[Xiomi router 4a 100mbps] Mt76x2e driver eeprom check error with limited tx power

I am using Xiomi router 4a 100mbps edition.
All works well except 5gh radio.
I've found the error in eeprom reading. As a result random mac address is assigned as well as the transmit power (tx power) is fixed at 3 dbm only.
How can I fix it?

[   18.181693] mt76x2e 0000:01:00.0: card - bus=0x1, slot = 0x0 irq=4
[   18.188358] mt76x2e 0000:01:00.0: ASIC revision: 76120044
[   18.203932] mt76x2e 0000:01:00.0: EEPROM data check failed: ffff
[   18.874447] mt76x2e 0000:01:00.0: Invalid MAC address, using random address 8e:4d:09:3e:f5:7e
[   19.492606] mt76x2e 0000:01:00.0: ROM patch build: 20141115060606a
[   19.709003] mt76x2e 0000:01:00.0: Firmware Version: 0.0.00
[   19.714670] mt76x2e 0000:01:00.0: Build: 1
[   19.718826] mt76x2e 0000:01:00.0: Build Time: 201607111443____
[   19.744131] mt76x2e 0000:01:00.0: Firmware running!
[   19.749285] mt76x2e 0000:01:00.0: registering led 'mt76-phy1']

Whats in
ubus call system board
and on factory label of the device?

{
        "kernel": "5.15.167",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "Xiaomi Mi Router 4A (100M Edition)",
        "board_name": "xiaomi,mi-router-4a-100m",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}

on the back of the router there is xiomi mi router 4a
model r4ac

IThere is 3rd 4a 100mbit in snapshots, but no detail attached,

i can't understand what you are talking about. if you are talking about mi router 4a 100 mb international edition firmware, i can assure you that firmware broke my router.

Please attach output of hexdump /dev/mtd2

root@OpenWrt:/proc# hexdump /dev/mtd2
0000000 7628 0200 de8c 78f9 639b 0000 0000 0000
0000010 ffff ffff ffff ffff ffff ffff ffff ffff
0000020 0000 0000 0020 0000 de8c 78f9 629b 0c00
0000030 e143 2a76 3422 2000 ffff 0100 0000 0000
0000040 0000 0022 0000 0000 0030 0000 0000 0000
0000050 0080 9400 be40 cac0 8116 c181 ca40 8016
0000060 c180 0000 0000 0000 0000 0000 0000 0000
0000070 0000 0000 0000 0000 0000 0000 0000 0000         *
00000a0 c0c0 c0c0 c0c0 c0c0 c0c0 c0c0 c0c0 0000         00000b0 0000 0000 0000 0000 0000 0000 0000 0000
00000c0 0000 0000 0000 0000 1a00 2a22 3531 3501         00000d0 4039 4d46 7f7f 007f 0000 0000 0000 0000
00000e0 1d11 1d11 351c 351c 351e 351e 1917 1917         00000f0 0002 0000 00bc 00c0 000a 0000 0000 0000
0000100 ffff ffff ffff ffff ffff ffff ffff ffff         *
0000120 0000 0000 0000 0000 0000 0000 0000 0077         0000130 1d11 1d11 7f15 7f15 7f17 7f17 3b10 3b10
0000140 ffff ffff ffff ffff ffff ffff ffff ffff
*
0001000 58e5 cd6b 4e53 323d 3035 3139 412f 5539
0001010 3859 3433 3031 4300 756f 746e 7972 6f43
0001020 6564 453d 0055 6f43 6f6c 5472 7079 3d65
0001030 3031 0031 6f6d 6564 3d6c 3452 4d43 7700
0001040 6e61 656c 3d64 7773 7469 6863 7700 316c
0001050 735f 6973 3d64 6958 6f61 696d 395f 3642
0001060 0032 0000 0000 0000 0000 0000 0000 0000
0001070 0000 0000 0000 0000 0000 0000 0000 0000
*
0005000 ffff ffff ffff ffff ffff ffff ffff ffff
*
0010000

I bricked the router previously and couldn't debrick it using tftp server. I searched the internet for 16Mb flash rom file for mi router 4a (r4ac) 100mbps but could not find one. After spending more times I found the .bin file of the spi flash rom of mi router 4c works on 4a. I had to install kmod-mt76 to work 5 ghz band. But tx power is very low.
So the hexdump of the factory partition you are seeing is from the mi router 4c.

mi 4c doesn't have 5ghz eeprom data. That's why your device didn't work properly.

can you please dump the factory partition of a mi router 4a for me?
or can you help me fix it in other way?

mt7612eeprom https://github.com/hanwckf/rt-n56u/tree/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/eeprom

copy it to /dev/mtd2 offset 0x8000.

what should i write in terminal command(ssh)?

mtd -r write "binfile" factory?

mtd writing does not work. so how can i copy it to /dev/mtd2?

Some how I was able to copy the mt7612e bin to mtd2 partition. the tx value increased from 3 dbm to 25 dbm. But the real signal strength is still the same as before. here is the hexdump

root@OpenWrt:~# hexdump /dev/mtd2
0000000 7628 0200 de8c 78f9 639b 0000 0000 0000
0000010 ffff ffff ffff ffff ffff ffff ffff ffff
0000020 0000 0000 0020 0000 de8c 78f9 629b 0c00
0000030 e143 2a76 3422 2000 ffff 0100 0000 0000
0000040 0000 0022 0000 0000 0030 0000 0000 0000
0000050 0080 9400 be40 cac0 8116 c181 ca40 8016
0000060 c180 0000 0000 0000 0000 0000 0000 0000
0000070 0000 0000 0000 0000 0000 0000 0000 0000
*
00000a0 c0c0 c0c0 c0c0 c0c0 c0c0 c0c0 c0c0 0000
00000b0 0000 0000 0000 0000 0000 0000 0000 0000
00000c0 0000 0000 0000 0000 1a00 2a22 3531 3501
00000d0 4039 4d46 7f7f 007f 0000 0000 0000 0000
00000e0 1d11 1d11 351c 351c 351e 351e 1917 1917
00000f0 0002 0000 00bc 00c0 000a 0000 0000 0000
0000100 ffff ffff ffff ffff ffff ffff ffff ffff
*
0000120 0000 0000 0000 0000 0000 0000 0000 0077
0000130 1d11 1d11 7f15 7f15 7f17 7f17 3b10 3b10
0000140 ffff ffff ffff ffff ffff ffff ffff ffff
*
0001000 58e5 cd6b 4e53 323d 3035 3139 412f 5539
0001010 3859 3433 3031 4300 756f 746e 7972 6f43
0001020 6564 453d 0055 6f43 6f6c 5472 7079 3d65
0001030 3031 0031 6f6d 6564 3d6c 3452 4d43 7700
0001040 6e61 656c 3d64 7773 7469 6863 7700 316c
0001050 735f 6973 3d64 6958 6f61 696d 395f 3642
0001060 0032 0000 0000 0000 0000 0000 0000 0000
0001070 0000 0000 0000 0000 0000 0000 0000 0000
*
0005000 ffff ffff ffff ffff ffff ffff ffff ffff
*
0008000 7662 0001 0000 0000 0000 7612 14c3 0000
0008010 0000 7612 14c3 0000 0000 ffff ffff ffff
0008020 ffff d837 409d 7fff 9bfd ffff ffff ffff
0008030 ffff ffff fc22 000c ffff 01b4 0000 0000
0008040 0000 d7ff 8c8c 0000 8c00 0000 8c00 01e0
0008050 0000 5700 ba47 0000 000a 0000 0000 000a
0008060 0000 0000 000a 0000 0a00 0000 0000 000a
0008070 0000 0a00 0000 0000 000a 0000 0a00 0000
0008080 0000 000a 0000 0a00 0000 0000 000a 0000
0008090 0a00 0000 0000 000a 0000 0a00 0000 0000
00080a0 c6c6 c6c6 0000 c4c4 0000 c4c4 8282 0000
00080b0 0000 c4c4 0000 0000 0000 0000 0000 8384
00080c0 ffff ffff ffff ffff ffff ffff ffff ffff
*
00080f0 ffff 090f 100d 2800 ff26 ffff ffff ffff
0008100 ca0f c574 07e8 3d30 b001 2608 0e00 1504
0008110 8a00 4000 0000 0800 9d00 0008 c012 0000
0008120 2008 2a04 0090 2400 0401 0854 a0d0 2028
0008130 ffff ffff ffff 08ff ffff ffff ffff 0000
0008140 ffff ffff ffff ffff ffff ffff ffff ffff
*
00081e0 81c0 c382 4504 0746 0908 ffff ffff ffff
00081f0 ffff ffff ffff ffff ffff ffff ffff ffff
*
0010000

[solved]
i have just got the right eeprom
Xiomi mi router 4a 100 mbps
model:r4ac

https://github.com/Marzi01/XiaomiRouter-R4AC-Firmware/blob/main/eeprom.bin

and replaced all of my mtd2 partition with this eeprom bin file
Now dbm is increased greatly and working at maximum level
2.4 ghz: 23dbm
5 ghz: 22dbm

Procedure I followed:

1. read the spi flash rom via ch341 and saved it as main.bin
2. download the above mentioned eeprom and save it eeprom.bin at the same directory
3. In terminal (linux preferably) type:
   sudo dd bs=64k conv=notrunc oflag=seek_bytes seek=196608 if=eeprom.bin of=main.bin
   root permission is required if the saved firmware is locked/read-only
4. reflash the newly modified main.bin file via ch341 programmer

Who will be benefited:

1. if you have bricked the xiomi mi 4a router 100mbps [r4ac] edition and couldnot debrick it via tftp server
2. if you didn't find full flash file (16MB) on the internet
3. if you flashed the rom built for xiomi mi router 4c (16 mb rom file available on the intermet) which works fine (need to install kmod-mt76x2) on the 4a but with low RSSI/dbm

if you have done the last mistake, i insist you to go through the process because i did the last mistake to revive the dead router.

Thank you all.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.