Jump to content

Rebranding Atheros AR5006EG to a Vanilla Card


iHack13
 Share

222 posts in this topic

Recommended Posts

Attention: There is a more or less high possibility to brick your card, in case you don't know what you are doing.

 

Identifying the device: It doesn't mean your card will not be bricked "following another guy's guide" or "using his IDs", although you two have the "same card"... Most people think tools like lspci provide sufficient information, in order to judge whether your card is the same as another guy's card or whether it's an "a/b/g" or "b/g-only" card. An AR5006EG for instance. These cards aren't all the same since their chipsets and subchipsets differ.

 

Possible scenarios are: You don't have the EXACT same card as the guy you got information form (such as ID's and Memory and byte locations => you ignore the previous fact and apply the foreign settings on your card's EEPROM => usually leads to grief , sorrow and suicide

The idea: Replacing the Subsys IDs (Subvendor and Subdevice ID) of your device (e.g. Hp, Gigabyte or "Unknown") with Apple's IDs

Profits: You will end up with a fully functional Apple Airport Extreme Card. No more disconnects and no CRC Errors in your files. Use Apple's kexts nomore modifications. Just fully native a.k.a. Vanilla.

First Step: Install Ubuntu (Hardy Heron) and Subversion

Install this OS. Do not use Live CDs for this guide if you aren't familiar with Linux.

If you need help with installing it without screwing up your Partition Table and Bootloader check this post (GUID).

 

When you are in the OS ensure you are connected to the Internet and launch the terminal.

Type following: (Enter your password if you have one.)

sudo -s
apt-get install subversion

 

Second Step: Install madwifi tools in Ubuntu

 

http://www.stchman.com created a wonderful guide for this. Even a script to get things easier for you. Here are the most important excerpts offering 2 ways to install the madwifi tools

 

A) Easy Way

Get the script created by stchman (attached to this post), copy it to your home directory and run it by typing:

chmod 755 ~/madwifi.sh
sudo ~/madwifi.sh

 

B) Not-so-easy Way

 

Get the source here.

 

Get what is needed to compile the source:

 

sudo apt-get -y install build-essential bin86

Once that is done you will need to do the following:

 

Copy the .tar.gz to the /usr/src/ folder. This command assumes you downloaded the archive to your home folder. replace ~ if your downloaded to a different location.

 

sudo cp ~/madwifi-0.9.3.2.tar.gz /usr/src/

Change to the /usr/src folder.

cd /usr/src

Decompress the tarball.

sudo tar -xzf madwifi-0.9.3.2.tar.gz

Install the sharutils from the package manager.

sudo apt-get -y install sharutils

Change to the folder that the tarball extracted to.

cd /usr/src/madwifi-0.9.3.2

Make the drivers (during this time the procedure may ask you to remove the older drivers, let it do so)

sudo make clean
sudo make
sudo make install

 

Third Step: Install ath_info

To get it type:

svn co http://svn.madwifi.org/ath_info/trunk ath_info

 

Change to the directory:

cd ath_info/

 

And install it:

make
make all

 

Fourth Step: Get essential Information with lspci and ath_info

 

Type following in your terminal and look for your Atheros named device in the list:

sudo lspci -vvnn

 

Here are my definitions which are going to be used until the end of the post

  • <class_id>: should be 0200 by default, meaning Ethernet Controller
  • <vendor_id>: is the first ID in brackets after the name of your device. Should be 168c for Atheros cards (won't be changed)
  • <device_id>: is the ID right after the colon . Should be 001c for AR5006EG-series (won't be changed)
  • <subven_id>: is the first ID on the second line of the device, starting with Subsystem:..
  • <subdev_id>: the second ID on the same line, the one after the colon
  • <memory_loc>: the value in the 7th line which begins with Region 0:.. (8-digit)

Check if your card is b/g or a/b/g by typing following with the correct memory location

ath_info -d 0x<memory_loc>

 

You can find the information somewhere at the beginning of the output. It is supposed to look like this:

 

iof8df.png

 

As you can see, mine is b/g only. This is important to know since Apple doesn't use only one Subdevice ID. So their b/g and a/b/g IDs differ and you will have to replace your old Subdevice ID by the respective one from Apple, which are:

  • 0086 for a/b/g cards
  • 004e for b/g cards

Now scroll down to until you see the EEPROM dump. Copy-Paste it somewhere, so you can restore it easily if you mess up. It's supposed to look like this:

 

3357ebc.png

 

Of course yours will look different. So use Ctrl+F or anything to look for your

  • <class_id>
  • <subdev_id> (2x)
  • <subven_id> (2x)

You are supposed to end up with 5 locations of the IDs. Subdev and Subven ID will each show up twice, so each has 2 different locations. I prepared a legend, so you should easily find out the locations. Look where you found your IDs and write down each location.

 

vrv4td.png

 

So write down your

  • <class_id_loc>: location of your <class_id>
  • <1st_subdev_loc>: a <subdev_id> location
  • <2nd_subdev_loc>: the other <subdev_id> location
  • <1st_subven_loc>: a <subven_id> location
  • <2nd_subven_loc>: the other <subven_id> location

each is 4-digit.

 

Fifth Step: Replacing the Subsystem IDs

Class ID

 

Replace your old Class ID, 200 which stands for Ethernet Controller with the new 280 which stands for Network Controller

ath_info -g 3:0 -w 0x<memory_loc> <class_id_loc> 280

 

Subvendor ID

 

Replace the old Subvendor ID with the one from Apple, which is 106b

ath_info -g 3:0 -w 0x<memory_loc> <1st_subven_loc> 106b
ath_info -g 3:0 -w 0x<memory_loc> <2nd_subven_loc> 106b

 

Subdevice ID

 

Replace the old Subdevice ID with

  • 004e if you have an "b/g" card
  • or 0086 if you have an "a/b/g" card

ath_info -g 3:0 -w 0x<memory_loc> <1st_subdev_loc> <004e or 0086>
ath_info -g 3:0 -w 0x<memory_loc> <2nd_subdev_loc> <004e or 0086>

 

Confirm all operations with 'y' as it will ask you. I used the value 3 for all operations. If it doesnt work for you feel free to try out the digits from 0 to 5.

 

Check your new EEPROM dump and verify the new data

ath_info -d 0x<memory_loc>

 

If everything went flawlessly lspci is to show your card as

  • Network controller [0280]: Atheros Communications, Inc. AR5006EG ...................... [168c:001c] (rev 01)
  • Subsystem: Apple Computer Inc. Device [106b:<004e or 0086>]

At least that's what OS X Terminal shows you, when you are back on OS X. The Ubuntu lspci output gives some less cosmeticly results, like Apple Inc Unknown etc..

 

 

So pls report back about the results.

 

-----

 

You will have to tweak your windows drivers for your card a little to get it working there. It's only replacing some IDs in the .ini file. I will upload my .ini file in future and maybe add the stuff for abg cards too. Mine is recognized as AR5007EG in Vista, tho works flawlessly.

 

Another issue may be your router. Mine doesn't support WPA anymore with the vanilla kexts. This is because my router only supports WPA TKIP and Leopard seems to have issues with TKIP-only routers. So if you have an old router as me, you will have to use WEP or use modded Tiger kexts or get a not-so-outdated router with WPA-AES too.

 

Oh yeah I almost forgot... HP-Bios users ... good luck

madwifi.shell_script.zip

Link to comment
Share on other sites

Rebranding solved my problem with a Gigabyte (Atheros Chip) card.

 

Use ath_info from the madwifi project to change the IDs in the EEPROM.

Be careful at which addresses the IDs are saved. On my card they were not in the beginning of the EEPROM space.

In my case I had to change GPIO 3 to 0 in order to be able to write to the EEPROM.

 

Thats the list of changes I made

  • Device Class from 200 to 280 (at 0x85)
  • Device ID from 001c to 1014 (at 0x82)
  • Subvendor ID from 1458 to 1014 (at 0x8a)
  • Subdevice ID from e917 to 058a (at 0x8b)

I can't guarantee that these IDs will work with a rebranded card, but in case of failure try using other Device ID, which can be

seen here : http://pciids.sourceforge.net/pci.ids

 

That is how the rebranded card is regognized by lspci:

0b:00.0 Network controller [0280]: Atheros Communications Inc. AR5212 802.11abg NIC [168c:1014] (rev 01)
Subsystem: IBM ThinkPad 11a/b/g Wireless LAN Mini Express Adapter (AR5BXB6) [1014:058a]

 

Although the card is rebranded, Mac OS X 10.5.4 recognizes the chip and works properly with the card.

Thats what I get in dmesg:

AirPort_Athr5424ab: Ethernet address 00:1d:7d:XX:XX:XX

Link to comment
Share on other sites

thx for the answer

 

I would like to use Apple IDs and making it to be recognized as Airport Extreme.

 

Does the 802.1x menu show up for you in Airport preferences now? And also did you get several disconnects per day before rebranding and is it now completely solved?

 

Edit:

 

Ok let us see.

From what I can tell when looking at the original Atheros kext from Apple , the original IDs for Apple 802.11 a/b/g cards are:


  • Subvendor ID: 106b

  • Subdevice ID: 0086

Link to comment
Share on other sites

I just found out that I couldnt get into the 802.1x menu because of my language.pkg. it works when I set osx language to english.

 

This is what I got currently and I keep getting disconnected. I will save my IDs and boot my linux live cd now. Let's hope it will work.

 

00000012.png

Link to comment
Share on other sites

I've tried to rebrand my AR5007EG with strange result..

1) I've taken adress from lspci. It is fa9f0000

2) Try to rebrand with ath_info: ath_info -g 1:0 -w fa9f0000 pci_dev_id 1014 ....

3) Reboot. After reboot I see that my Atheros device ID is ff1b.. Why? :) ath_info says that all is OK and value 1014 has been written, but real device ID changed to ff1b.... Help me, please!

Link to comment
Share on other sites

Kykc,

 

If you look at several posts above

 

* Device Class from 200 to 280 (at 0x85)

* Device ID from 001c to 1014 (at 0x82)

* Subvendor ID from 1458 to 1014 (at 0x8a)

* Subdevice ID from e917 to 058a (at 0x8b)

 

This is the successful rebranding. The original is 168c:001c. He change the Device ID to 1014 and Sub_Device ID to 058a, but at the end he got 168c:058a!

 

Maybe you should try to change your device ID back to original first to make sure the card is working under vista/XP? and then try to change both device ID and subdevice ID?

 

Just my two cents.

 

I've tried to rebrand my AR5007EG with strange result..

1) I've taken adress from lspci. It is fa9f0000

2) Try to rebrand with ath_info: ath_info -g 1:0 -w fa9f0000 pci_dev_id 1014 ....

3) Reboot. After reboot I see that my Atheros device ID is ff1b.. Why? :P ath_info says that all is OK and value 1014 has been written, but real device ID changed to ff1b.... Help me, please!

 

 

Here is the list of atheros wireless card with vendor ID 168c and device ID 001c.

 

> 168c:001c:105b:e000 "LAN-Express AS IEEE 802.11g PCI-E Adapter"

> 168c:001c:105b:e002 "LAN-Express AS IEEE 802.11g PCI-E Adapter"

> 168c:001c:106b:0086 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:106b:0086 "Atheros AR5006X Wireless Network Adapter" Apple Airport extreme

> 168c:001c:10cf:139c "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:10cf:142e "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:10e9:1020 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:10e9:1025 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:1113:7519 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:144f:7096 "Atheros AR5006EX Wireless Network Adapter"

> 168c:001c:144f:7106 "Atheros AR5006EG Wireless Network Adapter"

> 168c:001c:144f:7108 "Atheros AR5006X Wireless Network Adapter"

> 168c:001c:144f:7111 "Atheros AR5006EGS Wireless Network Adapter"

> 168c:001c:144f:7112 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:144f:7116 "Atheros AR5006X Wireless Network Adapter"

> 168c:001c:144f:7128 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:144f:7130 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:144f:7131 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:1468:0422 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:1468:0423 "LAN-Express AS IEEE 802.11g PCI-E Adapter"

> 168c:001c:1468:0425 "Atheros AR5006X Wireless Network Adapter"

> 168c:001c:1468:0427 "Atheros AR5005G Wireless Network Adapter"

> 168c:001c:1468:0428 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:1468:042a "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:168c:0034 "11b/g Wireless LAN Mini PCI Express Adapter II"

> 168c:001c:168c:0035 "11b/g Wireless LAN Mini PCI Express Adapter III"

> 168c:001c:168c:0423 "LAN-Express AS IEEE 802.11g PCI-E Adapter"

> 168c:001c:168c:3061 "Atheros AR5006EGS Wireless Network Adapter"

> 168c:001c:168c:3062 "Atheros AR5006EXS Wireless Network Adapter"

> 168c:001c:168c:3063 "Atheros AR5006EX Wireless Network Adapter"

> 168c:001c:168c:3064 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:168c:3065 "Atheros AR5006EG Wireless Network Adapter"

> 168c:001c:168c:3067 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:1a32:0100 "Atheros AR5006EG Wireless Network Adapter"

> 168c:001c:1a32:0105 "Atheros AR5007EG Wireless Network Adapter"

> 168c:001c:1a32:0200 "Atheros AR5006EX Wireless Network Adapter"

> 168c:001c:1a3b:1026 "Atheros AR5007EG Wireless Network Adapter"

 

 

This is the successful rebranding

> 168c:1014:1014:058a "11a/b/g Wireless LAN Mini PCI Express Adapter"

 

 

Hi, Did your Gigabyte card support 802.11a originally?

 

Could you please tell us why you selected 058a? Did you have some other try? THX!

 

Rebranding solved my problem with a Gigabyte (Atheros Chip) card.

 

Use ath_info from the madwifi project to change the IDs in the EEPROM.

Be careful at which addresses the IDs are saved. On my card they were not in the beginning of the EEPROM space.

In my case I had to change GPIO 3 to 0 in order to be able to write to the EEPROM.

 

Thats the list of changes I made

  • Device Class from 200 to 280 (at 0x85)
  • Device ID from 001c to 1014 (at 0x82)
  • Subvendor ID from 1458 to 1014 (at 0x8a)
  • Subdevice ID from e917 to 058a (at 0x8b)

I can't guarantee that these IDs will work with a rebranded card, but in case of failure try using other Device ID, which can be

seen here : http://pciids.sourceforge.net/pci.ids

 

That is how the rebranded card is regognized by lspci:

0b:00.0 Network controller [0280]: Atheros Communications Inc. AR5212 802.11abg NIC [168c:1014] (rev 01)
Subsystem: IBM ThinkPad 11a/b/g Wireless LAN Mini Express Adapter (AR5BXB6) [1014:058a]

 

Although the card is rebranded, Mac OS X 10.5.4 recognizes the chip and works properly with the card.

Thats what I get in dmesg:

AirPort_Athr5424ab: Ethernet address 00:1d:7d:XX:XX:XX

Link to comment
Share on other sites

As far as I know AR5BXB6 is the model of the original Apple Airport Extreme card. So I just checked the PCI IDs database

and the only card that came up was the one from IBM. My original device ID was 001c, but it somehow caused problems when trying to load the kext.

Changing only the PCI IDs shouldn't cause hardware problems. It may make your card undetectable until you enter working IDs.

 

Check if the Atheros kext (Info.plist) has the PCI IDs in it, otherwise add them to Info.plist.

Link to comment
Share on other sites

As far as I know AR5BXB6 is the model of the original Apple Airport Extreme card. So I just checked the PCI IDs database

and the only card that came up was the one from IBM. My original device ID was 001c, but it somehow caused problems when trying to load the kext.

Changing only the PCI IDs shouldn't cause hardware problems. It may make your card undetectable until you enter working IDs.

 

Check if the Atheros kext (Info.plist) has the PCI IDs in it, otherwise add them to Info.plist.

 

 

BuildSmart told me that you can't fix the IDs after the card wont be detected anymore.

 

I think the problem is, ppl don't replace the IDs but accidentally wrong random bits

Link to comment
Share on other sites

I've successfully patched device id and subsys id (both vendor and device). Device was working under XP and was detected as 11a/b/g Wireless LAN Mini PCI Express Adapter and working. But no luck in Macos. But after I've tried to change device class ID (from 200 to 280) my wireless card was disappeared at all. No device at xp (As if I've removed it or locked in BIOS) and no device at linux. Seems like I've no chance to get it back. Maybe someone can give me an advice?

Link to comment
Share on other sites

Could you list how you patched it in details?

 

As we were told, If your card is still working under windows and your device id is not 001c, you should be able to get it work under mac os by changing the info.plist in AtherosAirport.kext/Contents

 

Device class is the thing I totally have no idea, that's why I did not try my AR5007EG yet. Could anyone help us here?

 

I've successfully patched device id and subsys id (both vendor and device). Device was working under XP and was detected as 11a/b/g Wireless LAN Mini PCI Express Adapter and working. But no luck in Macos. But after I've tried to change device class ID (from 200 to 280) my wireless card was disappeared at all. No device at xp (As if I've removed it or locked in BIOS) and no device at linux. Seems like I've no chance to get it back. Maybe someone can give me an advice?
Link to comment
Share on other sites

I've tried to rebrand my AR5007EG with strange result..

1) I've taken adress from lspci. It is fa9f0000

2) Try to rebrand with ath_info: ath_info -g 1:0 -w fa9f0000 pci_dev_id 1014 ....

3) Reboot. After reboot I see that my Atheros device ID is ff1b.. Why? ;) ath_info says that all is OK and value 1014 has been written, but real device ID changed to ff1b.... Help me, please!

 

The AR5007EG is a strange beast. I have only had experiences with this card on an Acer Aspire One.

With the Linpus original-install it is recognized as a AR5006EG (!) in madwifi. On Ubuntu with the new madwifi it is recognized as a AR5007EG (!).

 

Now there is the unique experience. The ath_info dump differs completely under Linpus and Ubuntu....

 

I think the ath_info output from Linpus is wrong, since in my opinion it only emulates a AR5006EG. Whereas the lspci output under Linpus is correct....

 

So, what is the solution. I would say, writing directly to the registers in Ubuntu should be the way to go.

 

However, I have returned the Acer Aspire One. Therefore I cannot post the ath_info dumps. Yet there might be someone who still has one. If so, please post the two EEPROM-dumps.

 

There ist actually still a second method. A czech-guy wrote a program that can change the ids an restore the configuration. This is a highly recommended feature. As you can read, what happens sometimes :D . I will try to find the link an post it.

Link to comment
Share on other sites

attached is the ath_info from ubuntu 8.04. I don't know if it is helpful.

Please note I masked the mac address for safety issue

 

 

-==Device Information==-

MAC Revision: 2425 (0xe2)

Device type: 3

 

/============== EEPROM Information =============\

| EEPROM Version: 5.3 | EEPROM Size: 4 kbit |

| EEMAP: 2 | Reg. Domain: 0x64 |

|================= Capabilities ================|

| 802.11a Support: no | Turbo-A disabled: yes |

| 802.11b Support: no | Turbo-G disabled: yes |

| 802.11g Support: yes | 2GHz XR disabled: yes |

| RFKill Support: yes | 5GHz XR disabled: yes |

| 32kHz Crystal: no | |

\===============================================/

 

/=========================================================\

| Calibration data common for all modes |

|=========================================================|

| CCK/OFDM gain delta: 1 |

| CCK/OFDM power delta: 5 |

| Scaled CCK delta: 5 |

| 2GHz Antenna gain: 0 |

| 5GHz Antenna gain: 0 |

| Turbo 2W maximum dBm: 38 |

| Target power start: 0x16e |

| EAR Start: 0x1b8 |

\=========================================================/

 

/=========================================================\

| Calibration data for 802.11g operation |

|=========================================================|

| I power: 0x00 | Q power: 0x10 |

| Use fixed bias: 0x01 | Max turbo power: 0x26 |

| Max XR power: 0x1e | Switch Settling Time: 0x28 |

| Tx/Rx attenuation: 0x19 | TX end to XLNA On: 0x00 |

| TX end to XPA Off: 0x00 | TX end to XPA On: 0x0e |

| 62db Threshold: 0x1c | XLNA gain: 0x00 |

| XPD: 0x01 | XPD gain: 0x0a |

| I gain: 0x00 | Tx/Rx margin: 0x01 |

| False detect backoff: 0x00 | Noise Floor Threshold: -1 |

| ADC desired size: -38 | PGA desired size: -80 |

|=========================================================|

| Antenna control 0: 0x00 | Antenna control 1: 0x02 |

| Antenna control 2: 0x21 | Antenna control 3: 0x21 |

| Antenna control 4: 0x00 | Antenna control 5: 0x00 |

| Antenna control 6: 0x01 | Antenna control 7: 0x22 |

| Antenna control 8: 0x22 | Antenna control 9: 0x00 |

| Antenna control 10: 0x00 | Antenna control 11: 0x02 |

|=========================================================|

| Octave Band 0: 3 | db 0: 3 |

| Octave Band 1: 4 | db 1: 4 |

| Octave Band 2: 0 | db 2: 0 |

| Octave Band 3: 0 | db 3: 0 |

\=========================================================/

/============== Per rate power calibration ===========\

| Freq | 6-24Mbit/s | 36Mbit/s | 48Mbit/s | 54Mbit/s |

|======|============|==========|===========|==========|

| 2412 | 15.00 | 15.00 | 15.00 | 13.01 |

|======|============|==========|===========|==========|

| 2437 | 15.00 | 15.00 | 15.00 | 13.01 |

|======|============|==========|===========|==========|

| 2472 | 15.00 | 15.00 | 15.00 | 13.01 |

\=====================================================/

/=================== Per channel power calibration ====================\

| Freq | pwr_0 | pwr_1 | pwr_2 | pwr_3 |pwrx3_0|pwrx3_1|pwrx3_2|max_pwr|

| | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | |

|======|=======|=======|=======|=======|=======|=======|=======|=======|

| 2412 | 25.00 | 25.00 | 0.00 | 25.00 | 0.00 | 0.00 | 29.01 | 25.00 |

| | [112] | [112] | [112] | [112] | [20] | [35] | [63] | |

\======================================================================/

 

GPIO registers: CR 0x00000000, DO 0x00000000, DI 0x0000000b

STA_ID0: 00:1f:e1:xx:xx:xx

STA_ID1: 0x1a806880, AP: 0, IBSS: 0, KeyCache Disable: 0

TIMER0: 0x00000030, TBTT: 48, TU: 0x00040030

TIMER1: 0x0007ffff, DMAb: 65535, TU: 0x0003ffff (-49)

TIMER2: 0x01ffffff, SWBA: 65535, TU: 0x003fffff (+3932111)

TIMER3: 0x00000031, ATIM: 49, TU: 0x00040031 (+1)

TSF: 0x000000000ef4ce6a, TSFTU: 48435, TU: 0x0003bd33

BEACON: 0x00000000

LAST_TSTP: 0x10040004

Link to comment
Share on other sites

Hi,

that is the info. In order to find the registers and the values we need the dump:

 

ath_info -d (base address)

 

You just have to insert the -d switch in between the ath_info and the base address, as for your current output. Sometimes you habe to be sudo to do it.

 

What you should do is:

 

Ubuntu

1. sudo ath_info -d (base address)

then cut and paste this output

2. lspci -n => note vendor id and device id

then sudo lspci -d [<vendor>]:[<device>] -xxxx

then cut and paste this output

 

Linpus

1. sudo ath_info -d (base address)

then cut and paste this output

2. lspci -n => note vendor id and device id

then sudo lspci -d [<vendor>]:[<device>] -xxxx

then cut and paste this output

 

attached is the ath_info from ubuntu 8.04. I don't know if it is helpful.

Please note I masked the mac address for safety issue

 

 

-==Device Information==-

MAC Revision: 2425 (0xe2)

Device type: 3

 

/============== EEPROM Information =============\

| EEPROM Version: 5.3 | EEPROM Size: 4 kbit |

| EEMAP: 2 | Reg. Domain: 0x64 |

|================= Capabilities ================|

| 802.11a Support: no | Turbo-A disabled: yes |

| 802.11b Support: no | Turbo-G disabled: yes |

| 802.11g Support: yes | 2GHz XR disabled: yes |

| RFKill Support: yes | 5GHz XR disabled: yes |

| 32kHz Crystal: no | |

\===============================================/

 

/=========================================================\

| Calibration data common for all modes |

|=========================================================|

| CCK/OFDM gain delta: 1 |

| CCK/OFDM power delta: 5 |

| Scaled CCK delta: 5 |

| 2GHz Antenna gain: 0 |

| 5GHz Antenna gain: 0 |

| Turbo 2W maximum dBm: 38 |

| Target power start: 0x16e |

| EAR Start: 0x1b8 |

\=========================================================/

 

/=========================================================\

| Calibration data for 802.11g operation |

|=========================================================|

| I power: 0x00 | Q power: 0x10 |

| Use fixed bias: 0x01 | Max turbo power: 0x26 |

| Max XR power: 0x1e | Switch Settling Time: 0x28 |

| Tx/Rx attenuation: 0x19 | TX end to XLNA On: 0x00 |

| TX end to XPA Off: 0x00 | TX end to XPA On: 0x0e |

| 62db Threshold: 0x1c | XLNA gain: 0x00 |

| XPD: 0x01 | XPD gain: 0x0a |

| I gain: 0x00 | Tx/Rx margin: 0x01 |

| False detect backoff: 0x00 | Noise Floor Threshold: -1 |

| ADC desired size: -38 | PGA desired size: -80 |

|=========================================================|

| Antenna control 0: 0x00 | Antenna control 1: 0x02 |

| Antenna control 2: 0x21 | Antenna control 3: 0x21 |

| Antenna control 4: 0x00 | Antenna control 5: 0x00 |

| Antenna control 6: 0x01 | Antenna control 7: 0x22 |

| Antenna control 8: 0x22 | Antenna control 9: 0x00 |

| Antenna control 10: 0x00 | Antenna control 11: 0x02 |

|=========================================================|

| Octave Band 0: 3 | db 0: 3 |

| Octave Band 1: 4 | db 1: 4 |

| Octave Band 2: 0 | db 2: 0 |

| Octave Band 3: 0 | db 3: 0 |

\=========================================================/

/============== Per rate power calibration ===========\

| Freq | 6-24Mbit/s | 36Mbit/s | 48Mbit/s | 54Mbit/s |

|======|============|==========|===========|==========|

| 2412 | 15.00 | 15.00 | 15.00 | 13.01 |

|======|============|==========|===========|==========|

| 2437 | 15.00 | 15.00 | 15.00 | 13.01 |

|======|============|==========|===========|==========|

| 2472 | 15.00 | 15.00 | 15.00 | 13.01 |

\=====================================================/

/=================== Per channel power calibration ====================\

| Freq | pwr_0 | pwr_1 | pwr_2 | pwr_3 |pwrx3_0|pwrx3_1|pwrx3_2|max_pwr|

| | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | |

|======|=======|=======|=======|=======|=======|=======|=======|=======|

| 2412 | 25.00 | 25.00 | 0.00 | 25.00 | 0.00 | 0.00 | 29.01 | 25.00 |

| | [112] | [112] | [112] | [112] | [20] | [35] | [63] | |

\======================================================================/

 

GPIO registers: CR 0x00000000, DO 0x00000000, DI 0x0000000b

STA_ID0: 00:1f:e1:xx:xx:xx

STA_ID1: 0x1a806880, AP: 0, IBSS: 0, KeyCache Disable: 0

TIMER0: 0x00000030, TBTT: 48, TU: 0x00040030

TIMER1: 0x0007ffff, DMAb: 65535, TU: 0x0003ffff (-49)

TIMER2: 0x01ffffff, SWBA: 65535, TU: 0x003fffff (+3932111)

TIMER3: 0x00000031, ATIM: 49, TU: 0x00040031 (+1)

TSF: 0x000000000ef4ce6a, TSFTU: 48435, TU: 0x0003bd33

BEACON: 0x00000000

LAST_TSTP: 0x10040004

Link to comment
Share on other sites

Guest BuildSmart
I've successfully patched device id and subsys id (both vendor and device). Device was working under XP and was detected as 11a/b/g Wireless LAN Mini PCI Express Adapter and working. But no luck in Macos. But after I've tried to change device class ID (from 200 to 280) my wireless card was disappeared at all. No device at xp (As if I've removed it or locked in BIOS) and no device at linux. Seems like I've no chance to get it back. Maybe someone can give me an advice?
I can guarantee that changing the class type from 0x0200 to 0x0280 will not make your card non-functional.

 

In windows you may need to modify the driver .inf file to change from looking for a device class of 200 to a device class of 280 and change the ID's to match to what you have changed them to so keep notes.

 

A dump of the eeprom is recommended as suggested in this thread to ensure the corrects bytes are modified and 0280 is not the same as 0x0280 just as 1014 is not the same as 0x1014.

 

I spent the better part of the day yesterday recovering a card in which the user wrote the values to the wrong locations and bricked the card so while you can make it non-functional you better double check your work before you proceed so you don't go through the painful recovery process which involves an expensive programmer and an adapter which clips directly onto the IC on the card to read it in and write it back out.

 

One more note, if you are unfamiliar with linux, build tools and Live CD's, it will be difficult for you to work from the Live CD so find an old IDE drive and an external USB enclosure and work from the external drive rather than the Live CD to minimize frustrations of installing and working from the Live CD.

Link to comment
Share on other sites

Problem is, that my card was disappeared from device manager and lspci output at all. I can't access it at all. Maybe I've overwritten something vital for card, i don't know. I can attach original EEPROM dump (I have backup) and point at byte pair I've changed..

PS Wireless switch on my notebook also don't work (led is always off)

Link to comment
Share on other sites

My Original dump. Be careful. It may be or may be not equal to your EEPROM. I've changed value at 0x90 (adress in dump file) offset from 0x00 to 0x80. Note, that appropriate address in EEPROM will be different, because there is one address for each byte pair.. I know, that I'm changed exactly this byte, because I've dumped result before reboot. After reboot card no longer exist :P

orig.bin.tar.gz

Link to comment
Share on other sites

Could you please tell us the brand and build of your laptop. Also please tell us, whether the card was recognized with lspci as AR5006EG or AR5007EG and what specific chipset it has.

 

By the way, it is like BuildSmart said. You cannot make a card nonaccessible by changing the registers "per se". Yet it can be the case that your card is blacklisted by the bios.... Then you need a special device for accessing it which you probably do not have.

Link to comment
Share on other sites

The card is AR5007EG. Original IDs was 001c:168c. Which chipset exactly is on my card i dunno :lol:

I have Asus F5RL notebook. Core 2Duo T5250 Processor, ATI x1100 video (SB600 ATI chipset). Computer Have AMI Bios. Is it possible to somehow crack it? I've been seen something about phoenix BIOS of HP DV series.. Is it possible here?I can provide latest bios image..

Link to comment
Share on other sites

The AR5007EG is a strange beast. I have only had experiences with this card on an Acer Aspire One.

With the Linpus original-install it is recognized as a AR5006EG (!) in madwifi. On Ubuntu with the new madwifi it is recognized as a AR5007EG (!).

 

Now there is the unique experience. The ath_info dump differs completely under Linpus and Ubuntu....

 

I think the ath_info output from Linpus is wrong, since in my opinion it only emulates a AR5006EG. Whereas the lspci output under Linpus is correct....

 

So, what is the solution. I would say, writing directly to the registers in Ubuntu should be the way to go.

 

However, I have returned the Acer Aspire One. Therefore I cannot post the ath_info dumps. Yet there might be someone who still has one. If so, please post the two EEPROM-dumps.

 

There ist actually still a second method. A czech-guy wrote a program that can change the ids an restore the configuration. This is a highly recommended feature. As you can read, what happens sometimes :blink: . I will try to find the link an post it.

 

Hi,

I have found the link to that program.....I think,

Jan Krupa homepage - Ath EEPROM Tool

 

I has tested it under Fedora 8 live cd & able to dump my AR5007EG (chipset AR5BXB63) EEPROM to a file. Now I need to learn how to rebrand my wireless card. :D

 

Edit: I attached here my EEPROM dump. Fedora 8 live cd detected this card as AR5006EG. It was (it is a long long time ago....:)) working in linux (tested with Fedora 8, Slackware 12) using madwifi's snapshot driver.

 

kizwan

ar5007eg.dat.zip

Link to comment
Share on other sites

Hi guys,

To rebrand my AR5007EG using ath_info tool, I need to make sure that I supply the right device address, right? Mine should be 0x8c100000, right? So how do I know what value of GPIO that I should use?

 

lspci -v

03:00.0 Ethernet controller: Atheros Communications, Inc. AR5006EG 802.11 b/g Wireless PCI Express Adapter (rev 01)

Subsystem: AMBIT Microsystem Corp. Unknown device 0428

Flags: bus master, fast devsel, latency 0, IRQ 219

Memory at 8c100000 (64-bit, non-prefetchable)

Capabilities: [40] Power Management version 2

Capabilities: [50] Message Signalled Interrupts: Mask- 64bit- Queue=0/0 Enable+

Capabilities: [60] Express Legacy Endpoint IRQ 0

Capabilities: [90] MSI-X: Enable- Mask- TabSize=1

 

ath_info 0x8c100000

-==Device Information==-

MAC Revision: 2425 (0xe2)

Device type: 3

 

/============== EEPROM Information =============\

| EEPROM Version: 5.3 | EEPROM Size: 4 kbit |

| EEMAP: 2 | Reg. Domain: 0x65 |

|================= Capabilities ================|

| 802.11a Support: no | Turbo-A disabled: yes |

| 802.11b Support: no | Turbo-G disabled: yes |

| 802.11g Support: yes | 2GHz XR disabled: yes |

| RFKill Support: yes | 5GHz XR disabled: yes |

| 32kHz Crystal: no | |

\===============================================/

 

/=========================================================\

| Calibration data common for all modes |

|=========================================================|

| CCK/OFDM gain delta: 1 |

| CCK/OFDM power delta: 5 |

| Scaled CCK delta: 5 |

| 2GHz Antenna gain: 0 |

| 5GHz Antenna gain: 0 |

| Turbo 2W maximum dBm: 38 |

| Target power start: 0x16e |

| EAR Start: 0x1c8 |

\=========================================================/

 

/=========================================================\

| Calibration data for 802.11g operation |

|=========================================================|

| I power: 0x00 | Q power: 0x10 |

| Use fixed bias: 0x01 | Max turbo power: 0x26 |

| Max XR power: 0x24 | Switch Settling Time: 0x28 |

| Tx/Rx attenuation: 0x19 | TX end to XLNA On: 0x00 |

| TX end to XPA Off: 0x00 | TX end to XPA On: 0x0e |

| 62db Threshold: 0x1c | XLNA gain: 0x00 |

| XPD: 0x01 | XPD gain: 0x0a |

| I gain: 0x00 | Tx/Rx margin: 0x01 |

| False detect backoff: 0x00 | Noise Floor Threshold: -1 |

| ADC desired size: -38 | PGA desired size: -80 |

|=========================================================|

| Antenna control 0: 0x00 | Antenna control 1: 0x02 |

| Antenna control 2: 0x21 | Antenna control 3: 0x21 |

| Antenna control 4: 0x00 | Antenna control 5: 0x00 |

| Antenna control 6: 0x01 | Antenna control 7: 0x22 |

| Antenna control 8: 0x22 | Antenna control 9: 0x00 |

| Antenna control 10: 0x00 | Antenna control 11: 0x02 |

|=========================================================|

| Octave Band 0: 3 | db 0: 3 |

| Octave Band 1: 4 | db 1: 4 |

| Octave Band 2: 0 | db 2: 0 |

| Octave Band 3: 0 | db 3: 0 |

\=========================================================/

/============== Per rate power calibration ===========\

| Freq | 6-24Mbit/s | 36Mbit/s | 48Mbit/s | 54Mbit/s |

|======|============|==========|===========|==========|

| 2412 | 18.00 | 17.00 | 15.01 | 13.01 |

|======|============|==========|===========|==========|

| 2437 | 18.00 | 17.00 | 15.01 | 13.01 |

|======|============|==========|===========|==========|

| 2472 | 18.00 | 17.00 | 15.01 | 13.01 |

\=====================================================/

/=================== Per channel power calibration ====================\

| Freq | pwr_0 | pwr_1 | pwr_2 | pwr_3 |pwrx3_0|pwrx3_1|pwrx3_2|max_pwr|

| | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | pcdac | |

|======|=======|=======|=======|=======|=======|=======|=======|=======|

| 2412 | 25.02 | 9.02 | 0.00 | 25.02 | 0.00 | 0.00 | 34.01 | 25.02 |

| | [112] | [112] | [112] | [112] | [20] | [35] | [63] | |

\======================================================================/

 

GPIO registers: CR 0x00000000, DO 0x00000000, DI 0x0000000a

STA_ID0: 00:19:7e:XX:XX:XX

STA_ID1: 0x00000000, AP: 0, IBSS: 0, KeyCache Disable: 0

TIMER0: 0x00000030, TBTT: 48, TU: 0x00820030

TIMER1: 0x0007ffff, DMAb: 65535, TU: 0x0081ffff (-49)

TIMER2: 0x01ffffff, SWBA: 65535, TU: 0x00bfffff (+4063183)

TIMER3: 0x00000031, ATIM: 49, TU: 0x00820031 (+1)

TSF: 0x00000002040f496a, TSFTU: 978, TU: 0x008103d2

BEACON: 0x00000000

LAST_TSTP: 0x7ffd6bef

 

Thank you. :(

 

kizwan

Link to comment
Share on other sites

Interesting.. I've decompressed my AMI BIOS image with amideco (linux util, under ubuntu is accessible by simple apt-get install amideco). After decompressing I see only two PCI modules: one for ATI X1100M Video, second for Attansic L2 Fast Ethernet, but my atheros wireless was not mentioned here. Hm...

Second funny thing, that amideco can't compress BIOS back..

Link to comment
Share on other sites

Interesting.. I've decompressed my AMI BIOS image with amideco (linux util, under ubuntu is accessible by simple apt-get install amideco). After decompressing I see only two PCI modules: one for ATI X1100M Video, second for Attansic L2 Fast Ethernet, but my atheros wireless was not mentioned here. Hm...

Second funny thing, that amideco can't compress BIOS back..

 

Hi,

Can you change back your device id from ff1b to 001c? Can you tell me how you change your pci_class from 200 to 280? It seem that when I try to change pci_class from 200 to 280, ath_info try to change at wrong address....I think. I'm willing to lose my wireless but at least I understand what I'm doing before I proceed.

 

kizwan

Link to comment
Share on other sites

 Share

×
×
  • Create New...