ath79: add support for Xiaomi AIoT Router AC2350
Device specifications
* SoC: QCA9563 @ 775MHz (MIPS 74Kc)
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (EN25QH128)
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9988): a/n/ac, 4x4 MU-MIMO
* IoT Wireless 2.4GHz (QCA6006): currently unusable
* Ethernet (AR8327): 3 LAN × 1GbE, 1 WAN × 1GbE
* LEDs: Internet (blue/orange), System (blue/orange)
* Buttons: Reset
* UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1)
* Power: 12VDC, 1,5A
MAC addresses map (like in OEM firmware)
art@0x0 88:C3:97:*:57 wan/label
art@0x1002 88:C3:97:*:2D lan/wlan2g
art@0x5006 88:C3:97:*:2C wlan5g
Obtain SSH Access
1. Download and flash the firmware version 1.3.8 (China).
2. Login to the router web interface and get the value of `stok=` from the
URL
3. Open a new tab and go to the following URL (replace <STOK> with the stok
value gained above; line breaks are only for easier handling, please put
together all four lines into a single URL without any spaces):
http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev
?bssid=any&user_id=any&ssid=-h%0Anvram%20set%20ssh_en%3D1%0Anvram%20commit
%0Ased%20-i%20%27s%2Fchannel%3D.%2A%2Fchannel%3D%5C%5C%22debug%5C%5C%22%2F
g%27%20%2Fetc%2Finit.d%2Fdropbear%0A%2Fetc%2Finit.d%2Fdropbear%20start%0A
4. Wait 30-60 seconds (this is the time required to generate keys for the
SSH server on the router).
Create Full Backup
1. Obtain SSH Access.
2. Create backup of all flash (on router):
dd if=/dev/mtd0 of=/tmp/ALL.backup
3. Copy backup to PC (on PC):
scp root@192.168.31.1:/tmp/ALL.backup ./
Tip: backup of the original firmware, taken three times, increases the
chances of recovery :)
Calculate The Password
* Locally using shell (replace "12345/E0QM98765" with your router's serial
number):
On Linux
printf "%s6d2df50a-250f-4a30-a5e6-
d44fb0960aa0" "12345/E0QM98765" | \
md5sum - | head -c8 && echo
On macOS
printf "%s6d2df50a-250f-4a30-a5e6-
d44fb0960aa0" "12345/E0QM98765" | \
md5 | head -c8
* Locally using python script (replace "12345/E0QM98765" with your
router's serial number):
wget https://raw.githubusercontent.com/eisaev/ax3600-files/master/scripts/calc_passwd.py
python3.7 -c 'from calc_passwd import calc_passwd; print(calc_passwd("12345/E0QM98765"))'
* Online
https://www.oxygen7.cn/miwifi/
Debricking (lite)
If you have a healthy bootloader, you can use recovery via TFTP using
programs like TinyPXE on Windows or dnsmasq on Linux. To switch the router
to TFTP recovery mode, hold down the reset button, connect the power
supply, and release the button after about 10 seconds. The router must be
connected directly to the PC via the LAN port.
Debricking
You will need a full dump of your flash, a CH341 programmer, and a clip
for in-circuit programming.
Install OpenWRT
1. Obtain SSH Access.
2. Create script (on router):
echo '#!/bin/sh' > /tmp/flash_fw.sh
echo >> /tmp/flash_fw.sh
echo '. /bin/boardupgrade.sh' >> /tmp/flash_fw.sh
echo >> /tmp/flash_fw.sh
echo 'board_prepare_upgrade' >> /tmp/flash_fw.sh
echo 'mtd erase rootfs_data' >> /tmp/flash_fw.sh
echo 'mtd write /tmp/openwrt.bin firmware' >> /tmp/flash_fw.sh
echo 'sleep 3' >> /tmp/flash_fw.sh
echo 'reboot' >> /tmp/flash_fw.sh
echo >> /tmp/flash_fw.sh
chmod +x /tmp/flash_fw.sh
3. Copy `openwrt-ath79-generic-xiaomi_aiot-ac2350-squashfs-sysupgrade.bin`
to the router (on PC):
scp openwrt-ath79-generic-xiaomi_aiot-ac2350-squashfs-sysupgrade.bin \
root@192.168.31.1:/tmp/openwrt.bin
4. Flash OpenWRT (on router):
/bin/ash /tmp/flash_fw.sh &
5. SSH connection will be interrupted - this is normal.
6. Wait for the indicator to turn blue.
Signed-off-by: Evgeniy Isaev <isaev.evgeniy@gmail.com>
[improve commit message formatting slightly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
projects / openwrt / openwrt.git / commit