Xiaomi WiFi Router 3G

I tried SSH as it https://wiki.openwrt.org/toh/xiaomi/mini but router does NOT enabled SSH. :confused:
Probably due no developer rom in it.

Without Developer ROM you cant get SSH access

@dissent1 is it possible for you to get the soldering instructions from that guy and share? I understand there is no spec which defines the SPI flash pads and each company may choose its own layout.

Also, could you please share the instructions to interrupt u-boot ?

He tells that uart pins are labeled on the board with according output gnd, rx, tx. He used a ttl cable, but he attached it through a programmer he already had.

Thanks @dissent1, I got confused because of the Chinese translation for the spiflash pads and understand my mistake now.
There is a UART connector (J4) on the top of the image (see image below) next to the MI logo:
It has 4 pins, I assume pin #1 (left) is for VCC, pins #2-4 are labeled as RX, GND and TX respectively.

Regarding the u-boot interrupt, I understand UART is not enabled by default, so I'm not sure I understand where do I type the commands (which you shared) or how to interrupt u-boot in order to enable UART and type these commands

setenv uart_en 1
saveenv

Could you please share some clarification on this ?

There's a prompt

Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.

You should push 4

The dev firmware seem to be out

1 Like

Please note that I have not been able to test the dev firmware as my device is still en route from china so there could be a reason why it has been removed...
It was available shortly at http://www.miwifi.com/miwifi_download.html but now it seems like they have removed the link. It's available at http://bigota.miwifi.com/xiaoqiang/rom/r3g/miwifi_r3g_firmware_c2175_2.25.122.bin (I was able to reconstruct the link as I downloaded the firmware two days ago so a had the filename).

I think they added the link back.
My device did not arrive yet and I did not test the dev fw.

Are there any advantages for using the dev fw over soldering uart? (except for the soldering part ...).

It appears to me the flow to enable ssh using the dev fw is very complicated and requires flashing at least 2 different fws before we can flash lede.

You don’t need to erase kernel0, issueing these commands from stock fw is enough (taking into account that you have flashed kernel1 and rootfs0)
nvram set flag_last_success=1
nvram commit

Please advice how I can flash back to factory firmware ?

Have you erased kernel0 or used the nvram method?

I used the "nvram set flag_last_success" method. I could only get either 2.4G or 5G working one at a time so I think I will get back to factory until there is a stable version.

Weird, I don’t have any issues with lede actually and Wi-Fi is working stable for me.
Anyway, have you saved a backup of mtd partitions?

That was my big mistake. I forgot to save a backup of the partitions.

Well,you should be able to revert to stock using usb

I tried (twice) to flash factory using USB method. It just reset the lede.

Okay, then you will test factory restoration procedure without backup mtd if you don’t mind :slight_smile:
Flash this image, it has support for nvram that I have not pushed upstream yet

Then when booted run
fw_pintenv
if you get all your envs printed without error, then run
fw_setenv flag_last_success 0

After that try the usb stick recovery procedure.
This method is not tested, but in theory it loads the stock fw kernel that has been left in kernel0 (because you have not erased it), and stock kernel in theory contains the usb recovery script, so you will be able to recover using the standard xiaomi procedure.
But keep in mind that there is a small risk that if kernel0 does not recover from usb stick, you may need uart to access the bootloader.

Edit: wait a sec, I did not set nvram partition to read-write, I’ll recompile the image.

Edit2: updated the link to an image

2 Likes

There is no kernel0 in the mtd partitions, only kernel_erase.

That’s correct, but kernel0 is still there if you didn’t run mtd erase kernel0 while on stock