Xiaomi WiFi Router 3G

I tried (twice) to flash factory using USB method. It just reset the lede.

Okay, then you will test factory restoration procedure without backup mtd if you don’t mind :slight_smile:
Flash this image, it has support for nvram that I have not pushed upstream yet

Then when booted run
fw_pintenv
if you get all your envs printed without error, then run
fw_setenv flag_last_success 0

After that try the usb stick recovery procedure.
This method is not tested, but in theory it loads the stock fw kernel that has been left in kernel0 (because you have not erased it), and stock kernel in theory contains the usb recovery script, so you will be able to recover using the standard xiaomi procedure.
But keep in mind that there is a small risk that if kernel0 does not recover from usb stick, you may need uart to access the bootloader.

Edit: wait a sec, I did not set nvram partition to read-write, I’ll recompile the image.

Edit2: updated the link to an image

2 Likes

There is no kernel0 in the mtd partitions, only kernel_erase.

That’s correct, but kernel0 is still there if you didn’t run mtd erase kernel0 while on stock

BINGO. The stock firmware is back via USB method. Thank you very much. BTW there is a typo. "fw_pintenv" should be "fw_printenv" :slight_smile:

Glad to hear that it works :slight_smile:

@dissent1
I flashed the latest snapshots. The 5G became alive for 2 sec and then automatically disabled again. I tried the previous method to get back to stock firmware. I must have screwed up somewhere because this time the USB method did not work. I have backup of the stock mtd partitions to a flash drive using dd command. It would not allow me to backup the mtd14 'data' partition. The printout from fw_printenv command are as follows
root@LEDE:~# fw_printenv
bootcmd=tftp
bootdelay=5
ethaddr="00:AA:BB:CC:DD:10"
ipaddr=192.168.31.1
serverip=192.168.31.100
ssh_en=1
restore_defaults=0
model=R3G
flag_boot_type=2
mode=Router
flag_ota_reboot=0
SN=15757/30071359
uart_en=0
telnet_en=0
wl0_ssid=Xiaomi_B448_5G
wl1_ssid=Xiaomi_B448
wl0_radio=1
wl1_radio=1
boot_wait=on
no_wifi_dev_times=0
color=101
CountryCode=CN
nv_wan_type=pppoe
flag_boot_success=1
flag_try_sys1_failed=1
flag_try_sys2_failed=0
normal_firmware_md5=34cc271efe40789d1c7e217aa7c48513
nv_sys_pwd=a671b7ae34ff1ad9bc001f572e0648ef47fe6e0a
Router_unconfigured=0
nv_wifi_ssid=@@@@
nv_wifi_enc=psk2
nv_wifi_pwd=xxxxxxxx
nv_wifi_ssid1=@@@@_5G
nv_wifi_enc1=psk2
nv_wifi_pwd1=xxxxxxxx
nv_pppoe_name=xxxxxxxxxx
nv_pppoe_pwd=xxxxxxxxx
flag_show_upgrade_info=1
flag_flash_permission=1
flag_last_success=0
stdin=serial
stdout=serial
stderr=serial
flag_boot_rootfs=1
root@LEDE:~#

Please advise if it is still possible to get back to stock firmware.

Choose channel <=44 and >=149 and set the tx power manually, not auto.

To revert back now try
fw_setenv flag_try_sys1_failed 0

Seems like you have only 1 try before you boot to lede again. So put usb stick beforehand.

5G only available up to channel 140. I tried a few channels over 100, all failed. I set it to 44, now it's working. I will try to revert back now. I think I could have pulled the USB stick too soon when it failed.

Success. I have reverted back to stock. I must not pulled the USB stick out too soon next time. Thank you very much for your help. Will try the snapshot again in a few days.

Don't know if this is the right place to report this. Setting 2.4G wifi channel width in Snapshot r4797-23317f1 to 40 MHz OK but inSSIDer shows only 20 MHz.

I'm having the same result. Settings to 40 MHz but getting 20 MHz in Wifi Analyzer app on smartphone.

I've been running snapshots (with occasional updates for a couple of weeks now) and seems pretty stable. I've set up a USB printer which is now working.

I've also configured openvpn in the last couple of days, and I'm getting about 25Mbps, down from 55Mbps without VPN. The cpu load goes to 25% so openvpn seems to be limited to one thread. I was hoping to get closer to 50Mbps as the hardware seems comparable to the Asus RT-AC68U

1 Like

What is the difference between Xiaomi mi wifi 3G and mi wifi 3?
I have the wifi 3, tried to flash the firmware as described (using mtd) and the router no longer boots.
I'll attempt to connect using serial console later, but I'd like to know what are my options...

They are not the same thing.
3G uses MT7621 SOC while Router 3 uses MT7620.
You cant mix those images.
If you have access to serial console you should be able to recover to stock.
If you deleted the kernel0 partition then best approach is to boot from TFTP kernel image for Router 3 and from it you can flash my kernel0 partition backup with mtd.
Then copy stock image to usb and rename to miwifi.bin,after that instert USB into router and while booting hold reset button until you that LED is flashing orange and you should alse be able to see failsafe working in console

Wow, thanks for the detailed how-to!
Is there some image for Router 3 then? I failed to find one :frowning:

I have been working on it,but it is still not functional.
Since mine R3 is currently bricked I cant test images.
I have published new images that uses @dissent1 work to preserve kernel0 for recovery purposes

hello,
Please can you explain better for noobs like me :sweat_smile:
What i understood :

  1. flash the developper firmware to enable SSH: http://bigota.miwifi.com/xiaoqiang/rom/r3g/miwifi_r3g_firmware_c2175_2.25.122.bin
  2. login with SSH (admin/admin) ???
  3. type these commands to flash kernel and rootfs :

mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1
mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0
mtd erase kernel0
reboot

and then what to do with this file:
https://downloads.lede-project.org/snapshots/targets/ramips/mt7621/lede-ramips-mt7621-mir3g-squashfs-sysupgrade.tar
how to flash it ??

Thank you for your help in a step by step procedure...:anguished:

This is how I got LEDE installed. Some of the steps can be done differently. I used this for inspiration https://www.youtube.com/watch?v=CSHNyo5QxaQ

  1. Unbox router
  2. Connect to the router using WiFi
  3. Goto http://192.168.31.1
  4. Go through the wizard to set passwords for the router + wifi
  5. Reconnect to the router using WiFi
  6. Goto http://192.168.31.1
  7. Logon and find the page where you can upgrade the firmware look for a big yellow dot with an "i" inside. You will see the version number of the router and there is a button below where you can browse for a file. Flash miwifi_r3g_firmware_c2175_2.25.122.bin (developer firmware) and wait a few minutes.
  8. Download https://play.google.com/store/apps/details?id=com.xiaomi.router to your phone/tablet (there is also an iOS app)
  9. Open "Mi Wi-Fi" app (and sign-up) and sign-in to your account. Router will be detected and added to your account (assuming you are connected to the WiFi on the router and the routers WAN port is connected to Internet).
  10. On a PC, visit http://d.miwifi.com/rom/ssh and sign-in to you account. You will get to a page that should display your router, the root password and a download button. Hit the button to get miwifi_ssh.bin
  11. Format USB drive using FAT32 and copy miwifi_ssh.bin, lede-ramips-mt7621-mir3g-squashfs-kernel1.bin and lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin to the USB drive
  12. Cut the power the router, put the USB drive in the router, press and hold "reset" button (with a paper-clip), power on the router (while holding reset). When the router starts flashing yellow release the reset button. Wait until router has rebooted and you should (finally...) have SSH access.
  13. Login to the router using SSH using the "root" as username and the (root) "password" from http://d.miwifi.com/rom/ssh
  14. In SSH console
    cd /extdisks/sda1 (can be different if you remove and reinsert the usb stick)
    mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1
    mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0
    nvram set flag_last_success=1
    nvram commit
    reboot
  15. LEDE should be installed and available at 192.168.1.1 (with WiFi disabled I assume)
  16. Upgrading to a newer snapshot can be done using the regular methods (from the command-line using sysupgrade or through LuCI) using lede-ramips-mt7621-mir3g-squashfs-sysupgrade.tar

Thanks @dissent1 for adding the router to LEDE. Both WiFi radios seems to work (2.4Ghz on 20Mhz, 5Ghz on 80MHz) and I have also tested USB3 port with success. I have not tested 40MHz for 2.4Ghz as it does not make sense for me (very crowded WiFi). 5Ghz radio does not seem to like DFS channels (I get "DFS start_dfs_cac() failed, -1" in the log). The channels seems to work nicely when disabling DFS (by removing the requirement from regdb.txt for the selected country before building firmware) so this is likely "just" a DFS issue.
I can't say anything about stability yet. I'll probably try to replace my TP-Link Archer C5 with the Xiaomi router within the next week and then I will have to see how well it performs and how stable it is.

5 Likes

THANK YOU VERY MUCH :heart_eyes: :heart_eyes:

@hammer

Thanks a lot! Just ordered two devices - current price is 33,34€ ATM!

Hardware seems to bee the same as build in DIR-860L.... the OpenWrt wiki contains some promising features :wink:

Performance - Software

OpenVPN 2.3.10 (mbedTLS, AES-192-CBC, no compression), 24.8 Mbits/sec (one-way) - r48717 (same switches as above)

wireguard - 0.0.20170810-1: I have made wireguard performance tests on this device on a 150Mbit cable connection. Iperf 1 stream - 600s of traffic. Powerfull server with 1Gbit » Wireguard » DIR 860L » powerfull PC in DIR 860Ls lan. So 860L is a vpn Gateway for that lan.

[ 3] 0.0-600.1 sec 9.93 GBytes 142 Mbits/sec

Its the best VPN result i have ever seen last 5 years on a openwrt device, so i shared it here.

Is there any way to revert back to stock firmware after deleting the kernel0 partition, I do not have a backup either