Xiaomi Mi Router 4C

None at this time.

Install OpenWrt (generic explanation)

The snapshot version is NOT tested and it does not ship with a GUI. Your initial network configuration needs to be done via uci. Afterwards you can install LuCI for GUI. As of the time of this edit (2019-06-19), some users have reported Wi-Fi to be unstable. Do not attempt to perform firmware updates via Wi-Fi in order to avoid damage to your device.

  1. Download or clone OpenWRTInvasion
  2. Install python3 and and to PATH if not installed.
  3. Install requirements:
    pip3 install -r requirements.txt
  4. Login to Web panel of your router and copy stok code from URL.
  5. Execute the exploit:
    python3 remote_command_execution_vulnerability.py
  6. Enter stok and router's IP to command line when it asks to.
  7. Now you have access to telnet.
  8. Login to your router via telnet. (User: root - No password)
  9. Use this command to enter tmp directory:
    cd /tmp
  10. Copy OpenWrt download link.
  11. Download OpenWrt to tmp directory:
    wget <Download Link> 
  12. Install OpenWrt to OS1:
    mtd -r write /tmp/openwrt.bin OS1
  13. It will take couple of minutes and will be restarted to OpenWrt.

Stock /proc/mtd

dev:    size   erasesize  name
mtd0: 01000000 00010000 "ALL"
mtd1: 00020000 00010000 "Bootloader"
mtd2: 00010000 00010000 "Config"
mtd3: 00010000 00010000 "Factory"
mtd4: 00010000 00010000 "crash"
mtd5: 00010000 00010000 "cfg_bak"
mtd6: 00100000 00010000 "overlay"
mtd7: 00c60000 00010000 "OS1"
mtd8: 00af0000 00010000 "rootfs"
mtd9: 00200000 00010000 "disk"

OpenWRT snapshot /proc/mtd

dev:    size   erasesize  name
mtd0: 00020000 00010000 "bootloader"
mtd1: 00010000 00010000 "config"
mtd2: 00010000 00010000 "factory"
mtd3: 00010000 00010000 "crash"
mtd4: 00010000 00010000 "cfg_bak"
mtd5: 00100000 00010000 "overlay"
mtd6: 00ea0000 00010000 "firmware"
mtd7: 002052ab 00010000 "kernel"
mtd8: 00c9ad55 00010000 "rootfs"
mtd9: 00a10000 00010000 "rootfs_data"

0. Consider OpenWRT factory reset first

firstboot && reboot

1. Download STOCK firmware

2. Copy to router

scp miwifi_r4cm_firmware 3.0.16_ENG.bin root@

3. Write to “firmware” block

mtd -r write /tmp/miwifi_r4cm_firmware 3.0.16_ENG.bin firmware

4. Router will reboot and after few minutes will boot into stock firmware with IP address



PCB (Close Up)


This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/10/02 12:27
  • by abdulaziz.amar