Adding OpenWrt support for Xiaomi AX3600 (Part 1)

For Developers
102

Alex - as has been mentioned before it's risky as Xiaomi could patch to prevent downgrade (and then users would be stuck with having to wire up to the serial port). I think with the amount of product out there currently - we are likely safe for now. I've also seen some other research going on around decoding the Xiaomi FW update bin's which could lead being able to craft a Xiaomi compliant update bin.

From an exploit perspective - I think the next step would be to figure out how to modify the uboot config in order to enable RW access to all the partitions. At that point you would have similar access as to what efsg has with his serial port access. It seems to me like you could potentially do a sysupgrade to patch the currently writable partitions to get OpenWRT on there (the ax3600 does a custom process pulling various images out of the uploaded bin and then deploying directly to partitions). However, that would still require all the drivers to be in place and from my reading would only put you in a one off hack jobbed OpenWRT.

1 Like
103

A big thank you to the people posting great information in this thread and the ax3600 DTS thread. I've ordered one and with the info posted here should get root access.

If any developers want to get one for less than 90 EUR, see https://www.aliexpress.com/item/4000869725283.html with coupon 20SS10.

Looking forward to a OpenWRT port, or at least English translated interface.

1 Like
104

Hm, for me 20SS10 is not working.
Its complaining about order amount being below the limit.
Order needs to be 100 USD excluding shipping

105

Just tested and it seems to be working for me.

image

106

Then it does not work for Croatia as I get:
The order amount (excluding shipping fee) is under the minimum spend of this promo code.

107

esfg - are you leverage the work done on the 8074 reference kit? I stumbled across this pastebin showing the bootlog of an IPQ8074-HK01:
https://pastebin.com/j43AhxAh

But I can't seem to dig up the snapshot that is listed in the release further down in the pastebin:

  1. root@OpenWrt:/# cat /etc/openwrt_release

  2. DISTRIB_ID='OpenWrt'

  3. DISTRIB_RELEASE='SNAPSHOT'

  4. DISTRIB_REVISION='r11690-ca7ed17'

  5. DISTRIB_TARGET='ipq807x/ipq807x_64'

  6. DISTRIB_ARCH='aarch64_cortex-a53'

  7. DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r11690-ca7ed17'

108

I lives in China, and maybe I can help to ship it for you as you have a really good reputation. :laughing:

109

The text behind rxxxxxx- is the shortened commit hash, so this is the latest commit of the used snapshot version:

110

Thanks for the offer, but the shipping prices are really high so there would be no difference in the price.
I finally caved and ordered one for 98 EUR

3 Likes
111

Oh I checked online and it really costs lots of money to ship it (even higher than the AliExpress)
:sob::sob::sob::sob:

112

Yeah, shipping prices are insane even for light things like routers

113

@juppin:

That doesnt exactly map. It looks like the primary GitHub repo only added basic support for IPQ807x 4 months ago but this pastebin was pasted back in Dec and seems to indicate a full build. I suppose then that means there is a private SDK from Qualcomm floating around for OpenWRT?

114

I don't see it on this page but for ref:
openwrt Git page for chipset:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=history;f=target/linux/ipq807x/image;hb=HEAD
(no work since feb)

Device techdata page:
https://openwrt.org/inbox/toh/xiaomi/xiaomi_ax3600#xiaomi_ax3600

it would be great to know how, for those of us that already got the device, can we help the devs.
mine should be here in couple of weeks(hopefully) and I don't plan to integrate it in my network till I can install openwrt on it. so I'm open for any test

115

@Mel
Yes basic support, but this could be the posted bootlog of the ipq807x dev board.

The mainline kernel 4.19 does include everything that is needed for this device...
Take a look here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/arm64/boot/dts/qcom/ipq8074-hk01.dts
This is exactly the device tree of the device that produced your posted bootlog.

The OpenWrt Makefiles for ipq807x does build the kernel, device tree and rootfs.
The image.mk creates the images like FIT-Image with DTB and OpenWrt rootfs as initramfs and also the squashfs image.

So the device setup script for networking and there like and probably some patches for kernel/dts customization are missing.
But IĀ“m very sure that this posted bootlog is from a official OpenWrt build.

116

Actually 4.19 contains the bare minimum to run anything on the board.
Heck, even 5.8 will be lacking most of the drivers.

117

Is there anyway to rip something from xiaomi's build? In order to see if they are using closed source blobs (maybe from qualcomm)?

118

No need for that, QSDK and all the drivers are open source.
FW for WCSS, WLAN and NSS are blobs rest if open source code.

2 Likes
119

There are a lot of sellers who offer it for ~110 USD with free shipping, search for "AX3600" on aliexpress.

120

I already bought it for 98EUR last week

3 Likes
121

Hey Everyone!
I'm very very interested in this one since I have a WRT3200ACM and it is the most annoying device ever (with it's buggy wireless drivers) and I'm thinking of replacing it with the AX3600 but there are some doubts I need to clarify before making that decision.

  1. If someone with this router could confirm this for me it would be great, I have seen in a website (this one: http://www.bitswrt.com/11AX.html) that the 5ghz wireless can do 4x4 in 80mhz but when 160mhz is selected it drops to 2x2, is it true? could you test this for me?
  2. I believe that the QSDK opensource wireless drivers you mention (at least for now) don't support the IPQ8071A, only the IPQ8074 SoC
  3. I have found that the TP-Link Deco X60 is a device with very similar hardware, and TP-Link released the GPL source which can be useful to add openwrt support to AX3600
1 Like