Xiaomi Mi WiFi Amplifier 2

Device has only WIFI and UART ports

Boot up to system log:

U boot

It does not look like a tough job to replace with OpenWrt,but only having WiFi can be an issue.
Since they dont have any GPL sources finding out the GPIOs has to be done manually as I am sure they disabled sysfs

Most devices supported by OpenWRT have at least one Ethernet port. This is because WiFi is disabled by default in OpenWRT.

Well for your use at home wifi can be easily enabled by default using uci-defaults

I found firmware dump for Xiaomi Mi WiFi Amplifier 2. https://yadi.sk/d/KiqeCwcB6RZaWw Does anybody know how to unpack/repack it?

I know this device is below OpenWRT sys req - mt7628/8 RAM/2 ROM (and it actually do not need such an advanced firmware as openwrt), but stock firmware is really bad, somewhat acceptable for home use, but barely usable for traveling.

By the way, the dump also contains "OpenWrt" strings in it, not sure why.

  • What does this mean?
  • If you mean flash it like a firmware, that won't work.

In the future, you may wish to create a new thread for your inquiry.

  • What does this mean?
  • Perhaps the firmware is based on OpenWrt and you see that in hex/code?

I don't know, just found "openwrt" in HEX.

Why would not it work?
At first I would like to investigate (and maybe mod) factory firmware , it has telnet (!) port open.
So I need to unpack it.

Because it's not firmware, its a dump of the router. You should be able to re-flash it back to the device (and identical ones), though. Things like your MAC addresses and WiFi might not work as desired, though.

Then I advise you get access to the OEM's build system somehow.

I still don't understand what this means - I think you incorrectly believe you can derive a flash-able firmware from the flashed device itself, such is not the case.

That's not a problem. If there will be success in modding I can dump my own. Anyway, I've read about succesfull reflashing of "[Mi WiFi Amplifier 1]" with firmware from Maxeye repeater (both mt7688) - everything works, but MAC cloned.
So I need tools to unpack.

Perhaps, someone else can explain. I guess I'm not being clear.

I hope the best for your project.

Yes, if you have firmware you can flash it. You're talking about a dump from the router.

You must be kidding?

No, I'm not kidding. In OpenWrt, to build a firmware, you use the build tools/image builder.

I've never heard of someone trying to make a flashable BIN from a final device. I have heard of re-flashing each partition/low-level flash of whole chip; but never building a flashable BIN from a device dump.

This may help:

This poster wanted to do something similar.

I was going to advise him to use a Hex Editor, and chop up the files - but I know of no way to properly save the chunks into the BIN you desire - as to not brick your specific model router.

(The original poster in that thread forgot that he never gave us a link to the file, and demanded us to do labor for him - without the needed materials.)

I mean reflashed with dump. That should be obvious.

Yes, of course :slight_smile: OpenWrt built from source.

You should understand, *.bin is not a predefined file format, it just common extension for binary files.
Anyway, at the moment, the only way to reflash Mi Repeater with custom firmware is SPI flash programmer, like ch341a. So of course I need to modify dump.
I'm 100% sure tools for unpacking exist. U-boot should be easy to extract, root fs probably uses somthing like JFFS.

The only similarity is we probably got wrong forum.
I found this thread from google, and thought that some of openwrt folks have some experience with firmware reverse engineering.

Oh! That wasn't obvious, I thought you wanted to make a firmware file.

You simply re-flash the files in the same flash space you extracted them from.

Of course; but you want to "extract" something.

You may need to use the binwalk program to exactly locate the sections in the file, then you can divide it. They should be able to mount and open at that point.

(Although, I'm not sure of the practical purposes for doing this.)

Hope this helps.

If you have a firmware dump then you can extract most of it with binwalk but you cant really edit files and easily repackage it.

1 Like

To be clear.

As @robimarko and I have attempted to articulate...it is dangerous to the modify those chopped-up BIN files, and attempt to reflash them like the originals. I think that's what is unclear here in your belief that this community doesn't understand reverse BIN file engineering.

There's more process involved; and it's easier to use the proper firmware build tool to make the firmware file - if you are already aware of those particulars.

Ok, im just here to drop the fix i have to these repeater..

im using openwrt on a xiaomi r3p with 4 of these repeater around the house.
to make it work as a repeater to the r3p with openwrt on, is before you install openwrt into the router,
make everything work correctly before moving onto openwrt, what i mean is install you router as normal with xiaomi app on phone & settings etc etc, and link these repeater to the router and make sure its working.
then all you have to do is install openwrt to the router with the SAME ssid as you setup in xiaomi firmware on the router, then reconnect the repeater to the power.

the repeater will reconnect to the ssid with openwrt on. you can check it with the xiaomi app (if you havent uninstall it)

1 Like

Were you able to change the firmware of your repeater؟
I also bought one But I don't like the firmware and I want to change it
I don't know if that is possible or not :disappointed::disappointed: