After installing the international firmware and doing a factory reset (obviously you can only do this safely, after modifying bdata to make telnet/ UART access persistent), you can configure the region - this covers UI language, allowed channels and the mi-wifi app region.
Sorry for a potentially dumb question, but how do you calculate this "serial number derived root password"? Couldn't figure out from the link you posted.
hehe, I had exactly the same problem and had to search quite a while. There are two scripts (one in php, the other in python) somewhere in ax3600 labelled repos on github (sorry, I'm currently not at home and don't have the links on my phone), alternatively there is https://www.oxygen7.cn/miwifi/
Could you please also share 'AX3600 permanently open teleent-ssh.zip' from the article, which contains crash_unlock.img? Spent last hour+ trying to get myself a Baidu account without a Chinese cell phone in order to download it
Default password (the one it's reset to during web reset) is calculated based on your router serial number (stored in bdata partition). I assume it's done this way for security's sake. Hence you need to derive it once for each router you have.
I followed the guide and did everything but now i lost the SSH / Telnet access. What could be the reason ? wifi is working and im on international version
Hey... i followed the guide.. after reset on the INT firmware i lost both SSH and Telnet. Not sure what went wrong. will the permanent thing work only for Chinese version ?
Okay.. I thought of starting it again but after going to v17 and dumping bdata I see it's the one I modified. So yes it's permanent. Now I'm updating int version over UI once done I will use putty and connect using telnet to execute 3 steps right? To restore ssh?
Sorry I guess doing something wrong. After updating to int firmware in UI I'm losing telnet and ssh. I never used the calculated password anywhere. Feels strange
Do the basic configuration over the webinterface first, before trying to connect with telnet. This bdata procedure survives firmware upgrades and complete factory resets, it's permanent - but you do have to re-enable (and restart) ssh access, by editing /etc/init.d/dropbear (change release to something else, e.g. release2 in the corresponding if clause of that initscript) over telnet (and restart it afterwards).
Thanks. Even now when I dump bdata by going back to 17v and running those urls to get access to ssh. Bdata data is already modified.
Yes I did web interface setup first and then with putty telnet and port 22/23, I'm getting connection refused. I'm not able to execute those 3 commands without telnet. Is it some other port?
No, just standard ports. Could you possibly get CRC32 checksum wrong when patching bdata? Like a typo when reversing bytes order? It worked fine for me, and I did loose wifi signal after web reset, which was fixed after erasing crash and reboot.