@juppin @Zorro
Hey, sorry for the late reply I see that @bouzouste already added screenshots about MAC addresses.
Indeed, all MACs are located at "Factory" partition. For 1G version "Factory" partition has offset 0x50000 for 100m version it is 0x30000 so keep it in mind. I know that we are able to read "Firmware" partition from OpenWRT CLI using mtd utility, but I didn't have a chance to check if we are able to write it back to flash using mtd. I did it all using HW SPI flasher. SPI flasher can be built with an stm32 "blue pill" board - check this repo. Use your preferable way.
Let's get started.
MAC offsets from the start of "Factory" image are next(for 100m version):
- 0x0004 - WiFi 2.4G
- 0x8004 - WiFi 5G
- 0x0028 - Ethernet
As you can see(compare with @bouzouste's information), WiFi MACs locations are the same for 1G and 100m version.
Now let's change WiFi radiation power. But remember: DO NOT break your local law about allowable radio radiation power and bla-bla-bla - you know it 
.
Use the same "Firmware" partition and take a look at offset 0x00A0:
Starting with this offset you will need 14 bytes in a row.
Those values regulate maximum WiFi 2.4G radiation power, so replace all of them(14 bytes) with 0xFF.
Now go to offset 0x8060:
From this offset, you will need every fifth byte for 12 times.
Those values regulate maximum WiFi 5G radiation power, so replace all those 12 bytes with 0x7F.
Keep in mind that results values for 2.4G and 5G are different 0xFF and 0x7F respectively.
Happy WiFi radiating 
.