小米MINI 路由器

Xiaomi MiWiFi Mini 基于联发科MT7620A 芯片，支持802.11ac+bgn无线协议。它有三个以太网端口和两个射频天线（1个Soc内嵌的2.4GHz 频段802.11bgn，另一个是基于MT7612E的5GHz频段 802.11ac , 2x2MiMo）

硬件特性

CPU	Ram	Flash	NetWork	USB	Serial
MediaTek MT7620A	128 MiB	16 MiB	3 10\/100 Ethernet + 802.11a\/b\/g\/n + 802.11ac	1x 2.0 Host	Yes

支持的版本

Version\/ModelLaunch	Date	OpenWrt version supported
v1	2014	CC trunk since r44238

在小米Mini路由器上安装OpenWrt是比较复杂但是可行，需要先在小米官网上注册安装官方开发版的固件，使能SSH访问设备。细节如下。另一个选择是直接拆开路由器，通过bus pirate烧写SPI Flash.

硬件

硬件细节

Instruction set***\\*:\	MIPS
Vendor:	MediaTek
Bootloader***\\*:\	U-Boot + Xiaomi U-Boot
System-On-Chip***\\*:\	Ralink MT7620A
CPU***\\** @Freq\*	MIPS 24KEc V5.0 @580 MHz
Flash size:	16 MiB
Flash Chip:	Makronix S25FL064K
RAM size:	128 MiB DDR2
RAM Chip:	?
Wireless No1:	SoC-integrated: MT7620A 2x2 MIMO 802.11b\/g\/n (2.4 GHz)
Wireless No2:	On-board chip: MT7612E(?) 2x2 MIMO 802.11a\/n\/ac (5 GHz)
Switch***\\*:\	MT7620 built-in 10\/100 switch w\/ vlan support
USB:	1x
Serial***\\*:\	Yes

串口连接小米 Mini 路由器可以通过下图中的TTL引脚访问串口。需要做电压转换（可以用CP2102 TTL-USB dongle）。原厂 U-Boot 是禁止控制台写入的，只有在第一次boot时可以，之后会被禁止。下面的图片展示了在板子上标记的串口引脚：通信设置为：TTL 电平，115200 bps 8N1

OpenWrt 支持

The Xiaomi MiWiFi Mini can run OpenWrt. Use 15.05 or a recent snapshot, alternatively use this patch on OpenWrt trunk.

The MediaTek MT7612E(?) wireless driver package (mt76) supports the 802.11ac wireless card in AP\/Client\/Adhoc modes.

Attention!

Wifi is nowhere near stable even in stable releases up to Chaos Calmer, more information at https:\/\/forum.openwrt.org\/viewtopic.php?id=54987

possible solution for the problem described below: https:\/\/forum.openwrt.org\/viewtopic.php?pid=306678#p306678

Since many people complain about signal strength on this router it should be noted that according to information in https:\/\/forum.openwrt.org\/viewtopic.php?id=61250 andhttps:\/\/github.com\/openwrt\/mt76\/issues\/19 looks like the original firmware uses different radio calibration procedure than usual EEPROM from flash partition!

Switch Ports

Defaults:

0, 1: LAN
4: WAN
6: CPU

2,3,5 and 7 are disconnected. All ports are 100Mbps except the CPU port 6, which shows as 1Gbps using 'swconfig dev mt7620 show'

Quick OpenWrt installation

In case you want to skip all the Xiaomi download etc, here are some instructions to flash directly OpenWrt\/PandoraBox on stock firmware via code injection bug.

NOTE

This method has been successfully tested on

→ Xiaomi Mini - Stock firmware v2.6.17
→ Xiaomi Mini - English firmware 2.8.91 (English in UI language settings)
→ Xiaomi Mini - English firmware version 2.2.105
→ Xiaomi Mini (Taiwan market) - model number R1CM, firmware version 0.7.21
→ Xiaomi Lite aka "Youth" or "Nano" - Stock firmware v2.2.8

STEPS

Power on and setup the Xiaomi router until it reboots and gets IP address 192.168.31.1
Log-in into the router and grab the value of the stok URL parameter (for instance: "9c2428de4d17e2db7e5a6a337e6f57a3")
Replace the <STOK> placeholder and load this URL in your browser or curl, this will start telnetd on the router:
- http:\/\/192.168.31.1\/cgi-bin\/luci\/;stok=<STOK>\/api\/xqnetwork\/set_wifi_ap?ssid=whatever&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd
- It should spit out error code, for example: {"msg":"未能連線到指定Wi-Fi(Probe timeout)","code":1616} or English: {"msg":"Couldn't connect to this network(Probe timeout)","code":1616}
Replace the <STOK> placeholder, the current password and the desired root password and load this URL in your browser or curl, this will set the router root password
- http:\/\/192.168.31.1\/cgi-bin\/luci\/;stok=<STOK>\/api\/xqsystem\/set_name_password?oldPwd=<CURRENTPASS>&newPwd=<NEWPASS>
- It should spit out: {"code":0}
Telnet to the router, enter user root and NEWPASS chosen above.
wget your favourite .bin file and flash with mtd -r write firmware.bin OS1
Router reboots.

OpenWrt installation

To install OpenWrt the first time you need an account on miwifi.com and register every single device using an iOS or Android device to get an cusomized SSH-patch.

Connect the device to Internet (WAN port), continue when LED is blue (device online)
Connect a Laptop\/PC\/Mobile to the LAN port or the devices wifi (eg. Xiaomi_FFFF)
Navigate to the web interface (http:\/\/192.168.31.1\/), set the system and WiFi password
Upgrade the device with Xiaomi's development firmware via USB stick:
- Download the file named miwifi_r1cm_firmware_047a3_2.x.x.bin
- Copy the file to an empty, FAT32 formatted USB stick and rename the file to miwifi.bin
- Turn on router while reset-button pressed and USB stick plugged in
- Release Reset-button after the orange LED starts flashing
- Wait a minute to complete flashing and device is online again (shown by blue LED)
Register the device on Xiaomi's web site (using Android or iPhone app)
Obtain root SSH password and the binary to enable SSH:
- Open MiWiFi SSH download website and login
- The patch applies only for a specific device. If you have more than 1 device check the last 4 digits on the devices default SSID.
- Download the SSH-Patch for the registered device and save it to an empty FAT32 formatted USB stick, filename miwifi_ssh.bin
- Turn on Router while reset-button pressed and USB stick plugged in
- Release Reset-button after the orange LED starts flashing
- Wait a minute to complete flashing and device is online again (shown by blue LED)
SSH to the device to flash OpenWrt
- Open a SSH connection to [email protected]
- Login using credentials provided by the SSH download website
Flash the latest firmware
- Get the latest firmware, eg:# cd /tmp; wget``http://downloads.openwrt.org/chaos_calmer/15.05/ramips/mt7620/openwrt-15.05-ramips-mt7620-xiaomi-miwifi-mini-squashfs-sysupgrade.bin
- Check the MTD layout: # cat /proc/mtd
- If you find a line "OS1" go ahead with flashing: # mtd -r write openwrt-15.05-ramips-mt7620-xiaomi-miwifi-mini-squashfs-sysupgrade.bin OS1
After flashing is complete, the router will reboot. When finished you can login using telnet or web-interface on a LAN-connected client to host 192.168.1.1. User: root, no password.
SSH will be enabled after you set a password (using passwd or LuCI web interface), telnet will be disabled.

An unofficial english version of the Android app can be obtained here: http:\/\/xiaomi.eu\/community\/threads\/xiaomi-router-app-translation.25386\/page-3#post-262621

This web page provides step by step details: http:\/\/en.miui.com\/thread-64391-1-1.html. For instructions for reverting to factory firmware, please see below.

Please note that the OpenWrt binary defaults to the red color of the led instead of the orange\/blue during and after finishing the boot.

The OpenWrt firmware binary file (openwrt-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin) can be downloaded from the downloads page.

Reverting to stock firmware

You can revert to stock firmware by following these steps:

Download any Xiaomi's development firmware
Rename downloaded file to miwifi.bin
Put miwifi.bin into a USB flash drive (must be FAT\/FAT32)
Plug said USB drive to router's usb port
Unplug router's power
Press reset button and then re-plug the power
Keep pressing reset button until the orange status LED starts blinking
wait until the LED turns blue

Factory firmware

The factory firmware shipped with the Xiaomi MiWiFi is a highly modified OpenWrt 12.09 Attitude Adjustment (according to \/etc\/opkg.conf) with a completely different (i.e. non-LuCi) web interface and proprietary drivers like Tuxera NTFS.

Bootloader

The router comes with a standard U-boot bootloader, but it is not accessible (console write is disabled), and immediately boots another bootloader named "Ralink U-boot" (console write is as well disabled).

The "Ralink U-boot" allows flashing the [factory] firmware to the device using a USB stick when the reset button is pressed on power-up.

Once root SSH access is gained, factory U-boot can be overwritten with a fully-functional one (e.g. from a WRTNode).

xiaomi-mini