Skip to content

Instantly share code, notes, and snippets.

@zvldz

zvldz/soft_hack.md

Last active December 9, 2024 19:35
Show Gist options
  • Save zvldz/1bd6b21539f84339c218f9427e022709 to your computer and use it in GitHub Desktop.
Save zvldz/1bd6b21539f84339c218f9427e022709 to your computer and use it in GitHub Desktop.
Download ZIP
soft_hack.md
Raw
soft_hack.md

Soft hack to open telnet

You need gateway 3(mgl03) connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'

Login: admin

Password is empty

After opening telnet, it is better to install custom firmware (only for Xiaomi Gateway 3 mgl03).

Read here: https://github.com/zvldz/mgl03_fw/tree/main/firmware#the-easy-way

Open telnet command should also work with:

  • lumi.gateway.mgl03 - Mi Smart Home Hub
  • lumi.gateway.acn01 - Aqara Hub M1S CN
  • lumi.gateway.aeu01 - Aqara Hub M1S EU
  • lumi.aircondition.acn05 - Aqara Air Conditioning Controller P3
  • lumi.gateway.sacn01 - Smart USB Wall Outlet Hub

Aqara Hub E1 (ZHWG16LM usb stick)

You need gateway E1 connected to MiHome. And also ip and gateway token.

1 way (recommended)

Via XiaomiGateway3 component, version 2+.

You must input in the 'Open Telnet command' field(as it is without changing anything):

{"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}

2 way (recommended if not using Home Assistant)

php-miio (https://github.com/skysilver-lab/php-miio)

You may need to change id.

php miio-cli.php --ip GW_IP --token GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; /bin/riu_w 101e 53 3012; telnetd"}}'

3 way (maybe problem with sequence id)

python-miio (https://github.com/rytilahti/python-miio)

miiocli device --ip GW_IP --token GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ;  /bin/riu_w 101e 53 3012 ; telnetd"}'

Login: root

Password is empty

I am not author, I just tested and improved and published.

Enable telnet on Aqara G3 hub

@wizardofozzie
Copy link

@wizardofozzie niceboygithub/AqaraGateway#179

@Wh1terat that's crazy- thanks so much!

For G2hPro, I have downgraded to firmware 3.3.4 but telnet won't work. I booted an SD with custom firmware onto the camera but telnet 192.168.1.101 is refused. Any ideas?

@bmwcar
Copy link

bmwcar commented Feb 15, 2024

@wizardofozzie niceboygithub/AqaraGateway#179

@Wh1terat that's crazy- thanks so much!

For G2hPro, I have downgraded to firmware 3.3.4 but telnet won't work. I booted an SD with custom firmware onto the camera but telnet 192.168.1.101 is refused. Any ideas?

i think the new g2h pro camera fix the bug ,so you can not use telnet. Because my g2h pro can use telnet.

@superclaw
Copy link

Is there any solution for lumi.gateway.mgl001?

@dportabella
Copy link

what can be the problem?

$ GW_IP=192.168...
$ GW_TOKEN=32414f48...
$ miiocli device --ip $GW_IP --token $GW_TOKEN info
Model: lumi.gateway.acn008
Hardware version: Linux
Firmware version: 4.0.5_0005

$ miiocli device --ip $GW_IP --token $GW_TOKEN raw_command set_ip_info '{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'
Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: {'code': -9999, 'message': 'user ack timeout'}
Error: Unable to recover failed command

$ php miio-cli.php --ip $GW_IP --token $GW_TOKEN --sendcmd '{"id":123,"method":"set_ip_info","params":{"ssid":"\"\"","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}}'
PHP Deprecated:  Creation of dynamic property miIO::$bind_ip is deprecated in /php-miio/miio.class.php on line 51

Deprecated: Creation of dynamic property miIO::$bind_ip is deprecated in /php-miio/miio.class.php on line 51
Устройство 192.168.130.181 доступно и ответило:
{"id":123,"error":{"code":-9999,"message":"user ack timeout"},"exe_time":4000}

@ASDBigmac
Copy link

Seemingly the Info for 1.5.5_0006 is wrong. I got in without UART by executing the commands and later login via admin/admin

$ miiocli device --ip 10.0.x.x --token 445159xxxx raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; /bin/riu_w 101e 53 3012 ; telnetd"}'
Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: {'code': -9999, 'message': 'user ack timeout'}
Error: Unable to recover failed command

$ miiocli device --ip 10.0.x.x --token 445159xxxx raw_command set_ip_info '{"ssid":"""","pswd":"123123 ; passwd -d admin ; echo enable > /sys/class/tty/tty/enable; telnetd"}'
Running command raw_command
ERROR:miio.miioprotocol:Got error when receiving: {'code': -9999, 'message': 'user ack timeout'}
Error: Unable to recover failed command

$ telnet 10.0.x.x
Trying 10.0.x.x...
Connected to 10.0.x.x.
Escape character is '^]'.

rlxlinux login: admin
Password:
Login incorrect
rlxlinux login: admin
Password:
Lumi Linux version 3.0

| | || | |||
| | _ _ _____ _ | | _ ____ _ _ _ _
| || || || | | | || | _ | | | |\ / /
| || || || | | || | | || | | | | || |/
||_||||||| ||||| ||___|_/_/

For further information check:
https://www.aqara.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment