Skip to content

dary1337/unlock-ssh-xiaomi-router

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitattributes
.gitattributes
 
 
BACKUP.md
BACKUP.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.ru.md
README.ru.md
 
 
enable_ssh.cmd
enable_ssh.cmd
 
 

Repository files navigation

Enable SSH / Root on Xiaomi Redmi AX5400 Gaming Edition Router (MiWiFi 1.0.95)

English · Русский

Step-by-step guide to unlock SSH and get root access on Xiaomi / Redmi routers without flashing custom firmware. Tested on the Redmi AX5400 Gaming Edition running stock MiWiFi 1.0.95, using the STOK web exploit and the MiWiFi default-password calculator.

Supported routers

The same method works on several Xiaomi / Redmi models on a vulnerable stock MiWiFi version (downgrade first if yours is newer). Recommended firmware per model:

Router MiWiFi version
Redmi AX5400 Gaming/Esports Edition 1.0.95
Redmi AX3000 1.0.33
Xiaomi AX3000 1.0.48 / 1.0.46
Xiaomi AX1800 1.0.399
Xiaomi AX9000 1.0.165
Xiaomi AIoT AX3600 1.1.21
Xiaomi AC2100 2.0.743
Xiaomi AIoT AC2350 1.3.8
Xiaomi 10 Gigabit Router 1.0.53

Full details and the original research are in the mirrored forum guide.

Thanks to Minorice

Original post: https://www.right.com.cn/forum/thread-8348455-1-1.html

Full forum guide — all models (mirror)

HTML Forum backup

How to setup router (AX5400) in WISP mode

My case:

Router:

  • Xiaomi Router AX5400 Gaming Edition

Stable Version MiWiFi:

  • 1.0.95

How to enable SSH on MiWiFi (step by step)

Preparation:

  1. Factory reset the router

  2. Setup router in Router mode

    • I used DHCP

Installation:

  1. Open Web router page http://192.168.31.1/

  2. Get the STOK value from url (f.e. ;stok=57a3a045a1db66a1573a1b2e4ef3ccb8)

  3. Download enable_ssh.cmd script

  4. Update enable_ssh.cmd script with your STOK value

  • set TOKEN=57a3a045a1db66a1573a1b2e4ef3ccb8

  1. Run enable_ssh.cmd script
  • If there is an error, you can try to run it again
  1. Open Web router page and reset the time of router

Connection:

  1. Copy Serial Number from Web router page (f.e. 37668/A1ZZ16727)

  2. Get the default password: MiWiFi.DEV SSH Passwd Calculator

  3. Open command line and run: ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.31.1

  4. Fill the password from step 9 (by clicking RMB)

Restore ssh after reboot:

You can relaunch script
Result will be like that:

{"code":0}
{ "code": 0, "msg": "", "id": 42 }
{"code":-101,"msg":"request server timeout"}
{ "code": 0, "msg": "", "id": 43 }
{"code":-101,"msg":"request server timeout"}
{ "code": 0, "msg": "", "id": 44 }
{"code":-101,"msg":"request server timeout"}
{ "code": 0, "msg": "", "id": 45 }
{"code":-101,"msg":"request server timeout"}
{ "code": 0, "msg": "", "id": 46 }
{"code":-101,"msg":"request server timeout"}
end

How to setup router (AX5400) in WISP mode

About

Enable SSH / root access on Xiaomi & Redmi routers (AX5400 Gaming Edition, MiWiFi 1.0.95) — no firmware flash, web-exploit STOK method

Topics

ssh router openwrt root xiaomi stok redmi miwifi ax5400 ssh-unlock

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

Forum backup Latest
Jul 17, 2025

Packages

 
 
 

Contributors

Languages