Skip to content
/ Xiaomi-Mi-Router-4C-CH341A-Flasher Public

OPENWRT, XWRT, IMMORTALWRT, PADAVAN, KEENETIC, STOCK, PCWRT Installation & Recovery Firmware for Xiaomi Mi Router 4C using CH341A Mini Programmer

34 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

161 Commits
driver
driver
 
 
src
src
 
 
CH341PAR.EXE
CH341PAR.EXE
 
 
CH341SER.EXE
CH341SER.EXE
 
 
README.md
README.md
 
 
breed-ch.bin
breed-ch.bin
 
 
driver.sh
driver.sh
 
 
openwrt-breed-install.sh
openwrt-breed-install.sh
 
 

Repository files navigation

Notes

Note

  • Unchecked Verify from the programmer settings before flashing it
  • Unprotect eeprom before flashing..
  • Dangerous and irreversible actions, set only required options (if may failed buy a new ones and then soldered it unto the board)
  • If the programmer fails to read the eeprom sectors all you have to do is read the SREG or Status Register and unchecked all checked area or set all number 1 into 0 and then Write Register.

Firmware

supported firmware

| Stock Firmware | Openwrt | X-WRT | Keenetic | PCWRT | ImmortalWRT | Padavan |


Windows Requirements

Setup

connect the ch341a clip to Xiaomi 4c router EEPROM, open asprogrammer then detect the chip select the specific router IC model, click read the IC and make a backup then proceed to erase ic, load the 16mb firmware into it (stock, openwrt, padavan, keenetic, immortal) then click write IC click yes and wait after it finish finally connect your router to your pc and open 192.168.1.1(3rd party) or 192.168.31.1(stock)

image

IMG_20230723_083113

IMG_20230723_083150

image

image image

Red wire must be connected to this pin #1 (dot) in chip

image

Linux Requirements

Driver install (optional)

sudo apt update && wget -qO- https://raw.githubusercontent.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/refs/heads/main/driver.sh | sudo sh
  • Check the existing drivers
lsmod | grep ch341
Bus 001 Device 002: ID 1a86:5512 QinHeng Electronics HL-340 USB-Serial adapter
ch341                  20480  0
usbserial             45056  1 ch341

Screenshot_20230801_132017




IMSProg:

Note

  • if the EEPROM unable to read by the programmer go to Imsprog Settings -> CHIP Info -> Read Status Register and replace all number 1 into 0 and Write then begin flashing the firmware.
  • Download and install IMSProg
sudo apt update
sudo apt install imsprog -y
  • Dependencies
sudo apt install bc build-essential gcc cmake make linux-headers-$(uname -r) cmake g++ libusb-1.0-0-dev qtbase5-dev qttools5-dev pkgconf systemd-dev udev zenity wget -y
  • Install from Repo (optional)
wget https://launchpad.net/~bigmdm/+archive/ubuntu/imsprog/+files/imsprog_1.4.4-4_amd64.deb -O imsprog.deb && sudo dpkg -i imsprog.deb && sudo apt --fix-broken install -y && sudo dpkg --configure -a
  • Build from Source (optional)
git clone https://github.com/bigbigmdm/IMSProg.git && cd IMSProg
cd IMSProg_programmer
mkdir build
cd build
cmake ..
make -j`nproc`
sudo make install


Flashrom

sudo apt update
sudo apt install flashrom -y

Note

  • chip type depends on your EEPROM type detected by flashrom like GD25B128B/'GD25Q128B', GD25Q127C/'GD25Q128C' you may add it to the -c flags before backup or flashing
  • To Detect the Flash Chip execute the command below:
flashrom -VV -p ch341a_spi -r backup.bin
  • Backup the Dump firmware:
flashrom -VV -p ch341a_spi -c GD25B128B/GD25Q128B -r MIR4C-dump.bin
  • Flash Newly Dump firmware:
flashrom -VV -p ch341a_spi -c GD25B128B/GD25Q128B -v -E -w /home/user/Downloads/MIR4C-dump.bin



Termux

flash the firmware without the programmer

Requirements

  • Access Point Router/CPE (Wired Bridge) (required) if ALL exist in the MTD partition tables
  • CH341A Programmer (optional) if there's no ALL existed in the MTD partition tables
  • Termux

• Dependencies:

apt update && apt upgrade -y && apt install git wget curl python3 python-pip inetutils -y

Notes

[!Note]

  • To check mtd partitions cat /proc/mtd
  • If mtd ALL partition is found you can flash it easily, if not otherwise flash the eeprom with CH341a programmer
  • MTD ALL Partition can flash all 16MB dump firmware from the download section
  • Keenetic Breed Programmer Firmware can Flash all 16MB dump firmware from the download section
  • All 16MB firmware dump are stable for transitioning
  • You can use wget, scp, http fileserver to import firmware into /tmp directory and flash

way to import the firmware

opt 1

opt 2

  • cd storage/downloads && python3 -m http.server (dhcp ip assign):8000 e.g: wget 192.168.1.111:8000/16mb_firmware.bin

opt 3

  • cd /tmp && wget https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flash

  • mtd -e ALL -r write /tmp/16mb_firmware.bin ALL



Transition from Stock to other Firmware

• Using my Modified version of openwrt-invasion

termux-setup-storage && pkg update && pkg upgrade && pkg install curl && curl https://raw.githubusercontent.com/xiv3r/termux-openwrt-invasion/refs/heads/main/openwrt-invasion.sh | sh && cd openwrt-invasion

Reset the Xiaomi 4C Router and configure with a password of 12345678

python3 remote_command_execution_vulnerability.py

• Getting root access via Telnet

 telnet 192.168.31.1

  • login:root

  • password:root

  • Download the firmware from Here!

    • e.g
cd /tmp && wget -O Keenetic.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flash

mtd -e ALL -r write /tmp/keenetic.bin ALL
  • Wait for 15 minutes until the reboot will prompted
  • Goto 192.168.1.1

Openwrt/Xwrt/Immortalwrt/Pcwrt to Keenetic and other Firmware

telnet 192.168.1.1

  • user:root

  • pass:your admin password

  • Bootloader breed installation

opkg update && opkg install kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
cd /tmp && wget -O breed.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/blob/main/Xiaomi_4C_Router_Breed_Env_Variables.bin

Flash

mtd -r write /tmp/breed.bin bootloader
  • Router will reboot
  • Goto 👉 192.68.1.1 > upgrade > Programmer firmware > import keenetic 16MB dump from download
  • Unchecked skip bootloader
  • Unchecked skip eeprom
  • Upload

OpenWRT WiFi tx power mod to 30dBm

wget -qO- https://raw.githubusercontent.com/xiv3r/20dBm-30dBm-Xiaomi-Mi-4C-Router-Mod/refs/heads/main/mtd2-mod.sh | sh



Keenetic to Openwrt and other Firmware

  • Hold the reset button for 5 seconds while powering on the router
  • Goto 👉192.168.1.1 > upgrade > programmer firmware > import openwrt 16MB dump from download
  • Unchecked skip bootloader
  • Unchecked skip eeprom
  • Apply

Padavan to other Firmware

  • telnet 192.168.1.1 and login your credentials
  • Import 16mb dump firmware.bin to /tmp
  • e.g cd /tmp && wget -O keenetic.bin https://github.com/xiv3r/Xiaomi-Mi-Router-4C-CH341A-Flasher/releases/download/V1/Full-KeeneticOS_4.1.7_MOD.bin

Flash

mtd -e ALL -r write /tmp/keenetic.bin ALL

USB MOD

USB Mod support for USB Ethernet (USB Tethering/RNDIS), USB Modem (4G/LTE/5G) and USB storage (NAS).



⚠️ FIRMWARE DISTRIBUTION DISCLAIMER

This firmware is provided for non-commercial use only. Redistribution is strictly prohibited.

  • You may Install this firmware on devices for which it was intended.

By using this firmware, you acknowledge that:

  • Unauthorized distribution violates intellectual property rights.
  • The provider assumes no liability for damages from misuse.

About

OPENWRT, XWRT, IMMORTALWRT, PADAVAN, KEENETIC, STOCK, PCWRT Installation & Recovery Firmware for Xiaomi Mi Router 4C using CH341A Mini Programmer

Resources

Readme
Activity

Stars

34 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases 1

Flasher and Firmware Latest
Aug 10, 2023

Packages

No packages published

Languages