after much reading and experimentation, I (kinda) found a way to modify the cmdline of kernel without recompiling. Please kindly point out if this is doable, and all feed backs are welcome
Here are my steps so far:
Obtain/download the firmware in your working directory.
Extract the firmware according to instructions. With binwalk you will have to also use dd and lzma the old version https://tukaani.org/lzma/
With the modkit above, in the image parts folder, extract the header.img file with dd and lzma.
4)here is what I got so far:
If you get "corrupt" error, it's fine, the file is extracted. Or alternatively, download the original lzma and install it: https://tukaani.org/lzma/
The result is the same.
Now if you do:
hexdump -C kernel | head
or
strings | head
the kernel cmdline is here!!
The question is, can I safely edit it?
The next question is, how do I repackage the extracted kernel back into the firmware?
Although you're trying to avoid recompilation do you have a full build environment? If so then looking the tail end of the build with reasonable verbosity enabled would show you the tools used. A touch on the kernel file followed by make should capture what you need. You could then turn them into a standalone script if needed.
That's what I would do. Do a regular compile, then use the touch utility to update the timestamp on the kernel file (if that is the one you will hack). Next use make -j 1 V=s to get a linear, one-action at a time list of what is then done.
Make that into a script that should replicate the same thing and see if it builds an image that you can flash. It may be exactly the same as the original, or vary a bit if things like timestamps get embeded in it. Once it does flash OK then start making your changes to the kernel file.
You perhaps need to up a level to ensure any checksums in files are also set correctly.
If you can find where the kernel cmdline is changed in a full build, change only that thing and do the same as above you may spot the extra bit that you need.
There may be a short cut by making sure that the cmdline stays the same length - maybe that is the need. Are you lengthening / shortening it?
See also if you can put your image file on the router and use the tools there to reproduce the error. That might give you a clue what is not working.