Xiaomi AX3600 INT firmware

I would guess difference is in CountryCode. So might be good to know how is it set on original INT version.
Just out of curiosity plus that would suggest hardware for CN and INT is the same.

1 Like

Does mi WiFi Application connects to EU servers when AX3600 is flashed to INT firmware? Can You see router in EU servers in Xiaomi Home app, and does AIoT with EU smart devices work?

Yes if you reset it and select EU region. It works with Russian server for sure.

Not sure.

I don't have one. Only Chinese.
But I will ask for one for Russian server and check it out.
Upd: Cannot check cause my router is not connected to Mi Home and I believe it should be for AIoT to work.

With INT 3.0.22 I still have 30dBm:

root@XiaoQiang:~# iwinfo wifi1 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
  30 dBm (1000 mW)

Region is DE done with @Double-G's configuration.

@Ie0nard0 Nope, you're right. It is rc.local is located in /etc folder.

After having changed the location to DE, MiWifi wants me to change the location there, too and wants to relink to my router, which fails having the correct password (test with a wrong password resulted in wrong password :wink: . Anyone else having this issue, too?

So I have a Chinese model flashed to global 3.0.22, everything seems to working better than previous Chinese fw I tried this by ssh because the only problem is that I can’t pair the router to MiWiFi app:

root@XiaoQiang:~# nvram get CountryCode
ES

root@XiaoQiang:~# nvram set CountryCode=CN

root@XiaoQiang:~# nvram commit

After reboot:

root@XiaoQiang:~# nvram get CountryCode
CN

The web admin page is in Spanish but the region is China but I can’t still pair the router to MiWiFi, same thing, if I enter a wrong password the app shows a “wrong password” text and if I enter the real router password it says “Couldn’t pair device”

1 Like

My nvram is stable and the country setting survives a reboot:

root@XiaoQiang:~# nvram get CountryCode
DE

The webinterfaces shows Region=Germany too :slight_smile:

My script sets "iw reg set DE" after reboot, but I see the same txpowerlist-entries as you do. The last one is 30dm (1000mW).
To be honest, I do not think that this is wrong, as 1000 mW are allowed in Germany in the UNII-2 Extended (5470 - 5725)-band unter the following conditions:

When issuing the dmesg-command, I can see that the device is first initialized with a unset-region

[   10.664921] cfg80211: World regulatory domain updated:
[   10.664946] cfg80211:  DFS Master region: unset
[   10.669112] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   10.673555] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   10.683127] cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz, 92000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   10.690954] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[   10.700301] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   10.708284] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   10.718033] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[   10.727497] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[   10.735543] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)

After "iw reg set DE" is set, it reports the region as DE and it looks like this:

[   24.731630] cfg80211: Regulatory domain changed to country: DE
[   24.731666] cfg80211:  DFS Master region: ETSI
[   24.736408] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   24.740888] cfg80211:   (2400000 KHz - 2483000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   24.750477] cfg80211:   (5150000 KHz - 5250000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   24.758281] cfg80211:   (5250000 KHz - 5350000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   24.768050] cfg80211:   (5470000 KHz - 5725000 KHz @ 160000 KHz), (N/A, 2700 mBm), (0 s)
[   24.777493] cfg80211:   (5725000 KHz - 5875000 KHz @ 80000 KHz), (N/A, 1400 mBm), (N/A)
[   24.785603] cfg80211:   (57000000 KHz - 66000000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)

These settings should be fine, but they are NOT, local regulations are violated.
When I manually switch channel to 36, the output power must be reduced to max 200mW = 23dBm, unfortunately this is not the case :frowning:

root@XiaoQiang:~# iwinfo wl0 freqlist
* 5.180 GHz (Channel 36)
  5.200 GHz (Channel 40)
  5.220 GHz (Channel 44)
  5.240 GHz (Channel 48)
  5.260 GHz (Channel 52)
  5.280 GHz (Channel 56)
  5.300 GHz (Channel 60)
  5.320 GHz (Channel 64)
  5.500 GHz (Channel 100)
  5.520 GHz (Channel 104)
  5.540 GHz (Channel 108)
  5.560 GHz (Channel 112)
  5.580 GHz (Channel 116)
  5.600 GHz (Channel 120)
  5.620 GHz (Channel 124)
  5.640 GHz (Channel 128)
  5.660 GHz (Channel 132)
  5.680 GHz (Channel 136)
  5.700 GHz (Channel 140)
root@XiaoQiang:~# iwinfo wl0 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
* 30 dBm (1000 mW)

30dBm / 1000 mW is more than allowed on channel 36, it should be reduced to 200mW = 23dBm.

Is this a firmware bug??

I think there is a bug with txpower. Ran "wl wl0 info" and txpower value is way off.

root@XiaoQiang:~# iw wl0 info
Interface wl0
        ifindex 32
        wdev 0x8
        addr xx:xx:xx:xx:xx:xx
        ssid xxxxx
        type AP
        wiphy 0
        channel 40 (5200 MHz), width: 160 MHz, center1: 5250 MHz
        txpower 42949607.96 dBm
root@XiaoQiang:~# iwinfo wl0 txpowerlist
   0 dBm (   1 mW)
   6 dBm (   3 mW)
  10 dBm (  10 mW)
  14 dBm (  25 mW)
  18 dBm (  63 mW)
  22 dBm ( 158 mW)
  26 dBm ( 398 mW)
* 30 dBm (1000 mW)
2 Likes

That is suspiciously close to 2^32. Some kind of error or overflow situation.
Assuming an overflow, that's 66dBm which still doesn't seem right.

Had enabled IPv6 and noticed that IPv6 LAN devices are accessible from the internet. AX3600 is not filtering and accepting all the IPv6 connections Internet to LAN, exposing all the IPv6 LAN devices to the Internet.

Traced and found the 'zone_wan_dest_REJECT' chain has a rule resulting in all forwards from WAN (before the reject rule). This rule is not in the vanilla OpenWRT and it exposes LAN to the Internet. It is added when IPv6 is enabled and the mode is not NAT (/etc/config/firewall include 'ipv6_masq' ->'/lib/firewall.sysapi.loader ipv6_masq' -> '/usr/sbin/sysapi.firewall ipv6_masq').

root@XiaoQiang:~# ip6tables -L zone_wan_dest_REJECT -n -v
Chain zone_wan_dest_REJECT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      eth1   *       ::/0                 ::/0                
    0     0 reject     all      *      eth1    ::/0                 ::/0                 /* !fw3 */

As a workaround to prevent LAN from being accessible, I had disabled the ipv6_masq and included firewall.user to delete the rule and restart odhcpd.

# Disable ipv6_masq (optional)
uci set firewall.ipv6_masq.enabled='0'

# include custom /etc/firewall.user rules
uci set firewall.firewall_user=include
uci set firewall.firewall_user.path='/etc/firewall.user'
uci commit

cat  << "EOF" >> /etc/firewall.user
### Delete the ip6tables rule which forwards WAN -> LAN. It will expose LAN to the global (internet)
ip6tables -D zone_wan_dest_REJECT -i eth1 -j ACCEPT
# need to restart odhcpd for IPv6 to work
/etc/init.d/odhcpd restart
EOF
5 Likes

anyone could please share patched 3.0.22 INT firmware with telnet/ ssh/ uart access ?

thank you

Anyway @otem @kokesan I opened a paypal moneybox. Don't know if it's right. (if its not I will remove the link and refund any money ASAP)

If someone wants to donate so I can help for the support of this router.
Me and @slh are still searching for a good and quick option to buy the router... If anyone can help us (Italy seems to be problematic for shipping)

2 Likes

Donated :slight_smile:

1 Like

7 day delivery to Italy from Spain for € 96,07 + € 6,58 shipping: https://www.aliexpress.com/item/4000955508260.html
There's only 2 left!
It might be € 87,33 + € 6,58 shipping on the 11th November, but there probably won't be any left by then.

(one of the reason i didn't post that offer here ahahha)

1 Like

https://drive.google.com/file/d/1dPoXDP9b9j9U3yOxp6qgCUTKthSt5SZR/view?usp=sharing

But still you have to install 1.0.17 first, get SSH access, after that update manually to this one.

Upd: new link. now it should not ask permission.
Upd2: forgot about declaimer :slight_smile: For your own risk and bla-bla-bla....
Upd3: The default root password is password.

1 Like

In case anyone needs Mi stock functionality:
https://www112.zippyshare.com/v/9Z0MFiYm/file.html
The same as miwifi_r3600_all_6510e_3.0.22_INT+SSH.zip above, geekman xqrepack scripts used here as well, but with this "cleaning" part commented out in the patching script:

# dont start crap services
for SVC in stat_points statisticsservice \
		datacenter \
		smartcontroller \
		plugincenter plugin_start_script.sh cp_preinstall_plugins.sh; do
	rm -f $FSDIR/etc/rc.d/[SK]*$SVC
done

# prevent stats phone home & auto-update
for f in StatPoints mtd_crash_log logupload.lua otapredownload wanip_check.sh; do > $FSDIR/usr/sbin/$f; done

rm -f $FSDIR/etc/hotplug.d/iface/*wanip_check

sed -i '/start_service(/a return 0' $FSDIR/etc/init.d/messagingagent.sh

# cron jobs are mostly non-OpenWRT stuff
for f in $FSDIR/etc/crontabs/*; do
	sed -i 's/^/#/' $f
done

# as a last-ditch effort, change the *.miwifi.com hostnames to localhost
sed -i 's@\w\+.miwifi.com@localhost@g' $FSDIR/etc/config/miwifi

P.S. I myself can't test it since my router is still in the process of shipping.
P.P.S. Use at your own risk as usual :slight_smile:

Donated too

1 Like

I ordered mine from here and arrived in 4 days, it seems to ship to Italy too. Give it a try!

On another note, I have a international version, is there any way to get ssh? I've been reading al ax3600 topics from the beginning and I believe you have nothing, right?

Thanks.

it's the European version

Isn't that better since you live in Europe?
Or you need the Chinese version because it's now unlocked?