Adding OpenWrt support for Xiaomi "Redmi Router AX6S"/"Xiaomi Router AX3200"

For Developers
2269

Come on, there's 2000+ posts on this thread and recent posts are still debating best practices. I've made these notes - are they correct, or not?

  1. Use the XMIR Patcher to perform the standard install. Apparently it may be required to sidegrade to a beta version of the stock firmware to enable Telnet which will allow the XMIR patcher to function

  2. Once you have installed 24.10 factory, run the following command:

  3. Run the following commands via SSH:

  1. uci set system.@system[0].compat_version="2.0"
  2. nvram set ssh_en=1
  3. nvram set uart_en=1
  4. nvram set boot_wait=on
  5. nvram set flag_boot_success=1
  6. nvram set flag_try_sys1_failed=8
  7. nvram set flag_try_sys2_failed=8
  8. nvram commit

Reboot 7 times and see if a brick occurs.

2270

Instead of nvram use fw_setenv.

2271

OK, I finally got around to testing this last night. 20+ reboots and no issues. Here are my install notes:

  1. Assuming you are using a vulnerable stock firmware (such as 1.0.57), you can use the XMIR Patcher to perform the standard install. Simply add the OpenWrt factory install bin file to the “firmware” folder and run the .bat file. All you need to do is connect to the router and install firmware via XMIR Patcher, the other options are not needed.
  2. Once you have installed the OpenWrt factory install image, log in and ensure you have a working WAN connection (e.g. via WAN ethernet or Wi-Fi client)
  3. IMPORTANT: Connect to your router via SSH and run the following commands. These ensure that the router will not brick itself after 6 reboots:

uci set system.@system[0].compat_version="2.0" && opkg update && opkg install kmod-mtd-rw

insmod /lib/modules/$(uname -r)/mtd-rw.ko i_want_a_brick=1 && fw_setenv boot_fw1 "run boot_rd_img;bootm" && fw_setenv flag_try_sys1_failed 8 && fw_setenv flag_try_sys2_failed 8 && fw_setenv flag_boot_rootfs 0 && fw_setenv flag_boot_success 1 && fw_setenv flag_last_success 1

  1. Once rebooted, you should be done. Feel free to check your flags via the "fw_printenv", and make sure that “flag_try_sys1_failed=8”. This will ensure that your router will not brick itself. Done!
3 Likes
Installed factory 24.10 on AX6S running 23. Bricked
2272

Just wanted to confirm, what are the steps for those of us currently 23.05.5, is it safe to force upgrade to 24.10.1?

2273

No, do not use force upgrade from 23.05.x to 24.10.x. It will brick your router. You need to follow the instructions below:

But in summary, open an ssh connection to your router and execute the commands below:

cd /tmp
wget -O factory.bin https://downloads.openwrt.org/releases/24.10.1/targets/mediatek/mt7622/openwrt-24.10.1-mediatek-mt7622-xiaomi_redmi-router-ax6s-factory.bin
mount -o remount,ro /
mount -o remount,ro /overlay
cd /tmp
dd if=factory.bin bs=1M count=4 | mtd write - kernel
dd if=factory.bin bs=1M skip=4 | mtd -r write - ubi

After you reboot, edit the file /etc/config/system and change compat_version as follows:

option compat_version '2.0'

After you do this, going forward you will be able to upgrade from 24.10.1 to to future 24.10.2 and later releases normally.

7 Likes
2274

Thank you for the help, worked great and it already had "option compat_version '2.0'" set. Not sure why I can't get 5Ghz/radio1 working, will keep trying.

Edit:
Nevermind, had to set the country code it looks like.

1 Like
2275

I have "OpenWrt SNAPSHOT, r28821-9fb44638ba" and I have no idea what release it is, what main version is this or whatever, I got it like this.

does not work for me:

root@konnichiwa:~# cd /tmp
root@konnichiwa:/tmp# wget -O factory.bin https://downloads.openwrt.org/snapshots/targets/mediatek/mt7622/openwrt-mediat
ek-mt7622-xiaomi_redmi-router-ax6s-factory.bin
--2025-05-04 18:02:19--  https://downloads.openwrt.org/snapshots/targets/mediatek/mt7622/openwrt-mediatek-mt7622-xiaomi_redmi-router-ax6s-factory.bin
Resolving downloads.openwrt.org... 2a04:4e42::644, 2a04:4e42:600::644, 2a04:4e42:200::644, ...
Connecting to downloads.openwrt.org|2a04:4e42::644|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12582912 (12M) [application/octet-stream]
Saving to: 'factory.bin'

factory.bin                   100%[=================================================>]  12.00M  12.8MB/s    in 0.9s

2025-05-04 18:02:21 (12.8 MB/s) - 'factory.bin' saved [12582912/12582912]

root@konnichiwa:/tmp# mount -o remount,ro /
root@konnichiwa:/tmp# mount -o remount,ro /overlay
root@konnichiwa:/tmp# dd if=factory.bin bs=1M count=4 | mtd write - kernel
Could not open mtd device: kernel
Can't open device for writing!

Update: I couldn't find a way to check if the partition layout is already corrected or not. mtd failed every time I tried flashing as described. I found a post somewhere with a similar snapshot version/commit/whatever to mine that indicated it should be 24.10 so I just manually modified compat version to 2.0 from 1.0 then flashed sysupgrade file and now it works.

2276

Thanks, I made it, just the compat_version was already there

1 Like
2277

What is the correct procedure to downgrade from 24.10 to 23.05?

2278

And what about all the previous talk regarding setting flag_try_sys1_failed=8 etc?

1 Like
2279

Hi,
(newbie)
I have careffully read the wiki and a the last posts here several times and already spent a day to make my RB01 working with openwrt without sucess

I have access to uart, I can successfully go back to original fw 1.0.71 (I was not able to find lower) using tftp
After the initial (OEM) configuration setup, I launch the XMR patch which seems to work as I can have access to ssh and the XMR patch script can get the device info (choice 3)
Then I launch the update still with the XMR patch which seems to go through as I can see the openwrt introduction as well as the openwrt version over ssh

I tried 23.05 and 24.10 however each time same result, no wifi as well as no admin access over ethernet (192.168.31.1 or 192.168.1.1), but I still have access to uart and the log does not show anything relevant as an error at least to me
The system led is solid blue, the internet one is briefly blinking blue

Uboot 2022

I'm sure I'm missing something rather easy :confused:

2280

I need some help here. I want to build 24.10.1 using source for my Xiaomi AX6S router. However, when I tries to select the Target System I don't get Qualcomm Atheros IPQ807x in the list. On 23.05 I got the system in my list. How do I add that to 24.10.1?

PS: I want to add SSR Plus. That's why I want to build it from sources

2281

What's the connection between those two? Those two are different platforms.

2282

I hope it's not WAN port which you're using to connect Luci? It is available on LAN port on 192.168.1.1 address just like any OpenWrt system.

2283

I have to select IPQ807x for to build for AX6S, isn't that right?

2284

Why would you? Check hardware specs of AX6S. It says Mediatek mt7622.

2285

Oh, I was following something else then? Thanks, I'll check it again

2286

AX6 which is without S, it is on Qualcomm, maybe you made a mistake with the theme or the router?

2287

Hello guys, after whole 2 days of scratching my head im asking for help from intelligent minds of this forum!
I have a Xiaomi AX6S (RB03) and I cannot get it to unbrick whatsoever, I've tried using tftp and MiWifiRepairTool to no success, I've tried every stock firmware so far and nothing works it just leads to a purple led blinking very fast.
I have access to UART now and saw what was going on behind, every factory image returns CRC match failed for some reason and both partitions are unbootable except the latest openwrt initramfs, I can serve it with tftpboot and only this version works to boot sucessfully into initramfs of openwrt. But I still cannot flash openwrt from here, I've tried mtd write commands with factory.bin which fail (Can't open device for writing!)
I've also tried doing sysupgrade using sysupgrade bin and when it reboots I get stuck here again

Erasing NAND...
[mtk_nand_erase_hw] mtk_nand_erase_hw @4249, ret:0x40. page:0x280 
Erasing at 0x140000 -- 100% complete.
Writing to NAND... OK
Booting System 0

NAND read: device 0 offset 0x2c0000, size 0x2000
 8192 bytes read: OK
[do_read_image_blks] This is a FIT image,img_size = 0x39ff14
[do_read_image_blks] img_blks = 0x740
[do_read_image_blks] img_align_size = 0x3a0000

NAND read: device 0 offset 0x2c0000, size 0x3a0000
 3801088 bytes read: OK
bootm flag=0, states=70f
## Loading kernel from FIT Image at 4007ff28 ...
Bad FIT kernel image format!
ERROR: can't get kernel image!

This is my layout from openwrt initramfs version 24.10.1

root@OpenWrt:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00080000 00020000 "Preloader"
mtd1: 00040000 00020000 "ATF"
mtd2: 00080000 00020000 "u-boot"
mtd3: 00040000 00020000 "u-boot-env"
mtd4: 00040000 00020000 "bdata"
mtd5: 00080000 00020000 "factory"
mtd6: 00040000 00020000 "crash"
mtd7: 00040000 00020000 "crash_log"
mtd8: 00080000 00020000 "ubi-loader"
mtd9: 07280000 00020000 "ubi"

Any help would be greatly appreciated

2288

OpenWRT versions 23.X and stock firmware have NAND markings different from OpenWRT version 24.X.
And you can't just switch to version 24.X.
I would recommend returning the router to working condition using WIKI, and then read and understand how to switch to version 24.X.