搬砖日记

1. Flashing#

Requirements#

• One USB flash drive
• One Ethernet cable that can be connected normally

Cause#

Because I want to use openWRT, so I looked it up and it turns out that this machine can be flashed. I recommend you to find your router model here: https://openwrt.org/toh/start.

And recently, this website https://supes.top/?version=22.03&target=x86%2F64&id=generic has been promoting everywhere, but I heard that the author has some problems, so I still recommend you to find it on openwrt.org.

Link to Xiaomi R3P: https://openwrt.org/toh/xiaomi/mi_router_3_pro

Flashing process#

Open http://miwifi.com/miwifi_download.html, click on the ROM below, and then find your router model to download the development version.

Enter the Xiaomi router background, usually 192.168.1.1 or 192.168.31.1. Then go to Common Settings - System Status to upgrade, select Local Upgrade, and then select the file you just downloaded. (If you have a requirement, you can click the backup button on this page to backup your router ROM)

Then you need to bind your account with the Xiaomi router. After that, click to open https://d.miwifi.com/rom/ssh, it will ask you to log in to your account. After logging in, download the SSH tool according to the model.

Rename the downloaded file as miwifi_ssh.bin, then put it into a USB flash drive formatted as FAT or FAT32, and insert it into the router.

Unplug the router's power, press the reset button on the router, insert the USB flash drive, and then plug in the power. Wait for the router to start flashing the yellow light, then release the reset button.

After a while, you can access the router through the SSH tool. If you don't understand here, you can open the Windows menu, search for PowerShell, open it, enter ssh [email protected], then press Enter, enter yes, then press Enter, and then enter the password in the picture above, and press Enter...

Transfer the firmware package we downloaded from https://openwrt.org/toh/start to the router. You can open a new PowerShell window and enter:

scp C:\Users\Administrator\Downloads\xxxxx-factory.bin [email protected]:/tmp/

Then the system will prompt you to enter the password. After entering, press Enter. After the transfer is complete, enter the following code:

cd /tmp/
nvram set flag_try_sys1_failed=1
nvram set flag_try_sys2_failed=0
nvram set flag_boot_success=0
nvram commit
mv xxxxx-the filename you uploaded to the router-xxxxx-factory.bin factory.bin
dd if=factory.bin bs=1M count=4 | mtd write - kernel1
mtd erase rootfs0
mtd erase rootfs1
mtd erase overlay
dd if=factory.bin bs=1M skip=4 | mtd write - rootfs0
reboot

After waiting for the router to restart, you can access your router through 192.168.1.1 and manage it with openWRT.

2. Bricking accident...#

Because of the chip and the official package, I don't know whose problem it is. After flashing this package, the router does not have 5Ghz WIFI...

So I found a big guy's package, didn't go through the above process, directly flashed the router through the upgrade in openWRT, and then it got bricked...

3. Flash back to the official firmware#

Flash back to the official firmware via TTL#

This router does not have breed, and I didn't flash it, so I can only operate the official firmware through UBOOT, which is really annoying for Xiaomi's programmers. The current situation is that you need to disassemble the router to flash it. The following are the specific steps (different routers may have different steps, here is my Xiaomi router PRO, model R3P):

1. Buy a USB to TTL adapter and N DuPont wires (at least 4 wires, 3 for use, 1 for backup)
2. Disassemble the router. When disassembling, you need to first remove the plastic plates on the left and right, then remove the foot pad underneath, there are screws inside. Then take out the motherboard from the side. Disassembly video: https://www.ixigua.com/6897570683249754637
3. Connect the computer, USB to TTL adapter, and the router. When inserting the male-to-male wire into the motherboard, if conditions permit, you can solder it with tin, if not, use something to block it to keep the metal head connected and not movable or short-circuited. See the picture below:

4. It should be noted that the RX of the router is connected to the TX of the adapter, the TX of the router is connected to the RX of the adapter, and the GND is connected to the GND.
5. Open your device manager, find the port of the chip, as shown in the picture below:

6. Among them, if the SPEED is garbled at 115200, you can try 117200 or 117500
7. Download PUTTY, enter as shown in the picture below:

Before starting, you need to do one more step. Open http://miwifi.com/miwifi_download.html, click on the ROM below, and then find your router model to download the ROM. Rename it as miwifi.bin, put it into a USB flash drive formatted as FAT or FAT32, and insert it into the router. Then you need to keep the device connected as in step 3.

After clicking OPEN, a command window will pop up on the computer, and when the following screen appears

I won't explain what each of them means. We need to enter the number 4 on the keyboard, press Enter, and wait for the automatic command to finish, then enter:

setenv flag_try_sys1_failed 0
setenv flag_try_sys2_failed 1
setenv uart_en 1
saveenv
reset

Then wait for the router to start automatically.

The article was originally published on my SSPAI, and I'm backing it up here. There is actually another method using TFTP, if you are interested, you can click here to check it out: https://sspai.com/post/73982