OpenWrt bricks Xiaomi Mi Router 4A (MIR4AC) 100M international version

How can i dump the full flah chip? any guide? i can do if you describe it.

I take that as a no. Do you have a USB UART-adapter? The stock firmware should mention the partitions during boot as well, but if you don't have any adapter to view the serial output with, there really is nothing anyone here can do for you until you get one.

i do not have usb uart adapter.

They don't cost a lot, so might as well get one. I like using ones based on the CP2104, like e.g. this one, though there are several other perfectly good ones out there as well. They can be found on eBay, Amazon, Aliexpress etc.

As for if/when you get one: you connect RX from the adapter to the TX on the router (or other device you're connecting to) and vice versa for TX and RX, GND to GND, but do not connect 3V3 or 5V. Then you use some software on your computer to watch the serial port. There are plenty of those as well, but I tend to use PuTTY or Termite. Feel free to come back here and ask for instructions, if you can't figure things out.

Can't he get access with OpenWRTInvasion to stock firmware and from there see kernel log and find something like this in it

[    1.670000] 0x000000000000-0x000001000000 : "ALL"
[    1.680000] 0x000000000000-0x000000020000 : "Bootloader"
[    1.690000] 0x000000020000-0x000000030000 : "Config"
[    1.690000] 0x000000030000-0x000000040000 : "Factory"
[    1.700000] 0x000000040000-0x000000050000 : "crash"
[    1.710000] 0x000000050000-0x000000060000 : "cfg_bak"
[    1.710000] 0x000000060000-0x000000160000 : "overlay"
[    1.720000] 0x000000160000-0x000000dc0000 : "OS1"

?
And isn't this enough if the partition table is changed in the newer firmwares and the partition table is the problem?

I dunno what this "OpenWRTInvasion" is, but if it gets OP access to the system, then sure.

OpenWRTInvasion is used to get root-shell access so you can flash OpenWRT in a relative easy way.
So access to kernel log should be possible and the stock firmware looks to be some sort of heavy modified OpenWRT (some early 14.07 based on kernel log posted on the openwrt support page for this router)

Ideea is to at least see how partition table looks like and either confirm it's the problem (or at least one of the problems) or plain realise it has nothing to do with the brick reason. :slight_smile: And he/she doesn't need any other hardware to do it.

can you share the international fw? I bricked mine trying to flash fw v2.18.28

I made a backup of the latest international fw with "cat '/dev/mtdblock${i}' " of all partitions,before I bricked my router, it helps you? and here the partition table

root@XiaoQiang:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 01000000 00010000 "ALL"
mtd1: 00020000 00010000 "Bootloader"
mtd2: 00010000 00010000 "Config"
mtd3: 00010000 00010000 "Factory"
mtd4: 00010000 00010000 "crash"
mtd5: 00010000 00010000 "cfg_bak"
mtd6: 00200000 00010000 "overlay"
mtd7: 00da0000 00010000 "OS1"
mtd8: 00c40000 00010000 "rootfs"

It confirms that the partitions are not the same size and therefore won't be aligning the way the OpenWrt-image expects. In your listing, the overlay-partition is 2MiB in size when OpenWrt expects it to be 1MiB, for example, and that also means the rootfs-partition starts at a different position.

It's pretty easy to fix, if one is willing to build a custom image themselves. Obviously, it'd be good for OpenWrt to offer an alternative version of the firmware for these boxes with a different partition layout. I could even look into doing a pull-request for that myself, but I don't (yet) know how the OpenWrt-devs want to handle such alternative versions (I don't have one of these boxes myself, so I wouldn't be able to test it personally, though, so that'd have to be left to someone else)

I was bored, so I compiled a version of OpenWrt 21.02.3 with modified partition table, available at https://www.dropbox.com/s/rcd1jqm5bhovf2v/xiaomi-4a.zip?dl=1

It should work with the international version with the 2MiB overlay-partition, so if someone is feeling adventurous, feel free to try it (or send me one of these routers and I'll try it). Obviously, I take no responsibility for anything, whatsoever.

The image only contains the basics plus Luci, since most people want Luci anyways, so it made sense to me to include it there.

1 Like

I bought one of these new versions, I used OpenWRTInvasion and checked the layout cat /proc/mtd with the one posted by WereCatf and it was the same.

Then flashed the one posted created as result of boredom https://www.dropbox.com/s/rcd1jqm5bhovf2v/xiaomi-4a.zip?dl=1 . and reboot and SSH into OpenWrt 21.02.3, r16554-1d4dea6d4f

Thanks, how can we get this change into the base?

I have already submitted a pull request, but no one has commented on it or approved it, so I don't know if the devs have even noticed. Or perhaps they were waiting for a confirmation that the changes do work.

Anyway, the pull request has been submitted and I'll add a comment that at least one person has verified it now. Perhaps they'll approve of it then.

1 Like

After flashing the dropbox one

root@OpenWrt:~# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00010000 "bootloader"
mtd1: 00010000 00010000 "config"
mtd2: 00010000 00010000 "factory"
mtd3: 00010000 00010000 "crash"
mtd4: 00010000 00010000 "cfg_bak"
mtd5: 00200000 00010000 "overlay"
mtd6: 00da0000 00010000 "firmware"
mtd7: 001e9324 00010000 "kernel"
mtd8: 00bb6cdc 00010000 "rootfs"
mtd9: 00900000 00010000 "rootfs_data"