OK, I made some more research.
For C7v2, I compared the LEDE firmware with a stock firmware (containing "boot" on the filename) and with a stripped stock firmware.
Although the files are clearly different, I could find similarities between the LEDE fiel and the stripped stock file. It's also clearly visible that the stock (non-stripped) file has something else on the first 0x20200. After those 0x20200, the three files are similar.
Then, I compared C5 and C7 files:
The first thing I could see, is that the files are completely different between C7 and C5 (both LEDE and stock). C7 files seem to be completely binary, while C5 files have some areas that seem to be clear text, stating the base and size of what can be found on the files, the base and size of the partitions on the router, etc.
C5 firmwares (both stock and LEDE) seem to have not only what has to be flashed, but also the information on where each part has to be flashed.
On the other hand, I compared LEDE and stock images for the C5 (similar to the first comparisson, but in this case for C5):
I could find that both files have EXACTLY the same format.
Starting at 0x1014, there's some information of what information is where (on the file):
For example, for LEDE:
fwup-ptn partition-table base 0x00800 size 0x00800
fwup-ptn soft-version base 0x01000 size 0x00015
fwup-ptn support-list base 0x01015 size 0x00056
fwup-ptn os-image base 0x0106b size 0x15e000
fwup-ptn file-system base 0x15f06b size 0x240004
If you add 0x1014 to those bases, you could find the partition table at 0x1814 of the image file.
The Support list is clearly visible on 0x2029.
If you look for same things on the Stock firmware, the format is exactly the same.
It is true that that the stock firmware contains more data to be flashed (for example the U-Boot partition) but it is also true that it clearly states what's where on the file.
For example, for a stock image, starting on 0x1014:
fwup-ptn partition-table base 0x00800 size 0x00800
fwup-ptn fs-uboot base 0x01000 size 0x3722a
fwup-ptn os-image base 0x3822a size 0x1a6001
fwup-ptn file-system base 0x1de22b size 0x7ee001
fwup-ptn product-info base 0x9cc22c size 0x00095
fwup-ptn soft-version base 0x9cc2c1 size 0x00015
fwup-ptn support-list base 0x9cc2d6 size 0x00095
So, my conclussion is that stripping the first X bytes from the file would lead the image to be completly a mess, as those addresses would probably be incorrect.
Also, if we want to take out the U-Boot data, it doesn't seem to be in the first X bytes, but actually after the Partition Table data.
If we just strip some bytes se we take out the U-Boot data, we would also be stripping the Partition Table, and more important, the "fwup-ptn" information, that seems to state what has to be flashed and where.
What I'm not sure is:
The LEDE firmware for C5 has the same format as the Stock firmware, so the Stock firmware "knows" how to handle it and flashes it correclty.
BUT
Does the LEDE software, "know" how to handle this image format that I described early? Or it will just flash the data of the .bin image to the flash memory of the router?
If that's the case, I think that flashing a Stock firmware through LEDE (or even a new LEDE version) through LEDE, could brick it.
On the other hand, and supposing that the TFTP method continues to work after flashing LEDE, I guess any version (unstripped stock or LEDE) could be flashed again using this method, as it clearly "knows" how to handle this image format.
@ssnake, could you please confirm if, after flashing LEDE, the TFTP continued to fetch files when powering up with WPS button pressed.
I still have to check weather my US Router has this TFTP mode.
Sorry for the long post!