Whole procedure was tested on Netgear WNDAP360 and BUFFALO WZR-HP-AG300H
Make sure offsets are the same on your partition / device!! (by verifying MAC)
While playing on my router I managed to break my ART partition.
If this is wiped / corrupted ath radios will not come up anymore.
ART partition contains calibration data so if you didn't make a backup of your own than your radios might not perform as well as before (I still think it's better to have radios performing not 100% than not performing at all :) ).
Well, ideal situation is when you have backed up your ART partition, this is easy to do in openWRT and at least some stock firmwares which you can access via console and are linux based. On device find art partition:
Look for art or ART (Let's say for me it is mtd5) Then make a dump:
dd if=/dev/mtd5 of=/tmp/art.backup
Copy this dump to your PC (via SSH or some other way)
If you have your own backup, move section 'Flashing ART partition' if not.. well you will need some luck and a bit more work.
Considering that you didn't make a backup of your own ART partition, you need to get art partition from someone that has same device as you (I didn't try with art from different models). Since MAC is saved on this partition you will have to modify it, thing to keep in mind while doing this is the fact that checksum of some sections of partition need to be 0xffff (according to ath9k driver), if checksum is wrong radios will not come up.
On your PC open a art partition dump file (let's call it art.backup) in your favorite HEX editor (I used ghex).
Since my device has two radios, it has two macs and two checksums, to change mac:
Go to offset 0x120c for radio0 (2.4Ghz in my case) and change mac to yours (make sure you don't change more bytes!).
Go to offset 0x520c for radio1 (5Ghz in my case) and change mac to yours (I added 1 to mac from 2.4Ghz)(make sure you don't change more bytes!).
Now, you need to erase checksum bytes, go to offset 0x1202 (for radio0) and erase two bytes (so insert 'FF FF'), go to offset 0x5202 and do the same.
Now, save file, flash it into your ART partition (Refer to the next section for information how to do it).
Boot your box, wifi interfaces will not come up as their checksum is wrong, there will be two messages about this like: 'Bad EEPROM checksum: 0xad22' (on console and dmesg / logread)
Note the checksum values for both radios.
Now, back to hex editor, go to offset 0x1202 (radio0) and put two bytes from above message (so in this case 'AD 22'), go to offset 0x5202 and do the same for radio1 accordingly.
Save, flash to router, enjoy working WiFi with correct MAC.
This can be flashed from OS level (if partition is NOT readonly - if it is you can re-define this in openwrt source and re-compile kernel) or via uboot.
This is simple enough, you need to place your art partition dump into /tmp, and then:
mtd -r write /tmp/art.backup art
Above command will perform reboot after flashing, this is needed.
If on the other hand your partition is read-only and you have no console you have to make it RW my changing it's definition in images/Makefile than recompile and put new image on your device. After you fixed your art partition I HIGHLY advice to put a proper image back (with art partition as read-only)
IMPORTANT If you make mistake here you might BRICK your device for good!!
If you have working console and your partition in read-only (I guess in most cases) you might prefer to do this, exact steps might vary per router but overall guide is:
Before you begin Make sure where you know where your art partition starts, refer to your dmesg / logread you will see entries like this:
0x000000000000-0x000000040000 : "u-boot" 0x000000040000-0x000000050000 : "u-boot-env" 0x000000050000-0x000000200000 : "kernel" 0x000000200000-0x0000007f0000 : "rootfs" 0x0000003f0000-0x0000007f0000 : "rootfs_data" 0x0000007f0000-0x000000800000 : "art" 0x000000050000-0x0000007f0000 : "firmware"
So in my case art starts here: 0x0000007f0000 which on my platform (Atheros - AR7161) in uboot translates to:
For this you need a working TFTP server with static address that your uboot has configured as serverip (check this with command 'printenv' in uboot
Check what is your memory starting address:
Let's say for me it is:
Now, let's download image to memory:
ar7100> tftpboot 0x80000000 art.backup Trying eth0 Using eth0 device TFTP from server 192.168.1.1; our IP address is 192.168.1.2 Filename 'art.backup'. Load address: 0x8000000 Loading: ################################################################# done Bytes transferred = 65536 (10000 hex)
In above output the size of file you downloaded: 10000 hex
When above is done you need to erase what ever is left on your art partition (Note partition starting address from your partition layout as above) be sure to set correct amount/size from above, just prefix it with +0x:
erase 0xbf7f0000 +0x10000
Now, let's copy from memory to flash (basically: cp.b <from where in memory> <to where on flash> <how much - use same size as above but without +):
cp.b 0x8000000 0xbf7f0000 0x10000
And you're done! :)