Xiaomi AX3600 INT firmware

are you sure that rc.local path is /etc/config? i can find rc.local find in /etc
I'm trying your settings, thx

Very strange....
I did reset my router after update and I selected region Russia but in wireless.config I have DE:

config wifi-device 'wifi0'
option type 'qcawificfg80211'
option macaddr '88:c3:97:c9:64:c9'
option hwmode '11axa'
option htmode 'HT80'
option disabled '0'
option txbf '3'
option ax '1'
option country 'DE'
option bw '0'
option txpwr 'max'
option channel '0'
option autoch '2'

config wifi-iface
option device 'wifi0'
option ifname 'wl0'
option network 'lan'
option mode 'ap'
option wpsdevicename 'XiaoMiRouter'
option channel_block_list '52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,144,165'
option miwifi_mesh '0'
option disabled '0'
option wscconfigstatus '2'
option bsd '0'
option rrm '0'
option wnm '0'
option ssid 'jghouse-5g'
option encryption 'psk2'
option hidden '0'

I am sure in bdata file you will see CN means China. See my edit above.
And unless in your country 30 dBm is legal that would mean your router is still "in China".

You are right.
==========bdata
color=101
CountryCode=CN

Now I need someone with INT version to share their bdata contents.

Russia(Region selected during router configuration, changes are not supported)

But in Mi WiFi application it looks like I can change region.

==========bdata
color=101
CountryCode=CN
SN=77777/E0P000000
model=R3600
miot_did=000000000
miot_key=some_key
telnet_en=0
ssh_en=0
uart_en=0
wl0_ssid=Xiaomi_4726_5G
wl1_ssid=Xiaomi_4726
wl2_ssid=Xiaomi_4726

I did change sensitive data.

I'm curious if it is possible to transform our CN version into INT by editing mtd9 partition. For that I need the same non-sensitive fields from INT version.

Which one?
And why do you want to do it?

I would guess difference is in CountryCode. So might be good to know how is it set on original INT version.
Just out of curiosity plus that would suggest hardware for CN and INT is the same.

1 Like

Does mi WiFi Application connects to EU servers when AX3600 is flashed to INT firmware? Can You see router in EU servers in Xiaomi Home app, and does AIoT with EU smart devices work?

Yes if you reset it and select EU region. It works with Russian server for sure.

Not sure.

I don't have one. Only Chinese.
But I will ask for one for Russian server and check it out.
Upd: Cannot check cause my router is not connected to Mi Home and I believe it should be for AIoT to work.

With INT 3.0.22 I still have 30dBm:

root@XiaoQiang:~# iwinfo wifi1 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
  30 dBm (1000 mW)

Region is DE done with @Double-G's configuration.

@Ie0nard0 Nope, you're right. It is rc.local is located in /etc folder.

After having changed the location to DE, MiWifi wants me to change the location there, too and wants to relink to my router, which fails having the correct password (test with a wrong password resulted in wrong password :wink: . Anyone else having this issue, too?

So I have a Chinese model flashed to global 3.0.22, everything seems to working better than previous Chinese fw I tried this by ssh because the only problem is that I can’t pair the router to MiWiFi app:

root@XiaoQiang:~# nvram get CountryCode
ES

root@XiaoQiang:~# nvram set CountryCode=CN

root@XiaoQiang:~# nvram commit

After reboot:

root@XiaoQiang:~# nvram get CountryCode
CN

The web admin page is in Spanish but the region is China but I can’t still pair the router to MiWiFi, same thing, if I enter a wrong password the app shows a “wrong password” text and if I enter the real router password it says “Couldn’t pair device”

1 Like

My nvram is stable and the country setting survives a reboot:

root@XiaoQiang:~# nvram get CountryCode
DE

The webinterfaces shows Region=Germany too :slight_smile:

My script sets "iw reg set DE" after reboot, but I see the same txpowerlist-entries as you do. The last one is 30dm (1000mW).
To be honest, I do not think that this is wrong, as 1000 mW are allowed in Germany in the UNII-2 Extended (5470 - 5725)-band unter the following conditions:

When issuing the dmesg-command, I can see that the device is first initialized with a unset-region

[   10.664921] cfg80211: World regulatory domain updated:
[   10.664946] cfg80211:  DFS Master region: unset
[   10.669112] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   10.673555] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   10.683127] cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz, 92000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   10.690954] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[   10.700301] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   10.708284] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   10.718033] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[   10.727497] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[   10.735543] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)

After "iw reg set DE" is set, it reports the region as DE and it looks like this:

[   24.731630] cfg80211: Regulatory domain changed to country: DE
[   24.731666] cfg80211:  DFS Master region: ETSI
[   24.736408] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   24.740888] cfg80211:   (2400000 KHz - 2483000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   24.750477] cfg80211:   (5150000 KHz - 5250000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   24.758281] cfg80211:   (5250000 KHz - 5350000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   24.768050] cfg80211:   (5470000 KHz - 5725000 KHz @ 160000 KHz), (N/A, 2700 mBm), (0 s)
[   24.777493] cfg80211:   (5725000 KHz - 5875000 KHz @ 80000 KHz), (N/A, 1400 mBm), (N/A)
[   24.785603] cfg80211:   (57000000 KHz - 66000000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)

These settings should be fine, but they are NOT, local regulations are violated.
When I manually switch channel to 36, the output power must be reduced to max 200mW = 23dBm, unfortunately this is not the case :frowning:

root@XiaoQiang:~# iwinfo wl0 freqlist
* 5.180 GHz (Channel 36)
  5.200 GHz (Channel 40)
  5.220 GHz (Channel 44)
  5.240 GHz (Channel 48)
  5.260 GHz (Channel 52)
  5.280 GHz (Channel 56)
  5.300 GHz (Channel 60)
  5.320 GHz (Channel 64)
  5.500 GHz (Channel 100)
  5.520 GHz (Channel 104)
  5.540 GHz (Channel 108)
  5.560 GHz (Channel 112)
  5.580 GHz (Channel 116)
  5.600 GHz (Channel 120)
  5.620 GHz (Channel 124)
  5.640 GHz (Channel 128)
  5.660 GHz (Channel 132)
  5.680 GHz (Channel 136)
  5.700 GHz (Channel 140)
root@XiaoQiang:~# iwinfo wl0 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
* 30 dBm (1000 mW)

30dBm / 1000 mW is more than allowed on channel 36, it should be reduced to 200mW = 23dBm.

Is this a firmware bug??

I think there is a bug with txpower. Ran "wl wl0 info" and txpower value is way off.

root@XiaoQiang:~# iw wl0 info
Interface wl0
        ifindex 32
        wdev 0x8
        addr xx:xx:xx:xx:xx:xx
        ssid xxxxx
        type AP
        wiphy 0
        channel 40 (5200 MHz), width: 160 MHz, center1: 5250 MHz
        txpower 42949607.96 dBm
root@XiaoQiang:~# iwinfo wl0 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
* 30 dBm (1000 mW)
3 Likes

That is suspiciously close to 2^32. Some kind of error or overflow situation.
Assuming an overflow, that's 66dBm which still doesn't seem right.

Had enabled IPv6 and noticed that IPv6 LAN devices are accessible from the internet. AX3600 is not filtering and accepting all the IPv6 connections Internet to LAN, exposing all the IPv6 LAN devices to the Internet.

Traced and found the 'zone_wan_dest_REJECT' chain has a rule resulting in all forwards from WAN (before the reject rule). This rule is not in the vanilla OpenWRT and it exposes LAN to the Internet. It is added when IPv6 is enabled and the mode is not NAT (/etc/config/firewall include 'ipv6_masq' ->'/lib/firewall.sysapi.loader ipv6_masq' -> '/usr/sbin/sysapi.firewall ipv6_masq').

root@XiaoQiang:~# ip6tables -L zone_wan_dest_REJECT -n -v
Chain zone_wan_dest_REJECT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      eth1   *       ::/0                 ::/0                
    0     0 reject     all      *      eth1    ::/0                 ::/0                 /* !fw3 */

As a workaround to prevent LAN from being accessible, I had disabled the ipv6_masq and included firewall.user to delete the rule and restart odhcpd.

# Disable ipv6_masq (optional)
uci set firewall.ipv6_masq.enabled='0'

# include custom /etc/firewall.user rules
uci set firewall.firewall_user=include
uci set firewall.firewall_user.path='/etc/firewall.user'
uci commit

cat  << "EOF" >> /etc/firewall.user
### Delete the ip6tables rule which forwards WAN -> LAN. It will expose LAN to the global (internet)
ip6tables -D zone_wan_dest_REJECT -i eth1 -j ACCEPT
# need to restart odhcpd for IPv6 to work
/etc/init.d/odhcpd restart
EOF
5 Likes

anyone could please share patched 3.0.22 INT firmware with telnet/ ssh/ uart access ?

thank you

Anyway @otem @kokesan I opened a paypal moneybox. Don't know if it's right. (if its not I will remove the link and refund any money ASAP)

If someone wants to donate so I can help for the support of this router.
Me and @slh are still searching for a good and quick option to buy the router... If anyone can help us (Italy seems to be problematic for shipping)

2 Likes