Hello, another incautious user here.
I was upgrading the uboot with an image found on the github repo of GL.inet (by using http://192.168.1.1/uboot.html), but after some minutes the router had all three LEDs steady on, and it does not show any connection to my NIC.
Tomorrow a USB to SERIAL adapter is shipping home, but meanwhile I thought to register here too…
I don’t think the connection to putty will deliver any info. The box seems totally fried.
Will report back, but I’d like to know if there is a way to flash the eeprom…
Thanks for your time,
Gabriel
If there is no output from the serial port at all, then you need to take off the Nor flash and flash using a programmer.
Sadly I confirm it.
I just fried all the eeprom. I can manage flashing the chip with a programmer, but where do I find the image?
Are the MAC addresses written in the original firmware that I lost?
I know I did a bad job frying it, but I’d be very very grateful to be able to recover it.
Any help is really welcome.
Yesterday night I was so pissed I burnt it I couldn’t get asleep.
Oh well, not actually frying it, but at least scramble… 
Sorry…maybe I, made a stupid question.
is it correct to flash openwrt-ar71xx-nand-gl-ar300m-ubi.img made with the domino-team guide on github on the chip?
I’m going to use a programmer similar to the one linked above, the CH341A, with 3.3V jumper.
Has this procedure a chance to recover the router?
Hey there,
TLDR - writing directly the image in the flash didn’t do the trick for me personally but if you get some guidance or find out how to do it, please post it here and tag me as it would nice to learn something new 
You can recover it but I suggest to contact the support team via email to confirm the image you need to write in the flash. I suggest you write in the NOR flash first as that one imho is easier to work with while the NAND is a bit more difficult when you want to just write from empty.
All the mac address, serial number and rf tuning are stored in the art partition which you can get again from support over email and then identify where it is stored and replace it in the flash.
In my case I had another ar300m so I was able to grab the image from there and then replace the art partition. You can read my journey here : GL-AR300M Unable to flash NAND - #33 by misujr and see how I have managed to get it back basically.
BR,
Misujr
Hey Misujr! Thank you very much for the answer!
I’ll have the programmer shipped at my home in just a few hours, and I can’t wait to try and recover the router.
I will contact the customer service and hope they can provide me a backup of the ART partition… but in any case they cannot help, could you pass me your dump?
I hope following step by step your journey will help me recover this little and capable box.
Thank you a lot, really!
Best wishes,
Gabriel
First thing is to flash the uboot at the beginning of the router.
Then you should be able to do everything in the uboot console.
Hi Gabriel,
The dump from my flash memory is taken using the method I have described in my post so it is of no use with a CH341A programmer ( I have tried myself to use it like that). I can take a dump with a CH341A but that will be only later next week as now I am out of office.
Mean time please try what alzhao just suggested in post 11 as that should be a much better solution than getting my dump reflashed and then trying to fix it .
If that doesn’t work, just update the thread and I will take a dump with a CH341a and send that to you ( though I will scramble the MAC and the SN to avoid issues with the ddns service from glinet) .
Best Regards,
Misujr
If @bright_plastik still have the bottom sticker he can write to us and get the back up of radio data, mac addresses etc.
UPDATE! I documented myself, and understood how to plug the programmer. I made a dump of the chip, just in case… It is a little more than 16MB, but dunno what to do with it, as it is corrupted. Maybe I can recover the mac addresses and calibration out of it?
(OLD) Hey fellow recoverer!
Today I got my CH431A. It has a clamp and all the jazz. I had to resume an old laptop with win7 to avoid problems with drivers, and now I’m looking at the pins and connections with cold sweat.
I see in the other thread you pointed the pin 1, on the chip. Thanks. Now, on the rear of the programmer I see two slots: one is marked 25 SPI and the other 24 I2C. I rekon I should connect to the 25 SPI, but I’d love to receive your imput and confirmations. I attach a picture (open it for full image):
I even read somewhere that modifications on the CH431 have to be made to provide 3.6V…but I think they are not needed. I see the traces marks on pcb, and they indicate 3.3V on the two slots, on the lower right pin (pin8). Nonetheless, an indication of position and direction to plug the clamp to pcb would be welcome.
Before I manage burning my chip and wait for a substitute, I wait for your suggestions!
I got in contact with the customer support, meanwhile. It was the omnipresent @alzhao, again! 
I’ll wait next week for a dump of my ART partition, so I have everything needed.
You can check this thread:
I posted a link to a guide I made how to use the clamp and the program for it.
@alzhao, just a fast question.
In the email you mention to desolder the chip from the pcb. Is it needed because some other components on pcb can interfere with read and write?
You seem to have gotten the type of device that I got so it is fairly straight forward:
- Use the SPI bay (25 SPI)
- According to the silk screen and also my own adapter, Pin 1 is the pin near the “I” of SPI but please MEASURE FIRST ! Use a multimeter and determine where you have 3.3v and where you have GND. VCC, RESET and WP should have 3.3 or close to this value. The silk screen is not the always going to match the real product sadly.
- To use the CLIP, plug the clip in the adapter pcb, the adapter pcb will generally have a small dot to indicate where it should be pin1. Then measure pn the clip to be sure you got it right just like at step 2.(if you are lucky, the clip wire ribbon will have one wire of another colour and then you can orient that to be near the dot that marks pin 1 and this way you know where pin1 is always.
- Here it is a bit of a split
A. @Johnex made a great guide and he managed to flash similar memories while the memory ic was soldered to the pcb. Try this way first but make sure you have the router unplugged from power.
B. @alzhao recommends the same way I used and that means you your clip will only power the IC and it will not actually power the rest of the router plus in my case it was the only way I managed to get it to work.
Both ways are good it’s down to you which way you pick but I would try them in order starting with the easier one.
I hope these steps make sense and will help you .
BR,
Misujr
The correct way if the chip is already on the board is to use a clip. There are countless videos on youtube of people flashing the bios on motherboards and doing memory modification like I did in the guide.
If the chip is not on the board anymore, then you use a SOP8 socket like this:
As an example:
I managed to connect it! Thanks a lot to everyone!
Now, I made a backup of the image present on the chip.
It’s a bunch of characters, but maybe the ART section is still usable.
Can you tell me how I can restore only the uboot section?
(it is the section that got corrupted while I was trying to upgrade it)
Is there a way to flash only a sector of the chip, like you do in the partitions of the drives? I’d like to keep the calibration data and mac addresses, and flash the new uboot with the programmer…
Anyone knows?
Again, my great gratitude for all your support.
Awesome that you got a backup !
Here I will let others that know better how to flash only the Uboot as I don’t know that. As far as I know you can flash only bits of the IC(using flashrom under linux I know this but surely the software for CH341 should have such option) , just have to flash them at correct addresses but again I don’t have that as hands on experience.
Thanks a lot @misujr. Really. I mean it. Finding this support by the community was the only way I could hope to recover the router, and indeed it is. Let’s hope I don’t do something stupid!
Dear @alzhao , I seem to progress. The dump of ART might be redundant, as part of the chip seems fine.
I can send you privately the dump to verify that some parts do not need to be flashed again?
Or even better, I try to flash uboot and see if the rest of the chip behaves correctly.
Could you indicate me the command to launch with the CH341A to flash on the chip only the sectors for the uboot?
No rush. If you have time, as I know you’re celebrating (Spring Festival, am I right?)
Regards to all of you,
Gabriel
I don’t know about this. I think you can just flash the uboot and it should flash at the beginning of the Nor, right?
about your art, seems it is not correct. Is this the last 64K of the Nor?
Thanks for the reply Alzhao…unfortunately my attempt to just open the uboot file and write to the chip, hoping it would address in the correct section of Nor, failed. The program flashed it, but on top of the previous configuration. As a result, the garbled characters you can see in the background of picture below.
Therefore, I flashed again the dump I made some day ago, and now the condition is this one:
“Chip main memory with the contents are in disagreement”
I guess it has to do with the addresses and the proper allineation of the contents in the chip.
Reading again the chip, this is the last part of it, at address 00FFF310, where maybe ART starts:
Do you think it is damaged?
@misujr and @Johnex , do you happen to know this particular situation? Do you have hints?
@Johnex , I think you know best than anyone how to behave, using the CH341 as programmer… having at least 2 images to flash, UBOOT and ART, how do I specify the addresses to locate where to flash the images (either decimal or hexadecimal)? Maybe using the CH341 but running it on linux?
@misujr , at this point, since my dump file does not work, it would be very useful to have your dump of the whole chip (with random MAC), flash it to have a working UART console, and from there correct the art partition using the MTD nomenclature, like you did to recover your ART, because by the end of holiday season (next week I think) the customer service will send me a backup of my ART partition. I’ll be hugely thankful if you passed me a whole working dump file.
Thanks to all of you…I’m sorry to disturb you with my problems.