OpenWrt support for Xiaomi AX9000

I looked everywhere, but I didn't find any useful info about my question.
I understand from your point of view my stupid question and easy to solve by google ....
Before saying this, have you verified what I ask? I assume we have 2 different google searches or one of us two sins of presumption :call_me_hand:

OK I'll give you a hint :wink: AX9000 are almost the same as AX3600. If problem persist, open new thread, like "AX9000 newbie" :slightly_smiling_face:

AX9000 is not the same as AX3600 and as far as I know there is no global version.

1 Like

OK, I know that, but to get something out from AX9000 on newbie level are quite similar :wink: Deeper level definitely are quite diferent, I agree :wink:

My AX9000 arrived today with a strange 3.0.33 firmware installed.
It appears to be a global firmware and if i try to flash 1.0.108 chinese firmware it gives me the error message "couldn't verify file".
Maybe it is a dumb newbie question, but if you know a solution would you be so kind to help me?
Many thanks in advance

When I purchased an AX3600 router I've got it with 3.0.16 firmware while the chinese ones had 1.0.X versions. Without any knowledge about AX9000 I assume that this convention of firmware numbering (3.x - international, 1.x - chinese) remained on AX9000.
there is a difference though from AX3600. in AX3600 you were able to flash chinese rom on international and vice versa, the fact that they are not allowing it anymore might indicate that there are some hardware differences between the versions - like there are in Huawei's AX3 Pro.
Might be interesting to open the router and check if there are some noticeable differences compared to the pictures on previous posts in this thread.

1 Like

I can't see any difference, but i can tear it down only to this level.
I'm very mad with this firmware, it appears to be limiting greatly the power of the router.
Also, i can't find china region.

I'm desperate to install chinese one, also to gain ssh access, any idea?

Hi Lenin9212
I understand your desperation, but this topic might not be the best one to ask this kind of question (or share your feedback regarding how Chinese firmware is limiting this device power).
This topic is focusing on what's the progress on adding OpenWRT for this device instead.

1 Like

i understand and i am very sorry of the abuse. therefore, may i ask you to redirect me elsewhere? google and telegram are not helping and this appears to be the only place where somebody may know something

In order to gain ssh access the simplest is to try this exploit: It will give you a telnet access from there you can enable ssh.

1 Like

Dear Robert, from my point of view, if there there are two model, this thread have no sense because global version is difference from chinese version. We need to know if is possible to root or enable ssh in each version at same step or enable chinese firmware to enable full power tx

Let's agree to disagree.
First of all I think we can trust robimarko - usually he knows what he is talking about

Second of all ... even if there are two different firmware (global and Chineese), but the underlying hardware is the same this topic has a lot of sense as it focuses on how OpenWRT, when ready, could replace both.
Yes, there might be some subtle differences on how to root them (enable telnet or ssh) or how to install OpenWRT on them.
But right now, we are not yet there - guys here are discussing problems they experience while developing OpenWRT support for this device (i.e. 2.5Mbit LAN is not working, or remoteproc changes are crashing WLAN firmware loading)
So unless someone have a valuable information with a proof that there are two different hardware version, labelled as AX9000, could we please refrain from polluting this topic?


If there is a "global" version then its new to me, even if it exists its just the translated FW on top.
In the worst case that the SSH exploit doesnt work you can flash the chinese version using TFTP recovery.

But please, I dont care about Xiaomi reducing the power limit as its illegal to run these devices at the power levels they offer in the EU(ETSI) and FCC countries.


I was trying that but when i reach the point of loading the 1.bin file it still says "couldn't verify file", same thing of when i try to load chinese firmware. Really don't know what to do, many thanks anyway

The exploit worked for me, but that was with the 1.0.108 version. Could you retry using the ip address, ie ?

1 Like

same thing if i use or i'm able to load the exploit on the browser console and download the 3 bin files, but as soon as i try to load the first one i recive the same message that i recive when i upload the 1.0.108 bin file: "couldn't verify file".

this 3.0.33 firmware appears to be very annoying.


Dear Robimarko,
it can be as it can not be, there are devices, such as huawei ax6 routers that differs in hardware, the global version does not physically have the power amplifier chip on the motherboard as it has the China version. Given the premise, that mine are technical questions and I do not think like a newbie, has anyone verified and knows exactly if at the hardware level they are identical, China and global?
I honestly do not think so, since the whole issue has been raised now. If you could understand, in the first post at the top you should specify that the guide and thread is related to the Chinese version before buying a castrated version.
Regarding potency, I would say that we are all aware that it is illegal, but I do not think that all the owners, even in this forum, live in China, or are doing root and ssh to be able to lower the power, do you agree with me?

1 Like

Hello, since ssh exploit did not work on 3.0.33 firmware i tried using miwifi repair tool to flash 1.0.108 firmware following this method, however it did not work. it sends the firmware but nothing changes and 3.0.33 remains installed Xiaomi ax3600 recovery

Any suggestion?

@Giudi I can't tell if they are the same as before this one we didn't even know that there is a global version, but I would guess that they are the same as AX3600 and others had the same HW and just shipped a bit modified translated FW.

@Lenin9212 No ideas really

It seems that exploit was fixed in GL firmware or if not it needs new payload. So to be sure about that would nice to have dump of global firmware. Or you can try to brute force payload.