Hey Misujr! Thank you very much for the answer!
I’ll have the programmer shipped at my home in just a few hours, and I can’t wait to try and recover the router.
I will contact the customer service and hope they can provide me a backup of the ART partition… but in any case they cannot help, could you pass me your dump?
I hope following step by step your journey will help me recover this little and capable box.
Thank you a lot, really!
Best wishes,
Gabriel
First thing is to flash the uboot at the beginning of the router.
Then you should be able to do everything in the uboot console.
Hi Gabriel,
The dump from my flash memory is taken using the method I have described in my post so it is of no use with a CH341A programmer ( I have tried myself to use it like that). I can take a dump with a CH341A but that will be only later next week as now I am out of office.
Mean time please try what alzhao just suggested in post 11 as that should be a much better solution than getting my dump reflashed and then trying to fix it 
.
If that doesn’t work, just update the thread and I will take a dump with a CH341a and send that to you ( though I will scramble the MAC and the SN to avoid issues with the ddns service from glinet) .
Best Regards,
Misujr
If @bright_plastik still have the bottom sticker he can write to us and get the back up of radio data, mac addresses etc.
UPDATE! I documented myself, and understood how to plug the programmer. I made a dump of the chip, just in case… It is a little more than 16MB, but dunno what to do with it, as it is corrupted. Maybe I can recover the mac addresses and calibration out of it?
(OLD) Hey fellow recoverer!
Today I got my CH431A. It has a clamp and all the jazz. I had to resume an old laptop with win7 to avoid problems with drivers, and now I’m looking at the pins and connections with cold sweat.
I see in the other thread you pointed the pin 1, on the chip. Thanks. Now, on the rear of the programmer I see two slots: one is marked 25 SPI and the other 24 I2C. I rekon I should connect to the 25 SPI, but I’d love to receive your imput and confirmations. I attach a picture (open it for full image):
I even read somewhere that modifications on the CH431 have to be made to provide 3.6V…but I think they are not needed. I see the traces marks on pcb, and they indicate 3.3V on the two slots, on the lower right pin (pin8). Nonetheless, an indication of position and direction to plug the clamp to pcb would be welcome.
Before I manage burning my chip and wait for a substitute, I wait for your suggestions! 
I got in contact with the customer support, meanwhile. It was the omnipresent @alzhao, again! 
I’ll wait next week for a dump of my ART partition, so I have everything needed.
You can check this thread:
I posted a link to a guide I made how to use the clamp and the program for it.
@alzhao, just a fast question.
In the email you mention to desolder the chip from the pcb. Is it needed because some other components on pcb can interfere with read and write?
You seem to have gotten the type of device that I got so it is fairly straight forward:
I hope these steps make sense and will help you .
BR,
Misujr
The correct way if the chip is already on the board is to use a clip. There are countless videos on youtube of people flashing the bios on motherboards and doing memory modification like I did in the guide.
If the chip is not on the board anymore, then you use a SOP8 socket like this:
As an example:
I managed to connect it! Thanks a lot to everyone!
Now, I made a backup of the image present on the chip.
It’s a bunch of characters, but maybe the ART section is still usable.
Can you tell me how I can restore only the uboot section?
(it is the section that got corrupted while I was trying to upgrade it)
Is there a way to flash only a sector of the chip, like you do in the partitions of the drives? I’d like to keep the calibration data and mac addresses, and flash the new uboot with the programmer…
Anyone knows?
Again, my great gratitude for all your support.
Awesome that you got a backup !
Here I will let others that know better how to flash only the Uboot as I don’t know that. As far as I know you can flash only bits of the IC(using flashrom under linux I know this but surely the software for CH341 should have such option) , just have to flash them at correct addresses but again I don’t have that as hands on experience.
Thanks a lot @misujr. Really. I mean it. Finding this support by the community was the only way I could hope to recover the router, and indeed it is. Let’s hope I don’t do something stupid!
Dear @alzhao , I seem to progress. The dump of ART might be redundant, as part of the chip seems fine.
I can send you privately the dump to verify that some parts do not need to be flashed again?
Or even better, I try to flash uboot and see if the rest of the chip behaves correctly.
Could you indicate me the command to launch with the CH341A to flash on the chip only the sectors for the uboot?
No rush. If you have time, as I know you’re celebrating (Spring Festival, am I right?)
Regards to all of you,
Gabriel
I don’t know about this. I think you can just flash the uboot and it should flash at the beginning of the Nor, right?
about your art, seems it is not correct. Is this the last 64K of the Nor?
Thanks for the reply Alzhao…unfortunately my attempt to just open the uboot file and write to the chip, hoping it would address in the correct section of Nor, failed. The program flashed it, but on top of the previous configuration. As a result, the garbled characters you can see in the background of picture below.
Therefore, I flashed again the dump I made some day ago, and now the condition is this one:
Thanks to all of you…I’m sorry to disturb you with my problems.
Since you are on Windows, the best way is to use a hex editor. I personally use 010 Editor, but it costs money so the best free one is HxD:
https://mh-nexus.de/en/programs.php
You want to open the backup you made, and also open just the ART section, so you have 2 tabs open. You then place the cursor in the backup file tab to where you want to insert or replace the ART. Go to the ART tab, select all, copy, then paste it into the backup tab. HxD will overwrite all bytes following the cursor with whatever you copied. If the section you want to replace is bigger than the new content for example, you can instead select the block to replace before hand. You can also do it if you know the range via “Edit → Select Block”.
After you have done your edits, save it as a new file and flash that with the CH341A.
Appending to the end:
Replacing section:
Johnex thanks a lot. You couldn’t be more precise than this.
I hope my dump is still usable replacing sections of it.
Here is my dump file…could someone scroll it rapidly and tell me if I need another dump file to work on, or I can manage recovering the router just using mine?
I don’t really know how it should look like. Dunno for example if UBOOT and ART are both damaged, or only UBOOT.
It is the first time I open a firmware and see how it is written.
Seems that you failed to flash the correct data.
Can you erase the flash first so that it is all FF. Then flash the uboot again.
Hello guru. Welcome back!
I think I will wait for the ART dump from Support and possibly @misujr 's full dump.
Pardon me if I’m so careful, but I know I’m no expert, and usually when I throw myself in these things with no precautions I end f**king up everything. I know it is already messed up, but I can do worse! I don’t really know what I was really doing the other day…
If you fellows agree with me, please help me collect all possible images beforehand, and then juggle the balls.
ATM, my preferred option would be to flash @misujr dump through CH341, and then from UART flash the ART with my mac addresses and calibration.
Is it an acceptable milestone?
I am not really super familiar with using the CH341A. I have it and I have used it but not enough to know my way around it . I am more familiar with the flashrom tool under linux.
My dump is here : File on MEGA
Bear in mind that I have just wrote a random mac and serial number but that shouldn’t be a problem.
The router that gave the dump is one with internal antennae so although it will not match the art partition on yours, still it should not stress your router’s RF too much .
Please let me know once you got the dump so I can remove it .
Also sorry for the late response but I am in the same time zone and culture as the support team from GLi so I just got back to my office .
L.E.: As @alzhao said , please first erase the content of the chip and then write the dump.
As long as you don’t “fry” the IC, then you are safe to try to write on it for quite a few times so don’t worry, just watch the pinout . Worse come to worse you can buy a new ic and that is still worth to save the router.
BR,
Misujr
@misujr you are very careful.
I wish you have the same from your fellows!
I made a copy of your dump in my MEGA, so you can remove it if you wish.
Now the only thing I’m missing is the ART, and I’m good to go.
At this point, I’m sure I will be able to recover the router! 
Mee too, but my doubt is that you need a whole image to flash, since the programmer does not know where to put the images in the available partitions. With your bin, I circumnavigate the problem in one go.
Thanks a lot to everyone! I’ll report back when there is development!
