Differences

This shows you the differences between two versions of the page.

--- 2021:xiaomi_power [2021/11/16 16:17] – [Backup factory block] admin
+++ 2021:xiaomi_power [2021/11/17 06:00] (current) – [Edit The Factory Block] admin
@@ Line 1: / Line 1: @@
 ====== Xiaomi Up The Power  ======
 ===== Are You Low On TX Power? =====
-  * Some of the Mediatek 7628 based Xiaomi models does not use the all the available transmit power when running OpenWrt
+  * Some of the Mediatek **7628** based Xiaomi models does not use the all the available transmit power when running OpenWrt
-  * Both the **4A 100M Edition** and **4C** I purchased in South Africa had this issue.
+  * Both the **4A 100M Edition** and **4C** I purchased had this issue.
   * Fortunately the fix is fairly simple.
@@ Line 18: / Line 18: @@
         * Write the updated **factory** mtd block back to the device.
         * Reboot
-        * Enjoy more power.
+        * Unleash the fury.
 ===== Current TX Power =====
@@ Line 51: / Line 51: @@
   * Under **Save mtdblock contents** select the **factory** mtdblock.
   * Click the **SAVE MTDBLOCK** button to download it.
-  * The name of the file has a convention of <HOSTNAME>.<Partition name>.bin (e.g. ZA-1.mtd2.bin)
+  * The name of the file has a convention of <HOSTNAME>.<Partition name>.bin (e.g. 4C-GW.mtd2.bin)
 <WRAP center round tip 90%>
@@ Line 60: / Line 60: @@
   * This is probably equivalent to brain surgery on a device LOL
   * Open the factory block file with a hex editor. We use GHex on Ubuntu.
+  * Starting from address **A0** is a row of values.
+  * There are **14** of them.
+  * On my **4C** it is **C0**.
+  * On the **4A 100M** the value was **80** instead of **C0** but the 14x pattern was still present.
+  * See screenshot below
+{{:2021:hex_4c.png?nolink|}}
+  * Change those values to **FF**.
+{{:2021:hex_4c_hp.png?nolink|}}
+  * Save the file under another name to show its the high power tweaked one e.g. 4C-GW.mtd2_hp.bin
+===== Replace The factory Block  =====
+  * Copy the modified file to the ///tmp// directory on the device.
+  * Insert the **mtd-rw** kernel module.
+  * Override the old **factory** block.
+<code bash>
+#My AP is on 192.168.8.120
+scp 4C-GW.mtd2_hp.bin root@192.168.8.120:/tmp
+#ssh into it
+ssh root@192.168.8.120
+#cd to /tmp
+cd /tmp
+#Insert the mtd_rw module
+# (You can potentially break the router but it is rare that's why you need the permission flag)
+insmod mtd-rw.ko i_want_a_brick=1
+#Substitute the name to match your file name
+mtd write /tmp/4C-GW.mtd2_hp.bin factory
+# This will happen
+.....
+Unlocking factory ...
+Writing from /tmp/4C-GW.mtd2_hp.bin to factory ...
+# Reboot the device
+</code>
+===== UNLEASH THE FURY=====
+<WRAP round box>
+==== UNLEASH THE FURY - HOWTO ====
+{{ youtube>LLMMx3MRi0s }}
+\\
+During boot time shout **Unleash the Fury** at the Xiaomi
+</WRAP>
+  * SSH into the device to check if it worked.
+<code bash>
+iw list
+#Look for this...
+Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
+		Minimum RX AMPDU time spacing: No restriction (0x00)
+		HT TX/RX MCS rate indexes supported: 0-15
+		Frequencies:
+			* 2412 MHz [1] (30.0 dBm)
+			* 2417 MHz [2] (30.0 dBm)
+			* 2422 MHz [3] (30.0 dBm)
+			* 2427 MHz [4] (30.0 dBm)
+			* 2432 MHz [5] (30.0 dBm)
+			* 2437 MHz [6] (30.0 dBm)
+			* 2442 MHz [7] (30.0 dBm)
+			* 2447 MHz [8] (30.0 dBm)
+			* 2452 MHz [9] (30.0 dBm)
+			* 2457 MHz [10] (30.0 dBm)
+			* 2462 MHz [11] (30.0 dBm)
+			* 2467 MHz [12] (disabled)
+			* 2472 MHz [13] (disabled)
+			* 2484 MHz [14] (disabled)
+</code>

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences