Sascha_77 Posted July 12, 2016 Share Posted July 12, 2016 Hey Folx. I have an AR5BHB92. This one is normally not working in (for example) a Thinkpad T430. There is a whitelist in the BIOS. Flashing with Software is not possible because of a digital signature. Now I rebranded the Atheros (168c,002a) to an Intel brand which was original in the Laptop (8086,0891) to bypass the Whitelist. But thats not enough. The SubID must be changed too. Forgot that. I have a Backup of the original rom. But no flash tool (under Linux and Windows) can write to the card now because of changed VID und PID. Is there a way to put the FakeID´s into the original Atheros-Drivers? I used the Softwarebundle from the first Post and modified here and there but no chance. For example changing with a HexEditor the value "168C" to "8086" in the Binary from "atheros_eeprom_tool" It says the flash was successfull (after selecting the right device from the pulldown menu) but there was no change to the card.Any Idea to get my "Brick" back? By the way ... Reading out the card works with the method above. Only writing failed. And if anyone asks how the Card should work after rebranding ... I use it in a Hackintosh. And with OS X its relative easy to fake the VID/PID via Injctor-Kexts. Its recognized as AppleAirport Card at the end. But unfortunately there is no way to flash under OS X. Link to comment Share on other sites More sharing options...
Zak McKracken Posted July 12, 2016 Share Posted July 12, 2016 Great work on this tool! Before cracking open a recently acquired WiFi PC-Card, I decided to Google for software tools to solve my problem and I stumbled upon this fantastic work. Somebody please tell me if atheros_eeprom_tool will work on an Atheros 5416? Please let me explain why I cannot try this quickly myself: The system this PC-Card is used in, is a measurement instrument (running XP embedded), and it's the only system I own with a PC-Card slot. Unfortunately, this instrument has a customised, inaccessible BIOS, so I cannot make it boot from USB and I don't have a spare 2.5" PATA harddisk laying around. Yes; It's all trailing-edge technology. Now I could back-up the original disk, install WinXP on in in another machine, but I doubt if that's going to work. I could install Ubuntu to figure out more details, but I figured perhaps somebody here is willing to answer the question. The problem I'm trying to solve is changing the MAC address of this card. Permanently, and inside the card. I figured I would crack open the card, desolder the EEPROM, dump it with my EPROM programmer, modify it, and put it back. But there's probably a checksum over it, once a PC-Card has been opened, it doesn't close nicely anymore. Yes; I'm really desperate ;-). Link to comment Share on other sites More sharing options...
ctene Posted April 27, 2017 Share Posted April 27, 2017 I recently had to recover the ROM of my Atheros AR9285 because of a broken checksum in the ROM. Windows couldn't use the device at all, OS X had a HAL error so I decided to build a custom linux ath9k driver capable of loading the custom ROM with debugging build... For getting a Linux environment (if you have none): Use either a tool like unetbootin or Uni-USB to create a bootable USB flash storage drive containing a bootable setup. I used latest Ubuntu... For making a full 4k ROM from a 512 byte dump: Go into the custom iwleeprom folder and copy in here the eeprom_dump.rom file and next in the terminal execute here ./create4krom.sh This will create eeprom_4k.rom To configure this backports for your Linux and install: make defconfig-ath9k-debug make make install Don't forget to edit romimp.c with a C formatted character structure of your original ROM (eeprom_4k.rom). After you the load up this driver, the card will work again and the you can use my custom iwleeprom to flash eeprom_4k.rom. ./iwleeprom -i eeprom_4k.rom which will fully reflash it... After a reobot your card will work just fine again Other tools: dumpathrom is a tool I wrote to analyze certain parts of an atheros ROM. Built binaries are included for OS X, Win32 and Win64 atheros_eeprom_tool (AnV) is a massively updated version of the old atheros eeprom tool. It includes a dseo binary (for being able to use the custom build ath32.sys and ath64.sys drivers in Windows). It can on normal execution do everything the standard binary can (read/write 376B dumps and override options). It can also read/write 512B dumps (when run from the command line with /r512 or /w512 argument). It can also fix the checksum of the currently installed ROM with /fixcrc I updated the code to be up to specs with the latest APIs and implemented the Secure CRT functions. I also fixed up every warning... I also modified the code to be abe to build a 64bit atheros_eeprom_tool (atheros_eeprom_tool64.exe). Both are included (atheros_eeprom_tool32.exe and atheros_eeprom_tool64.exe). For all packages the sources are included... Enjoy and have fun Remember: If you want to mod your card - always make a backup (both standard 376B dump and full 512B dump)... better safe than sorry. EDIT: Sorry... forgot to upload iwleeprom, uploading now... EDIT2: Added Windows 8.1 optimized version, built with Microsoft Visual Studio 2013 of the atheros rom tool. might work under older versions of Windows too. dseo can't enable test mode under Windows 8.X so use the following command as administrator to enable test mode so that the driver works: Bcdedit.exe -set TESTSIGNING ON disabling the option can be done with the following command: Bcdedit.exe -set TESTSIGNING OFF EDIT3: Github repo added https://github.com/andyvand/AtherosROMKit I would have one very specific question - I am not sure if that is even possible but if so and if anyone would know an answer I would greatly appreciate it. Here it goes: I bought a Lenovo compliant AR9285 with AR5B195 chipset which inherently contains the pesky AR3011 BT as well ... this is where my issue starts - My Lenovo T430i has a bitchy whitelist - the only one Hardware ID is the one which gets reported by the Bluetooth Subsystem ID ... so - the actual question - is there any way to actualy MOD the whole AR3011 BT Controller out, so it no longer even is visible to the System on boot or even after boot - if not, is there any way for me to alter the Subsystem ID which it identifies with to something which would not collide with my bios whitelist? Either way, the T430i does already have a present BT Adapter which Comes with it hence I do not even want the 3011 Adapter (which doesnt even seem to properly work under Windows). Hope someone here can help. Link to comment Share on other sites More sharing options...
Slice Posted April 28, 2017 Share Posted April 28, 2017 AFAIK a newer version of VoodooWireless was made in ~2012 designed for Lion and the changes that came with it, along with a fully completed BSD net80211 port with WPA2 support, but I haven't been able to find the source for it anywhere (original site is down). I have some sources from mercurysquad if anyone interested. VoodooWireless.framework.zip Link to comment Share on other sites More sharing options...
TheRacerMaster Posted April 28, 2017 Share Posted April 28, 2017 I have some sources from mercurysquad if anyone interested. VoodooWireless.framework.zip mercurysquad posted the missing sources last year: https://github.com/mercurysquad Link to comment Share on other sites More sharing options...
SiddRamesh Posted November 9, 2017 Share Posted November 9, 2017 I finally made it All steps were right, the problem was on iwleeprom, so i use iwleeprom from MacNB and use the flag "-r" n its write to the ROM.Locale: FCCCountry Code: Sir i used "00", so got FCC as locale but No Country Code , Sir wat should i use regdom for INDIA. Link to comment Share on other sites More sharing options...
HenryV Posted January 26, 2020 Share Posted January 26, 2020 Hello Andy and thanks for posting the files. I have an m.2 atheros9565 and am using the kexts from elsewhere on this site. Apparently the card is recognized in the device profiler and the network icon in the menu bar only shows scanning for networks but not finding any. This behavior is the same for high sierra, mojave and catalina. The device profiler reads: Card Type: AirPort Extreme (0x168C, 0x20E) Firmware Version: Atheros 9565: 4.0.74.0-P2P Locale: Japan Country Code: JP Supported PHY Modes: 802.11 a/b/g/n Supported Channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 Wake On Wireless: Supported Status: Network Service Inactive Do I need to change the regulatory domain or some other code to eliminate the reference to Japan? If so can I do that with the tools you have posted and how to accomplish that? For now this is my alternative for wifi as the Broadcom cards are not readily available in this area to my knowliedge. Any help appreciated and thank you. Link to comment Share on other sites More sharing options...
Recommended Posts