Hello,
I bought an AX3000T router, model RDV23, v1.0.91
I try to install openWRT, but I can't do it.
I want to use Xiaomi MiR Patcher, but when I choose option 2, I obtain :
"Exploits 'arn_switch/start_binding/set_mac_filter" not working!!!"
"Exploits "Smartcontroller" are not usable (hackCheck:3)"
Can you help me please ?
Thank you.
start at OpenWrt support for Xiaomi AX3000T - #2936 by fkl7834456 and keep reading.
based on https://openwrt.org/inbox/toh/xiaomi/ax3000t, there's however no API exploit in it, you can't use Xiaomi MiR Patcher, unless you downgrade the fw.
Thank you.
I downloaded an older firmware (1.0.49), but I can't install it.
When installing directly from the Xiaomi interface, I get a message saying it's not possible to install an older version.
When using MiR Patcher (and choosing option 7), I get an error message.
"Can't found valid SSH server on IP 192.168.31.1"
you might consider yourself lucky, depending on the hw inside, flashing it could have meant a soft brick.
that's not how it's done, read the wiki, follow the links.
I try...
"1. Get ssh access."
I ran this script, I got the result
{"code":0}{"code":0}{"code":0}{"code":0}{"code":0}
ssh root@192.168.31.1
--> Connection refused
have you downgraded already ?
no.
First step is to succeed in accessing ssh, or to succeed in downgrading?
if wiki says there's no working exploit in 1.0.91, what do you think you need to do 1st ?
Ok, it's just...
So in summary, I can't downgrade through the Xiaomi interface, I can't downgrade through MiR Patcher. And it's normal that I don't have access to ssh until I downgrade.
At the moment I don't understand how to downgrade manually, but it's already clearer, thank you.
So the procedure I initially tried (downgrading to version 1.0.49 from the Xiaomi page) was correct.
I hadn't seen this in the documentation:
"It will complain about the downgrade. Edit the URL and change the 0 at the end to a 1 and press enter. Or change it to 2 if there is already a 1."
But I tried with versions 1.0.49 and 1.0.76 with the same result: the router reboots after a few minutes, but the version hasn't changed...
this could be because of the AN8855 side note, and have you verified you're not using a v2 ?
You can try downgrading your stock firmware via
TFTP method or by using Xiaomi MiWiFi Repair Tool. Simple instructions with screenshots from another Xiaomi router can be found here.
The firewall will block the download and show a warning about this tool. To proceed, you'll need to disable the firewall temporarily.
I followed the instructions to install version 1.0.76 with MiWifi Repair Tool.
At the end, the progress bar finished, and I arrived at this screen:
The light is flashing blue, I don't know if I should click one of the buttons, or restart the router, or something else?
Edit : I restarted the router, and it's blinking orange very slowly. I can no longer access the configuration page (192.168.31.1).
I tried everything again with the other possible version (1.0.49), but the same thing...
This indicates that the flashing has completed (Rapid blinking in blue).
If you've repeated the process several times and the result is the same, then you need to connect UART (to identify the issue) and proceed with the UART flash method.
Okay, thanks.
This is going to get complicated for me, but I'll try!
I just bought the adapter. I'll try it in a few days when I receive it.
It's sad that your stock firmware downgrade ended in a soft brick. Based on the AX3000T forum, I don't remember any cases where the downgrade of stock firmware was unsuccessful.
The good thing is that the AX3000T is a very durable device, and it's really hard to fully break it. There are many ways to restore the stock partitions.
So, be patient, connect via UART, post the terminal output here, and continue up to step 7. Before moving on, we'll need to detect your hardware (previously, all RD23 came with ESMT/Winbond NAND and the MT7531AE SoC, which is a reliable and supported by OpenWrt without any "but" like RD03 with Foresee NAND).
So, consider this a great opportunity to improve your skills. 
Ohhh !
I tried again for the umpteenth time, and I noticed that this time the address changed from 192.168.31.1 to 192.168.31.1/cgi-bin/luci!
It's as if it wanted to load but was blocked.
I connected the router to another computer (Debian), and access is fine!
It probably worked from the beginning, but my computer is strangely blocking access (even though I disabled the firewall and antivirus...).
So I can start the rest of the procedure 
Thank you for your help
Here's what I did. I'm not sure if all the steps were necessary but if it can help someone...
1. Downgrade with MiWifi Repair Tool
See https://www.androidpimp.com/wireless-routers/xiaomi-ax3000t-router/ and Xiaomi Mi Router 4A Gigabit Edition (R4AG/R4A Gigabit) -- fully supported and flashable with OpenWRTInvasion - #747 by Zorro
Note: When you need to press reset, unplug the router, press reset while plugging it back in, and only release it when it flashes after 8-10 seconds.
It will then flash blue, meaning the installation is complete. Unplug and plug the router back in.
2. SSH access with Xmir Patcher
(I encountered access problem on my Windows computer, access by browser or Xmir Patcher KO, while it works on Debian)
Choose option 2 (connect to device - install exploit), and choose option 6 (install permanent ssh)
3. Flash with Xmir Patcher
Put the openwrt-mediatek-filogic-xiaomi_mi-router-ax3000t-initramfs-factory.ubi file, which can be downloaded from https://github.com/dimfishr/openwrt/releases,
in the firmware folder of xmir-patcher-main, and select option 7.
4. Update
Go to http://192.168.1.1 in your browser
Perform a sysupgrade with the openwrt-mediatek-filogic-xiaomi_mi-router-ax3000t-squashfs-sysupgrade.bin file retrieved from the same location as the ubi file.
Choose a password, then perform a sysupgrade again with the latest version of openWRT.
I'm due to receive a second router in a few days (RD03 version this time). I'll try to follow the exact same steps and add any additional information here.
Thanks for your help!
Any valid reason you used a random custom image from internet for your RD23 instead of the canonical OpenWrt from the official source?
Usually, for such access problems, it's enough to try logging in from the browser's incognito mode if the regular mode has cached and restricts access to the same address after flashing is complete.
