小米路由器一天发了 2.4 万个请求到 api.miwifi.com

2021-01-18 22:30:16 +08:00
 doublleft
最近在家里部署了 Adguard Home,一天后发现拦截记录,小米路由器向 api.miwifi.com 发出了 2.4 万个请求


就是类似这种请求,每 8 秒请求 2 次。



我在服务器上进行抓包了几个详细的 url:

http://api.miwifi.com/rom_config?info=eyJkZXZpY2VfaWQiOiI3NjE4ZTg2ZS03ODFmLTM1NjUtNTdkNS01NTVjYmNkOTE2MjUiLCJzbiI6IjIzMzY1XC9DOVRTMzIxOTEiLCJoYXJkd2FyZSI6IlIyMTAwIiwicm9tIjoiMi4wLjc0MyIsImNoYW5uZWwiOiJyZWxlYXNlIiwiY291bnRyeV9jb2RlIjoiQ04iLCJ0cyI6MH0%3D

接口会返回:

{"code":0,"signature":"w4su32697uWpKkhe2lkwYIq/ESFRqugLa/sjclKHrI7PJXC07/NJK2//Tz4rNbhxjkY4ApUkwRsqVW7YO8LrNLa0Z9uHCfWc4/yxtO7YrL7N0JqMIQYogBSTot7TQIOQNxqBwhGrX6Bklw9xVGkmkFKPAFkvftB0OhKvnRomO80KqmWu1vTlhrAORhu1rYnlJsb6KMCrKN66L+OuFlT5wtxp3Zgjf2KFVaw9l0/lqLr+wAv/LB2EopFP6zkQ5dlsfpI/2fm9E3i9Yd9NnJ2J/akQHRxyV2QTOixi02zpbJJBJoeAEeUifstNOJZu7qTeohRV/dNkHO7WWu1nDkb9og==","config":"eyJ2YXMiOnsic2hvcHBpbmdfYmFyIjp7InNlcnZpY2UiOnsib2ZmIjoibWF0b29sIC0tbWV0aG9kIHNldEtWIC0tcGFyYW1zIGdvdXd1ZGFuZ19zdGF0dXMgb2ZmOyAvdXNyL2Jpbi90cm1kIC1mOyAvdXNyL2Jpbi90cm1kIiwib24iOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgZ291d3VkYW5nX3N0YXR1cyBvbjsgL3Vzci9iaW4vdHJtZCAtZjsgL3Vzci9iaW4vdHJtZCJ9LCJydWxlcyI6eyJjb3VudHJ5Y29kZSI6IkNOIn0sInN0YXR1cyI6LTN9LCJiYWlkdV92aWRlb19iYXIiOnsic2VydmljZSI6eyJvZmYiOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgYmFpZHVfdmlkZW9fYmFyIG9mZjsgL3Vzci9iaW4vdHJtZCAtZjsgL3Vzci9iaW4vdHJtZCIsIm9uIjoibWF0b29sIC0tbWV0aG9kIHNldEtWIC0tcGFyYW1zIGJhaWR1X3ZpZGVvX2JhciBvbjsgL3Vzci9iaW4vdHJtZCAtZjsgL3Vzci9iaW4vdHJtZCJ9LCJydWxlcyI6eyJjb3VudHJ5Y29kZSI6IkNOIn0sInN0YXR1cyI6LTN9LCJ1c3RhY2siOnsic2VydmljZSI6eyJvZmYiOiIvZXRjL2luaXQuZC91c3RhY2sgb2ZmOy9ldGMvaW5pdC5kL2h0dHBfdXJsX3Byb3h5IG9mZiJ9LCJydWxlcyI6eyJjb3VudHJ5Y29kZSI6IkNOIn0sInN0YXR1cyI6LTN9LCJhZF9vbl9vZmYiOnsic2VydmljZSI6eyJvZmYiOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgYWRfb25fb2ZmIG9mZjsvdXNyL2Jpbi90cm1kIC1mOyAvdXNyL2Jpbi90cm1kO3VjaSBzZXQgc2VjdXJpdHkuY29tbW9uLmFkX29uX29mZj0wO3VjaSBjb21taXQgc2VjdXJpdHk7IC9ldGMvaW5pdC5kL3NlY3VyaXR5cGFnZSByZXN0YXJ0Iiwib24iOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgYWRfb25fb2ZmIG9uOy91c3IvYmluL3RybWQgLWY7IC91c3IvYmluL3RybWQ7dWNpIHNldCBzZWN1cml0eS5jb21tb24uYWRfb25fb2ZmPTE7dWNpIGNvbW1pdCBzZWN1cml0eTsgL2V0Yy9pbml0LmQvc2VjdXJpdHlwYWdlIHJlc3RhcnQifSwicnVsZXMiOnsiY291bnRyeWNvZGUiOiJDTiJ9LCJzdGF0dXMiOi0zfSwic2VydmljZV9hZ2dyZSI6eyJzZXJ2aWNlIjp7Im9mZiI6Im1hdG9vbCAtLW1ldGhvZCBzZXRLViAtLXBhcmFtcyBzZXJ2aWNlX2FnZ3JlX3N0YXR1cyBvZmY7IC9ldGMvaW5pdC5kL2h0dHBfZXZlbnRfcHJveHkgb2ZmIn0sInJ1bGVzIjp7ImNvdW50cnljb2RlIjoiQ04ifSwic3RhdHVzIjotM30sInNlY3VyaXR5X3BhZ2UiOnsic2VydmljZSI6eyJvZmYiOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgc2VjdXJpdHlfcGFnZV9zdGF0dXMgb2ZmO3JtIC9ldGMvY29uZmlnL3NlY3VyaXR5cGFnZS9lbmFibGUudGFnOyAvZXRjL2luaXQuZC9zZWN1cml0eXBhZ2Ugc3RvcCIsIm9uIjoibWF0b29sIC0tbWV0aG9kIHNldEtWIC0tcGFyYW1zIHNlY3VyaXR5X3BhZ2Vfc3RhdHVzIG9uOyJ9LCJydWxlcyI6eyJjb3VudHJ5Y29kZSI6IkNOIn0sInN0YXR1cyI6LTN9LCJpbnZhbGlkX3BhZ2UiOnsic2VydmljZSI6eyJvZmYiOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgaW52YWxpZF9wYWdlX3N0YXR1cyBvZmY7IC9ldGMvaW5pdC5kL2h0dHBfc3RhdHVzX3N0YXQgb2ZmIiwib24iOiJtYXRvb2wgLS1tZXRob2Qgc2V0S1YgLS1wYXJhbXMgaW52YWxpZF9wYWdlX3N0YXR1cyBvbjsgL2V0Yy9pbml0LmQvaHR0cF9zdGF0dXNfc3RhdCBvbiIsInN0YXR1cyI6InVjaSBnZXQgaHR0cF9zdGF0dXNfc3RhdC5zZXR0aW5ncy5lbmFibGVkIDI+L2Rldi9udWxsIn0sInJ1bGVzIjp7ImNvdW50cnljb2RlIjoiQ04ifSwic3RhdHVzIjotM30sIm5ld3NfYmFyIjp7InNlcnZpY2UiOnsib2ZmIjoibWF0b29sIC0tbWV0aG9kIHNldEtWIC0tcGFyYW1zIG5ld3NfYmFyIG9mZjsgL3Vzci9iaW4vdHJtZCAtZjsgL3Vzci9iaW4vdHJtZCIsIm9uIjoibWF0b29sIC0tbWV0aG9kIHNldEtWIC0tcGFyYW1zIG5ld3NfYmFyIG9uOyAvdXNyL2Jpbi90cm1kIC1mOyAvdXNyL2Jpbi90cm1kIn0sInJ1bGVzIjp7ImNvdW50cnljb2RlIjoiQ04ifSwic3RhdHVzIjotM30sImFkX2ZpbHRlcl9yZXNvbHZlIjp7InNlcnZpY2UiOnsib2ZmIjoic2VkIC1pICcvYWRfZmlsdGVyLnNoL2QnIC9ldGMvY3JvbnRhYnMvcm9vdDt1Y2kgc2V0IG90YXByZWQuc2V0dGluZ3MucGx1Z2luPTA7dWNpIGNvbW1pdCJ9LCJydWxlcyI6eyJjb3VudHJ5Y29kZSI6IkNOIn0sInN0YXR1cyI6LTN9LCJVUElGIjp7InNlcnZpY2UiOnsib2ZmIjoiL2V0Yy9pbml0LmQvd3Jzc3Qgc3RvcDt1Y2kgZGVsZXRlIG90YXByZWQuc2V0dGluZ3MudXBkYXRldXJsJiZ1Y2kgY29tbWl0Iiwib24iOiIiLCJzdGF0dXMiOiIifSwicnVsZXMiOnsiY291bnRyeWNvZGUiOiJDTiJ9LCJzdGF0dXMiOi0zfX19","ts":1610979519588}
20612 次点击
所在节点    问与答
96 条回复
PureWhiteWu
2021-01-18 22:33:16 +08:00
{"device_id":"7618e86e-781f-3565-57d5-555cbcd91625","sn":"23365\/C9TS32191","hardware":"R2100","rom":"2.0.743","channel":"release","country_code":"CN","ts":0}
nvkou
2021-01-18 22:33:30 +08:00
eyj 开头是符号{ 多见于 json b64 解码下能看更多
PureWhiteWu
2021-01-18 22:33:54 +08:00
{"vas":{"shopping_bar":{"service":{"off":"matool --method setKV --params gouwudang_status off; /usr/bin/trmd -f; /usr/bin/trmd","on":"matool --method setKV --params gouwudang_status on; /usr/bin/trmd -f; /usr/bin/trmd"},"rules":{"countrycode":"CN"},"status":-3},"baidu_video_bar":{"service":{"off":"matool --method setKV --params baidu_video_bar off; /usr/bin/trmd -f; /usr/bin/trmd","on":"matool --method setKV --params baidu_video_bar on; /usr/bin/trmd -f; /usr/bin/trmd"},"rules":{"countrycode":"CN"},"status":-3},"ustack":{"service":{"off":"/etc/init.d/ustack off;/etc/init.d/http_url_proxy off"},"rules":{"countrycode":"CN"},"status":-3},"ad_on_off":{"service":{"off":"matool --method setKV --params ad_on_off off;/usr/bin/trmd -f; /usr/bin/trmd;uci set security.common.ad_on_off=0;uci commit security; /etc/init.d/securitypage restart","on":"matool --method setKV --params ad_on_off on;/usr/bin/trmd -f; /usr/bin/trmd;uci set security.common.ad_on_off=1;uci commit security; /etc/init.d/securitypage restart"},"rules":{"countrycode":"CN"},"status":-3},"service_aggre":{"service":{"off":"matool --method setKV --params service_aggre_status off; /etc/init.d/http_event_proxy off"},"rules":{"countrycode":"CN"},"status":-3},"security_page":{"service":{"off":"matool --method setKV --params security_page_status off;rm /etc/config/securitypage/enable.tag; /etc/init.d/securitypage stop","on":"matool --method setKV --params security_page_status on;"},"rules":{"countrycode":"CN"},"status":-3},"invalid_page":{"service":{"off":"matool --method setKV --params invalid_page_status off; /etc/init.d/http_status_stat off","on":"matool --method setKV --params invalid_page_status on; /etc/init.d/http_status_stat on","status":"uci get http_status_stat.settings.enabled 2>/dev/null"},"rules":{"countrycode":"CN"},"status":-3},"news_bar":{"service":{"off":"matool --method setKV --params news_bar off; /usr/bin/trmd -f; /usr/bin/trmd","on":"matool --method setKV --params news_bar on; /usr/bin/trmd -f; /usr/bin/trmd"},"rules":{"countrycode":"CN"},"status":-3},"ad_filter_resolve":{"service":{"off":"sed -i '/ad_filter.sh/d' /etc/crontabs/root;uci set otapred.settings.plugin=0;uci commit"},"rules":{"countrycode":"CN"},"status":-3},"UPIF":{"service":{"off":"/etc/init.d/wrsst stop;uci delete otapred.settings.updateurl&&uci commit","on":"","status":""},"rules":{"countrycode":"CN"},"status":-3}}}
doublleft
2021-01-18 22:34:35 +08:00
base64 解码后如下,给大家分析分析
```
{
"vas": {
"shopping_bar": {
"service": {
"off": "matool --method setKV --params gouwudang_status off; /usr/bin/trmd -f; /usr/bin/trmd",
"on": "matool --method setKV --params gouwudang_status on; /usr/bin/trmd -f; /usr/bin/trmd"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"baidu_video_bar": {
"service": {
"off": "matool --method setKV --params baidu_video_bar off; /usr/bin/trmd -f; /usr/bin/trmd",
"on": "matool --method setKV --params baidu_video_bar on; /usr/bin/trmd -f; /usr/bin/trmd"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"ustack": {
"service": {
"off": "/etc/init.d/ustack off;/etc/init.d/http_url_proxy off"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"ad_on_off": {
"service": {
"off": "matool --method setKV --params ad_on_off off;/usr/bin/trmd -f; /usr/bin/trmd;uci set security.common.ad_on_off=0;uci commit security; /etc/init.d/securitypage restart",
"on": "matool --method setKV --params ad_on_off on;/usr/bin/trmd -f; /usr/bin/trmd;uci set security.common.ad_on_off=1;uci commit security; /etc/init.d/securitypage restart"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"service_aggre": {
"service": {
"off": "matool --method setKV --params service_aggre_status off; /etc/init.d/http_event_proxy off"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"security_page": {
"service": {
"off": "matool --method setKV --params security_page_status off;rm /etc/config/securitypage/enable.tag; /etc/init.d/securitypage stop",
"on": "matool --method setKV --params security_page_status on;"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"invalid_page": {
"service": {
"off": "matool --method setKV --params invalid_page_status off; /etc/init.d/http_status_stat off",
"on": "matool --method setKV --params invalid_page_status on; /etc/init.d/http_status_stat on",
"status": "uci get http_status_stat.settings.enabled 2>/dev/null"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"news_bar": {
"service": {
"off": "matool --method setKV --params news_bar off; /usr/bin/trmd -f; /usr/bin/trmd",
"on": "matool --method setKV --params news_bar on; /usr/bin/trmd -f; /usr/bin/trmd"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"ad_filter_resolve": {
"service": {
"off": "sed -i '/ad_filter.sh/d' /etc/crontabs/root;uci set otapred.settings.plugin=0;uci commit"
},
"rules": {
"countrycode": "CN"
},
"status": -3
},
"UPIF": {
"service": {
"off": "/etc/init.d/wrsst stop;uci delete otapred.settings.updateurl&&uci commit",
"on": "",
"status": ""
},
"rules": {
"countrycode": "CN"
},
"status": -3
}
}
}
```
MaiKuraki
2021-01-18 22:34:55 +08:00
可能是劫持,投放广告?
https://zhuanlan.zhihu.com/p/20091644
doublleft
2021-01-18 22:35:54 +08:00
@MaiKuraki #5
应该是新招数,看起来像是控制什么的开关

@nvkou #2
我把详细的响应贴上来,可能有点长,但是做个备份
ysc3839
2021-01-18 22:37:49 +08:00
正常了,毕竟“智能”路由器。
我要买国产路由器也只会买能刷第三方系统的,拒绝使用原厂系统。
Jirajine
2021-01-18 23:04:01 +08:00
这个显然是后门控制。控制购物、百度视频、广告等“服务”,动态返回开启 /关闭这些服务的命令、匹配规则(仅 CN 地区)、当前状态等信息。
doublleft
2021-01-18 23:10:17 +08:00
@Jirajine #8 除此之外,还向 baidu.comtaobao.com 轮询请求
Jirajine
2021-01-18 23:16:40 +08:00
@doublleft 建议你刷 openwrt,从上面的命令来看小米路由器的 ROM 就是基于 openwrt 定制的。
CEBBCAT
2021-01-18 23:31:26 +08:00
@ysc3839 这样的吐槽无助于事情的解决
renmu123
2021-01-18 23:33:19 +08:00
https://www.v2ex.com/t/199701
kimoCHG
2021-01-18 23:39:12 +08:00
楼主说下路由器哪个型号,系统哪个版本?
q409195961
2021-01-18 23:40:50 +08:00
刚买了 AX3600,实测信号不如 K2P

果断小黄鱼抛了😭
derekwei
2021-01-18 23:42:34 +08:00
参考 QQ,顺手举报 http://pip.tc260.org.cn/jbxt/privacy/ysjb
S179276SP
2021-01-18 23:46:37 +08:00
不知道小米手机如何?
S179276SP
2021-01-18 23:49:54 +08:00


这是华为手机的
Lemeng
2021-01-19 00:40:15 +08:00
可能就是因为拦截了,才会有这么多次?没做被拦截的逻辑?真的有点多
JensenQian
2021-01-19 01:55:00 +08:00
做 ap 吧,能刷的还是刷了
ysc3839
2021-01-19 05:36:52 +08:00
@CEBBCAT
我个人认为最终解决方案是更换系统。这又不是像 QQ 那样可以在不影响功能的前提下禁止这些行为。
如果你认为有更好的解决方法,不妨说说看?

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/746094

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX