Twilight Blog

Be careful of what you hate, because you are likely to be shaped by it

Front firmware with rear door? So I compiled the N1 OpenWrt firmware myself

Toss and turn 68 comments

At the beginning of 2019, Feixun N1 has been serving as a route beside my family for three years, undertaking scientific Internet access work. During the National Day last year, because the previous firmware of Scientific Internet does not support the trojan protocol, we found a netizen in Enshan to self compile the firmware and update it to N1. The new firmware has many third-party plug-ins built in, including Scientific Internet, AdGuard Home, music unlocking, etc. that support multiple protocols. However, I can't use other functions except Scientific Internet.

This summer, when I accidentally looked through the logs on the main route, I found that different Huawei devices often connected to my home network. At first, I thought that the family WiFi password was leaked, so I changed the password and stopped the SSID broadcast. However, Huawei devices will continue to come in, including various Huawei mobile phones and tablets.

WX20211128-190042.png
(Main route log, connection records of various Huawei devices)

Later, I still suspected that WiFi had been compromised, or that the DHCP of the main route had a bug. I didn't take it seriously in the past six months.
Until I came home from work a few days ago, I was surprised to find that my little love speaker was playing movie audio by itself. After some research, it was found that the movie was broadcast to my speakers via LAN DLNA. This caused me great discomfort, and it all pooped on my head.

So I wrote a script to monitor the connection of the device. When an unknown device was connected, I was notified. Later, when Huawei devices were connected, I checked the network communication records of Huawei devices for the first time and found that Huawei devices communicated with IP addresses all over the country. My home is most likely to be opened to the public network by the backdoor program and put into the proxy IP pool. I pulled the network cable back and forth several times at home, and finally locked these Huawei devices from N1, because as long as I pulled out the N1 network cable, I could not ping Huawei devices.

Boy, I've been a broiler for a year.

It should be mentioned here that these so-called "Huawei devices" may not be real Huawei devices, but the Hostname and MAC address invented by the backdoor program itself.

Which is the old firmware?

In fact, I didn't want to release the old firmware model, because the author released firmware in Enshan. There are many users, and no other users have reported similar problems. The backdoor program may not exist in the firmware itself, but may be integrated with various third-party plug-ins, and the author may not know it. But I think it's better to post it after a long time. If other netizens have similar problems, I can also give them a reference.

The old firmware model is "OpenWrt R20.10.1 National Day Mid Autumn Festival Special Edition by gd772". The post in Enshan is [N1 box] [2021-08-14] Openwrt firmware of N1 box supports online upgrade!

In this statement, I strongly doubt that there is a backdoor in a built-in plug-in. I can't check which plug-in. I don't doubt that the author intends to put a backdoor in the compiled firmware.

Self compiling new firmware

Since then, I feel more comfortable compiling firmware by myself. At least, I don't need to build extra plug-ins to increase unnecessary risks. I used Parallel to open an Ubuntu virtual machine and pulled the code from Lede. For safety and purity, I only compiled the scientific Internet plug-in. The whole compilation process took more than 4 hours. After the compilation, the compiled OpenWrt was made into an image and written to the USB flash drive using the Armbian kernel and image production tool of the famous user Flippy of Enshan. Insert the USB flash disk into Fijian N1, restart the USB flash disk, connect to OpenWrt SSH, use the EMMC of Flippy to write the script with one click, and write OpenWrt into the N1 storage. The whole process from compiling firmware to writing N1 took a long time, which made me very tired. The firmware compiled for the first time failed to be written to EMMC. The main reason is that some dependent tools written to EMMC were not compiled, such as partition tools such as fdisk and bikid, and file systems.

61E91BED-A79E-4B15-B795-BE4EAC602776.png
(LEDE compilation and image production process)

The self compiled firmware is very clean. If nothing happens, it will still serve me as a bypass gateway for a long time.

WX20211128-184106.png
(Self compiled new firmware interface)

Finally, I have to say that by the end of 2021, various ways of playing N1 will be mature. At the beginning of 2019, writing OpenWrt firmware to EMMC was a very laborious task. Now thanks to the efforts of some big men, this task has been very simple.

Finally, I uploaded the firmware to the cloud disk.
Baidu Cloud: https://pan.baidu.com/s/1_rmBpJ5RmEW8EP6UOA-Wag?pwd=atm7
Tianyi Cloud: https://cloud.189.cn/web/share?code=vIJbimjeMrQ3 (Access code: cmp9)

After downloading, unzip the file to an. img file and create an image disk.
Default IP: 192.168.123.2
Default account password: root/password

Forever length
Comment area
Select emoticon Select emoticon
  1. dkiiio

    Thanks for sharing, and I want to ask what you need to do if you want to install the normal full function openwrt icon_razz.gif

    reply
    1. kangaroo
      @dkiiio

      Re brush the firmware.

      reply
  2. kk

    thank you

    reply
  3. six

    It should be the real hammer back door
    https://www.right.com.cn/forum/thread-4068258-1-1.html
    Brush package name N1_Openwrt_R20.7.20_k5.7.15-flippy-41+

    reply
  4. weeper

    Thanks for sharing, thanks for revealing.
    I always compile firmware myself

    reply
    1. zepzep
      @weeper

      Hello, are there any compiled tutorials you can share? Now, the n1 firmware in the forum can't be used for studying abroad. This firmware will be restarted by SFE on my n1. I want to try compiling one myself. thank!!

      reply
      1. weeper
        @zepzep

        Refer to the following link:
        https://zhujitips.com/2410
        https://www.right.com.cn/forum/thread-4050986-1-1.html
        https://blog.isayme.org/posts/issues-65/
        https://zhujitips.com/2156
        https://www.yitoujing.com/article/18

        In addition, armbian recommends downloading the version on github directly:
        https://github.com/ophub/amlogic-s9xxx-armbian

        reply
        1. zepzep
          @weeper

          Thank you very much

          reply
  5. ccc

    Thank you very much for the clean firmware, only ssr, which is very fast. The forum recently has a website that can customize firmware, which is very convenient. But after using it, I found that the background always connected to an xyz website, which was blocked in the host. I still felt uncomfortable, and I still had to do it myself. thank you.

    reply
  6. six

    Can I upgrade the plug-in version online, or do I need to recompile icon_razz.gif

    reply
    1. weeper
      @6

      If you want to update online instead of recompiling, it is recommended to change to passwall1, which can be upgraded online in the program

      reply
    2. kangaroo
      @6

      Those that cannot be upgraded online need to be recompiled.

      reply
  7. Alex

    What tools does emmc depend on? I haven't been able to brush successfully

    reply
    1. kangaroo
      @Alex

      It's been a long time since I wrote the article. I'm not very impressed. It should be the fdisk and bikid partitioning tools mentioned in this article, as well as a file system (probably ntfs).

      reply
  8. one

    Thank you very much. Finally, we found a pure firmware that can be flushed into EMMC from the USB flash disk

    reply
  9. JAFG

    Boss. I am a novice, and two N1 boxes have brushed this firmware. After brushing the machine, set a bypass route, and restart only when the N1 box is connected. The box connected TV displays "Unable to handle kernel NULL point reference at virtual address 00000000000004"

    reply
    1. JAFG
      @JAFG

      Thank you for your advice! QQ 24245720@qq.com

      reply
      1. kangaroo
        @JAFG

        Hello, I'm not an expert of openwrt, so I can't solve this problem. Sorry.
        Try to remove other firmware.

        reply
  10. Ji Liang

    Hello, my Feixun N1 wants to compile an armbian firmware, can you give me some advice? How do I do it? I have Linux here, but it doesn't accompany the cross compilation environment. Please give me some advice. Thank you in advance!
    My Qq106445998

    reply
    1. kangaroo
      @Ji Liang

      You can refer to this video: https://www.youtube.com/watch?v=UOLnzWU8H4w

      Very comprehensive.

      reply
  11. WooLaLa

    No, it's settled. The DNS of LAN is not filled

    reply
  12. WooLaLa

    Hello, after I cleaned the firmware, S can't use it. The service I bought at ju * * cks can be used before. But for this firmware, the server connection test is always failed. Both V * y and S are the same

    reply
  13. Ang Tsai

    Please ask me, do you need to add one to the firewall for N1 routing?

    reply
    1. kangaroo
      @Ang Tsai

      Not needed.

      reply
      1. Ang Tsai
        @Kangaroo

        Here's another question for you, boss. I'm also troubled by many plug-ins in openwrt that I can't use in the forum. It's refreshing to find your firmware. But I would like to know if I want to install new plug-ins (such as docker and KMS) later, are there any related tutorials for reference?

        reply
        1. kangaroo
          @Ang Tsai

          My firmware does not support installing additional third parties. To use other plug-ins, you may have to recompile the new firmware yourself.

          reply
  14. ld656

    Good people make great fortunes. I have always considered the security issue. Free things are the most expensive Xiaomi 2100 firmware in the world. Bring a Swiss army knife directly. Ask a friend if smartdns is useful

    reply
    1. kangaroo
      @ld656

      Hello, my firmware is specially for n1. In addition, the firmware does not come with smartdns.

      reply
      1. ld656
        @Kangaroo

        Hello, Scientific * * has opened, but Google Baidu failed to test the link. Many firmware have tried. Some Baidu can connect to the Internet, but not to the Internet. Is it my scientific Internet plug-in that needs to be set? I add it manually

        reply
        1. kangaroo
          @ld656

          Generally, the configuration is incorrect. Check the plug-in configuration.

          reply
          1. ld6566
            @Kangaroo

            You don't know what's the matter with you. It's free. It can run 6000 to 9000 for 4k seconds. The driving speed is better than my Asus ax. If you are going to get an advertisement, you will be happy. You can watch TV. No, I have thousands of apps. It's great

            reply
            1. kangaroo
              @ld6566

              Yes, you can reply directly to my app.

              reply
      2. Coming 56
        @Kangaroo

        Hello, can't the firmware be started by USB flash drive

        reply
        1. Coming 56
          @Coming 56

          The firmware is too clean. I hope it's safe. Thank you for contacting me with network devices. I like to deal with many devices

          reply
  15. micro

    Computer SSH login 192.168.123.2, input/ Inst-to-emmc.sh Enter and wait for the completion of writing.

    reply
  1. one
  2. two