!!WARNING!!
For unknown reasons this instruction will lead to bootloop in most cases!! I could not figure the reason for this. Don’t follow unless you’re familiar with SPI flasing, etc…
Modifying filesystem:
First thing you MUST do once you got root access is to BACKUP EVERYTHING.
- Check MTD table:
# cat /proc/mtd
dev: size erasesize name
mtd0: 000a0000 00020000 "bootloader"
mtd1: 00020000 00020000 "boot_info"
mtd2: 00020000 00020000 "factory"
mtd3: 00020000 00020000 "mtd_oops"
mtd4: 00100000 00020000 "bbt"
mtd5: 00300000 00020000 "linux_1"
mtd6: 01900000 00020000 "rootfs_1"
mtd7: 00300000 00020000 "linux_2"
mtd8: 01900000 00020000 "rootfs_2"
mtd9: 00100000 00020000 "homekit"
mtd10: 03820000 00020000 "AppData"
- Copy EACH partition somewhere:
run on your linux device:
nc -l -p 2222 | dd of=mtd0(1,2,3...)
run on Mi Gateway:
dd if=/dev/mtd0(1,2,3...) | nc linux_device_ip 2222
- Check your boot configuration:
# boot_ctrl show
vernum: 0
bversion: 1.0.2.005
kernel: 0 0
rootfs: 0 0
kernel_0: 0 c8cf 2157572
kernel_1: 3 e87e 2126852
rootfs_0: 0 62c6 8552452
rootfs_1: 0 a40a 7704580
root_sum_check: off
priv_mode: on
If your “kernel” and “rootfs” has “0 0” it means your active kernel is kernel_0 and active root_fs is rootfs_0. If “kernel” and “rootfs” are “1 1” then your active kernel is kernel_1 and active root_fs is rootfs_1.
Do NOT make any modifications to kernel! Contrary to rootfs, kernel’s checksum is checking at every boot!
4. On your linux machine, unpack your ACTIVE root filesystem (rootfs_0 or rootfs_1):
sudo unsquashfs mtd6.bin
always run unsqashfs with root priveleges, because filesystem comtails “special” files wich cannot be accessed by normal user
5. “cd” to “squashfs-root” and make your changes. I did following:
- Delete bin/tty0_disable. This app disables internal console for embedded UART0. You don’t need it
rm bin/tty0_disable
touch bin/tty0_disable
chmod +x bin/tty0_disable
- edit etc/init.d/rcS and add “telnetd” line somewhere after network interfaces configuration block.
- edit usr/app/bin/startup.sh and remove/comment out following line:
echo disable > /sys/class/tty/tty/enable
- add following at the end of usr/app/bin/startup.sh, before “exit 0”:
/data/post_startup.sh
/data partition is writable, so so will not have to recompile rootfs next time when you want to run something on boot.
5. edit etc/mosquitto/mosquitto.conf and remove/comment out “listen 127.0.0.1”. Or (as I did), make a symlink of this file to /data partition.
6. When you ready with modifications, compile filesystem:
sudo mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments -no-xattrs -comp xz
-no-xattrs and -comp xz are most important options. do NOT change them!
7. upload modified partition to gateway using netcat and dd to some temp location, but NOT to mtd device directly! for example to /var/tmp
8. using dd, copy partition to corresponding block device:
-if active rootfs is 0:
dd if=/var/tmp/new_rootfs of=/dev/mtdblock6
-if active rootfs is 1:
dd if=/var/tmp/new_rootfs of=/dev/mtdblock8
-
Wait few minutes after you finish. Do not reboot yet! You need to check if everything is ok. Dump again active rootfs (/dev/mtd6 or /dev/mtd8) and check if it has a data inside. If dump is empty - repeat steps 7-8-9!
Important:
-use /dev/mtdX to READ data
-use /dev/mtdbockX to WRITE data -
REBOOT!