RT-AX3000 v1/RT-AX58U v1, TUF-AX3000 v1's MU-MIMO unlock 4T4R.

[Jacky10X]

There is a mode called Assassin mode(刺客模式). It seems like it only appears in the Chinese model. It unlocks the 5Ghz 2T2R to 4T4R. [But it is limited to Router mode]

And I saw a firmware that you could unlock 4T4R in all regions. [All modes, and regions are supported] (But it is not recommended to use unauthorized firmware because it may have some problems such as backdoors, safety problems, etc... )

My feature request is Could this firmware Enable 4T4R by default?

I am sorry if I am asking too much.

[Jacky10X]

@gnuton Could this feature/function possibly achieve?

TUF-AX3000 (with unlocking 4T4R) :

TUF-AX3000 (without unlocking 4T4R) [2T2R]

[c2707637]

Useful function! 🙏

[alfky12]

Search for SWRT, it unlock 4T4R, even on global version.

[Jacky10X]

Search for SWRT, it unlock 4T4R, even on global version.

SWRT might have some safety & security issues. you can search it on the Internet.

[Jimmy8881]

Search for SWRT, it unlock 4T4R, even on global version.

anything like this possible on the V2 ? their page lists the v2 but theres no download link.

[alfky12]

Hi @gnuton, bringing up this request again, can you open assassin mode for all regions? Thanks.

[Jacky10X]

Search for SWRT, it unlock 4T4R, even on global version.

anything like this possible on the V2 ? their page lists the v2 but theres no download link.

This is not possible on the V2 because the 5Ghz chip is different.

[gnuton]

@Jacky10X I do not think I will enable this can be enabled by default since it will make the firmware illegal. I think the best option is to make a script to enable this as add-on that can be downloaded throug amtm.

[alfky12]

@gnuton I can bring up and turn on the assassin mode toggle by changing the territory code using the init-start script, and it persists even when the router is rebooted, but 4T4R is not achieved and the signal output power is unchanged.

I don't know if this is a system security measures for non-china region or a bug in the gnuton firmware. Have you tried your firmware can activate assassin mode properly on tuf-ax3000 china region?

[gnuton]

@alfky12 are you in router mode? Have you tested the other firmware that @Jacky10X is proposing? That may contain this "fix" along with backdoors :) If we can document how to properly make this working that would be awesome. I would also suspect that not all hardware will be working with this hidden feature. I have not checked the code for this yet, but usually hw settings are part of low level drivers which I cannot touch... But if someone like @Jacky10X is more keen to find a way to get this working I can make sure the firmware doesn't stop you to do so if there are changes to be made

[alfky12]

Yes, using it in router mode.

1. SWRT firmware, yes I have tried it and 4x4 is open by default, the transmission power is also increased.
2. Koolshare firmware (based on gnuton fw), yes I have also tried it, but to open 4x4 you have to edit the CFE and it turns out to be paid. The payment system cannot be done in my country so I can't try it, I have emailed the dev but no response.

I don't use both firmwares permanently because I'm afraid of the possibility of backdoors injected. That's why I mentioned you again @gnuton if this router that has been abandoned by asus can be given a boost up again with assassin mode for all regions.

If it is possible to use script as an amtm addon, can you make it?

[gnuton]

Gotcha. So to enable this feature, the prerequisite is not on the firmware but rather in the custom CFE. That s something I usually I do not mess up with since it can hard brick your router. Since flashing my firmware won't touch the bootloader, you can try to flash the first firmware and later mine. Check the bootloader version with the first fw and later after flashing mine. Then you can test again if changing locale enable the feature.

[Jacky10X]

@Jacky10X I do not think I will enable this can be enabled by default since it will make the firmware illegal. I think the best option is to make a script to enable this as add-on that can be downloaded throug amtm.

Understood. After some research, It seems that to enable 4t4r on RT-AX58U v1 (not v2!). you can nvram set 1:sw_txchain_mask to 0xf to enable 4T4R.(not confirm, don't try it if you don't know what are you doing or it may brick your router) I don't have RT-AX58U v1 so I can't confirm it. For TUF-ax3000 v1, this doesn't work. It will return to 2T2R (2T4R).

[alfky12]

Hi @qqw1231 sorry for mentioning you here. I see you have the chinese version of tuf-ax3000, does assassin mode work fine on gnuton firmware?

[Jacky10X]

I found the /www/device-map/router.asp limits the assassin mode to CN only [and the model]. But if we modify the region part. It might work for all regions. [maybe RT-AX58U v1 can use it if we modify the model part] (not confirmed). but assassin mode will change the territory_code to XX. Other firmware unlocks the 4T4R without changing the territory_code. (not assassin mode, directly enable 4T4R) [Recommended]

[gnuton]

@Jacky10X you can edit that page and mount it to check if what you are saying is correct. asp pagaes are usually sending info to to the HTTP server which is written in C. As long as there is code to be modifed that's not an issue. If oyu like you can also do some changes, push the changes to github and let it create the images for you to test. If you wanna show code or you require some guidance feel free to ping me

[Jacky10X]

After forcing to enable assassin mode, it does not work. I think it is related to cfe. I think the Chinese model's cfe is different from others. I believe it requires Chinese model cfe or other custom cfe. or Maybe I missing something?

[Jacky10X]

@gnuton I think I enabled the 4T4R. The firmware limit only the cfe's region (CN) to enable the 4T4R.

The first method is you need to modify the territory_code from cfe. Otherwise, it won't work. but It has limited options. [e.g. only available as main router, etc...] (backup your original cfe for safety, in case the router gets bricked)

The second method is to modify the firmware (with cfe?) to enable 4T4R. [this method also work for RT-AX58U v1/RT-AX3000 v1, all regions/all modes]