Xiaomi Mi Router 4A - How not to brick

Hello everyone. I wanted to share my experience with Xiaomi 4A routers. I installed OpenWRT on to a great number of these routers. Cheap 5 GHz. But with a surprise.

They come in different revisions:

  • DVB4230GL (international packaging)
  • DVB4230CN (chinese packaging)
  • DVB4222CN (chinese packaging)

But revision != hardware version for these routers. GL revision contained both firmware layouts for international and chinese ones, and they are not interchangeable. What I did was:

  1. Use OpenWRTInvasion 0.0.1 which gives you netcat access to router before flashing
  2. Check flash layout by typing cat /proc/mtd:
    mtd6: 00200000 00010000 "overlay" - R4AC 100m
    mtd6: 00100000 00010000 "overlay" - MIR4A 100m
  3. Upload proper firmware depending on router via netcat on different port:
ROUTER: nc -l -p 3333 > /tmp/fw.bin
PC: nc -w 3 192.168.31.1 3333 < r4ac-normal-sysuprg.bin //depenging on layout
ROUTER: mtd -e OS1 -r write /tmp/fw.bin OS1
  1. Shake and watch at orange LED hoping it's not bricked
  2. Reload to OpenWRT
flash layout for MIR4A
mtd0: 01000000 00010000 "ALL"
mtd1: 00020000 00010000 "Bootloader"
mtd2: 00010000 00010000 "NULL"
mtd3: 00010000 00010000 "Factory"
mtd4: 00010000 00010000 "crash"
mtd5: 00010000 00010000 "cfg_bak"
mtd6: 00100000 00010000 "overlay"
mtd7: 00c60000 00010000 "OS1"
mtd8: 00b00000 00010000 "rootfs"
mtd9: 00230000 00010000 "disk"
mtd10: 00100000 00010000 "Config"

And this made the trick and I have never bricked routers anymore. Yes, this means you have to check the hardware version before flashing.

But what I found later was one of the routers not having 5 Ghz interface. Turns out, they have changed from MediaTek MT7612 to MT7613.

So I manually added these packets (don't recall correctly but written for myself that it was 7615 driver - will double check later):

  • kmod-mt7615e
  • kmod-mt7663-firmware-ap
    And now I have two OpenWRT builds for both firmware layouts which work on every Xiaomi 4A router I need to flash. I hope you this is somewhat helpful.

Thank you so much everyone contributing to OpenWRT community.

4 Likes

Is it 100M version, not Giga?

yes, I am only talking about 100m versions

So what are you trying to explain is that in addition to the already 3 wiki-known „mi 4“ subtypes:

  1. mi 4ac (international version, 100mbit)
  2. mi 4a 100m
  3. mi 4a gigabit edition (several subvariants)

that there is a yet undocumented new variant ? And that this new variant is a mi 4ac (international version) hardware, but with the firmware layout of a mi 4a 100m?

2 Likes

Well... Today I had a DVB4230GL model with MIR4A layout (mtd6: 00100000) and MT7613 5GHz modem. In dmesg it had strings like MiWiFi-R4ACv2-3.0.129 and MT7613. Sooo this looks like Xiaomi just decided to change hardware in this router how they want and not change revisions. Probably we just need to merge these two ToH pages (MIR4A 100m and R4AC 100m) and force users to check which version of router they build for (mtd6 00100000 or 00200000). In case of 5GHz, 8mb allows to have both MT7612 and MT7613 drivers, which was the solution for me to have only 2, not 4 different firmware files.

I was able to check my build config:
for mtd6: 00100000 (MIR4A) flash layout i have these drivers:

drivers
kmod-mt7615-common
kmod-mt7615-firmware
kmod-mt7615e
kmod-mt7663-firmware-ap
and some default ones for mt7612
kmod-mt76x2
and so

probably some are not needed for MT7613 but I decided to leave like this.

so this works for me for every router with MIR4A flash layout (it feels like flash layout is the only difference between two because dts files are the same otherwise) with both MT7612 and MT7613
will check later about R4AC layout, if I ever added MT7613 driver to them or not

Pico was right. I have never added MT7613 drivers to my firmware for routers with "R4AC" flash layout, so never had one like this. Which means we only have one new version of 4A (R4ACv2 as in dmesg) which comes with mtd6: 00100000 and MT7613 and DVB4230GL revision.
Not sure about CN revisions - only had a few of these but successfully flashed them with MIR4A (mtd6: 00100000) firmware, which is expected.

Quick note, had DVB4222CN with mt7613 today. Also called R4ACv2 in dmesg.
If anyone knows how to properly add this info into wiki, please let me know

Thanks excelent info, i have a xiaomi R4AC 2021 international DVB4230GL with mtd6: 00100000 00010000 "overlay" and the way it works to me is with the MIR4A 100m sysupgrade.
After flash i only have to wait until the orange blink LED change into fix blue and then with the ip 192.168.1.1 it works at least luci.
In dmesg only says "MiWiFi-R4AC-2.18.58" no version 2 or anything (low version because to many bricks).

Full flash layout

mtd0: 01000000 00010000 "ALL"
mtd1: 00020000 00010000 "Bootloader"
mtd2: 00010000 00010000 "Config"
mtd3: 00010000 00010000 "Factory"
mtd4: 00010000 00010000 "crash"
mtd5: 00010000 00010000 "cfg_bak"
mtd6: 00100000 00010000 "overlay"
mtd7: 00c60000 00010000 "OS1"
mtd8: 00b00000 00010000 "rootfs"
mtd9: 00240000 00010000 "disk"

-Yes it change mtd10: "Config" to mtd2, i didnt touch anything-

I think telnet works better that ssh for this because ssh it close in the previous tries and then it bricks.

1 Like