小米AIoT路由器 AX3600

[porky_88]

Edit: just saw the video description recommending 1.0.17

it is not a recommendation it is compulsory!
1.0.17 has code injection vulnerabilities and the exploits are used to get permanent telnet and ssh (ssh has to be reenabled every time the firmware is flashed)

these two links are useful for enabling ssh
https://forum.lowyat.net/topic/5071359
https://oded.dev/2020/11/30/AX3600-1/

I used oded's tools to edit bdata but used the first link to unlock and lock the mtd.

 

[porky_88]

if you set regdom to SG. tx power is dependent on the channel you choose. 30dbm tx power is available on ch 149-165 (tested personally).

root@XiaoQiang:~# iw reg get
global
country SG: DFS-FCC
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW
(5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
(5490 - 5730 @ 160), (N/A, 24), (0 ms), DFS
(5735 - 5835 @ 80), (N/A, 30), (N/A)
(57000 - 66000 @ 2160), (N/A, 40), (N/A), NO-OUTDOOR

root@XiaoQiang:~# iwinfo wifi0 txpowerlimit
0 dBm ( 1 mW)
6 dBm ( 3 mW)
10 dBm ( 10 mW)
14 dBm ( 25 mW)
18 dBm ( 63 mW)
22 dBm ( 158 mW)
26 dBm ( 398 mW)
30 dBm (1000 mW)

root@XiaoQiang:~# iwinfo wifi0 freqlist
5.180 GHz (Channel 36)
5.200 GHz (Channel 40)
5.220 GHz (Channel 44)
5.240 GHz (Channel 48)
5.260 GHz (Channel 52)
5.280 GHz (Channel 56)
5.300 GHz (Channel 60)
5.320 GHz (Channel 64)
5.500 GHz (Channel 100)
5.520 GHz (Channel 104)
5.540 GHz (Channel 108)
5.560 GHz (Channel 112)
5.580 GHz (Channel 116)
5.600 GHz (Channel 120)
5.620 GHz (Channel 124)
5.640 GHz (Channel 128)
5.660 GHz (Channel 132)
5.680 GHz (Channel 136)
5.700 GHz (Channel 140)
5.720 GHz (Channel 144)
5.745 GHz (Channel 149)
5.765 GHz (Channel 153)
5.785 GHz (Channel 157)
5.805 GHz (Channel 161)
5.825 GHz (Channel 165)

root@XiaoQiang:~# iwinfo wl0 txpowerlimit
0 dBm ( 1 mW)
6 dBm ( 3 mW)
9 dBm ( 7 mW)
12 dBm ( 15 mW)
15 dBm ( 31 mW)
18 dBm ( 63 mW)
21 dBm ( 125 mW)
* 24 dBm ( 251 mW)

root@XiaoQiang:~# iwinfo wl0 freqlist
5.180 GHz (Channel 36)
5.200 GHz (Channel 40)
5.220 GHz (Channel 44)
5.240 GHz (Channel 48)
5.260 GHz (Channel 52)
5.280 GHz (Channel 56)
5.300 GHz (Channel 60)
5.320 GHz (Channel 64)
* 5.500 GHz (Channel 100)
5.520 GHz (Channel 104)
5.540 GHz (Channel 108)
5.560 GHz (Channel 112)
5.580 GHz (Channel 116)
5.600 GHz (Channel 120)
5.620 GHz (Channel 124)
5.640 GHz (Channel 128)
5.660 GHz (Channel 132)
5.680 GHz (Channel 136)
5.700 GHz (Channel 140)
5.720 GHz (Channel 144)
5.745 GHz (Channel 149)
5.765 GHz (Channel 153)
5.785 GHz (Channel 157)
5.805 GHz (Channel 161)
5.825 GHz (Channel 165)

 

[xiaofan]

imho if you are not tech savvy, AX3600 is quite limiting given how bad the GUI has stripped down from fully blown luci. But it's a tweak paradise if you get your hands dirty.

Good point.

Probably for average users it is still okay as a router with the limited features, and it is a very good AP as well (with China FW).

On the other hand, China version of Asus TUF AX3000 may be a very good buy as well, it is much easier to tweak because SSH is available and the assassin mode. And stock FW features are already very good, with built-in VLAN support as well. Price is only a bit higher than Xiaomi AX3600 if buying from Taobao.

 

[xiaofan]

If you are tech savvy, you can read and change CountryCode in bdata (mtd9 partition) from EU to CN or for that matter even SG.

Global rom units are coded to EU for CountryCode in bdata and the max tx power is LOW.. for compliance reasons. as you can see from part of the script below. 2.4GHz power is only 14dbm and 5GHz power is only 16dbm!

if [ "$bd_country_code" = "EU" ]; then
if [ "$bdmode" = "24G" ]; then
max_power=14
else
if [ "$channel" -ge 100 ]; then
max_power=23
else
max_power=16
fi
fi
if [ $ifname = "wl2" ]; then
max_power=13
fi
fi

Nice finding. Looks like there is no much point buying the global version then.

And for SingTel ONT users who do not want to tweak, you can always buy the China version of AX3600 and use it as an AP, keep your existing SingTel router as the main router (you can disable its wifi if desired).

 

[porky_88]

Nice finding. Looks like there is no much point buying the global version then.

And for SingTel ONT users who do not want to tweak, you can always buy the China version of AX3600 and use it as an AP, keep your existing SingTel router as the main router (you can disable its wifi if desired).

the global version of ax3600 is as easy to "modify" as the china version. So either version is good for anyone that is tech savvy and follow simple instructions. technicaly no difference between the two version. I can easily change one to the other in under two mins flat!

 

[Zahne]

Is there any easy guide to change ax3600 global to china firmware? I received my 2nd set and it is in global orange box :S

 

[porky_88]

Good point.

Probably for average users it is still okay as a router with the limited features, and it is a very good AP as well (with China FW).

On the other hand, China version of Asus TUF AX3000 may be a very good buy as well, it is much easier to tweak because SSH is available and the assassin mode. And stock FW features are already very good, with built-in VLAN support as well. Price is only a bit higher than Xiaomi AX3600 if buying from Taobao.

both china tuf-ax3000 and ax3600 are good. But Ax3600 gets my recommendations. the asus is cfe encrypted ie. you cannot change anything! Ax3600 you can change all you want if you know what you are doing.

 

[porky_88]

Is there any easy guide to change ax3600 global to china firmware? I received my 2nd set and it is in global orange box :S

imho, the process is easy. look at my post earlier with the two links to start.
if you want to do mesh. you will need to change CountryCode in bdata to CN.

 

[Griggs]

it is not a recommendation it is compulsory!
1.0.17 has code injection vulnerabilities and the exploits are used to get permanent telnet and ssh (ssh has to be reenabled every time the firmware is flashed)

these two links are useful for enabling ssh
https://forum.lowyat.net/topic/5071359
https://oded.dev/2020/11/30/AX3600-1/

I used oded's tools to edit bdata but used the first link to unlock and lock the mtd.

Would there be any problems if I update to 1.0.67 after editing the internal files via SSH? Or should I just keep it on 1.0.17?

 

[porky_88]

Would there be any problems if I update to 1.0.67 after editing the internal files via SSH? Or should I just keep it on 1.0.17?

the reason for 1.0.17 is for the ssh exploit. after that you can update to any firmware you like. you just have to telnet in and enable ssh again.

once telnet and ssh is available, to flash a modified bdata or mtd9 partition is easy.

bro.. no offence. But from the questions you are asking. I don't think you are ready to do this. Read more first.

 

[xiaofan]

both china tuf-ax3000 and ax3600 are good. But Ax3600 gets my recommendations. the asus is cfe encrypted ie. you cannot change anything! Ax3600 you can change all you want if you know what you are doing.

Yes I agree that AX3600 is good for hacking.

Now the Chinese hackers have come out with some unofficial openwrt build for AX3600. Hopefully official AX3600 build for openwrt will come as well in the future.

 

[porky_88]

Yes I agree that AX3600 is good for hacking.

Now the Chinese hackers have come out with some unofficial openwrt build for AX3600. Hopefully official AX3600 build for openwrt will come as well in the future.

i won't use hacking thou... more like DIY
hacking in my world raises alarm bells and has a bad connotation attached to it

from production deployment perspective.. all done for AX3600 (pure ap with multiple Vlans wireless SSID)

Not going to use the 2.4G. But the AIOT antenna is really interesting. Going to read more about it and see if I can fix it in the 5GHz band for streaming to android/apple media boxes.

 

[xiaofan]

https://www.gizmochina.com/2020/12/28/xiaomi-mi-router-ax6000-wi-fi-6-enhanced-technology/

Xiaomi Router AX6000, with 2.5Gbe port, RMB599.
No need to think, just buy.

 

[xiaofan]

Xiaomi AX6000 Spec

https://m.mi.com/commodity/detail/13368

Qualcomm IPQ51018, 1GHz CPU, looks like lower end than AX3600 IPQ8071A (Quad Core A53 1GHz).

512MB RAM

2*2 AX on 2.4GHz band, up to 574Mbps
4*4 AX 160MHz on the 5GHz band, up to 4804Mbps.

No 6GHz band mentioned, so not really Wifi 6E. But it does support 4096QAM of WiFi 6E. It could be 6GHz band is there but not yet approved in China yet. No idea here.

2.5Gbe LAN/WAN (same as RT-AX86U)

 

[porky_88]

Xiaomi AX6000 Spec

https://m.mi.com/commodity/detail/13368

Qualcomm IPQ51018, 1GHz CPU, looks like lower end than AX3600 IPQ8071A (Quad Core A53 1GHz).

512MB RAM

4*4 AX 160MHz on the 5GHz band, no 6GHz band, so not really Wifi 6E.

2.5Gbe LAN/WAN (same as RT-AX86U)

from what i read ipq5018 is a all in one SOC. so definite cost savings there.

imho this is a very minor update to the ax3600

-4x4 ax 160MHz... this has been around in broadcom solution.. most asus ax routers had this ages ago. and imho this is irrelevant for me cos apple ax only supports 80MHz
-4K QAM ... ya right... which device supports this now? plus it's not in ax specs. again kind of irrelevant

most important is can the openwrt community find a way to enable ssh access only time will tell.

 

[lumpyme]

Doesn't the new 4x4ax mean that in a mesh it can negate the issues with no dedicated wireless backhaul?

Am I right to say that for mesh users 2x of this would equal the performance of significantly more expensive 3 band mesh routers

 

[xiaofan]

from what i read ipq5018 is a all in one SOC. so definite cost savings there.

imho this is a very minor update to the ax3600

-4x4 ax 160MHz... this has been around in broadcom solution.. most asus ax routers had this ages ago. and imho this is irrelevant for me cos apple ax only supports 80MHz
-4K QAM ... ya right... which device supports this now? plus it's not in ax specs. again kind of irrelevant

most important is can the openwrt community find a way to enable ssh access only time will tell.

Indeed the CPU is a downgrade dual core A53 1GHz + NPU. The NPU is probably useful for AI.

2.4GHz: 2*2 AX up to 574Mbps, same as AX3600

IOT antenna: same 600Mbps as AX3600

5GHz: 4*4 AX 160MHz 1024 QAM (up to 4804Mbps) or 2*2 AX 160MHz 4096QAM (up to 2882Mbps)

6GHz: to be confirmed

4096QAM is in WiFi 6E standard but it is optional.

What is the use for the 2*2 AX 160MHz 4096 QAM? That is the best match for Snapdragon 888 based mobile phone, like the new Mi 11 phone.

Xiaomi Mi 11 SD888 is rated AX3500.
2.4GHz: 2*2 AX, 574Mbps
5GHz: 2*2 AX 160MHz 4096QAM, 2882Mbps

So you can say AX6000 is a good match for SD888 based Android flagship phones.

 

[xiaofan]

PHY Speed for reference

 

[xiaofan]

...
most important is can the openwrt community find a way to enable ssh access only time will tell.

Haha, this will take a bit of time but I am sure there will be an exploit to gain ssh access.

 

[xiaofan]

As for 6GHz, I am not positive about that even though there are speculations that it is there but disabled due to the fact that China has not approved 6GHz WiFi band.

Because if that is true, the cost will go up significantly and it will be a triband router like the flasgship Asus GT-AXE11000, which is the world's first Wifi 6E router with 6GHz band.
https://rog.asus.com/articles/networking/rog-rapture-gt-axe11000-intro/

Once the teardown from sites like acwifi.net is available, we will know if the HW has 6GHz support or not.

6GHz band will be wonderful for Mesh networking with wireless backhaul.