Repack AX1800 Global White


image

IMPORTANT REQUIREMENTS NECESSARY TOOLS STEP 1 (Downgrade) STEP 2 (Temporary SSH) STEP 3 (FLASHING)

METHOD TO UNLOCK SSH (AND POWER) ON A WHITE GLOBAL AX1800

(Last updated on 02/06/2023)

(Xrepack Ax1800 Method). Tutorial created by Zemerek and edited by @JuanMa_89:


IMPORTANT REQUIREMENTS:

The router must be in a factory default state. So:
- The router should have the default IP and SSID that it came with from the factory.
- The router should have the default administrative (root) password, which is unique for each router.
- The router MUST HAVE INTERNET ACCESS VIA ETHERNET TO APPLY THIS METHOD. In other words, you should connect the AX1800's WAN port to a LAN port of your ISP's router using an Ethernet cable.
- This method cannot be applied offline.
To achieve this, reset the router using the rear button before starting, and do not perform any configuration on it, except for what is necessary to access the router's web configuration interface.

These are the steps to follow, which will be explained in detail later:
- Locate the root password of your AX1800 router, which is unknown and unique for each device. To find out which password corresponds to your router, visit the website: https://xiaohack.es
- Enter the SN (serial number) of your AX1800 to generate the root user's password. Example: 266XX/E0P80XXXX
- Open Notepad or any text editor and save the password generated on the website.
- With the AX1800 router powered on, press the rear button for a few seconds until the blue lights on the front disappear (hard reset). This will eliminate any strange configurations that may cause issues later.
- After the reboot (which takes a couple of minutes), with the AX1800 powered on, connect to the router's web interface at: http://192.168.31.1 and configure the access password for the router's settings using the root password obtained on the website http://xiaohack.es
- Now, you will be asked to configure the Wi-Fi network. Do not change the default SSID and Wi-Fi password; use the ones from the website http://xiaohack.es
- Next, we will manually downgrade the firmware to version 1.0.26 (hackable) using the firmware file we previously downloaded and stored on your PC's hard drive.
- To do this, go to: Settings / Status / Update manually
- Select the 1.0.26 firmware file that you previously downloaded to your PC's hard drive.
- The process will take a few minutes, and the router will reboot automatically. Do not disconnect the power during this process.
- Once rebooted, connect again to the router's web interface at: http://192.168.31.1, and you will see that everything is now in Chinese. Don't worry.
- Reconfigure the access password for the router with the password from the website http://xiaohack.es
- Now, you will be asked to configure the Wi-Fi network again. Do not change the default SSID and Wi-Fi password; use the ones from the website http://xiaohack.es
- You should now have the router working, but in Chinese, with internet and Wi-Fi available.

image

STEP 1 (We will find out the root password of your router, and Flash/downgrade via the web.)

  • We need the root password of your router, which is unknown and unique for each device. To find out which password corresponds to your router, visit the website: https://xiaohack.es

  • Enter the SN (serial number) of your AX1800 to generate the root user's password. Example: 266XX/E0P80XXXX

  • Open Notepad or any text editor and save the password generated on the website.

  • With the AX1800 router powered on, press the rear button for a few seconds until the blue lights on the front disappear (hard reset). This will eliminate any strange configurations that may cause issues later.

  • After the reboot (which takes a couple of minutes), with the AX1800 powered on, connect to the router's web interface at: http://192.168.31.1 and configure the access password for the router's settings using the root password obtained on the website http://xiaohack.es

  • Now, you will be asked to configure the Wi-Fi network. Do not change the default SSID and Wi-Fi password; use the ones from the website http://xiaohack.es

  • Now, we will manually downgrade the firmware to version 1.0.26 (hackable) using the firmware file we previously downloaded and stored on your PC's hard drive.

    To do this, go to:

    Settings / Status / Update manually

    Select the 1.0.26 firmware file that you previously downloaded to your PC's hard drive.

    The process will take a few minutes, and the router will reboot automatically. Do not disconnect the power during this process.

    Once rebooted, connect again to the router's web interface at: http://192.168.31.1, and you will see that everything is now in Chinese. Don't worry.

    Reconfigure the access password for the router with the password from the website http://xiaohack.es

    Now, you will be asked to configure the Wi-Fi network again. Do not change the default SSID and Wi-Fi password; use the ones from the website http://xiaohack.es

    You should now have the router working, but in Chinese, with internet and Wi-Fi available.

image

STEP 2 (Obtaining Temporary SSH with a single command)

Important notes:

  • The AX1800 router must have internet access to apply this method. Connect the AX3600's WAN port via a network cable to any LAN port of your ISP's router.

  • Copy the text from the previously downloaded TEMPORARY SSH FILE.

  • Go to http://192.168.31.1 and log in.

  • Press (F12) to open the console in the right window.

  • Inside the console, press Ctrl + V to paste the copied text.

  • Press Enter, and a window will open to enter the root password obtained earlier from Xiaohack.es.

  • With this, you will have TEMPORARY SSH access.

image

image

---Information---

  • REPACK AX1800 global 3.0.34 WITH SSH ENABLED AND MAXIMUM POWER
  • Drivers ath are updated to the same version as 1.0.49
  • I dedicate myself to doing this using the Scripts from the Repacks of the AX3600, having to edit a lot of lines since they inserted garbage code and the router became unstable.
  • It is intended for those who have Chinese firmware but have temporary SSH access and are afraid to make SSH permanent using hexadecimal.

image

Step 3 (FLASHING)

  • Download the file:
    Xiaohack.es it's in /files/Ax1800
  • Log in via SSH and run the following command to check which partition the router is currently using:

    • nvram get flag_boot_rootfs

  • If it returns 0, skip the next step. We want it to boot from partition 0.
  • If it returns 1, enter the following commands to make it boot from partition 0.

    • image

    nvram set flag_last_success=0
    nvram set flag_boot_rootfs=0
    nvram commit
    reboot

  • Now, from partition 0, use WinSCP to copy the "global1.bin" file to the tmp folder.

    • image

  • Once it's copied, READ THIS:
    For safety reasons, to clean the partition, we will execute this command twice to avoid this error:

    ubiformat: 99 eraseblocks are supposedly empty
    ubiformat: warning!: only 189 of 288 eraseblocks have valid erase counter

    If you proceed with flashing while encountering this error, you may end up with a bricked router. That's why we format it twice to ensure the partition is completely clean.
  • CLEAN/FORMAT:

    ubiformat /dev/mtd19 -y

  • FLASHING:

    ubiformat /dev/mtd19 -f /tmp/global1.bin -s 2048 -O 2048

  • Once finished, you can enter the following commands:

    nvram set flag_last_success=1
    nvram set flag_boot_rootfs=1
    nvram commit
    reboot

    image

  • Now we need to erase the overlay. What is it? It's a partition where Xiaomi stores our configurations and will cause errors with the new firmware. So, after we've installed it and initiated the reboot in the repack partition, wait for 1 or 2 minutes until it starts, then press the "reset" button on the router, and that partition will be erased.
    • SSH is ACTIVATED, NO NEED TO WAKE UP ANYTHING VIA TELNET, the password will be provided by the Xiaohack.es website by entering your serial number.
  • Open PuTTY and connect directly via SSH:
    -192.168.31.1
    -user: root
    -password: (the one from Xiaohack)

    image

    !!!ATTENTION!!!

    image

    - SSH can be interrupted during the reset... if it doesn't, it wouldn't be the original firmware. IF THE XIAOHACK PASSWORD DOESN'T WORK,
    THE PASSWORD IS: password
    - Web configuration link: 192.168.31.1, be careful if you connect it to another Xiaomi router via DHCP, it may end up at 192.168.28.1 or 29.1, etc. (You can see the router's IP in your gateway in network settings).
    - Now you have 2 partitions: partition 0, where you had the vulnerable firmware that gave you SSH access, and partition 1, the Xiaomi GLOBAL firmware with SSH enabled.
    Important: I come from OpenWrt, and we've seen that the firmware tends to create a backup at certain times (at least on the AX3600), so disable automatic updates in both partitions.
    - Here, nothing has been disabled; it behaves like Xiaomi's "virgin firmware" with SSH turned on. I haven't disabled anything.
    - Test: LAN OK, WAN: OK, WIFI OK, MESH: OK, MiWifi APP: OK
    - If you've made it this far, you have the firmware, permanent SSH, and maximum power completed,
    Enjoy and tinker.

    • image

  • Revert:

     - Simply upload an older firmware (the vulnerable one is better) from the Xiaomi configuration website and click on DELETE existing configuration.

    • image

    image


Xiaohack Chatbot Asistente XiaoHack

Xiaohack V 3.2 | © Copyright 2023 | Musk Logo