Skip to content

OPENWRT, XWRT, IMMORTALWRT, PADAVAN, KEENETIC, STOCK, PCWRT Installation & Recovery Firmware for Xiaomi Mi Router 4C using CH341A Mini Programmer

Notifications You must be signed in to change notification settings

xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

CH341A Programmer for dumping, installing, reflashing and recovery of Xiaomi Router 4C

Notes

Note

  • Unchecked Verify from the programmer settings before flashing it
  • Unprotect eeprom before flashing..
  • Dangerous and irreversible actions, set only required options (if may failed buy a new ones and then soldered it unto the board)
  • If the programmer fails to read the eeprom sectors all you have to do is read the SREG or Status Register and unchecked all checked area or set all number 1 into 0 and then Write Register.

Windows

Setup

  • connect the ch341a clip to Xiaomi 4c router EEPROM, open asprogrammer then detect the chip select the specific router IC model, click read the IC and make a backup then proceed to erase ic, load the 16mb firmware into it (stock, openwrt, padavan, keenetic, immortal) then click write IC click yes and wait after it finish finally connect your router to your pc and open 192.168.1.1(3rd party) or 192.168.31.1(stock)

image

IMG_20230723_083113

IMG_20230723_083150

image

image image

Red wire must be connected to this pin #1 (dot) in chip

image




Linux

Driver Auto install (optional)

sudo apt update && wget -qO- https://raw.githubusercontent.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/refs/heads/main/driver.sh | sudo sh
  • Check existing drivers
lsmod | grep ch341
Bus 001 Device 002: ID 1a86:5512 QinHeng Electronics HL-340 USB-Serial adapter
ch341                  20480  0
usbserial             45056  1 ch341

Screenshot_20230801_132017




Install IMSProg:

Note

  • if the EEPROM unable to read by the programmer go to Imsprog Settings -> CHIP Info -> Read Status Register and replace all number 1 into 0 and Write then begin flashing the firmware.
  • Available Firmwares: | Stock Firmware | Openwrt | X-WRT | Keenetic | PCWRT | ImmortalWRT | Padavan |

  • Full Dump Firmware DOWNLOAD

  • Download and install IMSProg

sudo apt update && sudo apt install imsprog -y
  • Dependencies
sudo apt install bc build-essential gcc cmake make linux-headers-$(uname -r) cmake g++ libusb-1.0-0-dev qtbase5-dev qttools5-dev pkgconf systemd-dev udev zenity wget -y
  • Install from Repo (optional)
wget https://launchpad.net/~bigmdm/+archive/ubuntu/imsprog/+files/imsprog_1.4.4-4_amd64.deb -O imsprog.deb && sudo dpkg -i imsprog.deb && sudo apt --fix-broken install -y && sudo dpkg --configure -a
  • Build from Source (optional)
git clone https://github.com/bigbigmdm/IMSProg.git && cd IMSProg
cd IMSProg_programmer
mkdir build
cd build
cmake ..
make -j`nproc`
sudo make install



Install Flashrom:

sudo apt update ; sudo apt install flashrom -y

Flashing with Flashrom

Note

  • chip type depends on your EEPROM type detected by flashrom like GD25B128B/'GD25Q128B', GD25Q127C/'GD25Q128C' you may add it to the -c flags before backup or flashing
  • To Detect the Flash Chip execute the command below:
flashrom -VV -p ch341a_spi -r backup.bin
  • Backup Dump firmware:
flashrom -VV -p ch341a_spi -c GD25B128B/GD25Q128B -r MIR4C-dump.bin
  • Flash New Dump firmware:
flashrom -VV -p ch341a_spi -c GD25B128B/GD25Q128B -v -E -w /home/user/Downloads/MIR4C-dump.bin




Termux

Requirements

  • Access Point Router/CPE (Wired Bridge) (required) if ALL exist in the MTD partition tables
  • CH341A Programmer (optional) if there's no ALL existed in the MTD partition tables
  • Termux

β€’ Dependencies:

apt update && apt upgrade -y && apt install git wget curl python3 python-pip inetutils -y

Notes

Note

  • To check mtd partitions cat /proc/mtd
  • If mtd ALL partition is found you can flash it easily, if not otherwise flash the eeprom with CH341a programmer
  • MTD ALL Partition can flash all 16MB dump firmware from the download section
  • Keenetic Breed Programmer Firmware can Flash all 16MB dump firmware from the download section
  • All 16MB firmware dump are stable for transitioning
  • You can use wget, scp, http fileserver to import firmware into /tmp directory and flash

Mode of firmware import

opt 1

  • cd storage/downloads && scp 16mb_firmware.bin root@192.168.1.1:/tmp

opt 2

  • cd storage/downloads && python3 -m http.server (dhcp ip assign):8000 e.g: wget 192.168.1.111:8000/16mb_firmware.bin

opt 3

  • cd /tmp && wget https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flashing

  • mtd -e ALL -r write /tmp/16mb_firmware.bin ALL



Transition from Stock to other Firmware

β€’ Using my Modified version of openwrt-invasion

termux-setup-storage && pkg update && pkg upgrade && pkg install curl && curl https://raw.githubusercontent.com/xiv3r/termux-openwrt-invasion/refs/heads/main/openwrt-invasion.sh | sh && cd openwrt-invasion

β€’ Reset the Xiaomi 4C Router and configure with a password of 12345678

python3 remote_command_execution_vulnerability.py

β€’ Getting root access via Telnet

 telnet 192.168.31.1
  • login:root

  • password:root

  • Download the firmware from Here!

    • e.g
cd /tmp && wget -O Keenetic.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flashing

mtd -e ALL -r write /tmp/keenetic.bin ALL
  • Wait for 15 minutes until the reboot will prompted
  • Goto 192.168.1.1



Transition from Openwrt/Xwrt/Immortalwrt/Pcwrt to Keenetic and other Firmware

telnet 192.168.1.1
  • user:root

  • pass:your admin password

  • Bootloader breed installation

opkg update && opkg install kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
cd /tmp && wget -O breed.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/blob/main/Xiaomi_4C_Router_Breed_Env_Variables.bin

Flashing

mtd -r write /tmp/breed.bin bootloader
  • Router will reboot
  • Goto πŸ‘‰ 192.68.1.1 > upgrade > Programmer firmware > import keenetic 16MB dump from download

  • Unchecked skip bootloader
  • Unchecked skip eeprom
  • Upload



OpenWRT WiFi tx power mod to 30dBm

wget -qO- https://raw.githubusercontent.com/xiv3r/20dBm-30dBm-Xiaomi-Mi-4C-Router-Mod/refs/heads/main/mtd2-mod.sh | sh



Transition from Keenetic to Openwrt and other Firmware

  • Hold the reset button for 5 seconds while powering on the router
  • Goto πŸ‘‰192.168.1.1 > upgrade > programmer firmware > import openwrt 16MB dump from download

  • Unchecked skip bootloader
  • Unchecked skip eeprom
  • Apply



Transition from Padavan to other firmwares

  • telnet 192.168.1.1 and login your credentials
  • Import 16mb dump firmware.bin to /tmp
  • e.g cd /tmp && wget -O keenetic.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flashing

mtd -e ALL -r write /tmp/keenetic.bin ALL

About

OPENWRT, XWRT, IMMORTALWRT, PADAVAN, KEENETIC, STOCK, PCWRT Installation & Recovery Firmware for Xiaomi Mi Router 4C using CH341A Mini Programmer

Resources

Stars

Watchers

Forks

Packages

No packages published