RADIUSdesk

Trace: xiaomi_power

This is an old revision of the document!

Table of Contents

Xiaomi Up The Power

Are You Low On TX Power?

  • Some of the Mediatek 7628 based Xiaomi models does not use the all the available transmit power when running OpenWrt
  • Both the 4A 100M Edition and 4C I purchased in South Africa had this issue.
  • Fortunately the fix is fairly simple.

Up The TX Power - The Action Plan

  • The Flash chip of the device is segmented in various blocks.
  • One of these blocks is called factory and contains things specific to the device e.g. its MAC Address.
  • When the operating system then boots up it reads a know location on this bloc to get and configure the device with the correct MAC Address.
  • This block is also consulted when applying a limit on the broadcast power of the radio.
  • With the default values in the factory block some devices has a limit of only 14.0 dBm TX power on the 2.4 radio.
  • This is despite the fact that the radio on the device is capable to transmit much more.
  • To overcome this limitation we will do the following on each device:
    • Flash a copy of the OpenWrt with MESHdesk firmware in device (it has kmod-mtd-rw included already).
    • Make a backup of the factory mtd block.
    • Modify some values in the copy of the factory mtd block.
    • Write the updated factory mtd block back to the device.
    • Reboot
    • Enjoy more power.

Current TX Power

  • To check what the current TX power limit is ssh into the device and issue the flowing command
iw list
#Look For This section
	HT TX/RX MCS rate indexes supported: 0-15
		Frequencies:
			* 2412 MHz [1] (14.0 dBm)
			* 2417 MHz [2] (14.0 dBm)
			* 2422 MHz [3] (14.0 dBm)
			* 2427 MHz [4] (14.0 dBm)
			* 2432 MHz [5] (14.0 dBm)
			* 2437 MHz [6] (14.0 dBm)
			* 2442 MHz [7] (14.0 dBm)
			* 2447 MHz [8] (14.0 dBm)
			* 2452 MHz [9] (14.0 dBm)
			* 2457 MHz [10] (14.0 dBm)
			* 2462 MHz [11] (14.0 dBm)
			* 2467 MHz [12] (disabled)
			* 2472 MHz [13] (disabled)
			* 2484 MHz [14] (disabled)
	valid interface combinations:
  • There you can see our device is limited to 14 dBm transmit power.

Backup factory block

  • For this we use the Luci web interface to the device.
  • Go to SystemBackup / Flash Firmware.
  • Under Save mtdblock contents select the factory mtdblock.
  • Click the SAVE MTDBLOCK button to download it.
  • The name of the file has a convention of <HOSTNAME>.<Partition name>.bin (e.g. 4C-GW.mtd2.bin)

Keep in mind that the factory block on each device is unique to that device and has to be treated as such.

Edit The Factory Block

  • This is probably equivalent to brain surgery on a device LOL
  • Open the factory block file with a hex editor. We use GHex on Ubuntu.
  • Starting from address A0 is a row of values.
  • There are 14 of them.
  • On my 4C it is C0.
  • See screenshot below

  • Change those values to FF.

  • Save the file under another name to show its the high power tweaked one e.g. 4C-GW.mtd2_hp.bin
Last modified: 2021/11/16 17:33