apart from other design flaws and quick-n-dirty hacks of the implemented GPL tools, the GUI fw updater and the recovery loader are the best example for **how not to** do these things.

The **recovery loader** doesn't really deserve that name: For getting into the recovery loader, a **functioning BIOS and kernel have to be present** in the device. Since these pieces of software are regularly flashed with every orig fw, chances are good that in the odd event your way to the recovery loader is blocked after a faulty flash.

And especially the next flaw would deserve a much better implementation of a recovery loader: **both upgrade tools (recovery loader and gui) don't do proper safety checks. They directly flash the received data (after simple check of accepted header, not integrity of data) to the FLASHROM**. Some checksum is only calculated **during flashing** via GUI and if a "unallowable upgrade" message greets you after some while - but not at the usual end of a flash -, you face doom, as the **faulty data is allready written** over the at least working old one.
 
So a broken download of an upgrade file may happily be accepted by the GUI only to totally brick your box after a short wait!