Someone should probably document that the whole PPP jank isn't required anymore. One of the newer stock firmware builds has an already known command injection exploit which is a whole lot easier to trigger, I believe.
fw_printenv and fw_setenv are supposed to work, however I appear to be missing the config file for some reason on my snapshot build. Which is odd as I remember adding support for it.
Thanks for the prompt reply. I now realize I am mistaken, the config partition (on Xiaomi Mi AC2100 - /dev/mtd1) contains the uboot env.
The following values work for me to read the uboot env config file for reading the env:
/dev/mtd1 0x0000 0x1000 0x20000 2
It's interesting that the router leaves a 256 kB partition for the uboot-env but only uses 4kB (the rest has all of the bytes set to 0xFF).
Does this config look reasonable? I am confident with the device offset and env size, as fw_printenv would fail the CRC32 if they were wrong. However, I am guessing on the flash sector size and number of sectors.
My guess is based on the wiki and the assumption that sector size = erasesize in /proc/mtd and number of sectors = partition size / sector size
Regarding the flashing instructions:
The simpler flashing instructions are updated here but the pppd exploit instructions are still located here
Unfortunately, I found the old flashing directions and struggled with the pppd exploit, but succeeded after putting a hack in some scapy code to workaround a python error that some other experienced above.
After a succesful installation of openwrt, how am I supposed to update it?
A simple sysupgrade through luci would do the trick? The precompiled images I got are from @scp07.
And another question: on his gdrive there are 2 versions for each build (advanced and standard), which are the major differences?
I was getting "disconnected due to excessive missing ACKs" with frequent disconnects on 2.4ghz with scp07 19.7.5 redmi basic build. It was resolved after I unchecked the "Disassociate On Low Acknoledgment". So far no disconnects
I suppose this is obvious, but please someone explain, why there is a snapshot image for this router while stable image isn't there in official openwrt download site?
This router is released after OpenWrt released the latest stable version (19.07).
IIRC, the developer who ported this router (black and white version), talked to OpenWrt maintainers, and they said that it's generally not worth it to backport new hardware to old release (20.xx was just around the corner).
Snapshot is the daily release, so it wouldn't matter when the router is released, because a new version of OpenWrt snapshot is compiled everyday. But they don't come with any additional packages, except what necessary to run the router (including LuCI).
I flashed BREED before flashing openwrt and soon found out it was a mistake. Now I want to get to stock rom because I got better range with 5g wifi and wanted to check some configs and maybe retry with openwrt. But i can't use miwifi repair tool because it always boots to BREED. In BREED I try to use stock rom as firmware but i get an error saying it's not for mi 3G.
What's the best way to recover the router to stock using BREED?
Thanks.. finally I have found the 19.07.05 exactly for this router from another source. Anyway it seems I might switch to the snapshot release in order to get the latest builds.
I managed to flash a stock firmware found in post 919 but i can't update for the moment. But i can't understand how BREED is even mentioned in Openwrt guide. It does the opposite of what it's intended, it causes loads of trouble and it even prevents miwifi repair tool to do its work. I'm totally with @scp07 in his BREED concerns.
Dear @RVB
if you want to get rid of BREED and if you want to get back to the stock bootloader, then just flash the stock bootloader via BREED.
In the following Chinese forum you can download the stock bootloader:
https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=4064323&extra=page%3D3%26filter%3Dtypeid%26typeid%3D43
Direct link to the stock bootloader of the Xiaomi MI AC2100 (Black cylinder):
For the ones, who have the REDMI AC2100 (white router with 6 visible antennas):
The stock bootloader can be downloaded here:
Thank you very much! I'll try it!
You are welcome 
Is it possible to flash them from an ssh session? It's easier for me because I don't have to reach for the router. And thank you again, these files aren't easy to find.
I haven't tried yet. But I would assume yes, because it is also possible to flash firmware via SSH.
I am not sure if it is necessary if you are using MiWiFi-Repair-Tool for flashing back the stock firmware, but I would reset the environmental variables for the stock firmware:
env set autoboot.command "boot flash 0x200000"
env save
You can also do this via BREED.
Dear @RVB with regards to the remark of scp07 I agree that BREED could be a security risk, because it is closed source. But the OEM bootloader is also closed source, and could then also be considered as a security risk.
I personally do not care because I do not know which one is more secure.
BREED from @hackpascal offers superb features, which make my life much easier.
If you don't like or feel uncomfortable with it, then just use the OEM bootloader.
@hackpascal was so kind and provided even the possibility to flash it back directly from BREED.
I really like BREED. Sadly it does not provide full support for the MI AC2100 (R2100) router, so we have to use the R3G bootloader as a workaround.
The main feature I am missing is the full.bin backup and flash feature.
When I do a full.bin backup and try to flash it back it shows that the size of the full.bin is too big for the NAND.
Did anyone else in this forum face the same issue?
Did you find any solution?
On a different router, where I have flashed BREED these features work perfectly fine.
Thanks in advance!
Putting apart the security risk and the sketchy story about it (read here in the forum) the main problem is that it's not sufficiently documentated in the wiki that it's not really directly compatible with AC2100. At least, if BEEF is part of the official wiki, then the builds that work with it, the stock rom as minimum, should be also linked in the wiki.
It's very frustrating to try to flash stock rom and having an error saying it's not for R3G. I noticed, reading all this topic, that maybe in chinese forums there's more information but certainly not here. BREED can be very handy with "hard" exploits but that's not the case with this router, for now, of course.
I saw @Supernutzstich asking also for the stock bootloader but couldn't get it.
I was maybe harsh because I was a little frustrated with the lack of information/builds for BREED.
So, in conclusion, @scp07 has all the right to not provide builds for BREED but if it's in the wiki, a set of builds should also be linked there because they're the only way to use BREED. If anyone wants the latest ones them they can use the script provided in this thread (also should be linked). That's my opinion, of course. If this is not provided in the wiki, BREED should be removed from there.
PS-Did anyone noticed a smaller range in 5G? I would really like to use @scp07 builds but it lacks just a little more power in wifi.
also on the 2.4. I flashed the latest snapshot yesterday, the range is a bit better than the 19.7.5 but no where near the stock range.
Dear @RVB, could you flash back the stock bootloader?
Did you use BREED, or did you flash the bootloader via ssh?
In case you have flashed the stock firmware via MiWiFi-Repair-Tool afterwards, could you please check if the stock firmware is using VHT160 in 5 GHz?
Probably this is the reason why the 5 GHz performance is better than in OpenWRT.
Hi, i didn't flash it just yet because the router is working well on stock firmware and I can't loose connection for now. I'm trying to get some time to do it and have the possibility to correct if something goes wrong.
Regarding VHT160 I don't remember seeing the option in stock firmware but it's not the most friendly firmware because it needs the google translation tool so I can understand something. For what I got in my readings it doesn't seem to do so and theoretically it could give a boost in speed but less coverage. I'll dig into it and keep you informed.
Dear @RVB,
thanks for your feedback!
I am looking forward to this.
By the way:
You don't need to use google translate for translating the Chinese writings in the MiWiFi dashboard.
You can easily use an addon in your Web-Browser, which then also translates the content without having internet connection.
I personally use scripts from "Greasy Fork".
The addon, which needs to be installed in your Web-Browser (e. g. Firefox, Chrome, etc.) is shown on their start page:
For MiWiFi dashboard translation (use one of the following, which works best for you):
And in case you want to have BREED translated into English:
As mentioned the translation does not need any internet connection. This means, if you are using BREED for example and have no internet connection, you will get everything translated into English, which is very comfortable.