Sunday, August 31, 2014

How to change Atheros AR9xxx aka ath9k EEPROM values

One of my Atheros AR9280 minipcie cards had some odd undefined regulatory domain (0x6B) configured. This caused even latest Linux ath9k driver to break so I wanted to change it to valid regdom. Which ath9k developers think is sin and are trying to prevent people from doing, but luckily our old friend iwleeprom has Atheros support letting us to fix this.

# The usual preparations
apt-get update
apt-get -y install git subversion build-essential

# Download atheros branch of iwleeprom and compile it
mkdir -p /opt/iwleeprom
cd /opt/iwleeprom
svn checkout http://iwleeprom.googlecode.com/svn/branches/atheros/ atheros
cd atheros
make

# Shutdown wifi
ifdown wlan0

# Find PCI ID of your device using lspci
lspci

# Mine was 03:00.0
# 03:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

# Init card
./iwleeprom -d 0000:03:00.0 -I

# Verify that card is properly identified
./iwleeprom -d 0000:03:00.0 -s

# Backup current eeprom content
./iwleeprom -d 0000:03:00.0 -o original.bin

# Patch country code from non-standard 0x6B to WOR5_ETSIC 0x65
cp original.bin etsic0x65.bin
echo -ne '\x65' | dd of=etsic0x65.bin bs=1 seek=520 conv=notrunc

# Program patched eeprom back to device
echo Y|./iwleeprom -d 0000:03:00.0 -i etsic0x65.bin

# Verify that regdom was changed
# Take note of last CRC line as this is new CRC we need
# For example "CRC (eval)  : fb27"
./iwleeprom -d 0000:03:00.0 -s

# Patch eeprom to use proper CRC
# You need to reverse byte order here
cp etsic0x65.bin etsic0x65crc.bin
echo -ne '\x27\xfb' | dd of=etsic0x65crc.bin bs=1 seek=514 conv=notrunc

# Program crc patched eeprom back to device
echo Y|./iwleeprom -d 0000:03:00.0 -i etsic0x65crc.bin

# Verify that crc matches now
./iwleeprom -d 0000:03:00.0 -s

# Export changed eeprom content
./iwleeprom -d 0000:03:00.0 -o new.bin

# Ensure what we wrote and read match
md5sum etsic0x65crc.bin new.bin

# Reload ath9k.ko
rmmod ath9k
modprobe ath9k

# Turn wifi back on
ifup wlan0

# Check dmesg for more details

10 comments:

  1. how do you do to patch country code 0x8283 (RU) to 0x37 (FR)?

    ReplyDelete
  2. Hi,

    Your post was very precious ressource!
    I look for a mini PCI-E chipset able to provide reliable 5 Ghz Ap mode under Linux 3.15.10 kernel.

    My ATH9300 card is actually locked in the EEPROM directly. So I dumped the eeprom with iwleeprom and patched it to switch the regdom code from 61 to 65, but I cannot seem to be able to reupload it. Is the Atheros EEPROM read only in software mode or am I doing something wrong?

    ReplyDelete
  3. Thx for the tips.
    Any suggestions for getting iweeprom to compile on Mac OS X ?
    Fails to compile with "./iwleeprom.h:32:10: fatal error: 'endian.h' file not found"

    ReplyDelete
  4. Just an fyi, some of the atheros wifi+bluetooth cards that one buys from amazon/ebay have a country reg code set to 60 and wont work. The problem these cards face is that they are not flashable, if you look under ./iwleeprom -d 0000:03:00.0 -s you may notice references to 'OTP' i.e one time programmable. Return the card and get another less restrictive one ....
    Many thanks to the writer of this blog and dev @ iwleeprom
    -poningru

    ReplyDelete
  5. I had an eBay card (Dell 1515) with reg code set to 60. The lspci gave exact same output as the author's card. Successfully changed it to 0x00 (debug) for now. Will probably change the code to my country later. Thanks for this article.

    ReplyDelete
  6. Hi thanks for your instructions, iwleeprom looks to show some promise.

    Unfortunately it could never get/set the checksums correctly (kernel complains with 'Bad EEPROM checksum').
    The 'CRC (stored)' and 'CRC (eval)' values differ in the stock eeprom so iwleeprom probably not able to evaluate these correctly to begin with?

    While trying to figure out the checksum mess, the eeprom was written to approx. 5 times before it stuck with a bad version thus trashing the hardware.

    I'll get another as the hardware is good, but unfortunately crippled by poor Linux development (ie. CRDA).
    CRDA implementation has never really been thought through properly (users shouldn't need to live in the same country as the hardware is manufactured, and mostly don't).

    The next step forward is to strip this CRDA rubbish from the kernel entirely.
    Thanks again and good luck! :)

    ReplyDelete
  7. Is it not possible to change my wifi max tx power in Xubuntu 14.04? I was trying the custom wireless-regdb method and made a regulatory.bin of my own but I don't know where to put it.. they say /usr/lib/cdra but it's not there. ...

    ReplyDelete
  8. Great Work .... get my Dell DW (Atheros 9280) no working without any warnings to system console on a X220 running OSX 10.11, Ubuntu 14.04 and Windows 7 .. thx alot

    ReplyDelete
  9. root@ubuntu:/opt/iwleeprom# svn checkout http://iwleeprom.googlecode.com/svn/branches/atheros/ atheros
    svn: E170013: Unable to connect to a repository at URL 'http://iwleeprom.googlecode.com/svn/branches/atheros'

    What is the updated URL for this iwleeprom?

    ReplyDelete
  10. This don't work, i have exactly the same device "Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)" but when i run the command it shows DEVICE NOT IDENTIFIED (or something like that)

    ReplyDelete

Got something to say?!