TL/DR
It uses a MIPS interAptiv Realtek 9607CP which I believe has a limited future for OpenWrt development but wanted to share these findings in case it was useful to someone smarter. The hardware and antenna design are really good, it's let down by the stock firmware but quite customisable even as a dumb access point.
Specifications and Datasheet
Firmware
Can be downloaded at http://icotera.as42611.net/gold5k-2.2.4_generic_release.bin, it's encrypted with a static key obfuscated inside /bin/cliic but can be decrypted with:
tail -c +150 firmware.bin | openssl enc -aes-256-cbc -nosalt -d -out firmware.tar.gz -K 'c47bd740511eb0c13b00250417db62301389cb91d0f3c94d39ac6a4357506744' -iv `dd skip=129 count=16 if=firmware.bin bs=1 status=none | hexdump -e '16/1 "%02x"'` -nopad
Getting Complete Admin
The easiest way is to factory reset, then serve the filename WANMACADDRESSGOESHERE.dat on the WAN interface via a TFTP server containing a replacement configuration file with the following:
management ssh enable
management ssh authentication password enable
management ssh port 22
management ssh listen all
management ssh filter enable
management ssh filter rule 1 enable
management ssh filter rule 1 description
management ssh filter rule 1 inif any
management ssh filter rule 1 srcip 0.0.0.0
management ssh filter rule 1 action allow
management cli timeout 300
management cli username admin
management cli password $1$aKaa.d9.$6IzZ0e8gYlTf8gvpMxmfa0
management login basic
management cwmp disable
Then SSH with username admin and password 123 to get complete admin access via the Icotera CLI.
Useful Commands
Dump all logs and debug info: (time consuming)
debug techsupport screen
Revert any changes without applying:
copy boot progress
Review current configuration:
copy progress screen
Apply changes:
copy progress boot
Wi-Fi settings:
interface wifi
Bridge and VLAN membership:
bridge
Disable routing:
router disable
Interface info:
show interface
System summary:
show management
Holding the reset button on boot for more than 15 seconds switches the active/backup firmware partitions.