As a remark, although in step 4 is mandatory that the address specified in the command to be within the 0x01800-0x1FBFF range, actually the bootloader implemented in TL866 will write to any address ordered and has no kind of protection, if such a situation is reached by writing to addresses in blocks 0-5 or 127 then the bootloader will overwrite itself (ridiculous!) or table decryption block 127 will become corrupt and bootloader will not be able to do the right decryption. In both cases the device will become unusable, its restoration can only be done with an external programmer connected to J1 connector.
This is a nasty bug of the bootloader, so beware.
Da hilft kein Reset mehr denke ich.