Andy Vandijck Posted July 23, 2014 Share Posted July 23, 2014 I recently had to recover the ROM of my Atheros AR9285 because of a broken checksum in the ROM. Windows couldn't use the device at all, OS X had a HAL error so I decided to build a custom linux ath9k driver capable of loading the custom ROM with debugging build... For getting a Linux environment (if you have none): Use either a tool like unetbootin or Uni-USB to create a bootable USB flash storage drive containing a bootable setup. I used latest Ubuntu... For making a full 4k ROM from a 512 byte dump: Go into the custom iwleeprom folder and copy in here the eeprom_dump.rom file and next in the terminal execute here ./create4krom.sh This will create eeprom_4k.rom To configure this backports for your Linux and install: make defconfig-ath9k-debug make make install Don't forget to edit romimp.c with a C formatted character structure of your original ROM (eeprom_4k.rom). After you the load up this driver, the card will work again and the you can use my custom iwleeprom to flash eeprom_4k.rom. ./iwleeprom -i eeprom_4k.rom which will fully reflash it... After a reobot your card will work just fine again Other tools: dumpathrom is a tool I wrote to analyze certain parts of an atheros ROM. Built binaries are included for OS X, Win32 and Win64 atheros_eeprom_tool (AnV) is a massively updated version of the old atheros eeprom tool. It includes a dseo binary (for being able to use the custom build ath32.sys and ath64.sys drivers in Windows). It can on normal execution do everything the standard binary can (read/write 376B dumps and override options). It can also read/write 512B dumps (when run from the command line with /r512 or /w512 argument). It can also fix the checksum of the currently installed ROM with /fixcrc I updated the code to be up to specs with the latest APIs and implemented the Secure CRT functions. I also fixed up every warning... I also modified the code to be abe to build a 64bit atheros_eeprom_tool (atheros_eeprom_tool64.exe). Both are included (atheros_eeprom_tool32.exe and atheros_eeprom_tool64.exe). For all packages the sources are included... Enjoy and have fun Remember: If you want to mod your card - always make a backup (both standard 376B dump and full 512B dump)... better safe than sorry. EDIT: Sorry... forgot to upload iwleeprom, uploading now... EDIT2: Added Windows 8.1 optimized version, built with Microsoft Visual Studio 2013 of the atheros rom tool. might work under older versions of Windows too. dseo can't enable test mode under Windows 8.X so use the following command as administrator to enable test mode so that the driver works: Bcdedit.exe -set TESTSIGNING ON disabling the option can be done with the following command: Bcdedit.exe -set TESTSIGNING OFF EDIT3: Github repo added https://github.com/andyvand/AtherosROMKit backports-3.15.1-1.zip dumpathrom.zip aet_rw512_AnV.zip iwleeprom.zip atheros_eeprom_tool-WIN8.1.zip 8 Link to comment Share on other sites More sharing options...
Philip Petev Posted July 23, 2014 Share Posted July 23, 2014 Nice guide, Andy, but may I ask you to give more details about the romimp.c edit? Link to comment Share on other sites More sharing options...
Andy Vandijck Posted July 23, 2014 Author Share Posted July 23, 2014 Nice guide, Andy, but may I ask you to give more details about the romimp.c edit? Path to file: backports-3.15.1-1/drivers/net/wireless/ath/ath9k/romimp.c Consists of two parts: const char overriderom[] = { >>>*** Insert your ROM in C hex array format here ***<<< } int overrideromsize = sizeof(overriderom); Example of ROM in hex format: 0x5A, 0xA5, 0x00, 0x00, 0x03, 0x00, 0x00, 0x50, 0x8C, 0x16, 0x2B, 0x00, 0x08, 0x50, 0x01, 0x00, 0x80, 0x02, 0x2C, 0x50, 0x8C, 0x16, 0xA1, 0x30, 0x64, 0x50, 0xC0, 0x8C, 0x04, 0x05 This is a 4096B ROM (if you only have the 512B one, use the create4krom.sh script using the info above). The following command can be used to convert the .rom file into a usable C hex array: hexdump -v -e '"0x" /1 "%x" ", "' eeprom_4k.rom I wrote a simple shell script to convert eeprom_4k.rom into romimp.c automatically... #!/bin/bash # if [ -f "eeprom_4k.rom" ]; then echo "Creating romimp.c from eeprom_4k.rom..." echo "/* ROM override file data for ath9k (auto-generated by convertromtoc.sh) */" > romimp.c echo "const char overriderom[] =" >> romimp.c echo "{" >> romimp.c hexdump -v -e '"0x" /1 "%02x" ", "' eeprom_4k.rom >> romimp.c echo "" >> romimp.c echo "};" >> romimp.c echo "int overrideromsize = sizeof(overriderom);" >> romimp.c echo "" >> romimp.c else echo "ERROR: You need to create eeprom_4k.rom and place it in the same folder as this script." fi Script is attached below..., just put eeprom_4k.rom (generated from within iwleeprom folder (generated from eeprom_dump.rom)) in the same folder as this script and run it in the folder. It will generate romimp.c which you must put in drivers/net/wireless/ath/ath9k/romimp.c Which is located under the customized backports driver. Then follow the rest of the tutorial to build it and to enable the driver after installation, run the following as root after installation of the backports ath9k debug driver: # remove old active modules rmmod ath9k rmmod ath9k_common rmmod ath9k_hw rmmod ath rmmod mac80211 rmmod cfg80211 rmmod compat # insert new patched ones modprobe compat modprobe cfg80211 modprobe mac80211 modprobe ath modprobe ath9k_hw modprobe ath9k_common modprobe ath9k # done... your WiFi should now work... try scanning for networks, if it finds some, you can reflash your card to a correct ROM Test your network list, if it shows networks all is well to use iwleeprom to reflash your card to a correct ROM and after a reboot your card is fully fixed. convertromtoc.sh.zip 1 Link to comment Share on other sites More sharing options...
Philip Petev Posted July 24, 2014 Share Posted July 24, 2014 Nice! About the last part, modprobe -r ath9k && modprobe ath9k is quite enough to restart the Atheros module, because it unloads all (unused by any other module) module dependencies as well. 1 Link to comment Share on other sites More sharing options...
shaqan Posted February 14, 2015 Share Posted February 14, 2015 ty for the tools Noticed couple of issues. - If you happen to have multiple (I had two) wlan cards, then aet_rw512_Anv swaps them. You want dump from one card, but you are going to get rom dump from the other, and vice versa. Noticed that because I bricked one of the cards with the wrong eeprom - then it showed up "invalid" in Windows Device Manager. This tool appeared to allow dumping eeprom from faulty card, while asking me if the perfectly fine card is disabled. Same for writing it. I took some time verifying the theory before I was convinced in it (disabled both one by one, removed one and the other etc) - I can't get iwleeprom to do it's function. Tried OpenSuse and Ubuntu. It seems to do it's job but after reboot the eeprom is still the same old. Tried it on FreeBSD to be sure - got hard system lock. But I've learned to lot about Atheros thanks this thread and utilities you shared. Thank very much. Cards I used were AR928x and AR9280, one of them DELL DW1525 PCIe, other was some sort of notebook's mini-PCIe format card (ran in my PC over miniPCIe/PCIe adapter) Link to comment Share on other sites More sharing options...
Andy Vandijck Posted February 17, 2015 Author Share Posted February 17, 2015 ty for the tools Noticed couple of issues. - If you happen to have multiple (I had two) wlan cards, then aet_rw512_Anv swaps them. You want dump from one card, but you are going to get rom dump from the other, and vice versa. Noticed that because I bricked one of the cards with the wrong eeprom - then it showed up "invalid" in Windows Device Manager. This tool appeared to allow dumping eeprom from faulty card, while asking me if the perfectly fine card is disabled. Same for writing it. I took some time verifying the theory before I was convinced in it (disabled both one by one, removed one and the other etc) - I can't get iwleeprom to do it's function. Tried OpenSuse and Ubuntu. It seems to do it's job but after reboot the eeprom is still the same old. Tried it on FreeBSD to be sure - got hard system lock. But I've learned to lot about Atheros thanks this thread and utilities you shared. Thank very much. Cards I used were AR928x and AR9280, one of them DELL DW1525 PCIe, other was some sort of notebook's mini-PCIe format card (ran in my PC over miniPCIe/PCIe adapter) That's why the backports are above. Use that script above using a 512B dump (original one or correct one) and inject it in the sources as described above. Then build the driver and load it as shown above. Your card will come to live and you'll next be able to unbrick it. That's the way I recovered my WiFi card when I forgot to correct a checksum... After the card is initialized iwleeprom will work just fine Link to comment Share on other sites More sharing options...
shaqan Posted February 20, 2015 Share Posted February 20, 2015 I had to copy the changes you had made to the backports over into newer kernel. Backports 3.15 would'nt compile any more. I checked what you had changed in backports and made modifications accordingly, compilation of the ath9k module went without errors. CC [M] drivers/net/wireless/ath/ath9k/beacon.o CC [M] drivers/net/wireless/ath/ath9k/gpio.o CC [M] drivers/net/wireless/ath/ath9k/init.o ... CC [M] drivers/net/wireless/ath/ath9k/romimp.o ... I think I have screwed up. It seems I have erased original rom dump along with some other "junk" files and now all I got is what I have on card. Error I made was to write regdom 0x8233 instead of 0x37. What I would like to know. During this error, was the next byte to the regdom value in EEPROM just overwritten? Or was it pushed back and the very last byte in EEPROM simply "went lost". (Sorry, I am ignorant in these things). Just thinking that if latter happened, maybe I could revert the changes in hex editor? Or perhaps I could use EEPROM from some other card of the same basic model? Link to comment Share on other sites More sharing options...
Micky1979 Posted February 22, 2015 Share Posted February 22, 2015 Hi Andy, any idea on how to fix the "Locale" in the dumped rom? OSX say me "Unknown Locale 60" (that mean WORLD??) ...I have nr3 AR9285 (two of which with bluetooth 3.0)... and here is Italy Link to comment Share on other sites More sharing options...
MacNB Posted February 24, 2015 Share Posted February 24, 2015 I recently had to recover the ROM of my Atheros AR9285 because of a broken checksum in the ROM. Windows couldn't use the device at all, OS X had a HAL error so I decided to build a custom linux ath9k driver capable of loading the custom ROM with debugging build... Hi Andy, I had a same issue yesterday. I used this blog to change the Locale of my Atheros card and managed to brick the card. I installed Ubuntu 14.04.2 LTS. Built iwleeprom. i followed the instructions in the blog. It changed the Locale from 0x65 to 0x37 but the checksum write did not work. Now I cannot write back the original.bin rom dump - nothing happens. I downloaded and built your version of iwleeprom. I ran it with -s option to give me info about the card. (I am using the standard builtin Atheros drivers at the moment) But what it displays is very different from what my version dsplays. Mine displays: root@macnb-Aspire-4830T:/opt/iwleeprom/atheros# ./iwleeprom -d 0000:03:00.0 -s -D 1 debug level: 1 Using device 0000:03:00.0 [RW] AR928X Wireless Adapter (PCI-E) IO driver: ath9k Supported ops: read write parse patch11n address: c0600000 HW: AR9280 (PCI-E) rev 0002 RF: integrated Checking NVM size... ath9k short eeprom base: 512 size: 3256 MAC address : 70:f1:a1:5f:57:fb Reg. domain : 0037 Capabilities: 0002 Bands: 2.4GHz HT 2G: HT20 HT40 HT 5G: HT20 HT40 CRC (stored): dca9 Calculating EEPROM CRC............................... CRC (eval) : dcfb root@macnb-Aspire-4830T:/opt/iwleeprom/atheros# yours displays: root@macnb-Aspire-4830T:/home/macnb/Downloads/iwleeprom# ./iwleeprom -d 0000:03:00.0 -s -D 1 debug level: 1 Using device 0000:03:00.0 [RW] AR928X Wireless Adapter (PCI-E) IO driver: ath9k Supported ops: read write parse patch11n address: c0600000 HW: AR9280 (PCI-E) rev 0002 RF: integrated Checking NVM size... ath9k short eeprom base: 0 size: 512 MAC address : 08:60:01:00:80:02 Reg. domain : 168c Capabilities: 6000 Bands: HT 2G: HT20 HT40 HT 5G: HT20 HT40 CRC (stored): 0000 Calculating EEPROM CRC............................... CRC (eval) : ca0c root@macnb-Aspire-4830T:/home/macnb/Downloads/iwleeprom# The output from your version does not seem right (MAC address incorrect, Reg Domain wrong and Capabilities also seems wrong) My version says that the eeprom base address is 512 and size 3256. Your version says that the eeprom base address is 0 and teh size 512. If I dump the rom using your version, the rom file size is 4096 bytes (i.e. 4k) and it is identical to the one dumped by my version (using diff command). Does your version of iwleeprom rely on your custom Atheros driver ? I like to fix my card but before i go further with your tools, any help would be great. EDIT: The iwleeprom sources I used are attached. UPDATE: I fixed my Atheros card. I saw a suggestion somewhere by Rehabman to mod the Atheros driver to ignore the BAD CHECKSUM Error that prevented the driver to load. iwleeprom needs the atheros driver to be loaded in order to modify the eeprom otherwise no writes take place. So I changed this ......../backports-3.16-1/drivers/net/wireless/ath/ath9k/eeprom_def.c file to replace "return -EINVAL;" with "return 0;" to ignore the eeprom checksum error. Here is the code fragment (note the commented line): ..... if (sum != 0xffff || ah->eep_ops->get_eeprom_ver(ah) != AR5416_EEP_VER || ah->eep_ops->get_eeprom_rev(ah) < AR5416_EEP_NO_BACK_VER) { ath_err(common, "Bad EEPROM checksum 0x%x or revision 0x%04x\n", sum, ah->eep_ops->get_eeprom_ver(ah)); // return -EINVAL; return 0; ..... Rebuilt the driver and installed it (using make install). Unloaded the exiting driver and loaded the new one (using modprobe -r ath9k && modprobe ath9k). Even thought the driver loaded, and wifi router was detected, I could not connect ...it kept dropping the connection. So then, I used iwleeprom to write back my original rom image. That was successful !!! But unloading and loading the driver still did not help to connect Then, I booted into Mac OS X. That immediately recoganised the card and all was back to normal. Rebooted into Ubuntu and now....wireless connected ! So the key to recoving the bad eprom mod was temporarily modding the atheros driver to ignore the checksum error. Feeling confident, I then used a hex editor and patched the original rom image to change the Reg Domain byte to 0x37 (for ETSI) and the two CRC bytes to the previously noted values. Using iwleeprom, I was able to write the patched rom file to the card. Rebooted and now there are no CRC errors and the reg Domain is ETSI (according MAC System Information). MacNB-iwleeprom.zip Link to comment Share on other sites More sharing options...
shpokas Posted February 25, 2015 Share Posted February 25, 2015 Man, would this work for AR9380 ? Tried with Ubuntu 14.10 and 9.04 stock ath9k driver, but eeprom does not change. Do I need kernel 3.15.1 specifically? Link to comment Share on other sites More sharing options...
MacNB Posted February 25, 2015 Share Posted February 25, 2015 Man, would this work for AR9380 ? Tried with Ubuntu 14.10 and 9.04 stock ath9k driver, but eeprom does not change. Do I need kernel 3.15.1 specifically? It should do.....but bepared to just in case you brick your card !!! I did but manage to recover. Make sure you make a dump of your original rom file (and copy it away safely where you cannot easilty delete it). You can try my iwleeprom (see previous posts). When you say eeprom does not change, how did you check ? That is, did you take a dump of the modified rom and compare it to the file you modified ? Link to comment Share on other sites More sharing options...
shpokas Posted February 26, 2015 Share Posted February 26, 2015 I am not sure why I get 1024 byte rom dump, not 512. And should I try write back 4k rom, not 1k ? Not really clear to me. tried with your iwleeprom version root@laptop:~/MacNB-iwleeprom# ./iwleeprom -d 0000:02:00.0 -s -D 1 debug level: 1 Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) IO driver: ath9300 Supported ops: read write parse address: 58700000 HW: AR9300 (PCI-E) rev 0003 RF: integrated Trying EEPROM access... OTP address out of range: 0fff OTP address out of range: 1001 ath9300_eeprom_check_header 00000000 @0fff r=0 Filling ath9300 EEPROM... DONE OTP address out of range: 0401 ath9300_eeprom_check_header 00650000 @03ff r=1 AR9300 device NVM type: EEPROM (data block @03ff) Found block at 3ff: code=3 ref=5 length=635 major=2 minor=12 (RAW: 0cb22765) Calculating EEPROM CRC... CRC (stored): c211 CRC (eval) : c211 compression : block ath9300 short eeprom base: 383 (0x017f) size: 641 your iwleeprom output has also Supported ops: read write parse patch11n Here I do not have patch11n op supported. Not sure if that matters. When I try to write back modified rom to card (with changed subsystem ID and subvendor ID), I get root@laptop:~/MacNB-iwleeprom# ./iwleeprom -d 0000:02:00.0 -i mod.rom Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E) IO driver: ath9300 HW: AR9300 (PCI-E) rev 0003 RF: integrated Trying EEPROM access... OTP address out of range: 0fff OTP address out of range: 1001 ath9300_eeprom_check_header 00000000 @0fff r=0 Filling ath9300 EEPROM... DONE OTP address out of range: 0401 ath9300_eeprom_check_header 00650000 @03ff r=1 AR9300 device NVM type: EEPROM (data block @03ff) Found block at 3ff: code=3 ref=5 length=635 major=2 minor=12 (RAW: 0cb22765) Calculating EEPROM CRC... CRC (stored): c211 CRC (eval) : c211 compression : block ath9300 short eeprom base: 383 (0x017f) size: 641 **** About to write to EEPROM **** About to write device EEPROM, press 'Y' if you are sure... Y Writing data to EEPROM... '.' = match, 'x' = write Dump file byte order: LITTLE ENDIAN 0000 [....... **** Write verify error: Addr 000e, wrote 103c, read 106b **** **** Write verify error: Addr 0010, wrote 1627, read 9a ****.......................................................] 0080 [................................................................] 0100 [................................................................] 0180 [................................................................] 0200 [................................................................] 0280 [................................................................] 0300 [................................................................] 0380 [................................................................] EEPROM has been written from 'mod.rom' Naturally, no change happens. If I read rom again, get the same as original. Link to comment Share on other sites More sharing options...
shaqan Posted March 2, 2015 Share Posted March 2, 2015 patch11n might not be there because your card already has full support for "n". With older 9280 card's eeprom needs to be patched or you wont be able to run it in AP mode using "n". Thanks MacNB, gonna try your method too once I get done with the job away from home. EDIT: happened to find clarification that I feel needs sharing. Trying EEPROM access...OTP address out of range: 0fffOTP address out of range: 1001 would appear to mean that EEPROM is One-Time-Programmable -> once data is written on it in the factory, you can not alter it in any way short of replacing EEPROM chip itself) Link to comment Share on other sites More sharing options...
iAngelo Posted March 28, 2015 Share Posted March 28, 2015 I recently had to recover the ROM of my Atheros AR9285 because of a broken checksum in the ROM. Windows couldn't use the device at all, OS X had a HAL error so I decided to build a custom linux ath9k driver capable of loading the custom ROM with debugging build... For getting a Linux environment (if you have none): Use either a tool like unetbootin or Uni-USB to create a bootable USB flash storage drive containing a bootable setup. I used latest Ubuntu... For making a full 4k ROM from a 512 byte dump: Go into the custom iwleeprom folder and copy in here the eeprom_dump.rom file and next in the terminal execute here ./create4krom.sh This will create eeprom_4k.rom To configure this backports for your Linux and install: make defconfig-ath9k-debug make make install Don't forget to edit romimp.c with a C formatted character structure of your original ROM (eeprom_4k.rom). After you the load up this driver, the card will work again and the you can use my custom iwleeprom to flash eeprom_4k.rom. ./iwleeprom -i eeprom_4k.rom which will fully reflash it... After a reobot your card will work just fine again Other tools: dumpathrom is a tool I wrote to analyze certain parts of an atheros ROM. Built binaries are included for OS X, Win32 and Win64 atheros_eeprom_tool (AnV) is a massively updated version of the old atheros eeprom tool. It includes a dseo binary (for being able to use the custom build ath32.sys and ath64.sys drivers in Windows). It can on normal execution do everything the standard binary can (read/write 376B dumps and override options). It can also read/write 512B dumps (when run from the command line with /r512 or /w512 argument). It can also fix the checksum of the currently installed ROM with /fixcrc I updated the code to be up to specs with the latest APIs and implemented the Secure CRT functions. I also fixed up every warning... I also modified the code to be abe to build a 64bit atheros_eeprom_tool (atheros_eeprom_tool64.exe). Both are included (atheros_eeprom_tool32.exe and atheros_eeprom_tool64.exe). For all packages the sources are included... Enjoy and have fun Remember: If you want to mod your card - always make a backup (both standard 376B dump and full 512B dump)... better safe than sorry. EDIT: Sorry... forgot to upload iwleeprom, uploading now... EDIT2: Added Windows 8.1 optimized version, built with Microsoft Visual Studio 2013 of the atheros rom tool. might work under older versions of Windows too. dseo can't enable test mode under Windows 8.X so use the following command as administrator to enable test mode so that the driver works: Bcdedit.exe -set TESTSIGNING ON disabling the option can be done with the following command: Bcdedit.exe -set TESTSIGNING OFF Attachments are no longer available ... The author or any Moderator or Admin could restore them? Thanks and great job! Edit: When I try to download any file attached forum gives me Error: Oops! Something went wrong! My problem or forum? Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 21, 2015 Author Share Posted April 21, 2015 Attachments are no longer available ... The author or any Moderator or Admin could restore them? Thanks and great job! Edit: When I try to download any file attached forum gives me Error: Oops! Something went wrong! My problem or forum? After the forum went down a lot was lost. Some of the software is literally totally gone. My projects with Github backup are still there, rest is totally gone... So please people, for those who have it, reattach those 5 attachments please, I'll create Github mirror too... 1 Link to comment Share on other sites More sharing options...
MacNB Posted April 23, 2015 Share Posted April 23, 2015 After the forum went down a lot was lost. Some of the software is literally totally gone. My projects with Github backup are still there, rest is totally gone... So please people, for those who have it, reattach those 5 attachments please, I'll create Github mirror too... Hi Andy, We are in luck. I have four of the five: dumpathrom.zip iwleeprom.zip aet_rw512_AnV.zip atheros_eeprom_tool-WIN8.1.zip I do not have the backports-3.15 but do have 3.16-1 (which I used to make my wifi card active again). I have also attached my version of iwleeprom. My version allows you to directly patch the Reg Domain AND patch the CRC in ONE step without the need to edit the hex value into the ROM file first. I re-used the -r option (as it did nothing in the original) to input the Reg Domain value in Hex. I cannot attach the files as this forum limits the file size to 10MB (really inconvenient) Here's link to my dropbox where you can pickup the files. 2 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 23, 2015 Author Share Posted April 23, 2015 Hi Andy, We are in luck. I have four of the five: dumpathrom.zip iwleeprom.zip aet_rw512_AnV.zip atheros_eeprom_tool-WIN8.1.zip I do not have the backports-3.15 but do have 3.16-1 (which I used to make my wifi card active again). I have also attached my version of iwleeprom. My version allows you to directly patch the Reg Domain AND patch the CRC in ONE step without the need to edit the hex value into the ROM file first. I re-used the -r option (as it did nothing in the original) to input the Reg Domain value in Hex. I cannot attach the files as this forum limits the file size to 10MB (really inconvenient) Here's link to my dropbox where you can pickup the files. I added a new Github repo containing sources and tools. I also added your version and gave you credits in the readme.md Thanks! EDIT: Come on people, one more My custom backports sources please Link to comment Share on other sites More sharing options...
MacNB Posted April 23, 2015 Share Posted April 23, 2015 I added a new Github repo containing sources and tools. I also added your version and gave you credits in the readme.md Thanks! Thanks Andy 1 Link to comment Share on other sites More sharing options...
mencak Posted April 23, 2015 Share Posted April 23, 2015 Awesome. Good to have all the tools. Many thanks for posting them again! Unfortunately, I'm still stuck even with them, so maybe someone might have an idea how to fix my Atheros AR9285 card. I have the following Atheros card: 168c:002b Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01) (Subsystem: 105b:e025) which I rebranded in Windows 7 as Broadcom 14e4:4365 for my Lenovo B590 using the aet_rw512 atheros_eeprom_tool. The only reason I used Windows 7 for rebranding was because I couldn't make any of the various versions of iwleeprom tool to write data in EEPROM. I've tried the official googlecode one-revisions 21-44, Andy's iwleeprom, MacNB_iwleeprom and some of my own hacks at the iwleeprom code. I'm pretty sure the card is not an OTP card as I don't see any OTP text when working with the iwleeprom tool and I was able to rebrand it with aet_rw512 tool. Unfortunately, I was rushing things too much and didn't change the Subsystem IDs. Therefore the card doesn't pass the whitelist test in my B590. The aet_rw512 tool in Windows no longer works, since Windows doesn't load the drivers for the card. I tried to hack the Windows athr.sys driver to load now the "Broadcom" card, only to get the BSoD. I use Linux quite a bit and I'd prefer to fix the card on Linux, so it is quite frustrating to see I cannot write any data to it using the iwleeprom tool. I've hacked the Linux ath9k driver, so that the iwleeprom tool can work with the "now Broadcom" card: root@eee:~/atheros/AtherosROMKit-master/MacNB_iwleeprom# ./iwleeprom -s -d 0000:02:00.0 -D 1debug level: 1Using device 0000:02:00.0 [RW] Broadcom Corporation BCM43142 802.11b/g/nIO driver: ath9kSupported ops: read write parse patch11n patch_rdaddress: f9ff0000HW: AR9285 (PCI-E) rev 0002RF: integratedChecking NVM size...ath9k short eeprom base: 128 size: 376MAC address : f0:7b:cb:80:7a:53Reg. domain : 0065Capabilities: 0002 Bands: 2.4GHz HT 2G: HT20 HT40 HT 5G: HT20 HT40CRC (stored): 29c0Calculating EEPROM CRC...............................CRC (eval) : 29c0 but writes (trying to rebrand back to Atheros using the original EEPROM dump) fail: root@eee:~/atheros/AtherosROMKit-master/MacNB_iwleeprom# echo Y|./iwleeprom -d 0000:02:00.0 -i../../rebrand/htpc/original.bin -D 1debug level: 1Using device 0000:02:00.0 [RW] Broadcom Corporation BCM43142 802.11b/g/nIO driver: ath9kSupported ops: read write parse patch11n patch_rdaddress: f9ff0000HW: AR9285 (PCI-E) rev 0002RF: integratedChecking NVM size...ath9k short eeprom base: 128 size: 376About to write device EEPROM, press 'Y' if you are sure... Writing data to EEPROM... '.' = match, 'x' = writeDump file byte order: LITTLE ENDIAN0000 [....**** Write verify error: Addr 0008, wrote 168c, read 14e4 ******** Write verify error: Addr 000a, wrote 2b, read 4365 ****..........................................................]0080 [................................................................]0100 [................................................................]0180 [................................................................]0200 [................................................................]0280 [................................................................]0300 [................................................................]0380 [................................................................]0400 [................................................................]0480 [................................................................]0500 [................................................................]0580 [................................................................]0600 [................................................................]0680 [................................................................]0700 [................................................................]0780 [................................................................]0800 [....**** Write verify error: Addr 0808, wrote 168c, read 14e4 ******** Write verify error: Addr 080a, wrote 2b, read 4365 ****..........................................................]0880 [................................................................]0900 [................................................................]0980 [................................................................]0a00 [................................................................]0a80 [................................................................]0b00 [................................................................]0b80 [................................................................]0c00 [................................................................]0c80 [................................................................]0d00 [................................................................]0d80 [................................................................]0e00 [................................................................]0e80 [................................................................]0f00 [................................................................]0f80 [................................................................]EEPROM has been written from '../../rebrand/htpc/original.bin' I've tried on Debian stable with 64-bit kernel 3.2.0-2-amd64, and on Ubuntu 14.04.2 LTS 32-bit kernel 3.16.0-34-generic. I've used backports-3.16-1 on Ubuntu and backports-3.15 on Debian. Maybe this card can be saved in Windows using the aet_rw512 tool, since it was successful in writing to it, but first I'd have to make Windows see the card using these Broadcom PCI IDs. Anyone knows how? I'm running out of ideas and possibly skills on what to try, so maybe someone can help. Link to comment Share on other sites More sharing options...
MacNB Posted April 23, 2015 Share Posted April 23, 2015 Anyone knows how? I'm running out of ideas and possibly skills on what to try, so maybe someone can help. This is tough one. When I was getting those "write verify errors", it was because the atheros driver did not like the state of the atheros card (bad checksum). I think you need to look further into the linux driver as to what/where the "writes" are being ignored/discarded. I tried that a while back but could not figure out how physically the writes were happening. Link to comment Share on other sites More sharing options...
RehabMan Posted April 23, 2015 Share Posted April 23, 2015 ... Checking NVM size... ath9k short eeprom base: 128 size: 376 You can see the problem above ^^^ Should be 0 and 512. Check that you've made the correct mods to the code to change the offset/size to 0/512. 1 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 26, 2015 Author Share Posted April 26, 2015 Yep, the 4K ROM exists from 0-512 and 2048-2560 (main ROM is mirrorred twice). So 0-512 (main ROM) should be the main edit... Link to comment Share on other sites More sharing options...
Andy Vandijck Posted June 11, 2015 Author Share Posted June 11, 2015 Hi Andy, any idea on how to fix the "Locale" in the dumped rom? OSX say me "Unknown Locale 60" (that mean WORLD??) ...I have nr3 AR9285 (two of which with bluetooth 3.0)... and here is Italy Use twice 0. This will enable you to use truely world and FCC. This will enable every channel there is possible by the WiFi standard on the card (including the ones over 100). I know because I did it with my own card. I also gave it a reception boost... Works pretty neatly. My ROM set: https://www.dropbox.com/s/6ut4naahgbfgcs9/Ath9285_Mod.zip?dl=0 This one is for Atheros AR9285 0x002B168C. You could use it if you have one of those. This will seriously boost your card and update to latest ROM version (I modded some stuff). They are also separately available from Github: https://github.com/andyvand/AtherosROMKit/tree/master/AR9285_Optimized_ROM Don't forget to change the MAC address first to yours (using the tools provided here)! 1 Link to comment Share on other sites More sharing options...
WinstonAce Posted June 11, 2015 Share Posted June 11, 2015 Hi Andy i'm trying to dump my Atheros 9380 rom in order to change locale but I get this error It's Windows 8.1 and I used Bcdedit.exe -set TESTSIGNING ON what am I missing? Thanks Link to comment Share on other sites More sharing options...
Andy Vandijck Posted June 11, 2015 Author Share Posted June 11, 2015 Hi Andy i'm trying to dump my Atheros 9380 rom in order to change locale but I get this error It's Windows 8.1 and I used Bcdedit.exe -set TESTSIGNING ON what am I missing? Thanks What driver are you using? It should be the one included with a certain tool (can't remember the name) Also: VERY IMPORTANT: all Windows 7 and later users should disable temporarily the Windows 7's driver signature enforcement. Select Windows 7 in your Chameleon menu and then press quickly F8, then select Disable Driver Signature Enforcement in the menu. After selecting it, Windows 7 will continue its boot process. This is not a one-time operation, on the next boot the driver signature enforcement will be enabled again. This step is a must, because without doing it, the drivers, bundled with the Atheros EEPROM tool, will not be loaded and you may damage your card !!! If it has no communication with the .sys file it will fail! Link to comment Share on other sites More sharing options...
Recommended Posts