If you're just throwing stuff at it blindly I'd suggest trying the release "CPE830" factory build.
Each model has some code in the build system for how to put together a "factory" image, which typically includes a header with magic numbers, region codes, CRC checksums, etc that is very specific to the make and model.
The device is a rebrand of Yurcon 830, supported by OpenWRt
Now, in order to install the firmware, I need the "make" from the Git to produce not only the "sysupgrade" but also the "firmware" version to upload it on the device
Assuming that it is close to the Yuncore 830 that exists in the Openwrt repo, you possibly need to modify the image generation recipe for the device so that it will get accepted to the checksum logic in the router's OEM firmware's TFTP client/server, flashing routine, whatever... Or if you are lucky, the image gets accepted also otherwise.
You do not need that.
The commit message explains two ways to flash WITHOUT knowing the root password:
First method is using serial cable connection to access the u-boot bootloader, and
the second method uses failsafe mode to access the router in early boot stage, before root password is needed, and the root password is changed there, so that you can then use root login after a normal boot.
Flash instruction under U-Boot, using UART:
1. tftp 0x80060000 lede-ar71xx-generic-ap90q-squashfs-sysupgrade
2. erase 0x9f050000 +$filesize
3. cp.b $fileaddr 0x9f050000 $filesize
4. setenv bootcmd "bootm 0x9f050000"
5. saveenv && reset
Flash instruction under vendor fimrware, using telnet/SSH:
1. Connect PC with 192.168.1.x address to WAN port
2. Power up device, enter failsafe mode with button (no LED indicator!)
3. Change root password and reboot (mount_root, passwd ..., reboot -f)
4. Upload lede-ar71xx-generic-ap90q-squashfs-sysupgrade.bin to /tmp using SCP
5. Connect PC with 192.168.188.x address to LAN port, SSH to 192.168.188.253
6. Invoke:
- cd /tmp
- fw_setenv bootcmd "bootm 0x9f050000"
- mtd erase firmware
- mtd -r write lede-ar71xx-generic-ap90q-squashfs-sysupgrade.bin firmware
As the advice says, you need to flash using the sysupgarde image. Apparently the recipe for a proper factory firmware has not been found out.
Please read that commit message again, and try to believe it.
The UART thing , sorry, I don't get it. There is no UART or Serial or anything like this visible. Would this be inside teh sealed plastic box and would I dare opening it, it means breaking the whole thing.
The Failsafe option : Yes, I boot in failsafe/u-boot using the wan port. But how to "change the password" in practical terms ?
But the command, I type them where ??? I have the device running a TFTP client to get his upgrade.bin file (see above), but how can I land in the device (no SSH / telnet whatsoever)
So my only way of getting into the device is this "upgrade.bin" file.
The OpenWrt doc says that I need the "firmware" to get the device to openwrt for the first time, not the "sysupgrade".
I tried the sysupgrade file of course, but the device rebot with the existing firmware.
So, back to my initial question : How to get this "firmware" file (I recompile the openwrt from git, but this does not produce the firmware file, only the sysupgrade)
Ensure that the OpenWrt firmware file that you are about to flash, matches your router model and is called “….factory.bin” (only true for 30% of all supported devices; 70% of devices have different image names , see above), as you will use it to modify a vendor's factory firmware towards OpenWrt.
70% of devices have different image names than factory.bin, e.g. sysupgrade.bin.
Routers that come with some manufacturer version of OpenWrt stock would use a sysupgrade to change over to the official build.
According to the developer notes, the u-boot TFTP mode has not been successfully used. It's a dead end for now.
If the router still boots into OpenWrt, the failsafe mode described would be the only possible way to flash without opening the case. Since there is no "system" LED to watch flashing, you're going to have to figure out the timing of pressing the reset button. I suggest connecting the Ethernet cable to a switch so you have a light indicating the port is up. When the bootloader loads, the port will come up. Then when the bootloader starts OpenWrt, the port will go down for a short time until OpenWrt brings it back up. This is when you should start pressing the reset button repeatedly. Do that for about 15-20 seconds then check if you are in OpenWrt failsafe mode.
Again, do not press the reset button immediately after power on, you have to wait for the bootloader to finish so you don't get bootloader TFTP mode. And don't hold the button down, press and release rapidly.
As far as opening the case, it looks like most outdoor CPEs of this design. The main part of the case is an empty tube that has the top, sides, front and back all made as one piece of plastic so that rain can't get in. The entire works of the unit will slide out the bottom, usually after removing one or two screws that are hidden under a label.