If Zyxel EX5601-T0 / T56 router has becomes bricked, meaning it no longer boots properly, there is a way to recover it through UART.
There are guides for using mtk_uartboot on MediaTek SoCs. The problem is its not very friendly and requires a UART terminal, TFTP server, manual U-Boot commands, some repair need more knowledge on mtd partition layout.
Here is another tool for the EX5601 / T56 router. It is user friendly and used same bootrom method, start automatically and checks the router’s partition layout and can restore bl2 and fip using a simple U-Boot-style menu.
yes if t56 is password-locked at zhal>. Also worked when bootloader was corrupted, totally overwritten. but never tested if it works when secure boot is enabled ( dont find any ex5601 with secure boot), maybe it works yes , maybe not.
The script is using mediatek bootrom handshake
Meaning: SYNC
send these 4 bytes to the router over UART:
A0 0A 50 05 at router wake it reads and should reply with:
5F F5 ----
That is the bitwise inverse/complement of the sync bytes:
A0 -> 5F, 0A -> F5, 50 -> AF, 05 -> FA
so if reply != EXPECTED:
fail("BootROM sync failed") else it will work
BUT
if secure boot is enable and we have a connection then that would not accept unsigned paylod. , unless we erase and reflash it.
I don't find a device with a different Brom protocol. If there is such a device, this code will not work; other than that, most I have tested worked well, but yes, I haven't tested all t56 routers, so it's still need testing before anything can be sure