The Xiaomi Gateway 3 is the central device of the Mi Home ecosystem, but its standard settings often limit the capabilities of advanced users. Activation of the Telnet protocol allows you to gain low-level access to the system, change configurations, integrate devices with alternative platforms (for example, Home Assistant), or fix software failures. However, the unlocking process requires caution: improper actions can lead to a loss of warranty or βbrickingβ of the device.
In this article, you will find current methods for opening Telnet for Gateway 3 (model lumi.gateway.mgl03), including alternative methods for closed-port firmware. We will discuss the necessary tools, step-by-step commands, and typical errors and their solutions. If you are new to network protocols, we recommend that you first familiarize yourself with the basic principles of SSH/Telnet and configuration backup.
Why Telnet on Xiaomi Gateway 3 is blocked by default
Xiaomi is deliberately cutting off Telnet access for the security and control of the ecosystem, and these are the key reasons:
- π Protection against unauthorized access: Open port 23 can be a target for botnet attacks (e.g. Mirai).
- π¦ Xiaomi aims to keep users in its ecosystem by limiting integration with third-party systems.
- π οΈ Stability: Changing system files can disrupt gateway and connected devices.
- π License Restrictions: Some software components have proprietary licenses that prohibit modifications.
But enthusiasts find workarounds, like in the firmware before the version. 1.5.6_0046 Telnet could be activated via miio protocol, but newer versions require more complex manipulations, including firmware or exploiting vulnerabilities.
Preparation for Unlocking: Tools and Requirements
Before starting the procedure, make sure you have:
- π₯οΈ Windows computer 10/11, macOS or Linux (Ubuntu recommended) 22.04+).
- π Xiaomi Gateway Gateway 3 firmware 1.5.6_0046 or below (check in Mi Home) β Gateway settings β About the device).
- π‘ Stable connection to a single network (Wi-Fi or Ethernet) for gateway and PC.
- π οΈ Utility: Telnet client (built into Windows, for Linux/macOS β telnet from the terminal. Python 3.8+ with python-miio library (pip install python-miio) Fiddler or Charles Proxy for traffic interception (optional).
β οΈ Note: If your gateway is running on firmware newer 1.5.6_0046, Miio protocol will not work, and this will require a downgrade of firmware or the use of alternative exploits (see "Methods for new firmware" section").
βοΈ Pre-testing
Method 1: Activation of Telnet via miio protocol (firmware to the 1.5.6_0046)
This method works for most devices purchased before 2022.The algorithm is based on sending special commands through the MiIO protocol, which is used to control Xiaomi devices.
Steps:
- Get a gateway token: Download the Mi Home Token Extractor (Android) app. Log in to your Mi Home account and find the gateway in the device list. Copy Token (32-digit hex key).
Connect to the gateway through Python
from miio import ChuangmiPlug
ip = "192.168.x.x" # IP- gateway address
token = "YOUR_TOKEN_HERE" # Your token
gateway = ChuangmiPlug(ip, token)
gateway.send("miIO.open_telnet")If the command is successful, the Telnet server is activated on port 23.
Connect to Telnet.
telnet 192.168.x.xDefault Login/Password: root/empty password.
β οΈ Warning: After the gateway is restarted, Telnet may shut down again. To make the changes permanent, you need to edit the file. /etc/init.d/rcS (see next section).
π‘
If the team miIO.open_telnet It doesnβt work, try an alternative: set_telnet 1 via the same protocol.
Method 2: Change the rcS to make permanent access
To keep Telnet active after the reboot, you need to modify the autorun script, which requires open Telnet access (see Method 1).
Instructions:
- Connect to the gateway via Telnet: telnet 192.168.x.x
- Edit the rcS file: vi /etc/init.d/rcS Add a line before exit 0: telnetd -l /bin/sh -p 23
- Save the changes (:wq in vi) and reboot the gateway: reboot
After restarting, check the availability of Telnet. If the connection is not restored, make sure that:
- The rcS file has execution rights (chmod +x /etc/init.d/rcS).
- There is enough free memory in the system (check with df-h).
What should I do if I am not installed?
Ways for new firmware (1.5.6_0046 higher)
In the updated versions, Xiaomi has closed the vulnerability with miIO.open_telnet. Alternative methods:
| Method | Difficulty | Tools required | Risks. |
|---|---|---|---|
| Exploitation through UDP-packet | Medium | Python, Scapy | Possible lockdown MAC-address |
| Downgrade firmware | Tall. | Mi Home, backup | Data loss, brick risk |
| Substitution of certificates | Tall. | Fiddler, OpenSSL | Mi Home malfunction |
| Hardware method (UART) | Expert | Solding iron, USB-TTL adapter | Loss of warranty, damage to fees |
The most reliable way for beginners is downgrade firmware:
- Download the old firmware (for example, 1.5.6_0046) repository.
- In Mi Home, go to Gateway Settings β Software Update β Local File.
- Download the downloaded file and wait for the process to be completed.
β οΈ Warning: Downgrad can cause loss of tethered devices.Untie all sensors and sensors in Mi Home before the procedure!
Common mistakes and their solutions
When unlocking Telnet, users often face the following problems:
- π« Connection refused error: Check that the port 23 not blocked by firewall (netstat) -tuln | grep 23). Make sure the gateway doesn't overheat (reset it).
- π Telnet shuts down after restart: Check the rights to the rcS file (ls) -la /etc/init.d/rcS). Use cron to automatically start: echo " *telnetd" -l /bin/sh -p 23" >> /etc/crontabs/root
- π Token is not suitable: Make sure you copy the token specifically for the gateway and not for another device.Regenerate the token via Mi Home Token Extractor.
If the gateway stopped responding after manipulation, try resetting it to factory settings: press the reset button for 10 seconds before the yellow LED blinks.
π‘
Before any changes to system files, back them up with the command cp /etc/init.d/rcS /etc/init.d/rcS.bak.
Security after unlocking Telnet
An open Telnet port is a potential security threat to minimize the risks:
- π Change the root password: passwd root Use a complex password (at least 12 characters with numbers and special characters).
- π Restrict access by IP: iptables -A INPUT -p tcp --dport 23 -s 192.168.x.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 23 -j DROP Replace. 192.168.x.0/24 subnet.
- π Disable Telnet after use: Killall telnetd or delete a string from rcS if access is no longer needed.
- π‘ Use it. VPN Remote access instead of port port port transfer on the router.
β οΈ Note: If the gateway is connected to a public network (such as an office or hotel), never open Telnet without the need to open it. VPN. Attackers can scan ports and gain control of your smart home system.