soft_hack.md

soft_hack.md

Soft hack to open telnet

You need gateway 3(mgl03) connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

Login: admin

Password is empty

After opening telnet, it is better to install custom firmware (only for Xiaomi Gateway 3 mgl03).

Read here: https://github.com/zvldz/mgl03_fw/tree/main/firmware#the-easy-way

Open telnet command should also work with:

• lumi.gateway.mgl03 - Mi Smart Home Hub
• lumi.gateway.acn01 - Aqara Hub M1S CN
• lumi.gateway.aeu01 - Aqara Hub M1S EU
• lumi.aircondition.acn05 - Aqara Air Conditioning Controller P3
• lumi.gateway.sacn01 - Smart USB Wall Outlet Hub

Aqara Hub E1 (ZHWG16LM usb stick)

You need gateway E1 connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component, version 2+.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ;  /bin/riu_w 101e 53 3012 ; telnetd"}'

Login: root

Password is empty

I am not author, I just tested and improved and published.

Enable telnet on Aqara G3 hub

In the instruction should I indicate the ssid and the pswd of the wifi? Or should I execute the statement as is?

That's the debug info output:
DEBUG:miio.miioprotocol:Discovered 185be15b with ts: 1970-01-01 12:08:29, token: b'ffffffffffffffffffffffffffffffff'
DEBUG:miio.miioprotocol:192.168.1.130:54321 >>: {'id': 1, 'method': 'set_ip_info', 'params': '{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}'}
DEBUG:miio.miioprotocol:192.168.1.130:54321 (ts: 1970-01-01 12:08:33, id: 1) << {'id': 1, 'error': {'code': -9999, 'message': 'user ack timeout'}, 'exe_time': 4070}
DEBUG:miio.click_common:Exception: {'code': -9999, 'message': 'user ack timeout'}

In the instruction should I indicate the ssid and the pswd of the wifi? Or should I execute the statement as is?

Yes, execute the statement as is.
without changing anything

How must I pause between commands?
Thank you

How must I pause between commands?

wait ~30 sec before executing the next command ))

Sorry. This trick does not run. I'm waiting hours before execute the instruccion.

gateway must be connected to the MiHome.
Is your gateway connected?

yes, connected.

Aqara G3 Hub (lumi.camera.gwpagl01)
https://github.com/Wh1terat/aQRootG3

@Wh1terat You are genius! Thanks! rtsp als works

i used the way3 to enable the telnet on M1S(CN version, firmware 3.3.4-0005)
after run the cli, [ok] is as shown
but in telnet, login with "user : admin ,passwrd: ", then it shown login incorrect.

ah@ubuntu:~/python-miio/miio$ python3 cli.py device --ip 192.168.1.40 --token 6d859 raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'
Running command raw_command
['ok']

telnet with M1S
Aqara-Hub-M1S-4284 login: admin
Password: [leave it as empty]
Login incorrect
Aqara-Hub-M1S-4284 login:
...

what should i do?
i have communicated with lumi's surpport service, they said the telnet's password is a set of random strings.(maybe the new version is)

it was resolved.

--
m1s 2022, user is root, passwd is [empty]
python3 cli.py device --ip 192.168.1.40 --token 6d859 raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d root ; echo enable > /sys/class/tty/tty/enable; telnetd"}'
unfortunately，niceboy has made a reply to M1S 2022, AQARA GATEWAY wont surpport M1S 2022. That is mean that M1S 2022 cannot integrated to HA.
many thanks to @niceboygithub

Aqara M1S 2022 cannot integrated to HA?
I have already use php and miio-cli way,always failure.
what should i do?
i don't want to use reverse access way.

Aqara M1S 2022 cannot integrated to HA?

I don't know.
look here https://github.com/niceboygithub/AqaraGateway

hi. thx for the guide. i have telnet access to my GW, but I would like to access also the sdcard via telnet/ssh. is there any way to do that?

1 way and 3 way not working on lumi.aircondition.acn05 firmware 4.0.1_0001, result says

ERROR:miio.miioprotocol:Got error when receiving: timed out
Error: No response from the device

what can I do?

same problem like @xquyan

@xquyan wrong token was the problem ...

same problem like @xquyan

@xquyan wrong token was the problem ...

My problem turned out to be a python problem, tried on another device that can run python properly and it worked out. Couldn't figure out what's wrong with my python install tho

For Aqara M1S 2022,

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d root ; /bin/riu_w 101e 53 3012; telnetd"}}'

thanks, it worked, but why this script cannot work well

Flash M1S Custom firmware method
cd /tmp && wget -O /tmp/curl "http://master.dl.sourceforge.net/project/mgl03/bin/curl?viasf=1" && chmod a+x /tmp/curl
/tmp/curl -s -k -L -o /tmp/m1s_update.sh https://raw.githubusercontent.com/niceboygithub/AqaraM1SM2fw/main/modified/M1S/m1s_update.sh
chmod a+x /tmp/m1s_update.sh && /tmp/m1s_update.sh

/tmp/curl: line 1: syntax error: unexpected "("

thanks, it worked, but why this script cannot work well

mgl03 and m1s have different processor architectures, so on m1s do not work binaries used for mgl03

What is the reason?
PS C:\Users\Administrator\Desktop\python-miio-master> miiocli device --ip 192.168.2.174 --token 455155476f71697552 raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'
Traceback (most recent call last):
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\Scripts\miiocli", line 5, in
create_cli()
File "C:\Users\Administrator\Desktop\python-miio-master\miio\cli.py", line 63, in create_cli
return cli(auto_envvar_prefix="MIIO")
File "C:\Users\Administrator\Desktop\python-miio-master\miio\click_common.py", line 51, in call
return self.main(*args, **kwargs)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 1055, in main
rv = self.invoke(ctx)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 1655, in invoke
sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 920, in make_context
self.parse_args(ctx, args)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 1378, in parse_args
value, args = param.handle_parse_result(ctx, opts, args)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 2360, in handle_parse_result
value = self.process_value(ctx, value)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 2316, in process_value
value = self.type_cast_value(ctx, value)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\core.py", line 2304, in type_cast_value
return convert(value)
File "C:\Users\Administrator\AppData\Local\pypoetry\Cache\virtualenvs\python-miio-6Z4gUOLp-py3.8\lib\site-packages\click\types.py", line 82, in call
return self.convert(value, param, ctx)
File "C:\Users\Administrator\Desktop\python-miio-master\miio\click_common.py", line 99, in convert
return ast.literal_eval(value)
File "c:\users\administrator\appdata\local\programs\python\python38-32\lib\ast.py", line 59, in literal_eval
node_or_string = parse(node_or_string, mode='eval')
File "c:\users\administrator\appdata\local\programs\python\python38-32\lib\ast.py", line 47, in parse
return compile(source, filename, mode, flags,
File "", line 1
{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}
^
SyntaxError: invalid syntax
PS C:\Users\Administrator\Desktop\python-miio-master> miiocli device --ip 192.168.2.174 --token 45515547626143726f5a736f71697552 info
Model: lumi.gateway.acn01
Hardware version: Linux
Firmware version: 4.0.1_0026

SyntaxError: invalid decimal literal

can any body help?

Anybody has an idea on how do I set or change password for Telnet?
Feels insecure when there is no password at all.

Mi Smart Hub 2 Pro (ZHWG16LM, Multimode Gateway 2)
You need multimode gateway 2 connected to MiHome. And also ip and gateway token.

1 way (recommended)
Via XiaomiGateway3 component, version 2+.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d root; /bin/riu_w 101e 53 3012; telnetd"}}

2 way (recommended if not using Home Assistant)
php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d root; /bin/riu_w 101e 53 3012; telnetd"}}'

3 way (maybe problem with sequence id)
python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ;  passwd -d root; /bin/riu_w 101e 53 3012 ; telnetd"}'

Login: root

Password is empty

After typing command:
miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

I get this error:

Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: {'code': -9999, 'message': 'user ack timeout'}
Error: Unable to recover failed command

Im trying it on lumi.gateway.acn01 (M1S)

After typing command:
miiocli device --ip 192.168.124.20 --token GW_TOKEN raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

I get this error:

C:>miiocli device --ip 192.168.124.20 --token 514fxxxx6779396xxxx943393xxxx04b
info
Model: lumi.gateway.acn01
Hardware version: Linux
Firmware version: 3.1.3_0002

C:>miiocli device --ip 192.168.124.20 --token 514fxxxx6779396xxxx943393xxxx04b
raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d admin ; echo
enable > /sys/class/tty/tty/enable; telnetd"}'
Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: timed out
Error: No response from the device

C:>

Hello, I'm having trouble adding my gateway, I can not open Telnet, can anyone help

Hello, I'm having trouble adding my gateway, I can not open Telnet, can anyone help

same issue, firmware:3.4.8

log:
Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: {'code': -9999, 'message': 'user ack timeout'}

Good News !

2 Way is work for 3.4.8 !

Is there a way to reverse the firmware lock on Chinese Gateway ZNDMWG03LM?
Reason is i want to give the gateway to someone else who doesn't uses Home Assistant.
I own several of these gateways and can spare one for a friend but he want the gateway te be able to update the firmware.

btw: using the slider in HA doesn't reverse the gatewaylock on my gateways!

Error Infomation

Error: No response from the device

Device Information

Model: lumi.gateway.acn01
Hardware version: Linux
Firmware version: 4.0.1_0002

How it happens?

1. use miiocli to open the telnetd.
   miiocli -d device --ip 192.168.2.105 --token TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

2. the result is below:

   INFO:miio.cli:Debug mode active
   Running command raw_command
   DEBUG:miio.click_common:Unknown model, trying autodetection. None None
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xbd' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:25
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:25, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 1, 'method': 'miIO.info', 'params': []}
   DEBUG:miio.miioprotocol:Retrying with incremented id, retries left: 3
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xc2' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:30
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:30, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 102, 'method': 'miIO.info', 'params': []}
   DEBUG:miio.miioprotocol:Retrying with incremented id, retries left: 2
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xc7' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:35
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:35, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 203, 'method': 'miIO.info', 'params': []}
   DEBUG:miio.miioprotocol:192.168.2.105:54321 (ts: 2023-01-12 13:27:35, id: 203) << {'partner_id': '', 'id': 203, 'code': 0, 'message': 'ok', 'result': {'hw_ver': 'Linux', 'fw_ver': '4.0.1_0002', 'mcu_fw_ver': '0616', 'ap': {'ssid': 'TP-LINK_774A', 'bssid': '60:45:3b:68:4a:93', 'rssi': '-32', 'freq': '2432'}, 'netif': {'localIp': '192.168.2.105', 'mask': '255.255.255.0', 'gw': '192.168.2.1'}, 'model': 'lumi.gateway.acn01', 'mac': '54:EF:43:40:D5:13', 'token': 'TOKEN', 'life': 4473}}
   DEBUG:miio.device:Detected model lumi.gateway.acn01
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 204, 'method': 'set_ip_info', 'params': '{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}'}
   DEBUG:miio.miioprotocol:Retrying with incremented id, retries left: 3
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xcc' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:40
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:40, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 305, 'method': 'set_ip_info', 'params': '{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}'}
   DEBUG:miio.miioprotocol:Retrying with incremented id, retries left: 2
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xd1' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:45
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:45, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 406, 'method': 'set_ip_info', 'params': '{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}'}
   DEBUG:miio.miioprotocol:Retrying with incremented id, retries left: 1
   DEBUG:miio.miioprotocol:Got a response: Container:
   data = Container:
   data = b'' (total 0)
   value = b'' (total 0)
   offset1 = 32
   offset2 = 32
   length = 0
   header = Container:
   data = b'!1\x00 \x00\x00\x00\x00\x1d\xbd\xc7\xe1c\xc0\n\xd6' (total 16)
   value = Container:
   length = 32
   unknown = 0
   device_id = unhexlify('1dbdc7e1')
   ts = 2023-01-12 13:27:50
   offset1 = 0
   offset2 = 16
   length = 16
   checksum = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff' (total 16)
   DEBUG:miio.miioprotocol:Discovered 1dbdc7e1 with ts: 2023-01-12 13:27:50, token: b'ffffffffffffffffffffffffffffffff'
   DEBUG:miio.miioprotocol:192.168.2.105:54321 >>: {'id': 507, 'method': 'set_ip_info', 'params': '{ssid:"",pswd:123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd}'}
   ERROR:miio.miioprotocol:Got error when receiving: timed out
   DEBUG:miio.click_common:Exception: No response from the device
   Traceback (most recent call last):
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 193, in send
   data, addr = s.recvfrom(4096)
   socket.timeout: timed out

   During handling of the above exception, another exception occurred:

   Traceback (most recent call last):
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 193, in send
   data, addr = s.recvfrom(4096)
   socket.timeout: timed out

   During handling of the above exception, another exception occurred:

   Traceback (most recent call last):
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 193, in send
   data, addr = s.recvfrom(4096)
   socket.timeout: timed out

   During handling of the above exception, another exception occurred:

   Traceback (most recent call last):
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 193, in send
   data, addr = s.recvfrom(4096)
   socket.timeout: timed out

   The above exception was the direct cause of the following exception:

   Traceback (most recent call last):
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\click_common.py", line 51, in call
   return self.main(*args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 1055, in main
   rv = self.invoke(ctx)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 1657, in invoke
   return _process_result(sub_ctx.command.invoke(sub_ctx))
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 1657, in invoke
   return _process_result(sub_ctx.command.invoke(sub_ctx))
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 1404, in invoke
   return ctx.invoke(self.callback, **ctx.params)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 760, in invoke
   return __callback(*args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\click_common.py", line 305, in wrap
   kwargs["result"] = func(*args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\decorators.py", line 84, in new_func
   return ctx.invoke(f, obj, *args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\click\core.py", line 760, in invoke
   return __callback(*args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\click_common.py", line 270, in command_callback
   return miio_command.call(miio_device, *args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\click_common.py", line 217, in call
   return method(*args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\click_common.py", line 184, in _wrap
   return func(self, *args, **kwargs)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\device.py", line 126, in raw_command
   return self.send(command, parameters)
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\device.py", line 108, in send
   command, parameters, retry_count, extra_parameters=extra_parameters
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 237, in send
   extra_parameters=extra_parameters,
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 237, in send
   extra_parameters=extra_parameters,
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 237, in send
   extra_parameters=extra_parameters,
   File "D:\ProgramFiles\anaconda\envs\miio\lib\site-packages\miio\miioprotocol.py", line 241, in send
   raise DeviceException("No response from the device") from ex
   miio.exceptions.DeviceException: No response from the device
   Error: No response from the device

Telnet cannot be enabled for version:
Version 4.0.1_0022.0642

ERROR:miio.miioprotocol:Unable to discover a device at address 192.168.0.187

The device is connected to the network and is alive.

Trying 192.168.0.187...
telnet: Unable to connect to remote host: Connection refused

The only way to enable Telnet is to flash custom firmware via serial port.
https://github.com/niceboygithub/AqaraM1SM2fw/