用舊韌體降級
韌體
開啟SSH
1. 方案一
瀏覽器控制檯執行
function getSTOK() {
let match = location.href.match(/;stok=(.*?)\//);
if (!match) {
return null;
}
return match[1];
}
function execute(stok, command) {
command = encodeURIComponent(command);
let path = `/cgi-bin/luci/;stok=${stok}/api/misystem/set_config_iotdev?bssid=SteelyWing&user_id=SteelyWing&ssid=-h%0A${command}%0A`;
console.log(path);
return fetch(new Request(location.origin + path));
}
function enableSSH() {
stok = getSTOK();
if (!stok) {
console.error('stok not found in URL');
return;
}
console.log(`stok = “${stok}”`);
password = prompt('Input new SSH password');
if (!password) {
console.error('You must input password');
return;
}
execute(stok,
`
nvram set ssh_en=1
nvram commit
sed -i ‘s/channel=.*/channel=\\”debug\\”/g’ /etc/init.d/dropbear
/etc/init.d/dropbear start
`
)
.then((response) => response.text())
.then((text) => console.log(text));
console.log('New SSH password: '+password);
execute(stok, `echo -e “${password}\\n${password}” | passwd root`)
.then((response) => response.text())
.then((text) => console.log(text));
}
enableSSH();
2. 方案二
降級後不要升級,先登入網頁管理介面,登入後可以在位址列上看到
http://192.168.31.1/cgi-bin/luci/;stok=XXXXXXXXXXXXXXXXXXXXXXXXXX/web/home#router
(如果你改了路由器IP地址,可能192.168.31.1處會和我的不一樣,但是此處只需要stok),這裡的XXX對應你自己的stok。
將XXX後面的包括斜槓"/"在內的所有文字替換成
/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B
然後回車,就會有個code:0,這個時候ssh就已經開啟了,若沒有,請重啟路由器。
III.改密SSH
開啟SSH後,可以按照步驟II中的方法,將XX後面的包括斜槓"/"在內的所有文字替換成
/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
其中兩個admin為你需要更改的密碼,兩個admin均需要修改,修改完後回車即可
連線
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa root@192.168.31.1