Open NecronomiconCoding opened 8 months ago
dimfishr
commented
8 months ago You should check via SSH
nvram get flag_try_sys1_failed
nvram get flag_try_sys2_failedIf values are not 0 - reset them:
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
NecronomiconCoding
commented
8 months ago You should check via SSH
nvram get flag_try_sys1_failed nvram get flag_try_sys2_failedIf values are not 0 - reset them:
nvram set flag_try_sys1_failed=0 nvram set flag_try_sys2_failed=0 nvram commit
Both are 0
root@XiaoQiang:~# nvram get flag_try_sys1_failed
0
root@XiaoQiang:~# nvram get flag_try_sys2_failed
0@remittor any idea?
remittor
commented
7 months ago Device now reboots and its still the same firmware as before.
I suspect that the bootloader doesn't like something. It's worth looking in the UART logs for the reason. And to get these logs you need to solder UART USB-TTL.
sophipl
commented
4 months ago I tried flashing OpenWRT this way, and device rebooted with original firmware
Here is the log AX9000.log
If I'm seeing it right, it rebooted with OpenWRT kernel but the squash is Xiaomi (or xiaomi hardware uses openWRT build)?
Linux version 4.4.60 (jenkins@16fc5f97df12) (gcc version 5.5.0 (OpenWrt GCC 5.5.0 unknown) ) #0 SMP PREEMPT Tue Mar 22 03:16:43 2022
Hi, I have a RA70 with 3.0.48 release.
When installing firmware nothing happens.
==========================================================
Xiaomi MiR Patcher
1 - Set IP-address (current value: 192.168.31.1) 2 - Connect to device (install exploit) 3 - Read full device info 4 - Create full backup 5 - Install EN/RU languages 6 - Install Breed bootloader 7 - Install firmware (from directory "firmware") 8 - {{{ Other functions }}} 9 - [[ Reboot device ]] 0 - Exit
Select: 2
device_name = RA70 rom_version = 3.0.48 release mac address = a8:5e:45:xx:xx:xx Telnet server already running, but FTP server not respond Enter device WEB password: XXXXXXX Enable smartcontroller scene executor ... Wait smartcontroller activation ... [504] [504] Unlock dropbear service ... Unlock SSH server ... Set password "root" for root user ... Enabling dropbear service ... Run SSH server on port 22 ... Test SSH connection to port 22 ...
SSH server are activated!
==========================================================
Xiaomi MiR Patcher
1 - Set IP-address (current value: 192.168.31.1) 2 - Connect to device (install exploit) 3 - Read full device info 4 - Create full backup 5 - Install EN/RU languages 6 - Install Breed bootloader 7 - Install firmware (from directory "firmware") 8 - {{{ Other functions }}} 9 - [[ Reboot device ]] 0 - Exit
Select: 7
device: "RA70" img_write = True Image files in directory "firmware/": "firmware/openwrt-qualcommax-ipq807x-xiaomi_ax9000-initramfs-factory.ubi" Download file: "/tmp/dmesg.log" .... Download file: "/tmp/mtd_list.txt" .... Download file: "/tmp/mtd_addr.txt" .... Download file: "/tmp/kcmdline.log" .... Parse all images... UBI: filetype: b'UBI#' UBI: Decoding UBIFS... UBI: volume: "kernel" size: 12697600 parse_ubifs = 1 FIT size = 0xC117D4 (12357 KiB) FIT: name = "ARM64 OpenWrt FIT (Flattened Image Tree)" FIT: def_cfg: "config@hk14" FIT: def_fdt: "fdt-1" FDT: desc = "ARM64 OpenWrt xiaomi_ax9000 device tree blob" FDT: type = "flat_dt" FDT: arch = "arm64" KRN: desc = "ARM64 OpenWrt Linux-6.1.60" KRN: type = "kernel" KRN: arch = "arm64" KRN: compression = "gzip" KRN: data = 12606614 bytes FDT: compatible = ['xiaomi,ax9000', 'qcom,ipq8074'] FDT: model = "Xiaomi AX9000" FDT: dt_part: ['/soc/nand-controller@79b0000/nand@0/partitions'] FIT: detect initrd into kernel image fw_img: 13056 KiB | kernel: 12357 KiB | rootfs: 1 KiB Download file: "/tmp/bl_0SBL1.bin" .... Download file: "/tmp/bl_0APPSBL.bin" .... Download file: "/tmp/env_0APPSBLENV.bin" .... Download file: "/tmp/env_bdata.bin" .... Download file: "/tmp/env_0SBL1.bin" .... current flag_boot_rootfs = 0 install_method = 200 --------- prepare command lines ----------- fw_img: 13056 KiB | kernel: 12357 KiB | rootfs: 1 KiB ------------- flash images ------------- Upload file: "tmp/fw/fw_img.bin" .... Run scripts for change NVRAM params... Boot from firmware [1] activated. Writing firmware image to addr 0x04980000 ... mtd -e "rootfs_1" write "/tmp/fw_img.bin" "rootfs_1" The firmware has been successfully flashed! Send command "reboot" via SSH/Telnet ...
ERROR: SSH execute command timed out! CMD: "reboot -f"
==========================================================
Device now reboots and its still the same firmware as before.