Really weird, Tenda router's flash chip gives only random data

Hey, I’m a jr EE/software dev just getting into some bios modding/firmware stuff. I got a CH341a EEPROM programmer for an unrelated problem with my main laptop’s ROM, and I started trying to see what other devices’ firmware I could dump & maybe modify/replace/mess with.

I bought a Tenda AC6 (AC1200) wifi router off amazon a few months ago and it ended up giving me some kind of insane chinese spyware across all devices on my entire home network; I found out after the fact that Tenda’s routers have a history of comically bad security vulnerabilities to the point where most people have been speculating they’re dedicated backdoors - so needless to say I’ve since replaced that with a different brand router and it’s been sitting in storage. But I was curious what exactly was in this horrible little creature to make it so dangerous, so I opened it up and found a standard-size SOP8 chip on the back of its internal board. Thought ok cool maybe I can get its filesystem or something, and maybe even learn how to modify an OpenWRT build to flash on it & remove the pernicious influence, who knows?

Anyway when I tried hooking up my test clip & using AsProgrammer on windows (which worked fine for me with the Macronix & Winbond chips on my other laptop minutes beforehand), any & all read operations I try on it give me seemingly completely random data. Like, “read ID” produces 0xYZ where Y and Z are something different every time; same for reading security bits, and trying to dump the whole thing results in 8KB of absolutely random bytes from beginning to end, it’s a mess. If I read it twice back-to-back I’ll end up with 2 files where basically no bits match at all. I can attach a couple of those “dumps” if needed but as far as I can tell it’s 100% random every time.

Is this some known thing that certain chips do? As a security feature or anti-tampering mechanism? I did forget to attach the router to its AC adapter at first, just using the 5v power from my programmer+USB port, but it didn’t change anything upon hooking up full power. Also tried factory resetting it (holding down RST/WPS button for 10+ seconds) but I’m not sure if that actually did anything. The router consistently blinks all of its front LEDs except the power LED on/off once per second as soon as it’s connected to power so maybe it hasn’t actually started up yet… I could check via ethernet and see if I can get into its web interface but I just haven’t tried, not super keen for any of my machines to touch that thing with a 10 foot pole, but I suppose I could if that might be part of the problem.

The chip on the Tenda is a Winbond 25Q64JVSIQ, pics:



@jdally987 - Sounds like incorrect software/version used, so bad read. Try 1.30 and use BV ID. Also, do ASProgrammer 1.41 dump again but use BV ID - Confirmation of those working for this chip here at post #3
http://s000.tinyupload.com/index.php?fil…213094641136166

And yes, sometimes power cable needs to be attached to board/item, but not always, usually if that is the case you will get failed detection or 00000/FFFF reads. Sometimes it needs to be removed too, so leave it off first as you have been doing, by accident