Kind of doubt that they use it for DFS, I have not seen that in QSDK and if its not already done Qualcomm for sure wont do any R&D on it.
They have WLAN offloading to NSS listed in the datasheet, so it can probably work when ported under NSS drivers.
Altought it should be fast enough without offloading, it would most likely matter only when you need the CPU for VPN or something like that
Think you didn't undestand... I found the patch that add full support for nss-drv (qsdk10 the code we have) to the ath11k driver. No special driver of something like that... This could be the first time we support a device with no regression to the stock driver. A little bit hyped.
Hey, I have managed to gain SSH access to my Xiaomi AX3600 with international firmware (3.0.16).
Does anybody have a recommendation for a way to extract the router's firmware (without risk of exposing any personal / sensetive information) ?
Since you have ssh, you can use dd via ssh to make a dump of all partitions.
Simply remove the wireless password before dumping to make sure that wont be in the dump, other from that I don't know which sensitive info would you keep on your router.
Especially one with suspicious FW
Anyway if we really want to try to extract and steal a firmware... We can try to comunicate a false version (decrement some value) and check if the remote server try to upgrade it.
I also live in italy, normally those parcels without batteries arrive in 20 days shipped with aliexpress standard shipping.
If it is shipped via the netherlands, then you have to wait 30 days. Normally, it is shipped via Bologna directly.
Now i saw that they are selling for 81 € in aliexpress, you should get one now if you want to.
€ 80,72 26%OFF | In Magazzino Xiaomi AIoT Router AX3600 Gigabit Wifi 6 5G Wifi6 DualBand 2976Mbs Gigabit Tasso di AIoT Antenne Segnale Esterno amplificatore
cp all mtd except Factory. It contains Macs.
You may need to copy mtd one at time to the pc if the mtd is too big, and delete it after, since you may run out of ram.
ok so to sum up... the chinese is locked... but is present a vulnerability in a very old firmware and we can downgrate to that. Is that correct? And the difference between int and chinise is just ssh access?
If you want system access (ssh - and with that the opportunity to enable the nvram variable that allows serial console access (careful, 1.8 volts!)), the chinese variant is more cooperative, as it allows downgrading to a vulnerable firmware version. The international version (and current chinese ones) no longer contain this weakness and a downloadable international binary doesn't seem to be available yet (I have no idea if a global device will officially allow installing the (vulnerable) chinese version).