I tried to short every pin on U26, none will interrupt the boot.
Good ideas on the U13 part but unfortunately I don't have a healthy donor to extract the data. 
Hi,
if you got the uBoot cli... erase the nand.part rootfs
It would be possible to erase the complete chip with nand erase.chip but the rootfs should be enough...
(APX120) # nand erase.part rootfs
NAND erase.part: device 1 whole chip
Erasing at 0xffe0000 -- 100% complete.
OK
(APX120) # ubi part rootfs
Creating 1 MTD partitions on "nand1":
0x000000000000-0x000010000000 : "mtd=0"
UBI: attaching mtd2 to ubi0
UBI: physical eraseblock size: 131072 bytes (128 KiB)
UBI: logical eraseblock size: 126976 bytes
UBI: smallest flash I/O unit: 2048
UBI: VID header offset: 2048 (aligned 2048)
UBI: data offset: 4096
UBI: empty MTD device detected
UBI: create volume table (copy #1)
UBI: create volume table (copy #2)
UBI: attached mtd2 to ubi0
UBI: MTD device name: "mtd=0"
UBI: MTD device size: 256 MiB
UBI: number of good PEBs: 2048
UBI: number of bad PEBs: 0
UBI: max. allowed volumes: 128
UBI: wear-leveling threshold: 4096
UBI: number of internal volumes: 1
UBI: number of user volumes: 0
UBI: available PEBs: 2024
UBI: total number of reserved PEBs: 24
UBI: number of PEBs reserved for bad PEB handling: 20
UBI: max/mean erase counter: 1/0
(APX120) # ubi create rootfs
No size specified -> Using max size (256999424)
Creating dynamic volume rootfs of size 256999424
(APX120) # tftpboot APX.v2.1.1-1.uimage
..
(APX120) # bootm 0x84000000#config@4
## Booting kernel from FIT Image at 84000000 ...
Using 'config@4' configuration
Trying 'kernel@1' kernel subimage
...
Here is one way to break the APX120 uBoot and enter the uBoot cli environment...
Connect your serial port to the 4 pin header, setup putty and grab a cable connected to GND..
Powerup the APX120 and right after you see the first boot messages, just before u-Boot 2012.07 ... comes up
pull the DO (IO1) from the SOIC 300-mil layout to GND.
itΒ΄s needs a good timing and maybe some tries.
uBoot will enter the default environment, from here you can try to change bootdelay..
one drawback ...
if you change the bootdelay and save the environment you lose all settings for a successfull APX boot.
But you could reset the APX120 now, enter u-Boot again and you will have a clean uBoot environment.
From here you could set the neccesary environment variables and load the apx.uimage later on.
more information
After entering the default environment for uBoot, the environment is set to default values and the NAND chip is not recogniced.
we now need to do the following
- set the required environment
- set autoboot delay to 5s
- repower APX120
- enter uBoot
- erase nand chip
- tftpload APX.uimage
- boot kernel
- wget desired firmware
- run update_image.sh script
- reboot
Sorry for warming up this topic ...
I have an APX120 with solid red.
I can see booting up with putty, autoboot is set to five seconds.
But: I am unable to interrupt it.
Changed TX/RX for hope, but of course, it did not work.
I tried two different adapters, but no success.
Should I short it too?
Thank you.
Edit: and I tried a different computer ...
Edit2: I played on the UART pins and I am able to interrupt autoboot. But even then, I am unable to type something.
Bridging RX/TX is working, my adapters are fine.
So, there is a short on the board of the APX?
I am not really familiar with such things.