Xiaomi AX3600 INT firmware

alllexx88 · November 11, 2020, 2:20pm

Thanks again! And silly me, this file is also available on the same github repo with the calc_passwd.py script:
https://github.com/odedlaz/ax3600-files/raw/master/crash/crash_unlock.img

UPD: I followed the procedure, and was able to get in after web reset with the calculated password

everydaydealer · November 11, 2020, 2:50pm

Hey.. im planning to follow this guide and enable telnet permanently.. why we need to calculate password ... there is no default password ?

alllexx88 · November 11, 2020, 3:44pm

Default password (the one it's reset to during web reset) is calculated based on your router serial number (stored in bdata partition). I assume it's done this way for security's sake. Hence you need to derive it once for each router you have.

everydaydealer · November 11, 2020, 3:54pm

Okay and how to run that python script ? im giving bdata.img path as argument and it doesnt work ?

alllexx88 · November 11, 2020, 3:56pm

There's a simple mistake in the python script. I issued PR with a fix: https://github.com/odedlaz/ax3600-files/pull/1

everydaydealer · November 11, 2020, 3:59pm

Thanks. That worked and also i found this url which does calculation. https://www.oxygen7.cn/miwifi/

and it was present in this url referred in the script. https://www.wutaijie.cn/?p=254

everydaydealer · November 12, 2020, 5:35am

I followed the guide and did everything but now i lost the SSH / Telnet access. What could be the reason ? wifi is working and im on international version

everydaydealer · November 12, 2020, 5:47am

Hey... i followed the guide.. after reset on the INT firmware i lost both SSH and Telnet. Not sure what went wrong. will the permanent thing work only for Chinese version ?

slh · November 12, 2020, 5:56am

No, it works fine with both.

everydaydealer · November 12, 2020, 6:20am

Okay.. I thought of starting it again but after going to v17 and dumping bdata I see it's the one I modified. So yes it's permanent. Now I'm updating int version over UI once done I will use putty and connect using telnet to execute 3 steps right? To restore ssh?

everydaydealer · November 12, 2020, 6:26am

Sorry I guess doing something wrong. After updating to int firmware in UI I'm losing telnet and ssh. I never used the calculated password anywhere. Feels strange

slh · November 12, 2020, 8:16am

Do the basic configuration over the webinterface first, before trying to connect with telnet. This bdata procedure survives firmware upgrades and complete factory resets, it's permanent - but you do have to re-enable (and restart) ssh access, by editing /etc/init.d/dropbear (change release to something else, e.g. release2 in the corresponding if clause of that initscript) over telnet (and restart it afterwards).

everydaydealer · November 12, 2020, 1:33pm

Thanks. Even now when I dump bdata by going back to 17v and running those urls to get access to ssh. Bdata data is already modified.

Yes I did web interface setup first and then with putty telnet and port 22/23, I'm getting connection refused. I'm not able to execute those 3 commands without telnet. Is it some other port?

alllexx88 · November 12, 2020, 1:39pm

Is it some other port?

No, just standard ports. Could you possibly get CRC32 checksum wrong when patching bdata? Like a typo when reversing bytes order? It worked fine for me, and I did loose wifi signal after web reset, which was fixed after erasing crash and reboot.

everydaydealer · November 12, 2020, 1:42pm

Thanks. Let me try again. For comparison you installed which fw and version

alllexx88 · November 12, 2020, 1:45pm

I run Chinese 1.0.227 version. It's a patched version, so I got both telnet and SSH after web reset, without the need to edit /etc/init.d/dropbear, but I did have to use derived root password. Also, not sure if it's related, but wifi performance is much better after the reset

everydaydealer · November 12, 2020, 1:58pm

Oh you using patched. I'm using the stock international after bdata update. Does it matter? According to @slh it should work .

alllexx88 · November 12, 2020, 2:09pm

Oh you using patched

Yeah, but even with a patched one, before patching bdata, I lost SSH access after web reset, since it restored default nvram values from bdata, which set enable_ssh=0 among other things; so I can tell the procedure works fine

I'm using the stock international after bdata update. Does it matter? According to @slh it should work

I never tried to install an international firmware, since I do most of configuring via SSH, hence I don't care much about webui language. Unless something changed later on, looking at /etc/init.d/telnet and /etc/rc.d/S50telnet symlink, it's not different in INT 3.0.22 from CN 1.0.227, so I assume it should work.

everydaydealer · November 12, 2020, 5:29pm

Thanks @alllexx88 and @slh i made a stupid mistake when i did the reverse of the CRC32 Checksum. Now with international rom and all works as it supposed to be.

im going to tinker with settings. I wanted to change the country to US and apply any tweaks. going over this thread for answers. Thanks again.

@Double-G any help to update the country code to US/CA. i dont see that option in the drop down. CN hardware flashed with INT firmware

everydaydealer · November 12, 2020, 5:57pm

I just updated by bdata for permanent SSH access. Any advantage for changing CN to EU for the country code ? I'm in North America and trying to send the country and all other thing specific to US