What's wrong with you and the bizarre aggression? I've already built numerous Openwrt iterations using the proprietary Mediatek drivers and posted links to the builds in this thread.
2 Likes
You got a very wrong impression of the moderators, and banning you was never even remotely considered.
3 Likes
Hi, thanks for your effort. But I'm having a problem with your firmware. Everytime I reboot my device, wifi interfaces are not enabling them selfs up. I need them to enable them manually. Is there a fix for it? Or setting up a cron or something like that?
thanks so much bricco, its working really well, took me a while to setup wifi,
for anyone unable to start wifi, u need to create these interfaces
with these settings, (please suggest if these are ok)
but the wifi is really stable, power and range is too good, and now router doesnt keep stopping in between, really stable, thanks.
this is not my work,why you tagged me? and your interface that you created are wrong. i do not have that names in interfaces like generic Mediatek mt7615.1.dat
I think I found a defect in network cards of Redmi AX6S models (model RB03, Chinese version)
I just received it, the flashing was successful at first glance, but I was getting up to 30% loss when testing wifi from phone in a few meters.
I thought that maybe the problem is in broken opensource driver, and I tried these firmware
openwrt-22.03.3-mediatek-mt7622-xiaomi_redmi-router-ax6s-squashfs-sysupgrade.bin (from https://openwrt.org/toh/xiaomi/ax3200)
openwrt-22.03.0-rc4-mediatek-mt7622-xiaomi_redmi-router-ax6s-squashfs-sysupgrade.bin
openwrt-mediatek-mt7622-xiaomi_redmi-router-ax6s-squashfs-sysupgrade.bin (v20220314 https://github.com/mikeeq/xiaomi_ax3200_openwrt/releases)
openwrt-mediatek-mt7622-xiaomi_redmi-router-ax6s-squashfs-sysupgrade.bin (v20220311 https://github.com/mikeeq/xiaomi_ax3200_openwrt/releases)
openwrt-22.03.3-mediatek-mt7622-xiaomi_redmi-router-ax6s-squashfs-sysupgrade.bin (proprietary Mediatek drivers)
But even with proprietary drivers I saw the same situation.
But then I realized that I was getting losses even by connecting directly through a new ethernet cable.
I looked through wireshark, when I just have an ssh connection open or I download the firmware via http, I see too many tcp retransmissions.
Using all the latest firmwares above, I cant even completely load youtube page, there are seems disconnections when trying to load recent 50% of the page elements.
I do not think that such unsuccessful network driver can be in release. This seems to be a defective batch of Redmi AX6S models RB03.
For anyone having issues with wifi not running on SNAPSHOT, install kmod-mt7615-firmware as well as kmod-mt7622-firmware
1 Like
Guys, I accidentally bricked my device, after getting telnet access (RB03 Chinese version), I flashed the sysupgrade file instead of the factory file.
I would like to try unbrick it, is there a an unbrick guide somewhere for this model?
should I use the Xiaomi Repair Tool from here http://www1.miwifi.com/miwifi_download.html ?
and if so, which image should I use?
MiRepairtool worked for me. I flashed the factory firmware with ssh support mentioned in the OpenWRT tutorial.
https://m.youtube.com/watch?v=WvVIT3gXZak is a tutorial. Virusscanner will delete the .exe, so you have to disable live scan during this procedure...
1 Like
Can you share the link to your repo? Thanks
I bought a ax3200 with telnet locked.
I am trying to follow the guide with the uart but at the point where i must select u boot the keyboard is not working.
Anyone can help?
Thanks in advance
Flashing an older version with Miwifi repair tool worked for me. Telnet was locked according to query, but I was able to flash it nevertheless....
I used the netmod - mesh way of flashing openwrt.
Everything worked
1 Like
I've carried out a Man-in-the-middle attack on the mesh negotiation between two RB01 (AX3200) routers.
Without understanding the actual conversation fully, I've written a python script that replays the requests from the mesh slave to the mesh master.
The script is here:
I've tried it successfully on my two RB01s here, and enabled netmode 4. It would be great if others could test and confirm that it works, as it will make it much easier for people with only one Xiaomi router.
6 Likes
Update: I managed to truncate the long strings while copying and pasting. This is now fixed.
I now have a more evolved version of the script, that incorporates serial number detection and telnet password generation.
Typical usage:
$ ./unlock_mi.py -p wEbPaSsWord
Serial Number: 35888/J1UD10101
netmode is 0. Attempting to set netmode to 4
Response:
...
x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
{"hidden_2g":"0","hidden_5g":"0","disabled_2g":"0","disabled_5g":"0","ax_2g":"1","ax_5g":"1","txpwr_2g":"max","txpwr_5g":"max","ch_2g":"0","ch_5g":"0","bw_2g":"0","bw_5g":"0","txbf_2g":"3","txbf_5g":"3","support160":"0","web_passwd":"XXXXXXXXXXXXX","mesh_version":"2","cap_mode":"router","cap_ip":"192.168.31.1","vendorinfo":"","timezone":"GMT0BST,M3.5.0/1,M10.5.0","lang":"en","CountryCode":"GB","server_S":"s.miwifi.com","server_APP":"app.miwifi.com","server_API":"eu.api.miwifi.com","server_STUN":"eu.stun.miwifi.com","server_BROKER":"eu.broker.miwifi.com"}\x00'
Waiting to check result
Netmode is 4
telnet password: 76532c7e
$ telnet 192.168.31.1
Trying 192.168.31.1...
Connected to 192.168.31.1.
Escape character is '^]'.
XiaoQiang login: root
Password:
BusyBox v1.25.1 (2021-08-07 08:04:56 UTC) built-in shell (ash)
-----------------------------------------------------
Welcome to XiaoQiang!
-----------------------------------------------------
$$$$$$\ $$$$$$$\ $$$$$$$$\ $$\ $$\ $$$$$$\ $$\ $$\
$$ __$$\ $$ __$$\ $$ _____| $$ | $$ | $$ __$$\ $$ | $$ |
$$ / $$ |$$ | $$ |$$ | $$ | $$ | $$ / $$ |$$ |$$ /
$$$$$$$$ |$$$$$$$ |$$$$$\ $$ | $$ | $$ | $$ |$$$$$ /
$$ __$$ |$$ __$$< $$ __| $$ | $$ | $$ | $$ |$$ $$<
$$ | $$ |$$ | $$ |$$ | $$ | $$ | $$ | $$ |$$ |\$$\
$$ | $$ |$$ | $$ |$$$$$$$$\ $$$$$$$$$ | $$$$$$ |$$ | \$$\
\__| \__|\__| \__|\________| \_________/ \______/ \__| \__|
root@XiaoQiang:~#
If others can test this and confirm that it's working widely, then maybe @alexq or someone could update the page, showing this as an option. I'd also be interested to know if it works on other Xiaomi mesh devices. I've only tested it my two here.
Updated script here:
1 Like
Thank you @jmceleney for discovering a new OpenWrt installation method for Xiaomi AX3200 (model RB01). 
Did I understand correctly that script you developed allows OpenWrt installation on the Xiaomi AX3200 RB01 with disabled telnet using netmode: 4 method but WITHOUT the necessity to have a 2nd Xiaomi router?
If only 1 Xiaomi router is required for your method that enables netmode4, it will be really huge contribution to simplifying the OpenWrt installation process on Xiaomi routers with blocked telnet.
Let's wait for the first test results/confirmation from community members before pushing this to the wiki.
I do hope very much that this does work for others. I've been a consumer of OpenWrt for a very long time, so it would be great to give something back.
I have two RB01 AX3200 routers here. I factory reset the primary and performed the basic set-up. I then patched the LAN of the primary to my MITM host, and the WAN of the secondary to the MITM host. I then factory reset my secondary and intercepted the communications between the hosts. They do not check SSL certs, so it's not that hard to sit in the middle viewing the exchange in the clear.
I couldn't really decipher much of the exchange, but decided to simply replay what I saw.
Once the basic script was written I used it independently against my two isolated routers, after I'd reset them both. Each of them went from netmode 0 to netmode 4.
Unless there's some magic in the bytes I'm sending that only works on these two routers, I would expect that anyone should be able to use the script. We'll have to wait and see.
1 Like
@jmceleney, could you please provide comprehensive Installation Steps using your method?
It should help community members properly repeat steps and reuse your script to install OpenWrt on the Xiaomi AX3200 (RB01 model) where telnet is disabled from factory.
- for reference, see Installation steps #3 -10 from the wiki https://openwrt.org/toh/xiaomi/ax3200#installation