New Xiaomi router AC2100

Thank you for your guide!
Supports redmi stock firmware by default ssh or telnet access?

I don't recall having ssh or telnet on stock. Isn't the whole point of the patch is to get telnet?

Please clarify for redmi stock firmware, can I use your guide to get ssh or telnet access for installing breed?

I just tested reboot with reset buton hold.
I see in the console dhcp requests waiting for IP address.
When the router is connected to my adsl Box, it tries to get TFPT .bin file.
If I configure a TFTP server and a DHCP server on my computer, will I be able to get my router in stock version?

Thanks for your answer

To get telnet access on stock with patch, you need to follow the official guide. Then before writing the OpenWRT files, write breed. If you run local file server for the flashing, it's best to use it to store breed-mt7621-xiaomi-r3g.bin as well. Then you can wget it faster.

You probably don't have to write OpenWRT at all, and do it later with breed. If you keep stock you should not change the autoboot.command value. I don't think anyone did it before, hope it works.

1 Like

The AC2100 and r2100 are very similar to r3g router. There are few users that were able to get out of soft brick: here is one, here is one post suggesting:

with the stock bootloader , you just have to download official firmware, rename it to miwifi.bin, unplug mains,plug usb, press reset until i say so, plug mains , keep presing reset until led flashes orange , leave reset button, wait until led is blue. and your router is recovered

You may try putting the file (instead of USB) on TFTP server and sending it to bootloader.

By the way, debricking AC2100 / R2100 should have it's own topic IMHO.

The images you posted are great.

You can get 19.07 images from here:

I'm running it for a while and it works flawlessly for me.
Thank you very much, your work is very appreciated!

Thanks a lot but there is many guys which need to take more thank then me. First @ namidairo @ scp07 @ ilyas @ thorsten97 @ Percy. Thanks to all of them.
(I leaved space because don't wanna send them unurgent notification mail)

Btw you can get latest compiled image and stock(exploit version) from this URL this will stay forever.

And I'll be glad if you edit wiki pages tftp recover section with improved and easy to understandible guide for clueless user. That will help a lot if you wanna contribute.

1 Like

Сan I follow below mentioned instruction to install breed?

cd /home/user
wget /home/user/breed-mt7621-xiaomi-r3g.bin
mtd write /home/user/breed-mt7621-xiaomi-r3g.bin Bootloader

wget command downloads a file from file server. You need to specify location the router can download from. If it's connected to internet, you can use wget Or you can run a local server like hfs.

Thank you, it is clear for me now!

The kernel1 image seems gone from this build, how do I adapt my guide for this? Are there any resources I can read up on what "breed" is. I have no clue actually.

Also I just flashed an own build, but it seemed to be broken with the advanced config @scp07 provided in his instruction post (I used the 19.07.3 branch). Pushing the old sysupgrade.bin via rsync and scp failed for whatever reason, but I could wget it since the router (but not the computer) had internet access. Would have been cool to get nodejs running on this, but all I got in this build was:
ash: node: not found.

Can someone with build experience look into what I am doing wrong?

Attached my mt7621 bin folder below:

Which ubi_reader script u used?

I used latest version 0.6.5 and the commands I used are:
None, worked. and I have the error : "read Error: Block ends at x which is greater than the file size y".

I feel like I'm missing a step in the whole process...

Maybe there is a problem with the UBI file you extracted from the firmware using binwalk. Which firmware file did you try?

Which branch did you use exactly? My advanced config won't work with the official 19.07.3 branch. Instead you have to use my repository including the backports ( and checkout the branch "openwrt-19.07.3_xiaomi_router_ac2100". You can use the official repository after it is merged into the official repository but nobody knows how long it takes until this is done (or if it will be accepted at all as backports for device support are normally not merged into the stable branch).

A complete overview over all currently maintained branches and precompiled "ready to go" images are listed in post 424 for the white 6 antenna version and all precompiled images for the black cylinder are currently maintained by emirefek and can be found at

All our images contain the kernel1.bin and rootfs0.bin files which are need to flash from stock to OpenWRT.

@Yuluga : My precompiled images for the white 6-antenna version support the official package repository so you can install all official packages on top of my images with the regular web installer / opkg. Currently that's not the case for the images from emirefek for the black cylinder version (it's missing some kmods so the kernel vermagic won't match the official 19.07.3 repository). I'll provide download repository compatible images for this model soon.

1 Like

I am on the openwrt-19.07.3_xiaomi_router_ac2100 branch and use your repo.

❯ git remote get-url origin

Been following your instructions from 421 and made the changes for the black version in menuconfig.

I am referencing the latest black cylinder builds (emirefeks folder 2020-06-02). There is no kernel1.bin there at the moment.

I finally succeeded to edit the guide. As this is the first time for me editing such guide, please verify it's OK. Thanks.

1 Like

Boot and Recovery Environment for Embedded Devices (BREED) A multi-task bootloader with real-time firmware upgrading progress.

Please clarify if it is necessary to have a http server?
Much easier is not set up a dedicated http server.
The best way maybe is to go to the directory where you put your images and then use this command from that directory:
python -m http.server 80 .
It will start a http server with the current directory as the home path. As soon as you stop the process the http server will be down and stopped so nothing else necessary to configure.


  1. python (python3 was used in this example), scapy, netcat, a statically compiled mipsel busybox binary and a http server

IMHO http server is not required:
If procedure is done with the hack, then http server already started in the same folder.
If installation is done later, then you can wget it directly from the web.
I tried to point that in the guide.
Only if it is done later with no connection to the internet, then http server will be needed. This use case was not covered.

1 Like