The bricked one has OpenWRT 21.02.0 where I applied a failing network configuration using UCI-CLI. I installed it along https://openwrt.org/toh/ubiquiti/unifi6lite#installation and it worked well up to when I screwed up the network configuration.
I read something recently about Ubiquiti implementing seemingly random IPs for TFTP on newer devices like these. So you should scan your network for devices, it should pop up.
Not sure if the IP is printed on the device label, but it seems to be hardcoded in u-boot.
I read about this, too. It seems to be non deterministic. I tried .1, .2, .20, .21, .22, .30, .31 and .32 . I might just retry it once again. Since the working AP is using .20 and it is the default, I was expecting the other one to use the same.
Sadly there is nothing printed on the device and no paper trail with it.
Instead of TFTP mode, have you tried simply booting into failsafe mode? This will allow you to fix the problematic network configuration without needing to reload the firmware.
I got nmap for that and a shotgun shell script for tftp, arp, etc. I am just about to tune the timeouts to get it done before the tftp window of opportunity closes.
I did about 50 tries to get the bricked AP respond to 192.168.1.20. It never worked.
Just now I had a script trying every possible host number. It stopped on success at 32. My tcpdump did show me ARP replies for 192.168.1.32 (with that APs MAC address).
So I quite confidently changed my TFTP forced upload script to use 192.168.1.32 instead of 192.168.1.20.
It did run without success for some time. In the meanwhile my Laptop was still configured to use 192.168.1.20 for a gateway and kept trying to get its MAC address.
And while .32 was still not working, in the running tcpdump I saw replies for 192.168.1.20 at my APs MAC address.
I confirmed this after yet another reboot of the AP. It kept 192.168.1.20.
Then I started flashing and it just worked.
I don't know what's the logic with all of this, but I will make sure to keep my scripts for future reference.