Last active
May 6, 2024 13:54
-
-
Save jmceleney/33c626a33960ac8a1764614cf57420cd to your computer and use it in GitHub Desktop.
Python3 file that enables netmode4 on a Xiaomi RB01 AX3200 router
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ssl | |
import socket | |
# This script simply replays one side of an intercepted conversation between two Xiaomi | |
# RB01 (International) AX3200 routers negotiating meshing. | |
# In effect the script poses as a mesh slave, which causes the mesh master to enable netmode4. | |
# Enabling netmode is needed as one step in unlocking the router and flashing OpenWrt. | |
# The router should already have been taken through basic set-up before running this script. | |
# Netmode4 can be confirmed with curl by requesting the following URL, where ${token} is the "stok" | |
# variable from your admin session: | |
# $ curl "http://192.168.31.1/cgi-bin/luci/;stok=${token}/api/xqnetwork/get_netmode" | |
# {"netmode":4,"code":0} | |
# Set the IP address and port number of the server | |
SERVER_IP = '192.168.31.1' | |
SERVER_PORT = 19553 | |
# Create an SSL context object and configure it for the client | |
ssl_context = ssl.create_default_context() | |
ssl_context.check_hostname = False | |
ssl_context.verify_mode = ssl.CERT_NONE | |
# Create a TCP socket object | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
# Wrap the socket with SSL encryption using the context object | |
ssl_sock = ssl_context.wrap_socket(sock, server_hostname=SERVER_IP) | |
# Connect to the server | |
ssl_sock.connect((SERVER_IP, SERVER_PORT)) | |
# Send a hex string to the server | |
hex_string = '100100a3000438633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a6237000061646435353662636461303730380000503151527567767a6d78746b35502f70316b2b46566a724a4c716d6568494546424a6563477062516a76383d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033433a43443a35373a32323a31433a36310000' | |
byte_string = bytes.fromhex(hex_string) | |
ssl_sock.send(byte_string) | |
# Receive the response from the server | |
response1 = ssl_sock.recv(1024) | |
# Print the response | |
print("{}:\n{}".format('Response1',response1)) | |
# Receive the response from the server | |
response2 = ssl_sock.recv(1024) | |
# Print the response | |
print("{}:\n{}".format('Response2',response2)) | |
hex_string2 = '10010020000538633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a623700000100000000000000000000000000000000000000000000000000000000000000' | |
byte_string2 = bytes.fromhex(hex_string2) | |
ssl_sock.send(byte_string2) | |
response3 = ssl_sock.recv(2048) | |
print("{}:\n{}".format('Response3',response3)) | |
hex_string3 = '10010020000738633a64653a66393a62663a35643a6236000038633a64653a66393a62663a35643a62370000017265637620636f6e6669672073796e6320636f72726563746c792e0a000000' | |
byte_string3 = bytes.fromhex(hex_string3) | |
ssl_sock.send(byte_string3) | |
response4 = ssl_sock.recv(2048) | |
print("{}:\n{}".format('Response4',response4)) | |
# Close the socket | |
ssl_sock.close() |
@Mushoz I have the same problem. Netmode 4 is enabled, but telnet doesn't work. Bdata says telnet_en=0. I followed your link, but I'm not sure how that helps. What was the solution in your case?
So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?
So this method doesn't require a second device as it emulates the second device needed for enabling netmode4 on RB01? Am I getting this right?
Yep
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, thank you for your script. I can now use Telnet with a Xiaomi Mesh System AX3000 router.
I would like to know how can I come back to the previous (default) configuration ?
Indeed, now my router can't discover devices on the network anymore, so I would like to restore the router to the default configuration.
I have tried an hard reset and restoring the router to the default configuration but it's not working.
Thanks ;-)