Closed cyberrep closed 8 months ago
cyberrep
commented
8 months ago Hey buddy, I leave another cmd pinging and when the exploit start, its loose the connection and after like a minute its back its stop when start Wait smartcontroller activation ... Its weird because I use same cable for the others
remittor
commented
8 months ago I leave another cmd pinging and when the exploit start, its loose the connection and after like a minute its back its stop
Maybe the device is rebooting? At this moment LuCI answers?
cyberrep
commented
8 months ago Good question, how I know ? ;-) if you mean web, no its stop. I'll try again to check the lights status
cyberrep
commented
8 months ago Ok,both lights are white and the command "wait smartcontroller" is send, the AX3000 reboot.
remittor
commented
8 months ago try to uncomment this lines: https://github.com/openwrt-xiaomi/xmir-patcher/blob/b1e2c7bf433e44b70005c56dd6b9f92b1b1329b8/connect5.py#L282-L285
cyberrep
commented
8 months ago Good morning!
This is the result Enable smartcontroller scene executor ... Change date ...
ERROR: ----- TEST FINISHED ------
remittor
commented
8 months ago 1) Revert changes. 2) Change timeout to 10 sec in this line: https://github.com/openwrt-xiaomi/xmir-patcher/blob/b1e2c7bf433e44b70005c56dd6b9f92b1b1329b8/connect5.py#L291 3) Uncomment line: https://github.com/openwrt-xiaomi/xmir-patcher/blob/b1e2c7bf433e44b70005c56dd6b9f92b1b1329b8/connect5.py#L294
cyberrep
commented
8 months ago with the time 10 work well, but....
Wait smartcontroller activation ... { "code": 0, "msg": "" } Unlock dropbear service ...
SSH Enable, read full device. When I try to get dump, I get an error
Backup of "crashsyslog" saved to file "./backups/mtd17_crashsyslog.bin"
ERROR on execute command: "dd if=/dev/mtd18 of=/tmp/mtd_dump.bin"
Traceback (most recent call last):
File "create_backup.py", line 109, in
And I have to shutdown the AP, and after when try to apply item 2
Wait smartcontroller activation ...
============ smartcontroller failed ============
Traceback (most recent call last):
File "connect.py", line 55, in
I'm doing the AP reset to start again
cyberrep
commented
8 months ago second test after reset the AP SSH Enable, read full device, dump ok
maybe just did wrong in the first time!
I'll try the others
cyberrep
commented
8 months ago The other one I try with time 10 and change to 20 (until start to ping again)
error
============ smartcontroller failed ============ Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 174, in _new_conn File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 96, in create_connection File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 86, in create_connection socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 699, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 394, in _make_request File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 239, in request File "http\client.py", line 1252, in request File "http\client.py", line 1298, in _send_request File "http\client.py", line 1247, in endheaders File "http\client.py", line 1007, in _send_output File "http\client.py", line 947, in send File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 205, in connect File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 179, in _new_conn urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x000001E78210D2B0>, 'Connection to 172.16.0.2 timed out. (connect timeout=7)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 439, in send File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 755, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/util/retry.py", line 574, in increment urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='172.16.0.2', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=2cb0ebdc27bdfaa4a406e456da285cc1/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x000001E78210D2B0>, 'Connection to 172.16.0.2 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "B:\OneDrive\@Programas Uteis\@Drivers\Xiaomi\xmir-patcher\connect5.py", line 73, in exec_smart_cmd res = requests.post(gw.apiurl + api, data = { "payload": payload }, timeout = timeout) File "d:\python\python38\Lib\site-packages\requests/api.py", line 117, in post File "d:\python\python38\Lib\site-packages\requests/api.py", line 61, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 542, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 655, in send File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 504, in send requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='172.16.0.2', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=2cb0ebdc27bdfaa4a406e456da285cc1/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x000001E78210D2B0>, 'Connection to 172.16.0.2 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "connect.py", line 55, in
cyberrep
commented
8 months ago others same problem (2 dones with original code, 1 done with 10 seconds) I have more 2, weird right
Wait smartcontroller activation ... ============ smartcontroller failed ============ Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 174, in _new_conn File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 96, in create_connection File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 86, in create_connection socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 699, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 394, in _make_request File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 239, in request File "http\client.py", line 1252, in request File "http\client.py", line 1298, in _send_request File "http\client.py", line 1247, in endheaders File "http\client.py", line 1007, in _send_output File "http\client.py", line 947, in send File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 205, in connect File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 179, in _new_conn urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x0000020F149AF2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 439, in send File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 755, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/util/retry.py", line 574, in increment urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='172.16.0.4', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=889600f0484d5ec8d91d21b211424705/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0000020F149AF2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "B:\OneDrive\@Programas Uteis\@Drivers\Xiaomi\xmir-patcher\connect5.py", line 73, in exec_smart_cmd res = requests.post(gw.apiurl + api, data = { "payload": payload }, timeout = timeout) File "d:\python\python38\Lib\site-packages\requests/api.py", line 117, in post File "d:\python\python38\Lib\site-packages\requests/api.py", line 61, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 542, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 655, in send File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 504, in send requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='172.16.0.4', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=889600f0484d5ec8d91d21b211424705/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0000020F149AF2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "connect.py", line 55, in
cyberrep
commented
8 months ago just an ammendment, they are in the mi home app (maybe is that?)
cyberrep
commented
8 months ago I add more debug to you code:
print(dst) print(res) print('Change date ...') time.sleep(20) res = exec_tiny_cmd("date -s 203301020304") die('----- TEST FINISHED ------')
and I get Enable smartcontroller scene executor ... {'min': 52, 'day': 1, 'index': '0', 'month': 11, 'year': 2023, 'sec': 55, 'hour': 17, 'timezone': " ' ; reboot ; 195"} {"code":0} Change date ...
and when I see timezone = '' I just force to addtimezone and voila!!!
I have no ideia why theres a reboot at the end. its fixed, if you add yo your code a way to fix a timezone its fix all problems!
cyberrep
commented
8 months ago Now I have 5 AX3000 done and 1 AX3600 tks a lot man!!!!
I wanna help more if you need something to test
remittor
commented
8 months ago " ' ; reboot ; 195" if you add yo your code a way to fix a timezone its fix all problems!
Why did you have such a strange value stored in timezone?
cyberrep
commented
8 months ago Maybe its appear if we add using the mi home app, thats the only thing I can figure out.
remittor
commented
8 months ago remittor
commented
8 months ago " ' ; reboot ; 195"
Could this be an artifact left by hack utility ShellClash?
Either this is an artifact of using these scripts: https://openwrt.org/toh/xiaomi/redmi_ax6000#set_bdata
cyberrep
commented
8 months ago Maybe, I dont remember if I try it. I can try to use the url script to check if you wanna
First of all, thanks for the tool!!! Awesome work. I have 5 AX3000 (4 Int and 1 Chinese) I did for 2 exploit and permanent SSH and work, for 2 I get the error below:
device_name = RA82 rom_version = 1.4.31 release mac address = ** Enter device WEB password: ***** Enable smartcontroller scene executor ... Wait smartcontroller activation ... ============ smartcontroller failed ============ Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 174, in _new_conn File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 96, in create_connection File "d:\python\python38\Lib\site-packages\urllib3/util/connection.py", line 86, in create_connection socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 699, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 394, in _make_request File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 239, in request File "http\client.py", line 1252, in request File "http\client.py", line 1298, in _send_request File "http\client.py", line 1247, in endheaders File "http\client.py", line 1007, in _send_output File "http\client.py", line 947, in send File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 205, in connect File "d:\python\python38\Lib\site-packages\urllib3/connection.py", line 179, in _new_conn urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x0000027E9C4AD2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 439, in send File "d:\python\python38\Lib\site-packages\urllib3/connectionpool.py", line 755, in urlopen File "d:\python\python38\Lib\site-packages\urllib3/util/retry.py", line 574, in increment urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='172.16.0.4', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=1f80af8895251db6c094065253924eb2/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0000027E9C4AD2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "xmir-patcher\connect5.py", line 73, in exec_smart_cmd res = requests.post(gw.apiurl + api, data = { "payload": payload }, timeout = timeout) File "d:\python\python38\Lib\site-packages\requests/api.py", line 117, in post File "d:\python\python38\Lib\site-packages\requests/api.py", line 61, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 542, in request File "d:\python\python38\Lib\site-packages\requests/sessions.py", line 655, in send File "d:\python\python38\Lib\site-packages\requests/adapters.py", line 504, in send requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='172.16.0.4', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=1f80af8895251db6c094065253924eb2/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0000027E9C4AD2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "connect.py", line 55, in
import connect5
File "xmir-patcher\connect5.py", line 293, in
res = exec_tiny_cmd("date -s 203301020304")
File "xmir-patcher\connect5.py", line 133, in exec_tiny_cmd
res = exec_smart_cmd(pdata)
File "xmir-patcher\connect5.py", line 76, in exec_smart_cmd
raise ExploitError(f'Cannot send POST-request "{sc_command}" to SmartController service. {msg}')
connect5.ExploitError: Cannot send POST-request "scene_setting" to SmartController service. HTTPConnectionPool(host='172.16.0.4', port=80): Max retries exceeded with url: /cgi-bin/luci/;stok=1f80af8895251db6c094065253924eb2/api/xqsmarthome/request_smartcontroller (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x0000027E9C4AD2B0>, 'Connection to 172.16.0.4 timed out. (connect timeout=7)')){
"device_ip_addr": "172.16.0.4"
}