, and it should enable telnet

@pzim-devdata
Copy link

pzim-devdata commented Sep 29, 2023
edited

Hello, thank you for your script. I can now use Telnet with a Xiaomi Mesh System AX3000 router.
I would like to know how can I come back to the previous (default) configuration ?
Indeed, now my router can't discover devices on the network anymore, so I would like to restore the router to the default configuration.
I have tried an hard reset and restoring the router to the default configuration but it's not working.
Thanks ;-)

@laigor
Copy link

laigor commented Oct 25, 2023

@Mushoz I have the same problem. Netmode 4 is enabled, but telnet doesn't work. Bdata says telnet_en=0. I followed your link, but I'm not sure how that helps. What was the solution in your case?

Use https://github.com/openwrt-xiaomi/xmir-patcher

@R4333
Copy link

R4333 commented Nov 14, 2023

So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?

@kzkvv
Copy link

kzkvv commented Feb 20, 2024

So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?

Yep

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment