@alzhao, just a fast question.
In the email you mention to desolder the chip from the pcb. Is it needed because some other components on pcb can interfere with read and write?
You seem to have gotten the type of device that I got so it is fairly straight forward:
- Use the SPI bay (25 SPI)
- According to the silk screen and also my own adapter, Pin 1 is the pin near the “I” of SPI but please MEASURE FIRST ! Use a multimeter and determine where you have 3.3v and where you have GND. VCC, RESET and WP should have 3.3 or close to this value. The silk screen is not the always going to match the real product sadly.
- To use the CLIP, plug the clip in the adapter pcb, the adapter pcb will generally have a small dot to indicate where it should be pin1. Then measure pn the clip to be sure you got it right just like at step 2.(if you are lucky, the clip wire ribbon will have one wire of another colour and then you can orient that to be near the dot that marks pin 1 and this way you know where pin1 is always.
- Here it is a bit of a split
A. @Johnex made a great guide and he managed to flash similar memories while the memory ic was soldered to the pcb. Try this way first but make sure you have the router unplugged from power.
B. @alzhao recommends the same way I used and that means you your clip will only power the IC and it will not actually power the rest of the router plus in my case it was the only way I managed to get it to work.
Both ways are good it’s down to you which way you pick but I would try them in order starting with the easier one.
I hope these steps make sense and will help you .
BR,
Misujr
The correct way if the chip is already on the board is to use a clip. There are countless videos on youtube of people flashing the bios on motherboards and doing memory modification like I did in the guide.
If the chip is not on the board anymore, then you use a SOP8 socket like this:
As an example:
I managed to connect it! Thanks a lot to everyone!
Now, I made a backup of the image present on the chip.
It’s a bunch of characters, but maybe the ART section is still usable.
Can you tell me how I can restore only the uboot section?
(it is the section that got corrupted while I was trying to upgrade it)
Is there a way to flash only a sector of the chip, like you do in the partitions of the drives? I’d like to keep the calibration data and mac addresses, and flash the new uboot with the programmer…
Anyone knows?
Again, my great gratitude for all your support. 
Awesome that you got a backup !
Here I will let others that know better how to flash only the Uboot as I don’t know that. As far as I know you can flash only bits of the IC(using flashrom under linux I know this but surely the software for CH341 should have such option) , just have to flash them at correct addresses but again I don’t have that as hands on experience.
Thanks a lot @misujr. Really. I mean it. Finding this support by the community was the only way I could hope to recover the router, and indeed it is. Let’s hope I don’t do something stupid!
Dear @alzhao , I seem to progress. The dump of ART might be redundant, as part of the chip seems fine.
I can send you privately the dump to verify that some parts do not need to be flashed again?
Or even better, I try to flash uboot and see if the rest of the chip behaves correctly.
Could you indicate me the command to launch with the CH341A to flash on the chip only the sectors for the uboot?
No rush. If you have time, as I know you’re celebrating (Spring Festival, am I right?)
Regards to all of you,
Gabriel
I don’t know about this. I think you can just flash the uboot and it should flash at the beginning of the Nor, right?
about your art, seems it is not correct. Is this the last 64K of the Nor?
Thanks for the reply Alzhao…unfortunately my attempt to just open the uboot file and write to the chip, hoping it would address in the correct section of Nor, failed. The program flashed it, but on top of the previous configuration. As a result, the garbled characters you can see in the background of picture below.
Therefore, I flashed again the dump I made some day ago, and now the condition is this one:
“Chip main memory with the contents are in disagreement”
I guess it has to do with the addresses and the proper allineation of the contents in the chip.
Reading again the chip, this is the last part of it, at address 00FFF310, where maybe ART starts:
Do you think it is damaged?
@misujr and @Johnex , do you happen to know this particular situation? Do you have hints?
@Johnex , I think you know best than anyone how to behave, using the CH341 as programmer… having at least 2 images to flash, UBOOT and ART, how do I specify the addresses to locate where to flash the images (either decimal or hexadecimal)? Maybe using the CH341 but running it on linux?
@misujr , at this point, since my dump file does not work, it would be very useful to have your dump of the whole chip (with random MAC), flash it to have a working UART console, and from there correct the art partition using the MTD nomenclature, like you did to recover your ART, because by the end of holiday season (next week I think) the customer service will send me a backup of my ART partition. I’ll be hugely thankful if you passed me a whole working dump file.
Thanks to all of you…I’m sorry to disturb you with my problems. 
Since you are on Windows, the best way is to use a hex editor. I personally use 010 Editor, but it costs money so the best free one is HxD:
https://mh-nexus.de/en/programs.php
You want to open the backup you made, and also open just the ART section, so you have 2 tabs open. You then place the cursor in the backup file tab to where you want to insert or replace the ART. Go to the ART tab, select all, copy, then paste it into the backup tab. HxD will overwrite all bytes following the cursor with whatever you copied. If the section you want to replace is bigger than the new content for example, you can instead select the block to replace before hand. You can also do it if you know the range via “Edit → Select Block”.
After you have done your edits, save it as a new file and flash that with the CH341A.
Appending to the end:
Replacing section:
Johnex thanks a lot. You couldn’t be more precise than this.
I hope my dump is still usable replacing sections of it.
Here is my dump file…could someone scroll it rapidly and tell me if I need another dump file to work on, or I can manage recovering the router just using mine?
I don’t really know how it should look like. Dunno for example if UBOOT and ART are both damaged, or only UBOOT.
It is the first time I open a firmware and see how it is written.
Seems that you failed to flash the correct data.
Can you erase the flash first so that it is all FF. Then flash the uboot again.
Hello guru. Welcome back!
I think I will wait for the ART dump from Support and possibly @misujr 's full dump.
Pardon me if I’m so careful, but I know I’m no expert, and usually when I throw myself in these things with no precautions I end f**king up everything. I know it is already messed up, but I can do worse! I don’t really know what I was really doing the other day…
If you fellows agree with me, please help me collect all possible images beforehand, and then juggle the balls.
ATM, my preferred option would be to flash @misujr dump through CH341, and then from UART flash the ART with my mac addresses and calibration.
Is it an acceptable milestone?
I am not really super familiar with using the CH341A. I have it and I have used it but not enough to know my way around it . I am more familiar with the flashrom tool under linux.
My dump is here : File on MEGA
Bear in mind that I have just wrote a random mac and serial number but that shouldn’t be a problem.
The router that gave the dump is one with internal antennae so although it will not match the art partition on yours, still it should not stress your router’s RF too much .
Please let me know once you got the dump so I can remove it .
Also sorry for the late response but I am in the same time zone and culture as the support team from GLi so I just got back to my office .
L.E.: As @alzhao said , please first erase the content of the chip and then write the dump.
As long as you don’t “fry” the IC, then you are safe to try to write on it for quite a few times so don’t worry, just watch the pinout . Worse come to worse you can buy a new ic and that is still worth to save the router.
BR,
Misujr
2 Likes
@misujr you are very careful.
I wish you have the same from your fellows!
I made a copy of your dump in my MEGA, so you can remove it if you wish.
Now the only thing I’m missing is the ART, and I’m good to go.
At this point, I’m sure I will be able to recover the router! 
Mee too, but my doubt is that you need a whole image to flash, since the programmer does not know where to put the images in the available partitions. With your bin, I circumnavigate the problem in one go.
Thanks a lot to everyone! I’ll report back when there is development!
Thank you for the kind words .
Great you got the file 
.
Please try to flash the file from me and see if you can power up the router and get into it . If you can then that is a great step .
Though you will need to see if you can get it online to be able to install kmod-mtd-rw that will allow you to replace the ART partition in an easy manner ( at least the way I found easy:-) ) .
Hello fellow members…
I just wanted to tell you thanks to everyone’s help I was able to fully recover the AR300M!
I basically had to flash the dump kindly provided by @misujr ,and then slowly work out all the “partitions” of both NOR and NAND to make it as new. Did not need to follow this method…the serial console was enough.
I can dig in the detailed explanation if needed, but basically the most important thing to say is that I found preferable to flash all the sections through TFTP and serial console, since the UBOOT UI has some quirks here and there. Specifically, both NAND and ART flash did not execute properly, via 192.168.1.1 and 192.168.1.1/art.html It is a bug with the size of files (at least for the NAND fw)
I found a little confusing the scripts in the uboot console, but in the end they worked. Surely, you need to rename the files in the tftp server to match exactly the ones in the scripts. In particular, the script that flashes the ART section is not really well documented, and I ended up issuing commands when a script was provided, but nonetheless I succeeded.
If you need further details, just ask me in a reasonable timelapse. I’ll try my best to explain properly, and give back what I received!
Thank you all, again. I mean it. This is a great forum and community, as much as owrt forum!
Keep up the good work.
3 Likes
Glad to see you got this sorted and got back your router .
If you have the time and availability, maybe you can post a guide on how to get the NAND working using the method you described above. My reason to ask this is simple, the router I have saved has only NOR memory on the pcb but I can put a nand flash on it just for the sake of adding more memory and I would be interested to try your method of flashind the NAND memory and then getting it up an running. I am not yet familiar with flashing the NAND from NOR so a guide from you who did this just recently with success would be great and I think might help others in the future in case they face the same problem. No time constraint on my side so please do it only if and when you the time for this .
Again congrats for the success .
BR,
Misujr
2 Likes
Hi there,
I’ve been tinkering with my AR300M today, since it seemed to not like the latest firmware, and along the way I appear to have hosed my ART partition in trying to recover it to a working state. I’ve managed to recover the main firmware, but I think I may have overwritten the ART when trying to manually get the firmware in the right spots on the chip to have it boot.
Is there any chance I could get a reupload of the dump file from @misujr or @bright_plastik if you still have it?
Thanks!
Hi Drag…
I’m moving in a new house ATM, so I’m surrounded by chaos and doubts. I’ll eventually get over it and find the dump of the original firmware and pass it on to you.
Watch out though, if you fried your ART (as I did) the only way you can fully recover the router is by getting in contact with @alzhao, as only him can send you a proper ART with your correct mac addresses.
In all the recovery process, don’t ever use the GUI pages for upload of FW. Only use serial console and built-in flash commands.
This is very, very important.
The GUI is bugged, and never got fixed.
Thanks for the response. I’m aware that the ART is MAC-address specific (that’s what tipped me off that something was wrong, when it didn’t pick the static IP assignment back up) though based on the OpenWRT wiki it’s relatively easy to modify back to the original values. It’s more about the calibration data for the wireless interfaces; if I’ve blown that away, then it’s going to need refitting.
I also filed a support request earlier today on the contact page, so this is somewhat of a backup in that sense.
And yes, I do agree that the firmware update process leaves a lot to be desired; the whole issue started when trying to install 3.212 over the top of 3.211 from the web interface. This also extends to the uboot upgrade; I probably reflashed it four times today, for no gain, because it was saying a date in July 2019, when the file name on GitHub suggested it was compiled in late 2020. The 2019 date was probably the last version bump upstream. Trying to figure out updating NOR was also very confusing, especially since there’s no .bin builds for the AR300M.
Best of luck with the move, hopefully I won’t require the dump before you’re ready and able to provide it. Please don’t rush on my account.