Xiaomi AX3600 INT firmware

Thanks again! And silly me, this file is also available on the same github repo with the calc_passwd.py script:
https://github.com/odedlaz/ax3600-files/raw/master/crash/crash_unlock.img

UPD: I followed the procedure, and was able to get in after web reset with the calculated password :+1:

Hey.. im planning to follow this guide and enable telnet permanently.. why we need to calculate password ... there is no default password ?

Default password (the one it's reset to during web reset) is calculated based on your router serial number (stored in bdata partition). I assume it's done this way for security's sake. Hence you need to derive it once for each router you have.

Okay and how to run that python script ? im giving bdata.img path as argument and it doesnt work ?

There's a simple mistake in the python script. I issued PR with a fix: https://github.com/odedlaz/ax3600-files/pull/1

Thanks. That worked and also i found this url which does calculation. https://www.oxygen7.cn/miwifi/

and it was present in this url referred in the script. https://www.wutaijie.cn/?p=254

I followed the guide and did everything but now i lost the SSH / Telnet access. What could be the reason ? wifi is working and im on international version

Hey... i followed the guide.. after reset on the INT firmware i lost both SSH and Telnet. Not sure what went wrong. will the permanent thing work only for Chinese version ?

No, it works fine with both.

Okay.. I thought of starting it again but after going to v17 and dumping bdata I see it's the one I modified. So yes it's permanent. Now I'm updating int version over UI once done I will use putty and connect using telnet to execute 3 steps right? To restore ssh?

Sorry I guess doing something wrong. After updating to int firmware in UI I'm losing telnet and ssh. I never used the calculated password anywhere. Feels strange

Do the basic configuration over the webinterface first, before trying to connect with telnet. This bdata procedure survives firmware upgrades and complete factory resets, it's permanent - but you do have to re-enable (and restart) ssh access, by editing /etc/init.d/dropbear (change release to something else, e.g. release2 in the corresponding if clause of that initscript) over telnet (and restart it afterwards).

Thanks. Even now when I dump bdata by going back to 17v and running those urls to get access to ssh. Bdata data is already modified.

Yes I did web interface setup first and then with putty telnet and port 22/23, I'm getting connection refused. I'm not able to execute those 3 commands without telnet. Is it some other port?

Is it some other port?

No, just standard ports. Could you possibly get CRC32 checksum wrong when patching bdata? Like a typo when reversing bytes order? It worked fine for me, and I did loose wifi signal after web reset, which was fixed after erasing crash and reboot.

Thanks. Let me try again. For comparison you installed which fw and version

I run Chinese 1.0.227 version. It's a patched version, so I got both telnet and SSH after web reset, without the need to edit /etc/init.d/dropbear, but I did have to use derived root password. Also, not sure if it's related, but wifi performance is much better after the reset

Oh you using patched. I'm using the stock international after bdata update. Does it matter? According to @slh it should work .

Oh you using patched

Yeah, but even with a patched one, before patching bdata, I lost SSH access after web reset, since it restored default nvram values from bdata, which set enable_ssh=0 among other things; so I can tell the procedure works fine

I'm using the stock international after bdata update. Does it matter? According to @slh it should work

I never tried to install an international firmware, since I do most of configuring via SSH, hence I don't care much about webui language. Unless something changed later on, looking at /etc/init.d/telnet and /etc/rc.d/S50telnet symlink, it's not different in INT 3.0.22 from CN 1.0.227, so I assume it should work.

Thanks @alllexx88 and @slh i made a stupid mistake when i did the reverse of the CRC32 Checksum. Now with international rom and all works as it supposed to be.

im going to tinker with settings. I wanted to change the country to US and apply any tweaks. going over this thread for answers. Thanks again.

@Double-G any help to update the country code to US/CA. i dont see that option in the drop down. CN hardware flashed with INT firmware

1 Like

I just updated by bdata for permanent SSH access. Any advantage for changing CN to EU for the country code ? I'm in North America and trying to send the country and all other thing specific to US