copyright
This article was first published on soarli blog. Please indicate the source of reprint. Portal
preface
The last time I tossed about IPV6 was about a month ago, After beating the drum all night, I didn't get the desired result in the end (that is, the mobile phone supports direct access to resources under IPV6, etc.).
Today, I had a whim. I turned off the firewall and tried it. I succeeded step by step along this idea! A sense of accomplishment burst!
process
APP
It was noted that the permission of Xiaomi Wifi mobile terminal was higher than that of the Web terminal (more complete functions). Several suspicious switches were found and turned off. It was found that there was no effect, so we had to try to obtain SSH permission on the Web terminal.
SSH
- Log in to the Xiaomi routing management page, find the string after stok in the url of the address bar and replace the < stok > in the url below
- Copy the replaced url to the address bar and press enter to confirm
a. Get SSH permission
http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B
b. Change the root user password to admin
http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
You need to change it to another password to replace the admin part of the url.
- Copy the above edited URL to the browser address bar, and then press enter to confirm that the following prompt has been successful.
OK, you have obtained the SSH permission and changed the login password of the ROOT user. The default is admin
Enter the password of the root user and press enter to confirm. After seeing the figure below, you can successfully log in to the router as the root user.
Turn off IPV6 firewall
Command:
ip6tables -F ip6tables -X ip6tables -P INPUT ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD ACCEPT
The external network can Ping through now, but as soon as the router is restarted, the firewall will open itself.
- Add in / etc/config/firewall:
config include
option path '/etc/firewall.user'
- In / etc / firewall User join:
ip6tables -F ip6tables -X ip6tables -P INPUT ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD ACCEPT
※ ip6tables - I forwarding in Article 2_ Rule can also be added to / etc / firewall User to customize the open port.
follow-up
Note that the IPV6 address will change with the restart of the router (nonsense, it will change every day even if it is not restarted). Considering that it is too complicated to enter cmd and ipconfig to check the address every time, simply complete a python program that can automatically obtain the IPV6 address and automatically copy it to the clipboard. The implementation is as follows (you need to manually install the pyperclip Library):
import urllib.request
import subprocess
import socket
import re
import pyperclip
child=subprocess.Popen("ipconfig", shell=True, stdout = subprocess.PIPE)
out=child.communicate();
ipv6_pattern='(([a-f0-9]{1,4}:){7}[a-f0-9]{1,4})'
m=re.findall(ipv6_pattern,str(out));
address=m[1][0]
print(address)
print("Copied to clipboard!\n\n press Enter to abort...")
pyperclip.copy(address)
input()
reference:
https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=4053486&extra=page%3D1%26filter%3Dtypeid%26typeid%3D44
https://xenwayne.top/tech/182.html
https://zhuanlan.zhihu.com/p/260531160
https://blog.csdn.net/qq840166422/article/details/89553077