在我前两天搞定TPLINK后,近期跟我聊到路由器的同学买了个红米的AX6000,想自己刷,发现自己搞不定了求助于我,于是我们一起刷这台路由器,就有了这篇教程

准备工作

首先得把小米路由器的系统降级,这位同学拿过来的时候,他降级到了1.0.60,所以降级过程就没有什么教程啦,可以去网上找找旧版的包,然后直接通过路由器管理面板的升级部分刷就行了

打开Telnet(路由器的开发者模式)

我们降级好路由器后,先要打开telnet,才能打开SSH,打开telnet的过程不要联网!!!

实测联网会打不开telnet

首先我们要登录进路由器的管理面板,在管理面板的地址栏中有我们需要的stok,例如http://192.168.31.1/cgi-bin/luci/;stok=71871cc803318e6f85e9c73d2ed7736c,这个stok=后面的内容就是我们需要的stok,我们复制下来,替换掉下面链接中的{stok},并复制到浏览器访问(访问的结果统一会显示{code: 0},四次访问都是,不再赘述,我使用的是curl)

http://192.168.31.1/cgi-bin/luci/;stok={stok}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20zz%3D%24%28dd%20if%3D%2Fdev%2Fzero%20bs%3D1%20count%3D2%202%3E%2Fdev%2Fnull%29%20%3B%20printf%20%27%A5%5A%25c%25c%27%20%24zz%20%24zz%20%7C%20mtd%20write%20-%20crash%20%3B%20

http://192.168.31.1/cgi-bin/luci/;stok={stok}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20reboot%20%3b%20

访问了以后路由器会重启,重启完了以后,我们再登录到路由器管理面板,此时stok会改变,我们复制新的stok,替换下面链接中的{stok},然后丢到浏览器访问

http://192.168.31.1/cgi-bin/luci/;stok={stok}/api/misystem/set_sys_time?timezone=%20%27%20%3B%20bdata%20set%20telnet_en%3D1%20%3B%20bdata%20set%20ssh_en%3D1%20%3B%20bdata%20set%20uart_en%3D1%20%3B%20bdata%20commit%20%3B%20

此链接跟第二条一样,都是重启用的

http://192.168.31.1/cgi-bin/luci/;stok={stok}/api/misystem/set_sys_time?timezone=%20%27%20%3b%20reboot%20%3b%20

我们打开一个能够支持telnet连接的软件,用户名和密码都是空,就可以连接进去了

自动化脚本

于是我随手撸了一个脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import httpx

host = "http://192.168.31.1"

# First time
stok = input("请输入第一次的stok: ")

BASE = host + "/cgi-bin/luci/;stok="

MTD_WRITE_ROUTE = "/api/misystem/set_sys_time?timezone=%20%27%20%3B%20zz%3D%24%28dd%20if%3D%2Fdev%2Fzero%20bs%3D1%20count%3D2%202%3E%2Fdev%2Fnull%29%20%3B%20printf%20%27%A5%5A%25c%25c%27%20%24zz%20%24zz%20%7C%20mtd%20write%20-%20crash%20%3B%20"
REBOOT_ROUTE = "/api/misystem/set_sys_time?timezone=%20%27%20%3b%20reboot%20%3b%20"
ENABLE_TALNET_ROUTE = "/api/misystem/set_sys_time?timezone=%20%27%20%3B%20bdata%20set%20telnet_en%3D1%20%3B%20bdata%20set%20ssh_en%3D1%20%3B%20bdata%20set%20uart_en%3D1%20%3B%20bdata%20commit%20%3B%20"

response = httpx.get(BASE + stok + MTD_WRITE_ROUTE)
print(response.json())
response = httpx.get(BASE + stok + REBOOT_ROUTE)
print(response.json())

# Second time
stok = input("请输入第二次的stok: ")
response = httpx.get(BASE + stok + ENABLE_TALNET_ROUTE)
print(response.json())
response = httpx.get(BASE + stok + REBOOT_ROUTE)
print(response.json())

打开SSH

打开任意telnet客户端通过telnet连接后,我们需要打开SSH

设置root密码

通过下面的命令可以设置root的密码为admin

1
$ echo -e 'admin\nadmin' | passwd root

其实就是运行passwd root,然后输入了两次admin而已,你也可以自己改

打开SSH

接着我们运行下面的命令打开SSH

1
2
3
4
5
6
7
8
9
bdata set boot_wait=on
bdata commit
nvram set ssh_en=1
nvram set telnet_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram commit
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear restart

输入后是不会有任何输出的,此时SSH就已经打开了

设置SSH开机自动启动

接着我们要设置开机开启SSH,要不然重启一下就没了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
mkdir -p /data/auto_ssh && cd /data/auto_ssh

cat <<EOF > auto_ssh.sh
#!/bin/sh

auto_ssh_dir="/data/auto_ssh"
host_key="/etc/dropbear/dropbear_rsa_host_key"
host_key_bk="${auto_ssh_dir}/dropbear_rsa_host_key"

unlock() {
    # Restore the host key.
    [ -f \$host_key_bk ] && ln -sf \$host_key_bk \$host_key

    # Enable telnet, ssh, uart and boot_wait.
    [ "\$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1 && nvram commit
    [ "\$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1 && nvram commit
    [ "\$(nvram get uart_en)" = 0 ] && nvram set uart_en=1 && nvram commit
    [ "\$(nvram get boot_wait)" = "off" ]  && nvram set boot_wait=on && nvram commit

    [ "\$(uci -c /usr/share/xiaoqiang get xiaoqiang_version.version.CHANNEL)" != 'stable' ] && {
        uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable' 
        uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version 2>/dev/null
    }

    channel=\$(/sbin/uci get /usr/share/xiaoqiang/xiaoqiang_version.version.CHANNEL)
    if [ "\$channel" = "release" ]; then
        sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
    fi

    if [ -z "\$(pidof dropbear)" -o -z "\$(netstat -ntul | grep :22)" ]; then
        /etc/init.d/dropbear restart 2>/dev/null
        /etc/init.d/dropbear enable
    fi
}

install() {
    # unlock SSH.
    unlock

    # host key is empty, restart dropbear to generate the host key.
    [ -s \$host_key ] || /etc/init.d/dropbear restart 2>/dev/null

    # Backup the host key.
    if [ ! -s \$host_key_bk ]; then
        i=0
        while [ \$i -le 30 ]
        do
            if [ -s \$host_key ]; then
                cp -f \$host_key \$host_key_bk 2>/dev/null
                break
            fi
            let i++
            sleep 1s
        done
    fi

    # Add script to system autostart
    uci set firewall.auto_ssh=include
    uci set firewall.auto_ssh.type='script'
    uci set firewall.auto_ssh.path="\${auto_ssh_dir}/auto_ssh.sh"
    uci set firewall.auto_ssh.enabled='1'
    uci commit firewall
    echo -e "\033[32m SSH unlock complete. \033[0m"
}

uninstall() {
    # Remove scripts from system autostart
    uci delete firewall.auto_ssh
    uci commit firewall
    echo -e "\033[33m SSH unlock has been removed. \033[0m"
}

main() {
    [ -z "\$1" ] && unlock && return
    case "\$1" in
    install)
        install
        ;;
    uninstall)
        uninstall
        ;;
    *)
        echo -e "\033[31m Unknown parameter: \$1 \033[0m"
        return 1
        ;;
    esac
}

main "\$@"
EOF

chmod +x auto_ssh.sh

# 设置自动启动
uci set firewall.auto_ssh=include
uci set firewall.auto_ssh.type='script'
uci set firewall.auto_ssh.path='/data/auto_ssh/auto_ssh.sh'
uci set firewall.auto_ssh.enabled='1'
uci commit firewall

这个文件你也可以放在别的位置,自己修改上面脚本里面的文件位置就行,不过要注意重启是否会消失,有些路由器重启会自动清除文件的(例如我前阵子弄的WAR308)

设置时区

最后一步是设置时区,使用下面的命令设置时区

1
2
3
4
uci set system.@system[0].timezone='CST-8'
uci set system.@system[0].webtimezone='CST-8'
uci set system.@system[0].timezoneindex='2.84'
uci commit

关闭开发者模式

使用下面的命令关闭开发者模式

1
mtd erase crash

最后是重启,直接打reboot就行了

通过SSH刷入uboot

当我们通过SSH连接进路由器后,我们需要保证路由器可以联网,然后运行下面的命令

1
$ cd /tmp && curl --silent -O https://fastly.jsdelivr.net/gh/miaoermua/unlock-redmi-ax6000@main/uboot.sh && chmod +x uboot.sh && ./uboot.sh

运行了以后,脚本会帮你备份你的分区文件,记得把它们弄出来,要不然没办法恢复原厂系统,分别是/tmp/mtd5_FIP.bin/tmp/mtd4_Factory.bin

拿出来以后,再运行下面的命令来刷入uboot,最后会弹出一行success,就说明完成了

1
2
3
mtd erase FIP
mtd write /tmp/mt7986_redmi_ax6000-fip-fixed-parts.bin FIP
mtd verify /tmp/mt7986_redmi_ax6000-fip-fixed-parts.bin FIP

进入uboot,刷入openwrt系统

进入uboot模式

先拔掉电源,然后用牙签/卡针之类的尖锐的东西,戳着reset键,然后插上电源等待15秒以上,就可以松开了,这个就可以用电脑访问uboot了

uboot模式下,路由器的灯不会亮

电脑访问uboot

在进入uboot之前,请先把自己的电脑的ip地址修改一下,因为uboot模式下没有DHCP

然后访问http://192.168.31.1进入uboot,界面应该是像下面这样的

我们尝试了下面的两个系统(因为我这个同学记错路由器的空间大小以为CatWrt的分区大小给小了于是刷了ImmortalWrt)

刷入系统

下载好你需要的系统包后,直接在uboot里面上传,上传后会读条,这个时候路由器在校验系统包和计算md5,直接点击update就可以了

第一次刷可能会出现下图这样的fail提示,我们返回重新上传刷一次就行了

刷好了访问系统包对应的ip地址就可以进入openwrt了

其他

进入openwrt后,发现这个机子的存储应该是256MB(图片是CatWrt的终端)

内存为512MB左右

END

怎么说呢,这次应该是我第一次真正去刷品牌路由器成功的,我以前刷过小米的AX3000T但是刷炸了;讲真,品牌路由器的内存和存储还是给得太小了

当然这次成功也离不开下面这些参考文档(注:里面有些链接是过期的,所以为什么我会综合起来写一篇文,就是避免其他人做到一半发现链接404不知道怎么做了)

ALL IN ALL,刷路由器还是很好玩的 :D

Ref:

https://docs.qq.com/doc/DS1RlUVhUYXp3YnhL

https://www.right.com.cn/forum/thread-8261104-1-1.html

https://blog.csdn.net/sxf1061700625/article/details/130328437

真正的END

因为我发现我们学校会BAN我的MAC地址,于是我顺带放出我写的MAC地址更换脚本(可以设置计划任务)

MAC备份还原脚本

避免你需要还原你路由器真正的mac的时候找不到mac,建议你用这个先备份一下你路由器的mac

如果你的网口不是eth0,请先更换一下网口!!!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh

MAC_FILE="/root/mac"

# 获取当前MAC地址并保存到文件
save_mac() {
    CURRENT_MAC=$(ip link show eth0 | grep ether | awk '{print $2}')
    echo "当前的MAC地址是: $CURRENT_MAC"
    echo "$CURRENT_MAC" > "$MAC_FILE"
    echo "已保存当前MAC地址到 $MAC_FILE"
}

# 从文件中恢复MAC地址
restore_mac() {
    if [ -f "$MAC_FILE" ]; then
        SAVED_MAC=$(cat "$MAC_FILE")
        echo "从文件恢复MAC地址: $SAVED_MAC"
        ip link set dev eth0 down
        ip link set dev eth0 address "$SAVED_MAC"
        ip link set dev eth0 up
        echo "已恢复MAC地址到eth0"
    else
        echo "MAC文件不存在,无法恢复MAC地址"
    fi
}

# 检查参数并执行对应的操作
if [ "$1" = "save" ]; then
    save_mac
elif [ "$1" = "restore" ]; then
    restore_mac
else
    echo "用法: $0 {save|restore}"
    echo "save: 保存当前的MAC地址"
    echo "restore: 恢复之前保存的MAC地址"
fi

Mac生成替换脚本

我这里设置了固定的前缀,是因为我路由器的MAC地址带了这三个,建议改成自己的

如果你的网口不是eth0,请先更换一下网口!!!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/bin/sh

# 生成一个随机的MAC地址
generate_mac() {
    PREFIX="c6:1f:d8"
    # 使用 /dev/urandom 获取随机数
    HEX1=$(hexdump -n 1 -e '1/1 "%02X"' /dev/urandom)
    HEX2=$(hexdump -n 1 -e '1/1 "%02X"' /dev/urandom)
    HEX3=$(hexdump -n 1 -e '1/1 "%02X"' /dev/urandom)
    echo "$PREFIX:$HEX1:$HEX2:$HEX3"
}

# 获取新的MAC地址
NEW_MAC=$(generate_mac)
echo "生成的新MAC地址为: $NEW_MAC"

# 使用新的MAC地址修改eth0的MAC地址
ip link set dev eth0 down
ip link set dev eth0 address $NEW_MAC
ip link set dev eth0 up

# 验证修改是否成功
ip link show eth0 | grep ether

Openwrt备份备份恢复脚本

注意修改前两行

1
2
3
4
5
# 定义备份目录
BACKUP_DIR="/mnt/usb1-1"

# 定义 OpenWrt 系统路径
OPENWRT_MMC="/dev/mmcblk0"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
#!/bin/ash

# OpenWrt 备份与恢复管理脚本
# 支持命令行参数快速备份:--owrt-backup --config-backup --iptables-backup --firewall-backup --all-backup

# 定义备份目录
BACKUP_DIR="/mnt/usb1-1"

# 系统参数
OPENWRT_MMC="/dev/mmcblk0"
FIREWALL_CONFIG="/etc/config/firewall"

# 备份子目录
OPENWRT_BACKUP_DIR="$BACKUP_DIR/openwrt-backup"
OPENWRT_CONFIG_BACKUP_DIR="$BACKUP_DIR/openwrt-config-backup"
IPTABLES_BACKUP_DIR="$BACKUP_DIR/iptables-backup"
FIREWALL_BACKUP_DIR="$BACKUP_DIR/firewall-backup"

# 初始化目录
mkdir -p $OPENWRT_BACKUP_DIR $OPENWRT_CONFIG_BACKUP_DIR $IPTABLES_BACKUP_DIR $FIREWALL_BACKUP_DIR

# 获取当前日期
CURRENT_DATE=$(date +%Y%m%d)

# 定义颜色代码
RED='\033[31m'
GREEN='\033[32m'
YELLOW='\033[33m'
BLUE='\033[34m'
RESET='\033[0m'

#######################################
# 核心备份功能函数
#######################################

backup_full_image() {
  echo -e "${BLUE}[1/4] 开始备份系统镜像...${RESET}"
  local temp_bin="$OPENWRT_BACKUP_DIR/temp_${CURRENT_DATE}.bin"
  local backup_file="$OPENWRT_BACKUP_DIR/openwrt-backup-${CURRENT_DATE}.tar.gz"
  
  # 创建磁盘镜像
  if ! dd if="$OPENWRT_MMC" of="$temp_bin" bs=1M; then
    echo -e "${RED}错误:磁盘镜像创建失败!${RESET}"
    return 1
  fi
  
  # 压缩备份
  if tar -czf "$backup_file" -C "$OPENWRT_BACKUP_DIR" $(basename $temp_bin); then
    md5sum $backup_file > ${backup_file}.md5
    echo -e "${GREEN}系统镜像备份成功:${backup_file}${RESET}"
  else
    echo -e "${RED}错误:压缩备份失败!${RESET}"
  fi
  rm -f $temp_bin
}

restore_full_image() {
  echo -e "${BLUE}[系统恢复] 请选择备份文件:${RESET}"
  ls -lh $OPENWRT_BACKUP_DIR/openwrt-backup-*.tar.gz 2>/dev/null || { echo -e "${RED}未找到备份文件!${RESET}"; return; }
  
  read -p "请输入要恢复的文件名: " backup_file
  local full_path="$OPENWRT_BACKUP_DIR/$backup_file"
  
  # 验证文件
  [ ! -f "$full_path" ] && echo -e "${RED}文件不存在!${RESET}" && return
  [ ! -f "${full_path}.md5" ] && echo -e "${YELLOW}警告:未找到MD5校验文件${RESET}" || (md5sum -c "${full_path}.md5" || { echo -e "${RED}MD5校验失败!${RESET}"; return; })
  
  # 确认操作
  read -p "确定要恢复系统镜像吗?此操作不可逆![y/N]: " confirm
  [[ "$confirm" != "y" && "$confirm" != "Y" ]] && return
  
  # 解压并恢复
  echo -e "${BLUE}正在解压镜像文件...${RESET}"
  local temp_bin="${full_path%.tar.gz}.bin"
  tar -xzf "$full_path" -C "$OPENWRT_BACKUP_DIR" || { echo -e "${RED}解压失败!${RESET}"; return; }
  
  echo -e "${BLUE}正在写入系统镜像...${RESET}"
  if dd if="$temp_bin" of="$OPENWRT_MMC" bs=1M; then
    echo -e "${GREEN}系统恢复成功,请重启设备!${RESET}"
  else
    echo -e "${RED}镜像写入失败!${RESET}"
  fi
  rm -f $temp_bin
}

backup_config() {
  echo -e "${BLUE}[2/4] 备份系统配置...${RESET}"
  local backup_file="$OPENWRT_CONFIG_BACKUP_DIR/openwrt-config-backup-${CURRENT_DATE}.bak"
  if sysupgrade -b $backup_file; then
    md5sum $backup_file > ${backup_file}.md5
    echo -e "${GREEN}系统配置备份成功:${backup_file}${RESET}"
  else
    echo -e "${RED}错误:配置备份失败!${RESET}"
  fi
}

restore_config() {
  echo -e "${BLUE}[配置恢复] 请选择备份文件:${RESET}"
  ls -lh $OPENWRT_CONFIG_BACKUP_DIR/openwrt-config-backup-*.bak 2>/dev/null || { echo -e "${RED}未找到备份文件!${RESET}"; return; }
  
  read -p "请输入要恢复的文件名: " backup_file
  local full_path="$OPENWRT_CONFIG_BACKUP_DIR/$backup_file"
  
  # 验证文件
  [ ! -f "$full_path" ] && echo -e "${RED}文件不存在!${RESET}" && return
  [ ! -f "${full_path}.md5" ] && echo -e "${YELLOW}警告:未找到MD5校验文件${RESET}" || (md5sum -c "${full_path}.md5" || { echo -e "${RED}MD5校验失败!${RESET}"; return; })
  
  # 确认操作
  read -p "确定要恢复系统配置吗?[y/N]: " confirm
  [[ "$confirm" != "y" && "$confirm" != "Y" ]] && return
  
  # 创建临时备份
  local current_backup="$OPENWRT_CONFIG_BACKUP_DIR/current_config_$(date +%H%M%S).bak"
  sysupgrade -b $current_backup || { echo -e "${RED}当前配置备份失败,已中止恢复!${RESET}"; return; }
  
  # 执行恢复
  if sysupgrade -r $full_path; then
    echo -e "${GREEN}配置恢复成功,正在重启网络服务...${RESET}"
    /etc/init.d/network restart
  else
    echo -e "${RED}配置恢复失败!${RESET}"
  fi
}

backup_iptables() {
  echo -e "${BLUE}[3/4] 备份iptables规则...${RESET}"
  local backup_file="$IPTABLES_BACKUP_DIR/iptables-backup-${CURRENT_DATE}.bak"
  if iptables-save > $backup_file; then
    md5sum $backup_file > ${backup_file}.md5
    echo -e "${GREEN}iptables备份成功:${backup_file}${RESET}"
  else
    echo -e "${RED}错误:iptables备份失败!${RESET}"
  fi
}

restore_iptables() {
  echo -e "${BLUE}[iptables恢复] 请选择备份文件:${RESET}"
  ls -lh $IPTABLES_BACKUP_DIR/iptables-backup-*.bak 2>/dev/null || { echo -e "${RED}未找到备份文件!${RESET}"; return; }
  
  read -p "请输入要恢复的文件名: " backup_file
  local full_path="$IPTABLES_BACKUP_DIR/$backup_file"
  
  # 验证文件
  [ ! -f "$full_path" ] && echo -e "${RED}文件不存在!${RESET}" && return
  [ ! -f "${full_path}.md5" ] && echo -e "${YELLOW}警告:未找到MD5校验文件${RESET}" || (md5sum -c "${full_path}.md5" || { echo -e "${RED}MD5校验失败!${RESET}"; return; })
  
  # 确认操作
  read -p "确定要恢复iptables规则吗?[y/N]: " confirm
  [[ "$confirm" != "y" && "$confirm" != "Y" ]] && return
  
  if iptables-restore < $full_path; then
    echo -e "${GREEN}iptables规则恢复成功!${RESET}"
  else
    echo -e "${RED}规则恢复失败,请检查文件格式!${RESET}"
  fi
}

backup_firewall() {
  echo -e "${BLUE}[4/4] 备份防火墙配置...${RESET}"
  local backup_file="$FIREWALL_BACKUP_DIR/firewall-backup-${CURRENT_DATE}.bak"
  if cp $FIREWALL_CONFIG $backup_file; then
    md5sum $backup_file > ${backup_file}.md5
    echo -e "${GREEN}防火墙配置备份成功:${backup_file}${RESET}"
  else
    echo -e "${RED}错误:防火墙配置备份失败!${RESET}"
  fi
}

restore_firewall() {
  echo -e "${BLUE}[防火墙恢复] 请选择备份文件:${RESET}"
  ls -lh $FIREWALL_BACKUP_DIR/firewall-backup-*.bak 2>/dev/null || { echo -e "${RED}未找到备份文件!${RESET}"; return; }
  
  read -p "请输入要恢复的文件名: " backup_file
  local full_path="$FIREWALL_BACKUP_DIR/$backup_file"
  
  # 验证文件
  [ ! -f "$full_path" ] && echo -e "${RED}文件不存在!${RESET}" && return
  [ ! -f "${full_path}.md5" ] && echo -e "${YELLOW}警告:未找到MD5校验文件${RESET}" || (md5sum -c "${full_path}.md5" || { echo -e "${RED}MD5校验失败!${RESET}"; return; })
  
  # 确认操作
  read -p "确定要恢复防火墙配置吗?[y/N]: " confirm
  [[ "$confirm" != "y" && "$confirm" != "Y" ]] && return
  
  # 备份当前配置
  local current_backup="$FIREWALL_BACKUP_DIR/current_firewall_$(date +%H%M%S).bak"
  cp $FIREWALL_CONFIG $current_backup || { echo -e "${RED}当前配置备份失败,已中止恢复!${RESET}"; return; }
  
  if cp $full_path $FIREWALL_CONFIG; then
    echo -e "${GREEN}防火墙配置恢复成功,正在重启服务...${RESET}"
    /etc/init.d/firewall restart
  else
    echo -e "${RED}配置恢复失败!${RESET}"
  fi
}

#######################################
# 命令行参数处理
#######################################

print_banner() {
  echo -e "${YELLOW}"
  echo "                    _              _   _ _       _"
  echo "  _____      ___ __| |_      _   _| |_(_) |  ___| |__"
  echo " / _ \ \ /\ / / '__| __|____| | | | __| | | / __| '_ \\"
  echo "| (_) \ V  V /| |  | ||_____| |_| | |_| | |_\__ \ | | |"
  echo " \___/ \_/\_/ |_|   \__|     \__,_|\__|_|_(_)___/_| |_|"
  echo -e "${RESET}"
  echo -e "${BLUE}            —— OpenWrt备份工具 @GamerNoTitle${RESET}"
  echo -e "${BLUE}               https://bili33.top${RESET}\n"
}

if [ $# -gt 0 ]; then
  print_banner
  echo -e "${GREEN}检测到命令行参数,进入快速备份模式...${RESET}"
  
  # 处理多个参数
  for param in "$@"; do
    case $param in
      --owrt-backup)    backup_full_image ;;
      --config-backup)  backup_config ;;
      --iptables-backup) backup_iptables ;;
      --firewall-backup) backup_firewall ;;
      --all-backup)
        backup_full_image
        backup_config
        backup_iptables
        backup_firewall
        ;;
      *) echo -e "${RED}错误:未知参数 $param${RESET}"; exit 1 ;;
    esac
  done
  exit 0
fi

#######################################
# 交互式菜单系统
#######################################

show_menu() {
  clear
  print_banner
  echo -e "${YELLOW}======================= owrt-util.sh ========================${RESET}"
  echo -e "${YELLOW}                 OpenWrt 备份与恢复管理脚本                  ${RESET}"
  echo -e "${YELLOW}                    https://bili33.top                       ${RESET}"
  echo -e "${YELLOW}=============================================================${RESET}"
  echo "1. 完整系统备份 (磁盘镜像)"
  echo "2. 系统配置备份"
  echo "3. iptables规则备份"
  echo "4. 防火墙配置备份"
  echo "5. 一键全量备份"
  echo -e "${YELLOW}-------------------------------------------------------------${RESET}"
  echo "6. 恢复系统镜像"
  echo "7. 恢复系统配置"
  echo "8. 恢复iptables规则"
  echo "9. 恢复防火墙配置"
  echo -e "${YELLOW}-------------------------------------------------------------${RESET}"
  echo "0. 退出"
  echo -e "${YELLOW}=============================================================${RESET}"
  echo -n "请输入选择: "
}


while true; do
  show_menu
  read choice
  case $choice in
    1) backup_full_image ;;
    2) backup_config ;;
    3) backup_iptables ;;
    4) backup_firewall ;;
    5)
      backup_full_image
      backup_config
      backup_iptables
      backup_firewall
      ;;
    6) restore_full_image ;;
    7) restore_config ;;
    8) restore_iptables ;;
    9) restore_firewall ;;
    0) exit 0 ;;
    *) echo -e "${RED}无效输入,请重新选择!${RESET}" ;;
  esac
  echo -e "\n${BLUE}按回车返回菜单...${RESET}"
  read
done