I didn't follow for awhile. Can someone confirm if the latest snapshot (kernel5) work without problem (lan)?
@Zorro Hello i'm a newbie about installing openwrt in my router, can i install mir3g-v2 openwrt firmware to my mi 4a gigabit edition?
Oh yes my friend, I tried many more times than I can count, with stock from here and from there (always same checksum tho), with bootpd on Linux, with both TinyPXE and miwifirepair tool on Windows, always and always same result 
I will look into trying to dump SPI and opening hex editor check if I see something that might mess up the SSID when I have some free time and motivation.
Welcome 
Yeap you can install it without any issues... i am running Firmware Version
" OpenWrt 19.07-SNAPSHOT r0+11137-4feab09c0b / LuCI openwrt-19.07 branch git-20.186.82389-282dbf8 " on my mi 4a gigabit version without any problems
2 Likes
wow thanks for the response
My xiaomi mi 4a gigabit edition will arrive tommorow,it's a chinese version it got it just for 24$ the question if i use Zorro's build am i gonna encounter errors?i'm afraid to brick my router even though there's an unbricker
After updating the original firmware on my 3Gv2 to the OWRT snapshot i get an error and reboot
## Booting image at bc180000 ...
Bad Magic Number,3C68746D, try to reboot
Erasing SPI Flash...
raspi_erase: offs:30000 len:10000
.
Writing to SPI Flash...
.
done
I tried different fws many times and no one works by tftp or by
root@XiaoQiang:/#
root@XiaoQiang:/#curl http://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_mir3g-v2-squashfs-sysupgrade.bin --output /tmp/openwrt-fw.bin
root@XiaoQiang:/#mtd -e OS1 -r write openwrt-fw.bin OS1
The original firmware works fine after flashing SPI.
Any clue or advice?
Here's an international stock firmware in case someone needs it:
http://cdn.awsde0-fusion.fds.api.mi-img.com/xiaoqiang/rom/r4a/miwifi_r4a_all_03233_3.0.24_INT.bin
$ sha256sum miwifi_r4a_all_03233_3.0.24_INT.bin
609b5b59b7b00365451fa358b5a79e0e4078b8a9a7aeb6a994a641287a093548 miwifi_r4a_all_03233_3.0.24_INT.bin
This link can retrieved by opening the following page when an OTA update is available:
http://192.168.31.1/cgi-bin/luci/;stok=<stok>/api/xqsystem/check_rom_update
4 Likes
Thank you my friend, but that doesn't seem full stock firmware, probably just an update layer of some sort, when trying to flash that one the router blinks purple, which means it didn't accept the image.
Thanks anyway for the effort
It is full firmware with U-Boot and it is accepted when uploading manually through the stock web interface. Chinese 2.28.38 does not contain U-Boot, this difference may be the cause.
$ binwalk miwifi_r4a_all_03233_3.0.24_INT.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
672 0x2A0 uImage header, header size: 64 bytes, header CRC: 0x9CDF20EC, created: 2020-08-18 11:18:42, image size: 1690519 bytes, Data Address: 0x81001000, Entry Point: 0x81387E90, data CRC: 0x6ED67599, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "MIPS OpenWrt Linux-3.10.14"
736 0x2E0 LZMA compressed data, properties: 0x6D, dictionary size: 8388608 bytes, uncompressed size: 4991744 bytes
1704608 0x1A02A0 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 12763178 bytes, 2345 inodes, blocksize: 262144 bytes, created: 2020-08-18 11:18:36
14778484 0xE18074 U-Boot version string, "U-Boot 1.1.3 (Aug 18 2020 - 11:10:29)"
14779036 0xE1829C CRC32 polynomial table, little endian
$ binwalk miwifi_r4a_firmware_51508_2.28.38.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
676 0x2A4 uImage header, header size: 64 bytes, header CRC: 0x6056EBF4, created: 2019-02-22 06:51:44, image size: 1856070 bytes, Data Address: 0x81001000, Entry Point: 0x813ECCE0, data CRC: 0x1522C879, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "MIPS OpenWrt Linux-3.10.14"
740 0x2E4 LZMA compressed data, properties: 0x6D, dictionary size: 8388608 bytes, uncompressed size: 5458688 bytes
1133506 0x114BC2 COBALT boot rom data (Flat boot rom or file system)
1901220 0x1D02A4 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 11349156 bytes, 2236 inodes, blocksize: 262144 bytes, created: 2019-02-22 06:51:40
1 Like
I'm guessing the firmware got corrupted on download its recommended that you always check the checksums before installing. You will probably need to debrick and try again but you might find more info in a thread for the 3Gv2
Brilliant! Has anyone tested this in debricking yet on either the chinese or international versions?
Hello.
I was successfuly installed this firmware.
I have restored Chinese firmware with TinyPXE.
After that, I installed EN.2.28.132.bin with R3GV2 patches method.
From web interface I upload miwifi_r4a_all_03233_3.0.24_INT.bin
2 Likes
You can try installing directly the miwifi_r4a_all_03233_3.0.24_INT.bin with R3GV2 patch method from chinese stock, should be no need to use EN.2.28.132.bin first as the 3.0.24 is the same kind of firmware that can only be used from web page of stock, can't be directly flashed to chip.
1 Like
My xiaomi mi router 4a gigabit edition is here (chinese) I'm going to flash OpenWRT here using Windows method only...I'll update later
Just realised there is a new version of the stock Xiaomi firmware 3.0.24.
I uploaded the miwifi_r4a_all_03233_3.0.24_INT.bin file to the OpenWRTInvasion repo
Can somebody confirm if the OpenWRTInvasion exploit works with the new version?
1 Like
I successfully installed OpenWRT using Windows machine only and i flashed Byte's build and i'm browsing it in my phone,no errors at all ...the question is if i ever want to revert back to original firmware what should i do?
Does anyone have the international firmware for this model? the 2.18.215.bin or the 3.0.5.bin, I see you managed to get the gigabit model firmware 3.0.24
I'm currently running @araujorm (thanks for efforts and detailed info) firmware https://github.com/araujorm/openwrt/releases/tag/mir4ag-19.07-20200722 on Mi Router 4A Gigabit Edition loaded onto router that shipped with stock 3.0.9 global (INT) firmware using OpenWRTInvasion exploit following @hoddy guide (thanks) with exception of using @araujorm directly without loading Byte first and uploading the firmware using FTP (more on this below...)
Downloading the firmware directly to the router using curl did not work correctly (wrong size file / CRC check, likely due to SSL library compatibility of the stock ROM or maybe a URL redirect). From reading a lot of the posts in this thread I'm assuming this is why often people are reporting bricked devices due to not checking the file CRC is correct on the router or using the wrong file.
Prior to writing the OpenWrt firmware I used 'dd' to take backups of all the /dev/mtd devices.
Is it possible to use these backups to reconstruct into a 3.0.9 stock ROM maybe combining partially with 'binwalk' extraction of a stock ROM? I've looked at the ImageBuilder tool but it seems to be focused on complete compile from source code.
1 Like