Wow, slow down, Knogle! The factory.bin file is an image of the kernel and rootfs, wrapped in a layer of metadata. You can't just flash that to the chip. Have a look at the flash layout first to get familiar with what's where on the flash chip.
You need to read out the flash chip, and then replace the data starting from 0x040000 with the sysupgrade.bin file. Everything else outside of the region 0x040000-0xfc0000 needs to stay where it is or you are going to have an expensive paper weight. 
Thanks a lot, just one last question 
Could you post the correct syntax for dd in order to do so?
I'm messing around with dd, but it's not working that well.
I'd like to create a complete rom file for me, instead of flashing using offsets.
My command.
dd if=openwrt-ath79-generic-tplink_eap245-v1-squashfs-sysupgrade.bin of=original.rom seek=262144 bs=1 count=16252928
With dd if=openwrt-ath79-generic-tplink_eap245-v1-squashfs-sysupgrade.bin bs=1 count=16252928 of=original.rom seek=262144 bs=1 conv=notrunc
I receive a huge amount of xz compressed data fragments after the squashfs using binwalk.
At least when using the 2nd command, it's booting, and the LED is initially flashing, and later staying green. I'll check it out. EDIT: Unfortunately unable to connect. Maybe you can help me with the dd stuff.
I tried to create a layout file for flashrom, and now i'm trying to write the "firmware" region only, using the sysupgrade bin. This chip is increadibly slow.
EDIT: Unfortunately in this case, i can't establish a connection with the EAP245 having the OpenWRT Sysupgrade bin.
That's probably because the existing squashfs wasn't entirely erased by the sysupgrade image.
dd bs=64k if=sysupgrade.bin of=flash.rom seek=4 conv=notrunc is a lot faster for me, by the way. The block size (bs=64k) equals the size of a flash erase block. The firmware image is located at an offset of 0x40000 (4ร64ร1024), i.e. aligned with the start of the 5th erase block. dd will stop writing when it runs out of input data, so count= is also not required.
On boot, the bootloader will flash red-orange-green. After that it should be OpenWrt booting. Takes a bit more than a minute the first boot, should be faster (~30s) on subsequent boots.
Thanks a lot!
Unfortunately, also in case of dd bs=64k if=sysupgrade.bin of=flash.rom seek=4 conv=notrunc it looks like that.
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
88632 0x15A38 Certificate in DER format (x509 v3), header length: 4, sequence length: 64
108384 0x1A760 U-Boot version string, "U-Boot 1.1.4--LSDK-10.2-00082-4 (Nov 1 2016 - 14:05:12)"
108576 0x1A820 CRC32 polynomial table, big endian
262144 0x40000 ELF, 32-bit MSB MIPS-I executable, MIPS, version 1 (SYSV)
271676 0x4253C Copyright string: "Copyright (C) 2011 Gabor Juhos <juhosg@openwrt.org>"
271884 0x4260C LZMA compressed data, properties: 0x6D, dictionary size: 8388608 bytes, uncompressed size: 5851011 bytes
2098644 0x2005D4 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 4031668 bytes, 1187 inodes, blocksize: 262144 bytes, created: 2020-07-04 18:03:42
6178024 0x5E44E8 xz compressed data
6232368 0x5F1930 xz compressed data
6272380 0x5FB57C xz compressed data
6309056 0x6044C0 xz compressed data
6342160 0x60C610 xz compressed data
6387392 0x6176C0 xz compressed data
6433832 0x622C28 xz compressed data
6475960 0x62D0B8 xz compressed data
6510708 0x635874 xz compressed data
6539680 0x63C9A0 xz compressed data
6568484 0x643A24 xz compressed data
6592500 0x6497F4 xz compressed data
6628424 0x652448 xz compressed data
6659820 0x659EEC xz compressed data
6703524 0x6649A4 xz compressed data
6736956 0x66CC3C xz compressed data
6768832 0x6748C0 xz compressed data
6792508 0x67A53C xz compressed data
6821924 0x681824 xz compressed data
6861480 0x68B2A8 xz compressed data
6906024 0x6960A8 xz compressed data
6932940 0x69C9CC xz compressed data
6960776 0x6A3688 xz compressed data
6996916 0x6AC3B4 xz compressed data
7028172 0x6B3DCC xz compressed data
7046492 0x6B855C xz compressed data
7080308 0x6C0974 xz compressed data
7117356 0x6C9A2C xz compressed data
7154084 0x6D29A4 xz compressed data
7185068 0x6DA2AC xz compressed data
7218148 0x6E23E4 xz compressed data
7254480 0x6EB1D0 xz compressed data
7292548 0x6F4684 xz compressed data
7328736 0x6FD3E0 xz compressed data
7367304 0x706A88 xz compressed data
7399436 0x70E80C xz compressed data
7435156 0x717394 xz compressed data
7473000 0x720768 xz compressed data
7504072 0x7280C8 xz compressed data
7543032 0x7318F8 xz compressed data
7564348 0x736C3C xz compressed data
7592456 0x73DA08 xz compressed data
7634360 0x747DB8 xz compressed data
7656204 0x74D30C xz compressed data
7695760 0x756D90 xz compressed data
7740304 0x761B90 xz compressed data
7764400 0x7679B0 xz compressed data
7791552 0x76E3C0 xz compressed data
7830276 0x777B04 xz compressed data
7870184 0x7816E8 xz compressed data
7895704 0x787A98 xz compressed data
7936392 0x791988 xz compressed data
7975380 0x79B1D4 xz compressed data
8015804 0x7A4FBC xz compressed data
8056140 0x7AED4C xz compressed data
8080436 0x7B4C34 xz compressed data
8104088 0x7BA898 xz compressed data
8141252 0x7C39C4 xz compressed data
8173820 0x7CB8FC xz compressed data
8200668 0x7D21DC xz compressed data
8241336 0x7DC0B8 xz compressed data
8265484 0x7E1F0C xz compressed data
8286768 0x7E7230 xz compressed data
8308240 0x7EC610 xz compressed data
8336280 0x7F3398 xz compressed data
8345192 0x7F5668 xz compressed data
8364640 0x7FA260 xz compressed data
8380464 0x7FE030 xz compressed data
8398760 0x8027A8 xz compressed data
8411896 0x805AF8 xz compressed data
8428040 0x809A08 xz compressed data
8441492 0x80CE94 xz compressed data
8449480 0x80EDC8 xz compressed data
8460308 0x811814 xz compressed data
8466696 0x813108 xz compressed data
8475600 0x8153D0 xz compressed data
8483216 0x817190 xz compressed data
8498144 0x81ABE0 xz compressed data
8526482 0x821A92 xz compressed data
8527792 0x821FB0 xz compressed data
8529242 0x82255A xz compressed data
8530872 0x822BB8 xz compressed data
8531678 0x822EDE xz compressed data
8535792 0x823EF0 xz compressed data
8537530 0x8245BA xz compressed data
8537964 0x82476C xz compressed data
Unfortunately there is no LAN traffic at all, it seems to show some reaction when using the reset button, it blinks orange. but later on, also no lan traffic.
Thinks friend, it has worked! Just found out, it had something running like DHCP in the beginning, so i had issues with my network. Now it runs fine, thanks.
With your permission, and permission of j-d-r i'd like to give a little tutorial on my blog about this special device.
Fine by me. Always nice to have people document their endeavours to help others. 
Bonus points if you can find a way still to flash OpenWrt without opening up the device!
The default OpenWrt mode is to act like router, so that includes a DHCP server. Best to configure a new device with a direct link and static addresses.
Yeah, but now i'm quite happy!
Btw. does this device support meshing? Because having multiple SSIDs is quite disgustig. I got 3 of the EAP245v1 here.
I run my access points with the same SSID and use 802.11r and a wired backhaul. This works well for roaming, but it's not technically meshing (802.11s). I believe the selected ath10k-ct driver doesn't support 802.11s (correct me if I'm wrong).
Oh can you tell me how to do so?
I think it's quite OT but i'd be happy to know.
Is there any benefit about using meshing? I've found some meshing driver for the ath10k-ct.
I found a way to patch and use uclited -u to upgrade the EAP245v1 
You will need to upgrade to the latest FW v1.4.0 (or figure out how to apply this patch yourself).
First, follow my previous procedure right up to step 3.
Step 3: Patch uclited
Copy the uclited programme to your PC:
$ ssh admin@192.168.0.254 "dd if=/usr/bin/uclited" > uclited
Then you apply the binary patch to uclited. If the checksums don't match for you, look at the details below to find the eight bytes you need to replace.
$ cp uclited uclited-patched
$ echo "000d2264: 24020000 00000000" | xxd -r - uclited-patched
$ sha256sum uclited*
b46a1c506b5364fcf891a8d41bd9278548e0a43df374423538a82f22d2d2ac3f uclited
880ef6b090e75dfe1cb650e76c7b32bbd00b1530051a0e7ea8ae2da11971a94c uclited-patched
The original uclited debug mode upgrade calls a verification function after loading the factory image, but passes a bad pointer(?), causing it to crash. The patch below removes the call to this function, and instead just loads the desired return value into the v0 (return value) register.
$ xxd -g4 -l8 -s860772 uclited
000d2264: 0c1345e0 27a70018 ..E.'...
$ xxd -g4 -l8 -s860772 uclited-patched
000d2264: 24020000 00000000 $.......
Finish this step by copying back the patched binary:
ssh admin@192.168.0.254 "dd of=/tmp/uclited-patched" < uclited-patched
Step 4: Flash upgrade
Copy the firmware upgrade file to /tmp/upgrade.bin:
$ ssh admin@192.168.0.254 "dd of=/tmp/upgrade.bin" < openwrt-...-squashsf-factory.bin
Flash by running uclited -u and reboot:
# ./uclited-patched -u
Begin Debug Mode Fireware Upgrade
Upgrade fireware size is 6061385 bytes
Upgrade fireware md5 checksum is correct!
Now upgrade fireware...
######################################################################
###########################
Done.
Firmware upgrade successfully! Please reboot manually.
# reboot
And that should (finally!) give you OpenWrt on your EAP245v1 (and EAP225v1/v2, most likely).
The question is if you actually need 802.11s support. It uses a wireles connection between the access points to transfer data between them, so this chews into your available bandwidth.
If you (can) have a wired connection to every AP, I would strongly suggest to just use the same SSID and password on all your APs. Your wireless devices will figure out that they need to switch to the one with the stronger signal by themselves. If you want smoother roaming, you can look into 802.11r (easily configured nowadays).
This is great work!
Sorry, I've been off the last month studying for an exam this week. Once that's over, I intend on helping out a bit more with this
Is there a way to get a new BSSID? Haha unfortunately i took the image from 1st AP, and flashed it to the 2nd AP. Didn't think about the MAC address stuff, now i got 2 APs having the same MAC lol.
Check out the partition lay-out in tplink-safeloader.c from my pull request (post #62). The "default-mac" partition contains the same mac address as written on the device, at an offset of 8 bytes. Take the mac address from your device's label and fill it in where the dots are.
$ xxd -s +0x30000 -l16 eap245v1.rom
00030000: 0000 0006 0000 0000 ยทยทยทยท ยทยทยทยท ยทยทยทยท ffff
Thank you so much, you have saved me heh. It was quite a funny behaviour, having 2 APs with same SSID.
I've solved it a minute before of your answer, searching for the MAC of the one AP and replacing it by the other. Thanks so much for gathering all these information for the community!!! They are really important.
I'll set up a little script in order to build the custom image, having a new mac.
Btw. did some one take a look on this here? https://github.com/o11s/open80211s/wiki/ath10k-(802.11ac)-for-Mesh-Support Something which may work on OpenWRT as well?
Maybe you should open a topic in #general:network-and-wireless-configuration to discuss meshing on the QCA9880. People not interested in the EAP245 probably won't check this topic, but there's likely plenty of other users other with a QCA988x radio that have more knowledge on this topic.
Thanks!
I think the EAP245 is a big deal now with OpenWRT. A huge amount of functions, and it's quite cheap on eBay. For around 30$ you get a v1 one. Support beamforming and everything else, i think they are quite awesome now.
No worries. Good luck with the exam if your still need to take it, hope it went well otherwise 
I think I've got the patches mostly ironed out by now. Could you maybe still check what the EAP245v3 does when you hold down the reset button on power-up? If that brings up the built-in http server or tftp client, that means you can do solder-less debricking. That would be something (a good thing) I could put into the commit message.
Is there a way to upgrade/update a system, running this image?
Or is it even necessary?