Reviving Telnet access on Xiaomi Gateway 3 ZNDMWG04LM after getting key using UART Method.

[jksmurf]

I have a ZNDMWG04LM with 1.07_0019 FW.

I did the UART connection and checked the output and succesfully got the Key (not the Token), based on [methods detailed in 1166]. This allowed me to ADD it to AlexxIT's Gateway 3 interface. In fact I did two of them. (#1166).

My question however is about the need for telnet following integration; I can access the Gateway menu using Putty, but no Admin/Password pair matches, so I cannot actually log in. I tried admin/admin, admin/blank, admin/123123 and a few other combinations. I tried the 5-2-2-2-2-2-2 setting.

• Do I need telnet access for anything in future?
• If yes, is the only way to use UART, then downgrade the FW; and then strip out the password, so if I upgrade it again, it is blank? Is this possible and will blank password this be "sticky" if I upgrade the FW again?
• Is there actually some way to get Full Telnet Access using the Token+Key (which I now have saved) for each device?

Thx

[AlexxIT]

This model has root user with blank password (after adding to integration).

[jksmurf]

Yes, I can get to the # prompt but it doesn't look like a screen you normally see when you logon using putty.

[AlexxIT]

You're in an empty folder. That's why ls doesn't show anything.

[jksmurf]

Thank you. Is there a way to WinSCP into these Gateways, I just find it easier to use WinSCP to check folders/files, but I keep getting connection refused?

[AlexxIT]

XiaomiGateway3/custom_components/xiaomi_gateway3/core/shell/shell_e1.py

Lines 71 to 72 in 0acd959

	async def run_ftp(self):
	await self.exec("tcpsvd -E 0.0.0.0 21 ftpd -w &")

[jksmurf]

XiaomiGateway3/custom_components/xiaomi_gateway3/core/shell/shell_e1.py

Lines 71 to 72 in 0acd959

	async def run_ftp(self):
	await self.exec("tcpsvd -E 0.0.0.0 21 ftpd -w &")

Thank you AlexxIT, but I’m sorry that’s just gone way over my head. I’ve no idea what to do with that 🙏

[AlexxIT]

This is command for run FTP

[jksmurf]

Thanks @AlexxIT.

I did a bit of searching around based on that information and got it to work, so for the benefit of others wanting to use WinSCP to poke around in the Gateway File System (own risk!), I jotted down a few steps:

1. After you have removed the password using the UART approach, then login to the Gateway using Putty, username 'root' and no password (just hit enter);

2. After you login using Putty, IF you WANT to add a password back (you do not have to!), issuing this (where #!/bin/sh is the prompt in Putty, you might just see a '#' per the pics and not '#!/bin/sh'), will change the password to "xxxxxx"; remember the new password!

#!/bin/sh
echo "root:xxxxxx" | chpasswd

Note: If you add a password (please remember it!) and want to revert back to NO password, after you login (with your current password), just run:

#!/bin/sh
echo "root:" | chpasswd

Note a: If you do the above (echo "root:" | chpasswd) Putty will now give you a password prompt, just hit 'Enter' to login i.e. No Password.

Note b: If you want to delete the password for the user root (i.e. return it to the completely removed password state post UART), issue this at the prompt:

#!/bin/sh
passwd -d root

3. After you login via Putty, issuing this (where #!/bin/sh is the prompt in Putty), will give you WinSCP access via FTP:

#!/bin/sh
/usr/sbin/telnetd
/usr/bin/tcpsvd -E 0.0.0.0 21 ftpd -w / &

I believe you only need to issue it once (maybe unless you reboot the device).

4. After Step 3, go to WinSCP, make a new profile using the FTP protocol, using your IP Address, Port 21, user root and (no password unless you added one); no encryption, you're in!

This was my experience, the brief writeup is for users at my level of expertise (low!). There may be other or more correct ways to do these things and I would be happy to have someone add or correct me, no offense.

HTH

k.