XIAOMI AX9000 MANUAL

XIAOMI AX9000 UNLOCKING MANUAL with Global Version 3.0.40

(Last edited on 19/06/2023)

Tutorial created by Elchotovolador and edited by @JuanMa_89:

Product Information

• Xiaomi Router AX9000 ROM Update
  - Versions for download in Europe and China:
  - https://miuirom.org/miwifi/xiaomi-router-ax9000

************** INSTALLATION INFORMATION **************

• Installation
  - The first thing to do is configure the AX9000 Router from the Mihome app or from the luci Web http://192.168.31.1
  - At the bottom, you'll find the key for the first configuration along with the name of the Wifi, in this example it's Xiaomi_4290
  

  

• Once configured, access http://192.168.31.1 password
  

  

• Next, inside the router, we go to the system update page to check the European or Chinese version of the router. (This manual is for a European Version)
  

  

• You can see the version
  - Version 3.0.40, The router is updated. - If it's version 3.0.48, It works.

  

************** INSTALLATION MANUAL **************

• 1-. You need to know the root key of our AX9000, for this access the website where you will need your serial number, which is the same as the access key.
  

  

  - Once you have the root access: XXXXXX - Let's continue
• 2-. To continue with the unlocking, we need the following files:
  

  

  - They need to be unzipped for installation (a manual is included)
  

  

• 3-. With those three files, enter the Router and activate the command console with F12.
  

  

  - Once the file is released and loaded, press enter
  - Exit the router's web page and re-enter to save the changes in the configuration.
  
• 4-. Now you will see that in the folder on the PC where we had the Exploit, another folder will appear created by the previous file (These are the most important files of all) - CREATES A FILE
  

  

  - Inside, you will find these 3 files to use.
  

  

• 5-. Now return to the website http://192.168.31.1 password (as usual).
  - Now the hacking begins; return to the previous router version page for the installation of the previously created exploits.
  

  

  - For the installation of the created exploits, select file by file
  

  

• 6-. Install them in the order they appear 1, 2, 3 (Always restart the router)
  

  ----ATTENTION----

  

  - THE INSTALLATION MUST BE PERFORMED WITH A NETWORK CABLE when installing the BIN 1 because the Wi-Fi will be lost.
  
• First .bin
  - (Restart the router)
• Second .bin
  - Takes quite a while (don't get impatient), restart the router again.
• Third .bin
  - Restart the router after the installation is complete.
• 7-. VERY IMPORTANT - * Once the router is restarted, the web luci miwifi access key changes to the same as the Wi-Fi name.
  Example:
  http://192.168.31.1 password Xiaomi_4290
• 8-. If everything went well, now we need to wake up Telnet to provide access to SSH
  

************** WAKE UP SSH **************

• Open Putty and access Telnet as shown.
  

  

• This screen will open
  

  

  - USERNAME:
  root
  - PASSWORD: provided by XIAOHACK.ES
  
• We will have to wake up the SSH via Telnet, for that we paste the following commands (putty).
  - sed -i 's / channel =. * / channel = \ "debug " / g' /etc/init.d/dropbear
/etc/init.d/dropbear start
  - sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
  - nvram set ssh_en=1
  - nvram commit
  - /etc/init.d/dropbear start
  

  

  - This image will appear if the instructions are correct
  

  

• With Putty open via Telnet, we will now check if we have SSH access.
  - Reopen Putty but change the settings.
  

  

  - Once we access Putty and if all steps are correctly done, we will have permanent SSH access.
  

  

• NOTE: The new access after permanent SSH to the router is the name of the Wi-Fi Xiaomi_4290, but this can be resolved by resetting the router with its button to return to FACTORY SETTINGS
  - Once reset and returned to factory settings, reconfigure with the Mihome app, and the only thing left is to reawaken Telnet with the following steps to regain SSH access that we previously achieved.

************** MI HOME RESET BUTTON CONFIGURATION **************

• To set up the Xiaomi Mi Router Ax9000, the most direct and complete option is to use the Xiaomi Home app, available for both iOS and Android devices.
  Alternatively, we can opt for the web version of the network administration panel.
  

  

• With the app, it will be sufficient for the router to be detected (or manually indicated as in our case) and to set a first password, which will initially serve both for the wireless network and for the administrator.
  - As SSH IS PERMANENT, TELNET must be AWAKENED.
• Note and acknowledgments: This manual would not have been possible without the help of Vicent, with whom we stubbornly and intensely struggled to bring it to a successful conclusion.