Xiaomi Mi WiFi Amplifier 2


I have a problem with mi wifi amplifier 2. I couldn't connect to it through app and led always blink blue (even after reset). When i opened it i saw mt7628kn chipset and UART ports. Throught this port i can acces u boot and stystem settings. So my question is, is there any firmware that can be installed?

Does the device have USB Ethernet, or only WiFI?

Can you dump whatever info you find?

Device has only WIFI and UART ports

Boot up to system log:

U boot

It does not look like a tough job to replace with OpenWrt,but only having WiFi can be an issue.
Since they dont have any GPL sources finding out the GPIOs has to be done manually as I am sure they disabled sysfs

Most devices supported by OpenWRT have at least one Ethernet port. This is because WiFi is disabled by default in OpenWRT.

Well for your use at home wifi can be easily enabled by default using uci-defaults

I found firmware dump for Xiaomi Mi WiFi Amplifier 2. https://yadi.sk/d/KiqeCwcB6RZaWw Does anybody know how to unpack/repack it?

I know this device is below OpenWRT sys req - mt7628/8 RAM/2 ROM (and it actually do not need such an advanced firmware as openwrt), but stock firmware is really bad, somewhat acceptable for home use, but barely usable for traveling.

By the way, the dump also contains "OpenWrt" strings in it, not sure why.

  • What does this mean?
  • If you mean flash it like a firmware, that won't work.

In the future, you may wish to create a new thread for your inquiry.

  • What does this mean?
  • Perhaps the firmware is based on OpenWrt and you see that in hex/code?

I don't know, just found "openwrt" in HEX.

Why would not it work?
At first I would like to investigate (and maybe mod) factory firmware , it has telnet (!) port open.
So I need to unpack it.

Because it's not firmware, its a dump of the router. You should be able to re-flash it back to the device (and identical ones), though. Things like your MAC addresses and WiFi might not work as desired, though.

Then I advise you get access to the OEM's build system somehow.

I still don't understand what this means - I think you incorrectly believe you can derive a flash-able firmware from the flashed device itself, such is not the case.

That's not a problem. If there will be success in modding I can dump my own. Anyway, I've read about succesfull reflashing of "[Mi WiFi Amplifier 1]" with firmware from Maxeye repeater (both mt7688) - everything works, but MAC cloned.
So I need tools to unpack.

Perhaps, someone else can explain. I guess I'm not being clear.

I hope the best for your project.

Yes, if you have firmware you can flash it. You're talking about a dump from the router.

You must be kidding?

No, I'm not kidding. In OpenWrt, to build a firmware, you use the build tools/image builder.

I've never heard of someone trying to make a flashable BIN from a final device. I have heard of re-flashing each partition/low-level flash of whole chip; but never building a flashable BIN from a device dump.

This may help:

This poster wanted to do something similar.

I was going to advise him to use a Hex Editor, and chop up the files - but I know of no way to properly save the chunks into the BIN you desire - as to not brick your specific model router.

(The original poster in that thread forgot that he never gave us a link to the file, and demanded us to do labor for him - without the needed materials.)

I mean reflashed with dump. That should be obvious.

Yes, of course :slight_smile: OpenWrt built from source.

You should understand, *.bin is not a predefined file format, it just common extension for binary files.
Anyway, at the moment, the only way to reflash Mi Repeater with custom firmware is SPI flash programmer, like ch341a. So of course I need to modify dump.
I'm 100% sure tools for unpacking exist. U-boot should be easy to extract, root fs probably uses somthing like JFFS.

The only similarity is we probably got wrong forum.
I found this thread from google, and thought that some of openwrt folks have some experience with firmware reverse engineering.

Oh! That wasn't obvious, I thought you wanted to make a firmware file.

You simply re-flash the files in the same flash space you extracted them from.

Of course; but you want to "extract" something.

You may need to use the binwalk program to exactly locate the sections in the file, then you can divide it. They should be able to mount and open at that point.

(Although, I'm not sure of the practical purposes for doing this.)

Hope this helps.

If you have a firmware dump then you can extract most of it with binwalk but you cant really edit files and easily repackage it.

1 Like