8
AX3600等小米路由设备破解固化永久SSH教程
source link: https://juewuy.github.io/gDyfIPSsZ/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
AX3600等小米路由设备破解固化永久SSH教程
发布于
2021-02-18
|
2分钟
|
303字数
教程转自:https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=4046020
原作者Github地址:https://github.com/paldier/ax3600_tool
首先需要参考此文破解SSH权限(已破解则略过)
https://juewuy.github.io/clash-for-miwifi-an-zhuang-ji-shi-yong-jiao-cheng/#获取路由器ssh权限
之后备份nand,运行如下命令:
nanddump -f /tmp/bdata_mtd9.img /dev/mtd9
复制代码运行成功后用winscp下载到电脑上备份好(以防万一)
接下来下载网盘中的破解文件(fuckax3600)
链接: https://pan.baidu.com/s/15QsNvM9qwgTVtk8zF843eA 提取码: 8rcu之后用winscp将该文件上传到路由器的/tmp目录下,执行如下代码:
chmod +x /tmp/fuckax3600 && /tmp/fuckax3600 unlock
复制代码机器会自动重启,重启后执行:
/tmp/fuckax3600 hack
复制代码会自动设置永久ssh、telnet、uart权限,同时会计算出默认的root密码,注意记录密码,恢复出厂后telnet和ssh需要用
最后执行:
/tmp/fuckax3600 lock
复制代码重启后即使恢复出厂ssid也能正常了
如升级后ssh被禁用可以用telnet登录,执行下面代码再次启用ssh
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear start
复制代码至此基本可以保证机器长期拥有root权限
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK