Xiaomi WiFi Router 3G

Well,I am sure that someone has backup of original kernel0 partition.
That is only way

@das1969 here is the extracted kernel0 from my router. I have never tried this before so it would be nice with feedback if my method is correct and the backup is usable.

I did this (/home is my usb drive):

  • root@LEDE_Mi_Router_3G:~# cat /proc/mtd
    dev: size erasesize name
    mtd0: 00080000 00020000 "Bootloader"
    mtd1: 00040000 00020000 "Config"
    mtd2: 00040000 00020000 "Bdata"
    mtd3: 00040000 00020000 "Factory"
    mtd4: 00040000 00020000 "crash"
    mtd5: 00040000 00020000 "crash_syslog"
    mtd6: 00040000 00020000 "reserved0"
    mtd7: 00400000 00020000 "kernel_erase"
    mtd8: 00400000 00020000 "kernel"
    mtd9: 07580000 00020000 "ubi"
  • root@LEDE_Mi_Router_3G:~# cat /dev/mtd7 > /home/kernel0.bin

Here is the result: kernel0.bin

1 Like

Dont use that method.
It would be better to use dd.
So you can use dd if=/dev/mtdx of=/tmp/kernel0.bin

Change x in mdt with partition number.
But he needs stock kernel, not one that ships with LEDE

2 Likes

Oh dear. I think I've bricked my router. Router boots with orange light solid, which flickers once every ten seconds or so. With an ethernet cable attached to PC, get constant cycle of identifying network and then disconnected.

Tried 30-30-30 reset already. reset button seems to have no effect

Yes,that means that it tries to load kernel and then after failure reboots.
You can recover it,but serial connection is needed.

Sorry to hear about the bricked router. I just tried the dd method

  • root@LEDE_Mi_Router_3G:~# dd if=/dev/mtd7 > /home/kernel0_org.bin

and tried a compare

  • root@LEDE_Mi_Router_3G:/# cmp /home/kernel0.bin /home/kernel0_org.bin

fortunately the files are identical. I did not run "mtd erase kernel0" when I installed LEDE but used "nvram set flag_last_success=1" + "nvram commit" so I assume the partition is the stock partition (just renamed from kernel0 to kernel_erase). A quick look in the file also shows the text "MIPS OpenWrt Linux-3.10.14" near the top.

If the usb recovery doesn’t work for you know then check this
https://lede-project.org/docs/user-guide/failsafe_and_factory_reset

But if you flashed that dump into kernel partition, then usb recovery should work

1 Like

Well that is different since you didnt delete the kernel.
I am saying that it is much better to use appropriate tools like dd that standard output append.

1 Like

Ordered a USB TTL UART adapter, should be here in a few days. Thanks for your help guys, I'll check back when I've (hopefully) got it going again.

1 Like

AFAIK most router hardware uses 3.3v logic so be sure the USB adapter uses 3.3v too

I've had some USB adapters that claim to be 3.3v but actually use 5v so test it with a multimeter first

Thanks @hammer for the detailed procedure, it worked for me!

Some issues I had, hope my experience could help others who are facing the same issues:

1st I tried to enable the ssh without flashing miwifi_r3g_firmware_c2175_2.25.122.bin, I just followed the procedure to flash miwifi_ssh.bin and not only it didn't enable SSH, but after that I tried to flash c2175_2.25.122.bin and the router stopped responding for 10 min, resetting the router (pressing the reset button while the router is on until there is a led indication) solved that issue for me.
I didn't need to re-flash the miwifi_ssh.bin again, ssh was already enabled at that point.

The 2nd issue I faced was the router IP set to 192.168.1.1 (DHCP: 192.168.1.x) which is same as my existing router, this means I was not able to get it connected to the internet when connecting the WAN port to the LAN of my existing router.
to resolve this I had to change the mir3g default IP address, I typed the following $> vi /etc/config/network
searched for:

config interface 'lan'
         .....
         option ipaddr '192.168.1.1'

and changed 192.168.1.1 to 192.168.2.1 , after that I executed: $> reboot

3rd issue was the development LEDE FW does not have GUI (LUCI) installed.
to install LUCI (after I solved the DHCP issue), I followed the regular procedure:
$> opkg update
$> opkg install luci

Last issue was enabling radio0 WIFI AP (2.4GHz) on LUCI, it appears that we have to set radio0 channel to some number and not leaving it set to auto, leaving it set to auto will not allow enabling the radio0 AP. Same issue doesn't occur with radio1 (5GHz)

1 Like

i've tryed , but im afraid i bricked it , and trying to flash the developer rom with the reset an usb does no change at all . the orage led keeps blinking and never reaches blue. and when i turn it on a purple led blinks . any clue about how to unbrick it. i do have acces also to a serial to usb if it is needed.

thanks

Serial is needed,give us log over serial and then we can help you

serial is giving nothing , any baud conf or boot+connection is required perhaps..

That means that you have either not connected the serial pins correctly or your contact is bad.
Because serial will provide output even if you cant write to it

the wiring is right , and the serial converter does work(just tryed on a samkows router)...should i connect the pin 1 to 3.3v or 5v or leave it clear, and shoud i connect the serial before or after turning the router on??

when connect all pins (correctly , also ive checked my solder with a multimeter) and then powered , no led is on , when first powered and then connected to usb serial adapter orange and red leds are on , the blue one only comes on if a usb is plugged.

What settings are you using for serial?

using putty , ive tryed 9600, 115200, and 57600.

115200 is correct.
It is then behaving very weirdly.
Have you tried holding reset button with miwifi.bin on USB?