Hi sorry I had the message typed and didn't click on send.
My firmware is the same 1.0.42. I don't have a copy as it did it automatically wen I first connected to the internet.
I doubt you can flash "easily" the global firmware onto the Chinese model.
Have you managed to enable telnet?
Short answer is no and I don't think it'll happen any time soon.
No, I haven't managed to enable telnet yet.
After the firmware upgraded automatically, could you still get telnet?
Yes. I actually upgraded the firmware as soon as I got the device. You should be able to do the same.
Do you use the correct "STOK" value each time on the web browser?
Sure. I have used the correct stoke certainly.
Could you use the following url to reboot with the netmode 4?
Yes.
RA80 = CN
RA82 = INT
The RA80 firmware has an additional check in the setSysTime function and therefore the vulnerability I found will only work on RA82.
You just need to put the device into mesh mode in advance (you need a second router).
Is there any way to get telnet working on RA80?
Guys, I have flash dumps (otp stripped) of both devices (RA82 and RA80) if someone wants to have a look... Too busy to look into it, but can try stuff if you need.
Thanks. I want to try it.
Those are dumps of original flash…, you need to use a programmer to read/write stuff directly to spi-nand ICs. You can sure enable console and change things by manipulating those (both in bootloader and later on), just make sure to recalculate and add crc checksums after your changes and use you original mac addresses and radio calibration data.
Hello,
For those who need the Xioami Mesh System AX3000 (RA82) firmware.
I have only been able to get version 1.3.27 and it has been a big headache.
I hope it will be of help to those who need it.
Greetings.
Here's the RA82 Global version firmware version 1.4.21
I looked at the logs generated during the attempt of firmware upgrade and I found the link to the file so I was able to download the firmware with no issues.
Hi any progress? I have just bought one of these and I am happy to help where possible to get OpenWrt working on this router.
Hi any progress? I have just bought one of these and I am happy to help where possible to get OpenWrt working on this router.
It seems we are suffering Xiomi firmware for a long time.
I'm putting together all the information I can about AX3000, but I can't boot automatically at the moment, just manually.
Has somebody else had problems with the Xiaomi uboot, more specifically "bootmiwifi". I have built and flashed a qsdk version with kernel 5.4, I can boot it manually with u-boot, but it will refuse to boot it automatically because it's missing a secure boot signature over the kernel and rootfs. I have even set a bootcmd, but that seems to be ignored. Anybody managed to get over this error?
The device I'm working on is a RA82 which seems to have secure boot fuse burned, which is something new for Xiaomi I guess.
Seem that you need to disable secureboot in any place like a UEFI, i'm not a master of routeros hardware. However it's a good thing you got root access.
The secure boot configuration is enforced through some sort of e-fuse, which means that once burned it can't be changed back. Fortunately secure boot as implemented by Xiaomi is not 100%, It only covers their own bootmiwifi command, so it's possible to boot your own system in uboot if you have serial enabled, but I can't figure out how to do this automatically as uboot ignores bootcmd if set -> I can only boot own system manually.
In Xiaomi AX9000 we use a env setting atf=1. Maybe it works with AX3000 also.
How you managed to get the ttl working ? Mine is R80 connected ttl but noting come out, not sure because of broadcom need to wait for specified seconds before plugin the ttl ?