Thank you ! I've been stucked for a while now and it seems that this is just the final step I needed.
I agree with you about not redistributing a modified TP-Link image without a lawyer advice. I don't think we can distribute original firmware either for the same reasons. However, I think we can document the procedure.
FTR, here is what I've done to revert back to original firmware (2.7.0, might work for later versions) on EAP225 v3 (considering an access via serial interface):
On debian 10:
apt-get update && apt-get install binutils git openssh-server binwalk tftp tftpd wget
git clone https://github.com/openwrt/openwrt
cd openwrt/tools/firmware-utils/src
cc -o tplink-safeloader tplink-safeloader.c md5.c -Wall --std=gnu99
cd -
cp openwrt/tools/firmware-utils/src/tplink-safeloader ./
wget $TP_LINK_ORIGINAL_FIRMWARE_URL_FROM_OFFICIAL_WEBSITE
wget https://downloads.openwrt.org/snapshots/targets/ath79/generic/openwrt-ath79-generic-tplink_eap225-v3-initramfs-kernel.bin
sudo cp openwrt-ath79-generic-tplink_eap225-v3-initramfs-kernel.bin /srv/tftp/initramfs.bin
./tplink-safeloader -z $TP_LINK_ORIGINAL_FIRMWARE_FILENAME -o eap225v3-stock-v2.7.0-sysupgrade.bin
On device (via serial, considering 192.168.0.10 for device and 192.168.0.20 for debian machine, with gateway and dns at 192.168.0.1):
setenv ipaddr 192.168.0.10
setenv serverip 192.168.0.20
tftpboot 0x80800000 initramfs.bin
bootelf $fileaddr
uci set network.lan.ipaddr="192.168.0.10"
uci set network.lan.gateway="192.168.0.1"
uci set network.lan.dns="192.168.0.1"
uci commit
/etc/init.d/network restart
scp debian@192.168.0.20:/home/debian/eap225v3-stock-v2.7.0-sysupgrade.bin /tmp/firmware.bin
sysupgrade -v -n -F /tmp/firmware.bin
I haven't tried (yet) to update this modified TP-Link image via luci. Do you think it will work ? If so, I think I just have to desolder the wires added on the board for serial access 