Xiaomi Magenta 5G AX5400 (CB0401)

I got this device today. It’s one of those cellular connection devices having AX5400 WiFi and a couple 1 Gbps lan connections. It should be based on Snapdragon processor and according to some web site it has already some modificated OpenWRT in it.

Now I wonder how to get serial connection. There is a promising four holes row on it and one of those seems to be ground, but I wonder if it is 3.3V connection or not. How are the other Snapdragon based devices, do they have 3.3V serial or rather 1.8V?

20251021_2006181920×2560 292 KB

Here is one picture of it. The promising point is clearly seen besides keyboard Alt key.

Pretty much all running androids….

Here:

is one having OpenWRT and possibly same Snapdragon version.

It's a vendor SDK, not OpenWRT, they're lying.

No serial-looking header visible on PCB. Try to peel plasticines, look for 3-4 solder points arranged in a row.

Don’t you think those four near keyboard Alt -key is it?

One of them is ground and two of them seems to have a bit over 1V while it boots.

“a bit over” 1V is filtered communication. Is the last 3V?

I know, but it was measured with a cheap chinese multimeter. Not by a proper gear.

I only ment, there is “something” happening between ground and two other soldering points.

1.8 V serial communication wouldn't be surprising for Qualcomm SOCs, many vendors add the level shifters for 3.3V, some don't.

There seems to be a downloadable bin file for it here:

https://cdn.awsde0-fusion.fds.api.mi-img.com/xiaoqiang/rom/cb0401/miwifi_cb0401_R01A11-FOTA_firmware_b173d_3.0.100_INT.bin

Does somebody know if this can do TFTP update and how to do it?

Target File:   /tmp/tmp.URsIKR3pAW/_miwifi_cb0401_R01A11-FOTA_firmware_b173d_3.0.100_INT.bin.extracted/full-images/sdxlemur-boot.img
MD5 Checksum:  40e8d1c4fa0e7c0c773dea94588bfe18
Signatures:    411

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Android bootimg, kernel size: 9251238 bytes, kernel addr: 0x80008000, ramdisk size: 0 bytes, ramdisk addr: 0x80008000, product name: ""

It is a project in timescale of google wifi originally running chrome os. Start with adb, fastboot etc tools.

Did you find anything like u-boot in it?

most firmwares doesn't ship with u-boot.

Android UEFI, which unless proven otherwise means trustzone adding another barrier for you.

I’d try to search xda-developers and lineageos if anyone is working towards headless android. At least you can learn how to unlock secureboot (usually needs vendor key esp xiaomi) using fastboot to boot own images.

ro.build.version.release=LE.UM.5.3.2.r1-06300-SDX65.0
ro.product.name=sdxlemur-qti-distro-nogplv3-perf

You have same binwalk as everybody else.

Sure. Just not installed right now.

Binary seems to begin with Android boot image from address 0x0 and any bootloader should be there as far as I know.

The device just seems to be in a bootloop. I just wonder if there is anything to do about it.

8             0x8             UEFI PI Firmware Volume, volume size: 4317184, header size: 96, revision: 0, EFI Firmware File System v2, GUID: 8C8CE578-8A3D-4F1C-3599-896185C32DD3

It is proper android ota bundle.

Gladly no openwrt involved. Check in Android forums on what are your options.

I have newer used abd or any other tools related to it, but does’nt it take USB connection? Or is there other options available too?

https://xdaforums.com/t/guide-adb-for-beginners-setup-use-and-more.690362/

In this case it is buttons, like power while holding button to boot into fastboot one way or safe boot other way or network adb another way. It is not typical OpenWrt target where rudimentary drop bear is preinstalled.

You're wrong.
In these devices (CB04*, CB05*), only the modem image is common with the Android world.
The kernel image is standard for Xiaomi. And the contents of the SQUASHFS are also standard.