Got an AX3200 from an official reseller in Europe, telnet was enabled by default, the python script worked. I enabled ssh and am proceeding with openwrt installation.
Update: I used @thorsten97 build and I'm happy to report it works. I'll be hanging this boy later during the day and will report once I have more time to play with it.
I believe the telnet enable/disable is related to whether you have the international version (RB01) or the chinese version (RB03).
I have RB03 v1.0.19 with telnet not enabled.
I'm feeling a bit daft as I am under the impression their is an exploit available for the RB03, but after a month+ looking for it, I can't find it.
It appears everything is working in order. I have some issues with 160Hz wide channels but that is per client.
I'm topping 800mbps on iperf (80hz channel), I'd say pretty good!
All I'm missing now is SQM, can't install it since the snapshot is few days old.
Is there a way I could do it without creating an image from scratch?
Or, can @thorsten97 could share the build config?
I will update the build and include sqm.
Give me a few hrs 
New build with sqm, wireguard and adguard.
thanks, but why this build is so big comparing to previous one?
AdGuard home is huge ... you can uninstall it if you want.
ok, got it! thanks
Thanks man, this is awesome!
@cenzor your image has some issues with wan, ppp/pppoe doesn't work for some reason.
Is the python script for activating ssh? and if yes where can i found this script?
The Python script is for inferring the root password from the serial number of the router. You use that password in telnet to enable ssh.
i 'm looking at this device for next toy, but is this device running mt76 drivers or mtk drivers under openwrt? sorry for the offtopic.
Iām not using ppp so I cannot tell, but thanks for feedback.
Chances are I'll probably just end up adding a couple more commands into the install to point it at firmware partition and give the firmware1's 30mb to ubi though. Not sure what that means for migration from initial builds. It'll probably just mean slightly modified installation from the terminal.
Since apparently the dual-boot selection does not actually look like it's modified anywhere within the bootloader itself, there sadly ends up being no benefit to keeping around another copy, since there's no actual way to switch to it in the event of a corrupted kernel image, except from within the serial terminal. However, if you have serial terminal access, you could just directly reflash images...
Probably better on the flash endurance on that 30mb in the long run anyway, since ubi will at least spread the writes out on sysupgrade...
I got RB01 with version 1.0.50 and telnet is disabled as well..
This hack looked easy but turned out to be very hard even for me, who had soldering and programmer experience.
I have purchased Chinese RB03 (1.0.13) version of router, purchased CH341A programmer (without 3.3v data-pins mod yet), soldered the wires and ... failed.
Right now I can read nand data but it contains data AND OOB chunks. OOB chunks make it impossible to calculate CRC-32.
Does anybody know how to disable OOB data in a dump made by Snander ?
I see @zfgeng had same problem and (probably) gave up haha.
I tried raw dump (-d), -I - nothing helps.
This looks like this - https://forum.openwrt.org/uploads/default/optimized/3X/7/6/76b0f0d646ea55c8e3bfe32b52d70c8ca5fa264e_2_1380x732.png
I gave up on trying to be fancy with the imaging.
Just a big fat fit image with squashfs is so much leaner on the changes. 105mb for packages.
I succeeded,.. You should modify the crash partition and entery the factory mode. In the factory mode, telnet will be forced to be enable. Also you can login without password!
@zfgeng you have used method to make it without reading and modifying CRC-32, so you failed with that like me. I just want to clarify that snander-modify-crc32 instructions do not work at all. I tried to cut OOB data from the dump, but I failed with that too, OOB chunks locations are not consistent and I think it is programmer problem (or I just don't understand nand good enough).
