Kind of doubt that they use it for DFS, I have not seen that in QSDK and if its not already done Qualcomm for sure wont do any R&D on it.
They have WLAN offloading to NSS listed in the datasheet, so it can probably work when ported under NSS drivers.
Altought it should be fast enough without offloading, it would most likely matter only when you need the CPU for VPN or something like that
Think you didn't undestand... I found the patch that add full support for nss-drv (qsdk10 the code we have) to the ath11k driver. No special driver of something like that... This could be the first time we support a device with no regression to the stock driver. A little bit hyped.
Ok, that sounds great
Hey, I have managed to gain SSH access to my Xiaomi AX3600 with international firmware (3.0.16).
Does anybody have a recommendation for a way to extract the router's firmware (without risk of exposing any personal / sensetive information) ?
Since you have ssh, you can use dd via ssh to make a dump of all partitions.
Simply remove the wireless password before dumping to make sure that wont be in the dump, other from that I don't know which sensitive info would you keep on your router.
Especially one with suspicious FW
Anyway if we really want to try to extract and steal a firmware... We can try to comunicate a false version (decrement some value) and check if the remote server try to upgrade it.
I also live in italy, normally those parcels without batteries arrive in 20 days shipped with aliexpress standard shipping.
If it is shipped via the netherlands, then you have to wait 30 days. Normally, it is shipped via Bologna directly.
Now i saw that they are selling for 81 € in aliexpress, you should get one now if you want to.
€ 80,72 26%OFF | In Magazzino Xiaomi AIoT Router AX3600 Gigabit Wifi 6 5G Wifi6 DualBand 2976Mbs Gigabit Tasso di AIoT Antenne Segnale Esterno amplificatore
Is this the international or the Chinese?
cat /proc/mtd
cp all mtd except Factory. It contains Macs.
You may need to copy mtd one at time to the pc if the mtd is too big, and delete it after, since you may run out of ram.
cp /dev/mtd1 /tmp/
cp /dev/mtd2 /tmp/
cp /dev/mtd3 /tmp/
cp /dev/mtd... /tmp/
Chinese version
Isn't that locked or you still can hack that with serial access?
Right now i don't have an ax3600.
I haven't opened the router, but if you want to enable ssh, it's quite easy.
Change the <STOK> to your own.
Use a browser and run these 2 url.
The default username is root, password is admin.
http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B
http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B
This works only on the first chinese firmware 1.0.17.
Well, there is a way to update to 1.0.67 without losing SSH after that.
How did You get SSH on International FW?
It might be very helpful in future
Yeah, just downgrade to that version.
ok so to sum up... the chinese is locked... but is present a vulnerability in a very old firmware and we can downgrate to that. Is that correct? And the difference between int and chinise is just ssh access?
Downgrade from international 3.0.16 firmware to chinese 1.0.17?
That sounds stupid as you will loose your international firmware if it's possible to flash from international to chinese through the web gui.
Our goal is to get the update file of a international firmware.
If you want system access (ssh - and with that the opportunity to enable the nvram variable that allows serial console access (careful, 1.8 volts!)), the chinese variant is more cooperative, as it allows downgrading to a vulnerable firmware version. The international version (and current chinese ones) no longer contain this weakness and a downloadable international binary doesn't seem to be available yet (I have no idea if a global device will officially allow installing the (vulnerable) chinese version).
I meant that if you had the chinese version, you could downgrade it to the old version.
BTW, there is a way to permanently enable ssh, then you can flash the new chinese firmware or international firmware, of course, if you can find it.