Xiaomi Multimode Gateway on fw 1.5.5_0006 and higher

[levkanm]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

[AlexxIT]

Well. You need to be more careful and stop upgrading to unsupported firmwares. Fortunately for you, there is a way to fix it.

Software method

If the gateway previously worked in Home Assistant integration, you can enable Telnet on firmware 1.5.5:
5 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause.
https://www.youtube.com/shorts/qJ21wWNE1Gg

Warning! Incorrect clicks can reset the gateway. 10 clicks - reset gateway.

Then you need to install any supported firmware:
https://github.com/zvldz/mgl03_fw/tree/main/firmware

Hardware method

If the gateway has not previously worked in Home Assistant integration, you can enable Telnet, but it will have a password, which is impossible to find out. So you need to flash your gateway with UART:
https://github.com/AlexxIT/XiaomiGateway3/wiki

[lxz946786639]

Sorry. Telnet cannot be opened on this firmware using the software method. You either have to wait for a new way to open the Telnet. Or solder the gateway and downgrade the firmware. Or throw the gateway in the trash :)

haha

[18605000242]

Sorry. Telnet cannot be opened on this firmware using the software method. You either have to wait for a new way to open the Telnet. Or solder the gateway and downgrade the firmware. Or throw the gateway in the trash :)

is it any way to downgrade if the firmware is 1.5.5?

[AlexxIT]

Only UART method https://github.com/AlexxIT/XiaomiGateway3/wiki

[taktazgroup]

Can the problem be solved in the next update? There is no way to inform Xiaomi to open the talent port?

[gewanbo]

I accidentally clicked on the upgrade and ended up with version 1.5.5_0006. The Xiaomi app kept prompting you to click on the upgrade button. Finally, I found this solution and downgraded back to 1.5.0 using UART method. Then, I manually upgraded to 15.4. Many thanks to @AlexxIT for providing the detailed documentation. The UART method is indeed not easy for me. I have no idea what UART is, and I got stuck in the process because I couldn't find the firmware file like 15.x.uart. I also tried this method mentioned at https://github.com/AlexxIT/XiaomiGateway3/wiki/Downgrade-Firmware#solder-uart. Fortunately, after restarting, I was lucky enough to find it back at version 15.0. I'm happy now!

[benghee]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

There is another easy way, no need downgrade FW or TRASH your Xiaomi devices, which is just switch to another Xiaomi integration from HACS that works perfectly fine (tested on Google Home and Apple Home like an old day).
But i need to thank to AlexxIT all these years working hard on the updates and make Xiaomi devices used to integrated well with HA.

[taktazgroup]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

There is another easy way, no need downgrade FW or TRASH your Xiaomi devices, which is just switch to another Xiaomi integration from HACS that works perfectly fine (tested on Google Home and Apple Home like an old day). But i need to thank to AlexxIT all these years working hard on the updates and make Xiaomi devices used to integrated well with HA.

hi , please say hacs name , thanks

[TwKenYang]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

There is another easy way, no need downgrade FW or TRASH your Xiaomi devices, which is just switch to another Xiaomi integration from HACS that works perfectly fine (tested on Google Home and Apple Home like an old day). But i need to thank to AlexxIT all these years working hard on the updates and make Xiaomi devices used to integrated well with HA.

Xiaomi Miot Auto can find the gateway, but it is often unavailable

[thanhbacmc]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

There is another easy way, no need downgrade FW or TRASH your Xiaomi devices, which is just switch to another Xiaomi integration from HACS that works perfectly fine (tested on Google Home and Apple Home like an old day). But i need to thank to AlexxIT all these years working hard on the updates and make Xiaomi devices used to integrated well with HA.

Xiaomi Miot Auto can find the gateway, but it is often unavailable

or Xiaomi MIoT ok!. But need AlexxIT fix bug. thank to AlexxIT !

[floingnom]

Request for support Xiaomi Multimode Gateway firmware 1.5.5_0006,thanks.

There is another easy way, no need downgrade FW or TRASH your Xiaomi devices, which is just switch to another Xiaomi integration from HACS that works perfectly fine (tested on Google Home and Apple Home like an old day). But i need to thank to AlexxIT all these years working hard on the updates and make Xiaomi devices used to integrated well with HA.

Xiaomi Miot Auto can find the gateway, but it is often unavailable

That's helps:
/config/custom_components/xiaomi_miot/core/xiaomi_cloud.py:68

-        rls = self.get_props(pms)
+        for iki in range(50):
+            rls = self.get_props(pms)
+            if rls:
+                continue

/config/custom_components/xiaomi_miot/core/xiaomi_cloud.py:50

-        self.http_timeout = int(hass.data[DOMAIN].get('config', {}).get('http_timeout') or 10)
+        self.http_timeout = int(1000);

[Algorithm0]

Xiaomi Miot Auto with a hub and all devices that are connected through it works EXCLUSIVELY THROUGH THE CLOUD. Especially if your hub is configured for Chinese servers, then you can get a significant delay in comparison with this integration, not to mention privacy.
AlexxIT, thank you so much for what you do. It's just superb.

[skrashevich]

I have found a way to activate telnet on firmware 1.5.5, but it requires the key (not a token!) from the device. Unfortunately, I have not yet discovered a way to obtain it without telnet already being open. However, if you have saved it somewhere before updating to 1.5.5, the re-opening telnet process will be very straightforward.

[chenchk]

I have found a way to activate telnet on firmware 1.5.5, but it requires the key (not a token!) from the device. Unfortunately, I have not yet discovered a way to obtain it without telnet already being open. However, if you have saved it somewhere before updating to 1.5.5, the re-opening telnet process will be very straightforward.

how to enable telnet on firmware 1.5.5, As a result of my scan with namp, port 23 is closed

[root@centos ~]# nmap -p 22-23 192.168.199.168

Starting Nmap 6.40 ( http://nmap.org ) at 2023-06-02 15:37 CST
Nmap scan report for Mi-Gate.lan (192.168.199.168)
Host is up (0.15s latency).
PORT   STATE  SERVICE
22/tcp closed ssh
23/tcp closed telnet
MAC Address: XX:XX:XX:XX:XX:XX (Unknown)

[rezmus]

@skrashevich main problem with backdoor miio commands debug_mode (tty/telnetd) or system_command (any shell cmd)

{"method":"debug_mode","params":{"password":"pswd","enable":true},"id":12345}

{"method":"system_command","params":{"password":"pswd","command":"passwd -d $USER; riu_w 101e 53 3012 || echo enable > /sys/class/tty/tty/enable; telnetd"},"id":12345}

where pswd is calculated from did/mac/key with base64(hmac_sha256(key, sha256(did+mac+key)))

#!/bin/sh
#base64(hmac_sha256(key, sha256(did+mac+key)))

if [ $# != 3 ];then
	echo "Usage: ./generate_pswd.sh did mac key"
	exit 0
fi

did=$1
mac=$2
key=$3
echo -e "\n============================================"
echo "did=$did mac=$mac key=$key"
echo "base64(hmac_sha256(key, sha256(did+mac+key)))"
Message=$key
Secret=`echo -n $did$mac$key | sha256sum | awk '{print$1}'`
ret=`echo -n $Message | openssl dgst -sha256 -hmac $Secret -binary | base64`

echo "base64(hmac_sha256($key, sha256($did$mac$key)))=$ret"
start=`expr ${#ret} - 16`   
echo start=$start        
pswd=`echo ${ret:$start:16}`
echo -e "============================================\n"
echo "did=$did mac=$mac key=$key pswd=$pswd"

is that you have to backup key before you got locked ;d

[TwKenYang]

@skrashevich main problem with backdoor miio commands debug_mode (tty/telnetd) or system_command (any shell cmd)

{"method":"debug_mode","params":{"password":"pswd","enable":true},"id":12345}

{"method":"system_command","params":{"password":"pswd","command":"passwd -d $USER; riu_w 101e 53 3012 || echo enable > /sys/class/tty/tty/enable; telnetd"},"id":12345}

where pswd is calculated from did/mac/key with base64(hmac_sha256(key, sha256(did+mac+key)))

#!/bin/sh
#base64(hmac_sha256(key, sha256(did+mac+key)))

if [ $# != 3 ];then
	echo "Usage: ./generate_pswd.sh did mac key"
	exit 0
fi

did=$1
mac=$2
key=$3
echo -e "\n============================================"
echo "did=$did mac=$mac key=$key"
echo "base64(hmac_sha256(key, sha256(did+mac+key)))"
Message=$key
Secret=`echo -n $did$mac$key | sha256sum | awk '{print$1}'`
ret=`echo -n $Message | openssl dgst -sha256 -hmac $Secret -binary | base64`

echo "base64(hmac_sha256($key, sha256($did$mac$key)))=$ret"
start=`expr ${#ret} - 16`   
echo start=$start        
pswd=`echo ${ret:$start:16}`
echo -e "============================================\n"
echo "did=$did mac=$mac key=$key pswd=$pswd"

is that you have to backup key before you got locked ;d

If I happen to have a 1.5.4 without flashing the firmware, please tell me how to get the information you want

[rezmus]

cat /data/miio/device.conf

key/mac/did is unique per device so you can only calc pswd and send commands to device you have this data for (backup before telnet is locked).

[AlexxIT]

I come to you with good news. I updated my first post with a description of how to enable telnet on 1.5.5 firmware:
#1057 (comment)

[cxfksword]

I come to you with good news. I updated my first post with a description of how to enable telnet on 1.5.5 firmware: #1057 (comment)

Thanks, I've done it!

[Vlavlabur]

"5 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause."
There are 5 double clicks on the video, and 6 in the description...
How right?

[AlexxIT]

I don't know why only 5 works on video. There should be 6 double clicks.
But anyway. Keep trying until green light.

[Plaudern]

I have three p3 gateways, one 4.0.2_0024_0644. Two 4.0.1_0004, I tried to use 5-2-2-2-2 to open telnet (the green light is on), I tried to scan with nmap and the results are as follows
（This is a P3 with firmware 4.0.1_0004）

PS C:\Users\Plaud>nmap -p 22-23 192.168.8.243
Starting Nmap 7.94 ( https://nmap.org ) at 2023-06-06 08:53 中国标准时间
Nmap scan report for AC-Controller-2936.lan (192.168.8.243)
Host is up (0.040s latency).

PORT   STATE  SERVICE
22/tcp closed ssh
23/tcp open   telnet
MAC Address: 54:EF:44:2E:1F:FF (Lumi United Technology)

Nmap done: 1 IP address (1 host up) scanned in 4.06 seconds

and then I used telnet to connect

PS C:\Users\Plaud>telnet 192.168.8.243
AC-Controller-1FFF login: admin
Password:
Login incorrect

What should I do? Does it mean that I can only go through the flash UART method?

[rezmus]

if you did not use them in HA before they still have password on telnet. clicks enable tty/telnetd and are solution only for ppl who deleted password before, but updated to locked firmware.

[ThomasD013]

Well. You need to be more careful and stop upgrading to unsupported firmwares. Fortunately for you, there is a way to fix it.

Software method

If the gateway previously worked in Home Assistant integration, you can enable Telnet on firmware 1.5.5: 5 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause, 2 clicks, pause. https://www.youtube.com/shorts/qJ21wWNE1Gg

Warning! Incorrect clicks can reset the gateway. 10 clicks - reset gateway.

Then you need to install any supported firmware: https://github.com/zvldz/mgl03_fw/tree/main/firmware

Hardware method

If the gateway has not previously worked in Home Assistant integration, you can enable Telnet, but it will have a password, which is impossible to find out. So you need to flash your gateway with UART: https://github.com/AlexxIT/XiaomiGateway3/wiki

How can i disable automated udpate ? I woke up this morning and my gateway was upgraded :/

[AlexxIT]

I described about version in the blog AlexxIT/Blog#13

[dfanica]

This worked wonders for me. I upgraded a few days ago without knowing that it will break my integration. I did try for about 1-2 hours to get open the telnet but eventually managed. Thanks everyone in this discussion for all the info!

[ifflanb]

Is it likely or possible that this will ever be fixed in a more permanent way? I have noticed that for me, the Telnet gets broken every time the gateway loses power. Then by the time you have gotten the click timing correct in order to re enable it, you end up hard resetting the device by accident and losing your child devices. This is a real pain.

[rezmus]

clicks are meant only for temporary telnet access so you can get gw cloud key.

cat /data/miio/device.conf

integration should be able to enable telnet on 1.5.5 when key is filled.

[ifflanb]

Thanks @rezmus . I already have a key specified in the Gateway config. Do the keys change?

[rezmus]

it is set in factory (unique per device) and never changes because mijia cloud auth depends on it.

[ifflanb]

Hmm ok. I guess mine is ok then. So your saying that you can restart your gateway and the Telnet remains working?