wangzhi

wangzhi

狗骑吕步
github
HomeArchives

Xiaomi 4A Router (Gigabit Version) Flashing

314
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses how to flash OpenWrt onto a Xiaomi 4A router (Gigabit version) for remote access and file sharing. The author initially faced challenges with using mobile apps for proxy services and found OpenWrt to be a suitable solution. ### Preparation - Required materials include the Xiaomi 4A router, SSH cracking tools, and OpenWrt firmware. ### Steps 1. Upload the OpenWrt firmware to the router's `/tmp` directory. 2. Use the `mtd` command to flash the firmware. ### Important Notes - Avoid flashing the Breed bootloader, as it can cause boot loops. - Ensure to configure port forwarding and disable unnecessary services to enhance security. ### Public Access - The author recommends using DDNS for dynamic IP management, as standard ports (80 and 443) are blocked by the ISP. - A custom domain can be used for easier access, with a script running on the router to update the domain's IP. ### Accessing Home Devices - Port forwarding allows access to home devices via public IP. ### Running Xray - After flashing, the author faced memory limitations when trying to install Xray. The solution was to optimize the Xray installation to fit within the available memory and store it in the persistent `/overlay` directory. The document concludes with instructions on configuring mobile devices to use the router as a proxy for accessing services like YouTube.

Origin#

~ I have a desktop computer at home that is not in use, and I want to remotely access and share files and run some programs. The fundamental reason is that xray requires a client app to be installed on each phone, which is quite cumbersome. I thought about preparing a device to run the proxy on, allowing other clients to directly configure the address, with config.json for unified management. Initially, I used a mobile app to enable LAN access, but this required the phone to be on all day, and the latency seemed quite high, as all requests would go through the phone, creating unnecessary detours. Then I learned that OpenWRT can run programs directly, and since xray is written in golang, it can be compiled to run on embedded systems! 🐓 nice!

Preparation Materials#

Operation Steps#

First, upload the OpenWRT firmware to the /tmp directory, and wait for a reboot after flashing.

cd /tmp

mtd -e OS1 -r write openwrt-21.02.3-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin OS1

Precautions#

  • Never flash breed (Phoenix) as the parameters are completely inconsistent with the Xiaomi 4A firmware. Flashing breed will cause the firmware to reboot infinitely. Use the mtd command to flash directly. If you want to revert to the official firmware, use the official recovery tool, which is very simple.
  • If you flash breed and it causes an infinite reboot, you can long-press the reset button during boot to connect to breed via SSH, and then use mtd to flash the OpenWRT firmware from there. Initially, I didn't know this and thought it was bricked, so I bought a flashy gold CH341 programmer from Pinduoduo and directly flashed it onto the chip.
  • After enabling port forwarding, many foreign IPs will attempt to log in. Since my setup has the optical modem in bridge mode, the router's dial-up IP is exposed on the public internet, which is quite annoying. I turned off all unnecessary configurations, restricted ports to specific MAC addresses or IPs, disabled password login on the router, and enabled SSH key login to prevent many attacks.

Public Access#

The commonly used ports 443 and 80 are completely unusable, as these two ports are intercepted by the ISP.

  • How to operate for public access?

    Generally, for ordinary users, DDNS is recommended. The router has built-in options, such as Peanut Shell DDNS, but this free DDNS domain name is very long and hard to remember, so I bought a memorable domain name.

  • General principle of DDNS

    Since the router uses dynamic IP for dial-up, when you restart the router, it will redial, resulting in a new IP. If the domain name is bound, it will become invalid. DDNS checks the current IP and the domain name's resolved IP every 10 or 5 minutes. If they do not match, it will re-resolve. Understanding this principle makes it simple. Write a program to run on the router, set it to start on boot, and check every 5 minutes. If different, call the resolution interface to update the domain resolution (the domain bought from Tencent Cloud is supported).

  • Accessing devices at home

    Through port forwarding, for example, 192.168.1.1:22 is the Raspberry Pi, and then you can bind it to the public domain domain.com:2222, forwarding through the router to 192.168.1.1:22, allowing direct access to home devices. Remember to enable the firewall on the device and set a hard-to-crack password. Configure some security restrictions in the OpenWRT firewall forwarding settings to avoid attacks.

Running xray#

~ After flashing, I definitely need to run xray since this is the main requirement. However, when trying to install it through the official OpenWRT software, it always prompts that memory is insufficient, which is strange. Upon checking, my router has 128M of RAM and only 16M of storage. After installing OpenWRT, only 8M is left, and even after using UPX compression, xray is still nearly 9M, which is not enough. Additionally, the router's /tmp is actually a memory mapping. The files in this directory will be cleared after the device restarts. Although the hard drive is only 16M, you can place an 80M file in tmp; it just gets lost after a reboot. Of course, to save memory, it's best to keep it small. The /overlay directory is for persistent storage, which will not be lost after the router restarts. You can place xray here and configure it to start on boot.

  • Slimmed down xray-core based on the official version 1.8.4, removing everything unnecessary while retaining basic functionality. In the op directory, using ls -lh, it shows only 4.2M, which is after UPX compression.

Then, configure manual proxy directly on the mobile device's Wi-Fi, filling in the router's address and the corresponding port number for xray to access YouTube.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.