Xiaomi AX3000T Unlocks SSH and uploads files with SCP, and an error will be displayed after 20K
Routing enthusiast• Publish Time:2025-11-28 10:41• Category: Xiaomi (MIWiFi)
•Views:61696• Comments: (
0 )
Xiaomi AX3000T official firmware write limit of 20 KB" problem, the symptom is that as long as the file is transferred with scp as long as it exceeds 20 KB, an error will be reported, and it is basically certain that
/usr/sbin/dropbear or /usr/bin/dbclient in the official firmware has been added by Xiaomi with a hard-coded limit. It is used to prevent people from dragging large third-party packages (such as ShellClash, OpenClash, etc.) into the router at once. The simple understanding is: 
- SSH can be connected, but SCP will call DropBear's dbclient as an encrypted channel, and Xiaomi will write the dbclient single receive buffer to 20 KB;
- local scp will send a payload of 32 KB~64 KB at a time by default, so it is rejected by the peer dropbear as soon as the first frame is sent, and the client side immediately reports "lost connection" or "broken pipe".
- When file ≤ 20 KB, it can be installed in one frame and does not trigger this protection, so it looks "small file normal".
There are only two possible bypass methods, and there is no solution that can be broken through by simply changing command parameters
A. Cut large files into small pieces of ≤ 20 KB on your PC
- Linux / macOS
split -b 19k bigfile.bin chunk_ # 19 KB per block for f in chunk_*; do scp "$f" root@192.168.31.1:/tmp/ done ssh root@192.168.31.1 'cat /tmp/chunk_* > /tmp/bigfile.bin; rm /tmp/chunk_*' - Windows(PowerShell)
1..20 | % { $s=19kb; $i=$_; $b=[io.file]::ReadAllBytes("bigfile.bin") [io.file]::WriteAllBytes("chunk_$i",$b[($i-1)*$s.. ($i*$s-1)]) }
cut and drag in one by one with WinSCP, and then merge
cat in the router. assume that
chunk_aa chunk_ab chunk_ac ... has already been put in /tmp:cd /tmp cat chunk_* > object filename.binB. Directly replace the restricted dropbear
first flash the router to "official modification" or third-party firmware (such as OpenWrt, Padavan, X-Wrt), these firmware use the original dropbear/openssh, there is no 20 KB limit, and it is no problem to scp hundreds of megabytes at a time. But brushing is risky to prevent accidental bricks.
first flash the router to "official modification" or third-party firmware (such as OpenWrt, Padavan, X-Wrt), these firmware use the original dropbear/openssh, there is no 20 KB limit, and it is no problem to scp hundreds of megabytes at a time. But brushing is risky to prevent accidental bricks.
use Plan A for temporary emergencies, and if you want to cure it, you can only go to Plan B. There is no news on whether the official will lift this restriction in the future, and there is still a 20 KB ceiling in the actual test of new firmware versions such as 1.0.80/1.0.84.
Read More
Comment List