jalavoui Posted May 2, 2016 Share Posted May 2, 2016 The AirPortAtheros40.kext as similiar code found on linux freebsd. This first patch was tested on OS X 10.11.0 Working card: Qualcomm Atheros AR9565 pci168c,36 with bluetooth Download v01 for 0036 card + BTFirmwareUploader in attachments. Post your questions here You can find updates on EMlyDinEsH BTFirmwareUploader here http://forum.osxlatitude.com/index.php?/topic/2925-bluetooth-firmware-uploader/ v01 also works on 10.11.4 TOFIX: Bands/Channels limitation exist in macosx/windows driver but not in linux UPDATE: v03 fixed eprom local check. This kext check the following mac models. This might disable/enable some features. plz check your smbios mac model. I'm not using any of this models in my smbios v21 = 31; if ( PEGetModelName(&v40, 32LL) ) { v22 = !strcmp(&v40, "iMac10,1") || !strcmp(&v40, "iMac11,1") || !strcmp(&v40, "iMac11,2") || !strcmp(&v40, "MacBookPro5,2"); if ( !strcmp(&v40, "iMac12,1") || !strcmp(&v40, "iMac12,2") ) v21 = 29; } else { v22 = 0; } DEV NOTES: The driver attach procedure loads one of 2 main subs: ar5416Attach(); ar9300Attach(); On the 9300 tree we have native support for #define AR_SREV_VERSION_OSPREY 0x1C0 #define AR_SREV_VERSION_AR9580 0x1C0 #define AR_SREV_VERSION_HORNET 0x200 The 0036 card is set here #define AR_SREV_VERSION_APHRODITE 0x2C0 For other cards check here ath_hal_mac_name(struct ath_hal *ah) 90 { 91 switch (ah->ah_macVersion) { 92 case AR_SREV_VERSION_CRETE: 93 case AR_SREV_VERSION_MAUI_1: 94 return "AR5210"; 95 case AR_SREV_VERSION_MAUI_2: 96 case AR_SREV_VERSION_OAHU: 97 return "AR5211"; 98 case AR_SREV_VERSION_VENICE: 99 return "AR5212"; 100 case AR_SREV_VERSION_GRIFFIN: 101 return "AR2413"; 102 case AR_SREV_VERSION_CONDOR: 103 return "AR5424"; 104 case AR_SREV_VERSION_EAGLE: 105 return "AR5413"; 106 case AR_SREV_VERSION_COBRA: 107 return "AR2415"; 108 case AR_SREV_2425: /* Swan */ 109 return "AR2425"; 110 case AR_SREV_2417: /* Nala */ 111 return "AR2417"; 112 case AR_XSREV_VERSION_OWL_PCI: 113 return "AR5416"; 114 case AR_XSREV_VERSION_OWL_PCIE: 115 return "AR5418"; 116 case AR_XSREV_VERSION_HOWL: 117 return "AR9130"; 118 case AR_XSREV_VERSION_SOWL: 119 return "AR9160"; 120 case AR_XSREV_VERSION_MERLIN: 121 if (AH_PRIVATE(ah)->ah_ispcie) 122 return "AR9280"; 123 return "AR9220"; 124 case AR_XSREV_VERSION_KITE: 125 return "AR9285"; 126 case AR_XSREV_VERSION_KIWI: 127 if (AH_PRIVATE(ah)->ah_ispcie) 128 return "AR9287"; 129 return "AR9227"; 130 case AR_SREV_VERSION_AR9380: 131 if (ah->ah_macRev >= AR_SREV_REVISION_AR9580_10) 132 return "AR9580"; 133 return "AR9380"; 134 case AR_SREV_VERSION_AR9460: 135 return "AR9460"; 136 case AR_SREV_VERSION_AR9330: 137 return "AR9330"; 138 case AR_SREV_VERSION_AR9340: 139 return "AR9340"; 140 case AR_SREV_VERSION_QCA9550: 141 return "QCA9550"; 142 case AR_SREV_VERSION_AR9485: 143 return "AR9485"; 144 case AR_SREV_VERSION_QCA9565: 145 return "QCA9565"; 146 case AR_SREV_VERSION_QCA9530: 147 return "QCA9530"; 148 } 149 return "????"; 150 } A reference to freebsd source code (usefull to in code research for other cards): http://code.metager.de/source/xref/freebsd/sys/contrib/dev/ath/ath_hal/ar9300/ And ofc the linux id search engine: http://lxr.free-electrons.com/ident apple code is very old but still some patches can be done Todo: Test domains references: static REG_DMN_PAIR_MAPPING regDomainPairs[] = { 32 {NO_ENUMRD, DEBUG_REG_DMN, DEBUG_REG_DMN, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 33 {NULL1_WORLD, NULL1, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 34 {NULL1_ETSIB, NULL1, ETSIB, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 35 {NULL1_ETSIC, NULL1, ETSIC, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 36 37 {FCC2_FCCA, FCC2, FCCA, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 38 {FCC2_WORLD, FCC2, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 39 {FCC2_ETSIC, FCC2, ETSIC, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 40 {FCC3_FCCA, FCC3, FCCA, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 41 {FCC3_WORLD, FCC3, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 42 {FCC4_FCCA, FCC4, FCCA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 43 {FCC5_FCCB, FCC5, FCCB, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 44 45 {ETSI1_WORLD, ETSI1, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 46 {ETSI2_WORLD, ETSI2, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 47 {ETSI3_WORLD, ETSI3, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 48 {ETSI4_WORLD, ETSI4, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 49 {ETSI5_WORLD, ETSI5, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 50 {ETSI6_WORLD, ETSI6, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 51 52 {ETSI3_ETSIA, ETSI3, WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 53 {FRANCE_RES, ETSI3, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 54 55 {FCC1_WORLD, FCC1, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 56 {FCC1_FCCA, FCC1, FCCA, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 57 {APL1_WORLD, APL1, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 58 {APL2_WORLD, APL2, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 59 {APL3_WORLD, APL3, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 60 {APL4_WORLD, APL4, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 61 {APL5_WORLD, APL5, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 62 {APL6_WORLD, APL6, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 63 {APL8_WORLD, APL8, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 64 {APL9_WORLD, APL9, WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 65 66 {APL3_FCCA, APL3, FCCA, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 67 {APL1_ETSIC, APL1, ETSIC, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 68 {APL2_ETSIC, APL2, ETSIC, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 69 {APL2_APLD, APL2, APLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 70 71 {MKK1_MKKA, MKK1, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA, CTRY_JAPAN }, 72 {MKK1_MKKB, MKK1, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN1 }, 73 {MKK1_FCCA, MKK1, FCCA, DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1, CTRY_JAPAN2 }, 74 {MKK1_MKKA1, MKK1, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA1 | PSCAN_MKKA1_G, CTRY_JAPAN4 }, 75 {MKK1_MKKA2, MKK1, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN5 }, 76 {MKK1_MKKC, MKK1, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1, CTRY_JAPAN6 }, 77 78 /* MKK2 */ 79 {MKK2_MKKA, MKK2, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC| LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK2 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN3 }, 80 81 /* MKK3 */ 82 {MKK3_MKKA, MKK3, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC , PSCAN_MKKA, CTRY_DEFAULT }, 83 {MKK3_MKKB, MKK3, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN7 }, 84 {MKK3_MKKA1, MKK3, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKKA1 | PSCAN_MKKA1_G, CTRY_DEFAULT }, 85 {MKK3_MKKA2,MKK3, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN8 }, 86 {MKK3_MKKC, MKK3, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, NO_PSCAN, CTRY_JAPAN9 }, 87 {MKK3_FCCA, MKK3, FCCA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, NO_PSCAN, CTRY_DEFAULT }, 88 89 /* MKK4 */ 90 {MKK4_MKKB, MKK4, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN10 }, 91 {MKK4_MKKA1, MKK4, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA1 | PSCAN_MKKA1_G, CTRY_DEFAULT }, 92 {MKK4_MKKA2, MKK4, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 |PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN11 }, 93 {MKK4_MKKC, MKK4, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3, CTRY_JAPAN12 }, 94 {MKK4_FCCA, MKK4, FCCA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3, CTRY_DEFAULT }, 95 96 /* MKK5 */ 97 {MKK5_MKKB, MKK5, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN13 }, 98 {MKK5_MKKA2,MKK5, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN14 }, 99 {MKK5_MKKC, MKK5, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3, CTRY_JAPAN15 }, 100 101 /* MKK6 */ 102 {MKK6_MKKB, MKK6, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN16 }, 103 {MKK6_MKKA2, MKK6, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN17 }, 104 {MKK6_MKKC, MKK6, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1, CTRY_JAPAN18 }, 105 106 /* MKK7 */ 107 {MKK7_MKKB, MKK7, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN19 }, 108 {MKK7_MKKA2, MKK7, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3 | PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN20 }, 109 {MKK7_MKKC, MKK7, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3, CTRY_JAPAN21 }, 110 111 /* MKK8 */ 112 {MKK8_MKKB, MKK8, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_JAPAN22 }, 113 {MKK8_MKKA2,MKK8, MKKA, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3 | PSCAN_MKKA2 | PSCAN_MKKA2_G, CTRY_JAPAN23 }, 114 {MKK8_MKKC, MKK8, MKKC, DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK1 | PSCAN_MKK3 , CTRY_JAPAN24 }, 115 116 {MKK9_MKKA, MKK9, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_DEFAULT }, 117 {MKK10_MKKA, MKK10, MKKA, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB | NEED_NFC | LIMIT_FRAME_4MS, NEED_NFC, PSCAN_MKK3 | PSCAN_MKKA | PSCAN_MKKA_G, CTRY_DEFAULT }, 118 119 /* These are super domains */ 120 {WOR0_WORLD, WOR0_WORLD, WOR0_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 121 {WOR1_WORLD, WOR1_WORLD, WOR1_WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 122 {WOR2_WORLD, WOR2_WORLD, WOR2_WORLD, DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 123 {WOR3_WORLD, WOR3_WORLD, WOR3_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 124 {WOR4_WORLD, WOR4_WORLD, WOR4_WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 125 {WOR5_ETSIC, WOR5_ETSIC, WOR5_ETSIC, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 126 {WOR01_WORLD, WOR01_WORLD, WOR01_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 127 {WOR02_WORLD, WOR02_WORLD, WOR02_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 128 {EU1_WORLD, EU1_WORLD, EU1_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 129 {WOR9_WORLD, WOR9_WORLD, WOR9_WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 130 {WORA_WORLD, WORA_WORLD, WORA_WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 131 {WORB_WORLD, WORB_WORLD, WORB_WORLD, DISALLOW_ADHOC_11A | DISALLOW_ADHOC_11A_TURB, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 132 {WORC_WORLD, WORC_WORLD, WORC_WORLD, NO_REQ, NO_REQ, PSCAN_DEFER, CTRY_DEFAULT }, 133}; and the ids: enum { 31 /* 32 * The following regulatory domain definitions are 33 * found in the EEPROM. Each regulatory domain 34 * can operate in either a 5GHz or 2.4GHz wireless mode or 35 * both 5GHz and 2.4GHz wireless modes. 36 * In general, the value holds no special 37 * meaning and is used to decode into either specific 38 * 2.4GHz or 5GHz wireless mode for that particular 39 * regulatory domain. 40 */ 41 NO_ENUMRD = 0x00, 42 NULL1_WORLD = 0x03, /* For 11b-only countries (no 11a allowed) */ 43 NULL1_ETSIB = 0x07, /* Israel */ 44 NULL1_ETSIC = 0x08, 45 FCC1_FCCA = 0x10, /* USA */ 46 FCC1_WORLD = 0x11, /* Hong Kong */ 47 FCC4_FCCA = 0x12, /* USA - Public Safety */ 48 FCC5_FCCB = 0x13, /* USA w/ 1/2 and 1/4 width channels */ 49 FCC6_FCCA = 0x14, /* Canada for AP only */ 50 51 FCC2_FCCA = 0x20, /* Canada */ 52 FCC2_WORLD = 0x21, /* Australia & HK */ 53 FCC2_ETSIC = 0x22, 54 FCC_UBNT = 0x2A, /* Ubiquity PicoStation M2HP */ 55 FRANCE_RES = 0x31, /* Legacy France for OEM */ 56 FCC3_FCCA = 0x3A, /* USA & Canada w/5470 band, 11h, DFS enabled */ 57 FCC3_WORLD = 0x3B, /* USA & Canada w/5470 band, 11h, DFS enabled */ 58 59 ETSI1_WORLD = 0x37, 60 ETSI3_ETSIA = 0x32, /* France (optional) */ 61 ETSI2_WORLD = 0x35, /* Hungary & others */ 62 ETSI3_WORLD = 0x36, /* France & others */ 63 ETSI4_WORLD = 0x30, 64 ETSI4_ETSIC = 0x38, 65 ETSI5_WORLD = 0x39, 66 ETSI6_WORLD = 0x34, /* Bulgaria */ 67 ETSI8_WORLD = 0x3D, /* Russia */ 68 ETSI9_WORLD = 0x3E, /* Ukraine */ 69 ETSI_RESERVED = 0x33, /* Reserved (Do not used) */ 70 71 MKK1_MKKA = 0x40, /* Japan (JP1) */ 72 MKK1_MKKB = 0x41, /* Japan (JP0) */ 73 APL4_WORLD = 0x42, /* Singapore */ 74 MKK2_MKKA = 0x43, /* Japan with 4.9G channels */ 75 APL_RESERVED = 0x44, /* Reserved (Do not used) */ 76 APL2_WORLD = 0x45, /* Korea */ 77 APL2_APLC = 0x46, 78 APL3_WORLD = 0x47, 79 MKK1_FCCA = 0x48, /* Japan (JP1-1) */ 80 APL2_APLD = 0x49, /* Korea with 2.3G channels */ 81 MKK1_MKKA1 = 0x4A, /* Japan (JE1) */ 82 MKK1_MKKA2 = 0x4B, /* Japan (JE2) */ 83 MKK1_MKKC = 0x4C, /* Japan (MKK1_MKKA,except Ch14) */ 84 APL2_FCCA = 0x4D, /* Mobile customer */ 85 86 APL3_FCCA = 0x50, 87 APL1_WORLD = 0x52, /* Latin America */ 88 APL1_FCCA = 0x53, 89 APL1_APLA = 0x54, 90 APL1_ETSIC = 0x55, 91 APL2_ETSIC = 0x56, /* Venezuela */ 92 APL5_WORLD = 0x58, /* Chile */ 93 APL6_WORLD = 0x5B, /* Singapore */ 94 APL7_FCCA = 0x5C, /* Taiwan 5.47 Band */ 95 APL8_WORLD = 0x5D, /* Malaysia 5GHz */ 96 APL9_WORLD = 0x5E, /* Korea 5GHz; before 11/2007; now APs only */ 97 APL10_WORLD = 0x5F, /* Korea 5GHz; After 11/2007; STAs only */ 98 99 /* 100 * World mode SKUs 101 */ 102 WOR0_WORLD = 0x60, /* World0 (WO0 SKU) */ 103 WOR1_WORLD = 0x61, /* World1 (WO1 SKU) */ 104 WOR2_WORLD = 0x62, /* World2 (WO2 SKU) */ 105 WOR3_WORLD = 0x63, /* World3 (WO3 SKU) */ 106 WOR4_WORLD = 0x64, /* World4 (WO4 SKU) */ 107 WOR5_ETSIC = 0x65, /* World5 (WO5 SKU) */ 108 109 WOR01_WORLD = 0x66, /* World0-1 (WW0-1 SKU) */ 110 WOR02_WORLD = 0x67, /* World0-2 (WW0-2 SKU) */ 111 EU1_WORLD = 0x68, /* Same as World0-2 (WW0-2 SKU), except active scan ch1-13. No ch14 */ 112 113 WOR9_WORLD = 0x69, /* World9 (WO9 SKU) */ 114 WORA_WORLD = 0x6A, /* WorldA (WOA SKU) */ 115 WORB_WORLD = 0x6B, /* WorldB (WOB SKU) */ 116 WORC_WORLD = 0x6C, /* WorldC (WOC SKU) */ 117 118 MKK3_MKKB = 0x80, /* Japan UNI-1 even + MKKB */ 119 MKK3_MKKA2 = 0x81, /* Japan UNI-1 even + MKKA2 */ 120 MKK3_MKKC = 0x82, /* Japan UNI-1 even + MKKC */ 121 122 MKK4_MKKB = 0x83, /* Japan UNI-1 even + UNI-2 + MKKB */ 123 MKK4_MKKA2 = 0x84, /* Japan UNI-1 even + UNI-2 + MKKA2 */ 124 MKK4_MKKC = 0x85, /* Japan UNI-1 even + UNI-2 + MKKC */ 125 126 MKK5_MKKB = 0x86, /* Japan UNI-1 even + UNI-2 + mid-band + MKKB */ 127 MKK5_MKKA2 = 0x87, /* Japan UNI-1 even + UNI-2 + mid-band + MKKA2 */ 128 MKK5_MKKC = 0x88, /* Japan UNI-1 even + UNI-2 + mid-band + MKKC */ 129 130 MKK6_MKKB = 0x89, /* Japan UNI-1 even + UNI-1 odd MKKB */ 131 MKK6_MKKA2 = 0x8A, /* Japan UNI-1 even + UNI-1 odd + MKKA2 */ 132 MKK6_MKKC = 0x8B, /* Japan UNI-1 even + UNI-1 odd + MKKC */ 133 134 MKK7_MKKB = 0x8C, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + MKKB */ 135 MKK7_MKKA2 = 0x8D, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + MKKA2 */ 136 MKK7_MKKC = 0x8E, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + MKKC */ 137 138 MKK8_MKKB = 0x8F, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + MKKB */ 139 MKK8_MKKA2 = 0x90, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + MKKA2 */ 140 MKK8_MKKC = 0x91, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + MKKC */ 141 142 MKK14_MKKA1 = 0x92, /* Japan UNI-1 even + UNI-1 odd + 4.9GHz + MKKA1 */ 143 MKK15_MKKA1 = 0x93, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + 4.9GHz + MKKA1 */ 144 145 MKK10_FCCA = 0xD0, /* Japan UNI-1 even + UNI-2 + 4.9GHz + FCCA */ 146 MKK10_MKKA1 = 0xD1, /* Japan UNI-1 even + UNI-2 + 4.9GHz + MKKA1 */ 147 MKK10_MKKC = 0xD2, /* Japan UNI-1 even + UNI-2 + 4.9GHz + MKKC */ 148 MKK10_MKKA2 = 0xD3, /* Japan UNI-1 even + UNI-2 + 4.9GHz + MKKA2 */ 149 150 MKK11_MKKA = 0xD4, /* Japan UNI-1 even + UNI-2 + mid-band + 4.9GHz + MKKA */ 151 MKK11_FCCA = 0xD5, /* Japan UNI-1 even + UNI-2 + mid-band + 4.9GHz + FCCA */ 152 MKK11_MKKA1 = 0xD6, /* Japan UNI-1 even + UNI-2 + mid-band + 4.9GHz + MKKA1 */ 153 MKK11_MKKC = 0xD7, /* Japan UNI-1 even + UNI-2 + mid-band + 4.9GHz + MKKC */ 154 MKK11_MKKA2 = 0xD8, /* Japan UNI-1 even + UNI-2 + mid-band + 4.9GHz + MKKA2 */ 155 156 MKK12_MKKA = 0xD9, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + 4.9GHz + MKKA */ 157 MKK12_FCCA = 0xDA, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + 4.9GHz + FCCA */ 158 MKK12_MKKA1 = 0xDB, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + 4.9GHz + MKKA1 */ 159 MKK12_MKKC = 0xDC, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + 4.9GHz + MKKC */ 160 MKK12_MKKA2 = 0xDD, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + 4.9GHz + MKKA2 */ 161 162 MKK13_MKKB = 0xDE, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + mid-band + MKKB + All passive + no adhoc */ 163 164 /* 165 * Following definitions are used only by s/w to map old 166 * Japan SKUs. 167 */ 168 MKK3_MKKA = 0xF0, /* Japan UNI-1 even + MKKA */ 169 MKK3_MKKA1 = 0xF1, /* Japan UNI-1 even + MKKA1 */ 170 MKK3_FCCA = 0xF2, /* Japan UNI-1 even + FCCA */ 171 MKK4_MKKA = 0xF3, /* Japan UNI-1 even + UNI-2 + MKKA */ 172 MKK4_MKKA1 = 0xF4, /* Japan UNI-1 even + UNI-2 + MKKA1 */ 173 MKK4_FCCA = 0xF5, /* Japan UNI-1 even + UNI-2 + FCCA */ 174 MKK9_MKKA = 0xF6, /* Japan UNI-1 even + 4.9GHz */ 175 MKK10_MKKA = 0xF7, /* Japan UNI-1 even + UNI-2 + 4.9GHz */ 176 MKK6_MKKA1 = 0xF8, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + MKKA1 */ 177 MKK6_FCCA = 0xF9, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + FCCA */ 178 MKK7_MKKA1 = 0xFA, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + MKKA1 */ 179 MKK7_FCCA = 0xFB, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + FCCA */ 180 MKK9_FCCA = 0xFC, /* Japan UNI-1 even + 4.9GHz + FCCA */ 181 MKK9_MKKA1 = 0xFD, /* Japan UNI-1 even + 4.9GHz + MKKA1 */ 182 MKK9_MKKC = 0xFE, /* Japan UNI-1 even + 4.9GHz + MKKC */ 183 MKK9_MKKA2 = 0xFF, /* Japan UNI-1 even + 4.9GHz + MKKA2 */ 184 185 /* 186 * Regulator domains ending in a number (e.g. APL1, 187 * MK1, ETSI4, etc) apply to 5GHz channel and power 188 * information. Regulator domains ending in a letter 189 * (e.g. APLA, FCCA, etc) apply to 2.4GHz channel and 190 * power information. 191 */ 192 APL1 = 0x0150, /* LAT & Asia */ 193 APL2 = 0x0250, /* LAT & Asia */ 194 APL3 = 0x0350, /* Taiwan */ 195 APL4 = 0x0450, /* Jordan */ 196 APL5 = 0x0550, /* Chile */ 197 APL6 = 0x0650, /* Singapore */ 198 APL7 = 0x0750, /* Taiwan, disable ch52 */ 199 APL8 = 0x0850, /* Malaysia */ 200 APL9 = 0x0950, /* Korea. Before 11/2007. Now used only by APs */ 201 APL10 = 0x1050, /* Korea. After 11/2007. For STAs only */ 202 203 ETSI1 = 0x0130, /* Europe & others */ 204 ETSI2 = 0x0230, /* Europe & others */ 205 ETSI3 = 0x0330, /* Europe & others */ 206 ETSI4 = 0x0430, /* Europe & others */ 207 ETSI5 = 0x0530, /* Europe & others */ 208 ETSI6 = 0x0630, /* Europe & others */ 209 ETSI8 = 0x0830, /* Russia */ 210 ETSI9 = 0x0930, /* Ukraine */ 211 ETSIA = 0x0A30, /* France */ 212 ETSIB = 0x0B30, /* Israel */ 213 ETSIC = 0x0C30, /* Latin America */ 214 215 FCC1 = 0x0110, /* US & others */ 216 FCC2 = 0x0120, /* Canada, Australia & New Zealand */ 217 FCC3 = 0x0160, /* US w/new middle band & DFS */ 218 FCC4 = 0x0165, /* US Public Safety */ 219 FCC5 = 0x0166, /* US w/ 1/2 and 1/4 width channels */ 220 FCC6 = 0x0610, /* Canada and Australia */ 221 FCCA = 0x0A10, 222 FCCB = 0x0A11, /* US w/ 1/2 and 1/4 width channels */ 223 224 APLD = 0x0D50, /* South Korea */ 225 226 MKK1 = 0x0140, /* Japan (UNI-1 odd)*/ 227 MKK2 = 0x0240, /* Japan (4.9 GHz + UNI-1 odd) */ 228 MKK3 = 0x0340, /* Japan (UNI-1 even) */ 229 MKK4 = 0x0440, /* Japan (UNI-1 even + UNI-2) */ 230 MKK5 = 0x0540, /* Japan (UNI-1 even + UNI-2 + mid-band) */ 231 MKK6 = 0x0640, /* Japan (UNI-1 odd + UNI-1 even) */ 232 MKK7 = 0x0740, /* Japan (UNI-1 odd + UNI-1 even + UNI-2 */ 233 MKK8 = 0x0840, /* Japan (UNI-1 odd + UNI-1 even + UNI-2 + mid-band) */ 234 MKK9 = 0x0940, /* Japan (UNI-1 even + 4.9 GHZ) */ 235 MKK10 = 0x0B40, /* Japan (UNI-1 even + UNI-2 + 4.9 GHZ) */ 236 MKK11 = 0x1140, /* Japan (UNI-1 even + UNI-2 + 4.9 GHZ) */ 237 MKK12 = 0x1240, /* Japan (UNI-1 even + UNI-2 + 4.9 GHZ) */ 238 MKK13 = 0x0C40, /* Same as MKK8 but all passive and no adhoc 11a */ 239 MKK14 = 0x1440, /* Japan UNI-1 even + UNI-1 odd + 4.9GHz */ 240 MKK15 = 0x1540, /* Japan UNI-1 even + UNI-1 odd + UNI-2 + 4.9GHz */ 241 242 MKKA = 0x0A40, /* Japan */ 243 MKKC = 0x0A50, 244 245 NULL1 = 0x0198, 246 WORLD = 0x0199, 247 DEBUG_REG_DMN = 0x01ff, 248}; This can be changed in (btw original code as a little hack from apple): ar9300FillCapabilityInfo() ... *(_WORD *)(a1 + 2326) = 141; KPCM Tool to install extensions Check here https://www.firewolf.science/2015/10/kcpm-utility-pro-v5-0-installing-kexts-repairing-permissions-rebuilding-caches-configuring-sip-and-more/ Kernel kext debug here http://www.insanelymac.com/forum/topic/312254-realtek-ethernet-panic-debug-driver-using-xcode-ui/ Atm AR9462 and 9565 were patched using this mehod. I'll stop on 10.11 for the 9565 card as i cant get a stable kernel to work on my amd machine. AR9485, pci168c,32 also working gj dev9565.zip 0036v03.zip 11 Link to comment Share on other sites More sharing options...
LockDown Posted May 2, 2016 Share Posted May 2, 2016 clover's fakeid and be done with it Link to comment Share on other sites More sharing options...
kylon Posted May 16, 2016 Share Posted May 16, 2016 Does it support AR5BWB222 ? Found on acer aspire v5 571pg Thanks 2 Link to comment Share on other sites More sharing options...
4520s Posted May 17, 2016 Share Posted May 17, 2016 Thank you so much for the provided kext. It works like a charm. AirDrop, location services and everything. clover's fakeid and be done with it Have you tested it? Does it work? Also can the we patch the kext on-the-fly with clover? Using an injector maybe? Link to comment Share on other sites More sharing options...
jalavoui Posted May 17, 2016 Author Share Posted May 17, 2016 if you post the linux dmesg log 4 the airport i can try to check it look 4 lines similiar to this May 2 08:48:26 debian kernel: [ 704.746090] ath: EEPROM regdomain: 0x6c May 2 08:48:26 debian kernel: [ 704.746095] ath: EEPROM indicates we should expect a direct regpair map May 2 08:48:26 debian kernel: [ 704.746101] ath: Country alpha2 being used: 00 May 2 08:48:26 debian kernel: [ 704.746104] ath: Regpair used: 0x6c May 2 08:48:26 debian kernel: [ 704.747589] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' May 2 08:48:27 debian kernel: [ 705.806938] ath: EEPROM regdomain: 0x8348 May 2 08:48:27 debian kernel: [ 705.806950] ath: EEPROM indicates we should expect a country code May 2 08:48:27 debian kernel: [ 705.806955] ath: doing EEPROM country->regdmn map search May 2 08:48:27 debian kernel: [ 705.806960] ath: country maps to regdmn code: 0x3a May 2 08:48:27 debian kernel: [ 705.806964] ath: Country alpha2 being used: US May 2 08:48:27 debian kernel: [ 705.806967] ath: Regpair used: 0x3a May 2 08:48:27 debian kernel: [ 705.806972] ath: regdomain 0x8348 dynamically and ofc u also need to know your card pci id, bsd family etc Plz try to understand that this thread goal is to inspire developers to add/patch new code into Apple kext to make unsupported cards work. This only makes sence if u cant make the card work with old card id patches wich can be done using clover. 4 instance the 9565 patch was done following bsd code+apple code. The patch isn't perfect but it works 2 Link to comment Share on other sites More sharing options...
moustoul Posted May 28, 2016 Share Posted May 28, 2016 Does this support AR9485? Link to comment Share on other sites More sharing options...
ar4er Posted June 9, 2016 Share Posted June 9, 2016 Apparently this is not possible for 9485, as in apples driver for all of the cards used two opcode to initialize baseband,but for 9485 need be three. 00000000000b16f6 mov qword [ds:r15+0x14660], 0x0 00000000000b1701 mov dword [ds:r15+0x14668], 0x0 00000000000b170c mov dword [ds:r15+0x1466c], 0x0 00000000000b1717 lea rcx, qword [ds:_ar9330Common_osprey2_0] 00000000000b171e mov qword [ds:r15+0x14670], rcx 00000000000b1725 mov dword [ds:r15+0x14678], 0x82 00000000000b1730 mov dword [ds:r15+0x1467c], 0x2 00000000000b173b lea rcx, qword [ds:_ar9330Modes_osprey2_0_BB_postamble] /* bb */ INIT_INI_ARRAY(&ahp->ah_ini_bb[ATH_INI_PRE], ar9485_poseidon1_1, ARRAY_LENGTH(ar9485_poseidon1_1), 2); INIT_INI_ARRAY(&ahp->ah_ini_bb[ATH_INI_CORE], ar9485_poseidon1_1_baseband_core, ARRAY_LENGTH(ar9485_poseidon1_1_baseband_core), 2); INIT_INI_ARRAY(&ahp->ah_ini_bb[ATH_INI_POST], ar9485_poseidon1_1_baseband_postamble, ARRAY_LENGTH(ar9485_poseidon1_1_baseband_postamble), 5); Link to comment Share on other sites More sharing options...
jalavoui Posted June 9, 2016 Author Share Posted June 9, 2016 not to shure about it cause in 9565 i didint follow all linux code. the driver got some bugs but it works. With some luck u can find the right path. Try to check bsd sources they always help once u skip the ucode patch. Link to comment Share on other sites More sharing options...
coolstarorg Posted June 11, 2016 Share Posted June 11, 2016 Just wondering, which tool did you use to patch the kext? I have IDA and Hopper but it seems a bit cumbersome for getting all the ucode in. I know which ucodes I need (been experimenting a bit with the Linux driver), just need to patch it into the OS X kext. Link to comment Share on other sites More sharing options...
jalavoui Posted June 11, 2016 Author Share Posted June 11, 2016 same tools as you + kernel debug in xcode Link to comment Share on other sites More sharing options...
coolstarorg Posted June 12, 2016 Share Posted June 12, 2016 I've patched the Linux driver to determine the ucodes necessary and found I only really need the mac core (swapped AR9462's for AR9565 in Linux fine), mac postamble (same as AR9565), baseband core (AR9462 rev. 0) and baseband postamble (AR9462 rev. 0) to at least scan + connect to 2.4 Ghz. I patched the PCI id checks and 0x2c0 -> 0x280 in the OS X driver and now have an en0 with the wifi logo showing. However, it doesn't scan networks :/ Any ideas? With the same AR9565 MAC Core, AR9565 MAC Postamble, AR9462 Baseband Core and AR9462 Baseband Postamble, Linux scans and connects to networks just fine. Here's the patches I made on your AR9565 AirPortAtheros40 for AR9462. It successfully gets the MAC address of the card and shows the wifi logo, but doesn't scan networks yet. I tried switching out the baseband ucode but it doesn't seem to have worked. Mind checking my patches and seeing what I did wrong? Here's the syslog: https://ghostbin.com/paste/aau97 it does appear to be loading and trying to scan but can't :/ AirPortAtheros40_ar9462-bbucode.zip Link to comment Share on other sites More sharing options...
jalavoui Posted June 12, 2016 Author Share Posted June 12, 2016 nice job. I think u're very close to make it work. Funny i got a similiar stage in logs just b4 9565 started to work i hope this doesnt get delete again the 9462 as 2 ucode specifications (from linux). This means u might need todo 2 drivers for the 9462 card 1st spec if ( v1 == 8589935232LL ) { *(_QWORD *)(a1 + 6648) = &ar9462_2p0_mac_core; *(_DWORD *)(a1 + 6656) = 159; *(_DWORD *)(a1 + 6660) = 2; *(_QWORD *)(a1 + 6664) = &ar9331_1p1_mac_postamble; *(_DWORD *)(a1 + 6672) = 8; *(_DWORD *)(a1 + 6676) = 5; *(_QWORD *)(a1 + 6696) = &ar9462_2p0_baseband_core; *(_DWORD *)(a1 + 6704) = 146; *(_DWORD *)(a1 + 6708) = 2; *(_QWORD *)(a1 + 6712) = &ar9462_2p0_baseband_postamble; *(_DWORD *)(a1 + 6720) = 55; *(_DWORD *)(a1 + 6724) = 5; *(_QWORD *)(a1 + 6744) = &ar9462_2p0_radio_core; *(_DWORD *)(a1 + 6752) = 54; *(_DWORD *)(a1 + 6756) = 2; *(_QWORD *)(a1 + 6760) = &ar9462_2p0_radio_postamble; *(_DWORD *)(a1 + 6768) = 4; *(_DWORD *)(a1 + 6772) = 5; *(_QWORD *)(a1 + 6568) = &ar9462_2p0_radio_postamble_sys2ant; *(_DWORD *)(a1 + 6576) = 3; *(_DWORD *)(a1 + 6580) = 5; *(_QWORD *)(a1 + 6776) = &ar9462_2p0_soc_preamble; *(_DWORD *)(a1 + 6784) = 4; *(_DWORD *)(a1 + 6788) = 2; *(_QWORD *)(a1 + 6808) = &ar9462_2p0_soc_postamble; *(_DWORD *)(a1 + 6816) = 1; *(_DWORD *)(a1 + 6820) = 5; *(_QWORD *)(a1 + 6472) = &ar9462_2p0_common_rx_gain; *(_DWORD *)(a1 + 6480) = 256; *(_DWORD *)(a1 + 6484) = 2; *(_QWORD *)(a1 + 6408) = &ar9462_2p0_pciephy_clkreq_disable_L1; *(_DWORD *)(a1 + 6416) = 3; *(_DWORD *)(a1 + 6420) = 2; *(_QWORD *)(a1 + 6424) = &ar9462_2p0_pciephy_clkreq_disable_L1; *(_DWORD *)(a1 + 6432) = 3; *(_DWORD *)(a1 + 6436) = 2; *(_QWORD *)(a1 + 6440) = &ar9462_2p0_modes_fast_clock; } 2nd spec if ( v1 == 12884902528LL ) { *(_QWORD *)(a1 + 6648) = &ar9462_2p1_mac_core; *(_DWORD *)(a1 + 6656) = 159; *(_DWORD *)(a1 + 6660) = 2; *(_QWORD *)(a1 + 6664) = &ar9331_1p1_mac_postamble; *(_DWORD *)(a1 + 6672) = 8; *(_DWORD *)(a1 + 6676) = 5; *(_QWORD *)(a1 + 6696) = &ar9462_2p0_baseband_core; *(_DWORD *)(a1 + 6704) = 146; *(_DWORD *)(a1 + 6708) = 2; *(_QWORD *)(a1 + 6712) = &ar9462_2p1_baseband_postamble; *(_DWORD *)(a1 + 6720) = 55; *(_DWORD *)(a1 + 6724) = 5; *(_QWORD *)(a1 + 6744) = &ar9462_2p0_radio_core; *(_DWORD *)(a1 + 6752) = 54; *(_DWORD *)(a1 + 6756) = 2; *(_QWORD *)(a1 + 6760) = &ar9462_2p0_radio_postamble; *(_DWORD *)(a1 + 6768) = 4; *(_DWORD *)(a1 + 6772) = 5; *(_QWORD *)(a1 + 6568) = &ar9462_2p0_radio_postamble_sys2ant; *(_DWORD *)(a1 + 6576) = 3; *(_DWORD *)(a1 + 6580) = 5; *(_QWORD *)(a1 + 6776) = &ar9462_2p1_soc_preamble; *(_DWORD *)(a1 + 6784) = 4; *(_DWORD *)(a1 + 6788) = 2; *(_QWORD *)(a1 + 6808) = &ar9462_2p0_soc_postamble; *(_DWORD *)(a1 + 6816) = 1; *(_DWORD *)(a1 + 6820) = 5; *(_QWORD *)(a1 + 6472) = &ar9462_2p0_common_rx_gain; *(_DWORD *)(a1 + 6480) = 256; *(_DWORD *)(a1 + 6484) = 2; *(_QWORD *)(a1 + 6440) = &ar9462_2p0_modes_fast_clock; *(_DWORD *)(a1 + 6448) = 9; *(_DWORD *)(a1 + 6452) = 3; *(_QWORD *)(a1 + 6536) = &ar9300_2p2_baseband_core_txfir_coeff_japan_2484; *(_DWORD *)(a1 + 6544) = 3; *(_DWORD *)(a1 + 6548) = 2; *(_QWORD *)(a1 + 6408) = &ar9462_2p0_pciephy_clkreq_disable_L1; *(_DWORD *)(a1 + 6416) = 3; *(_DWORD *)(a1 + 6420) = 2; *(_QWORD *)(a1 + 6424) = &ar9462_2p0_pciephy_clkreq_disable_L1; *(_DWORD *)(a1 + 6432) = 3; *(_DWORD *)(a1 + 6436) = 2; goto LABEL_15; } As u have find out u dont need to port all this ucode. Use only what is need to make the driver start up. Btw in your patch u're using other ucodes why? u can also try to use some of the linux values if that helps make the driver stable example: *(_DWORD *)(a1 + 6656) = 159;*(_DWORD *)(a1 + 6660) = 2; after u get this done u need to focus on the ucode for rx/tx they are in this functions: ar9300TxGainTableApply(v13);ar9300RxGainTableApply(v13); then, and as ur'e using family 0x280 check 4 9565 id (0x2C0) in code and replace with 0x280. Be careful cause this can lead do kernel panic i do got some kp b4 made the driver work finally u should change this ar9300FillCapabilityInfo() ... if ( v3 == 108 ) { *(_WORD *)(a1 + 2326) = 141; } i'm gonna patch this in 9565 and remove the if ( v3 == 108 ) idk if u use 5ghz. if so u need to find a value that works. Link to comment Share on other sites More sharing options...
coolstarorg Posted June 12, 2016 Share Posted June 12, 2016 I found on the Linux driver, the mac core and mac postamble for AR9565 works fine on AR9462. The card that I have uses ucode revision 0 in Linux. The baseband core + postamble for AR9462 must be there for the card to init under Linux though. For 5 Ghz, the radio postamble + Sys2Ant ucode is required (the sys2ant ucode can be combined right after the radio postamble and it works though). Seems the rx/tx ucodes aren't required under Linux? Just wondering, mind joining an IRC or something so we can discuss this faster? This is what I have working under Linux: } else if (AR_SREV_9462_20(ah)) { printk(KERN_ALERT "AR9462 Revision 2p0\n"); //INIT_INI_ARRAY(&ah->iniMac[ATH_INI_CORE], ar9462_2p0_mac_core); INIT_INI_ARRAY(&ah->iniMac[ATH_INI_CORE], ar9565_1p0_mac_core); INIT_INI_ARRAY(&ah->iniMac[ATH_INI_POST], ar9462_2p0_mac_postamble); INIT_INI_ARRAY(&ah->iniBB[ATH_INI_CORE], ar9462_2p0_baseband_core); INIT_INI_ARRAY(&ah->iniBB[ATH_INI_POST], ar9462_2p0_baseband_postamble); //INIT_INI_ARRAY(&ah->iniRadio[ATH_INI_CORE], // ar9462_2p0_radio_core); //test required for 5 ghz //INIT_INI_ARRAY(&ah->iniRadio[ATH_INI_POST], // ar9462_2p0_radio_postamble); //INIT_INI_ARRAY(&ah->ini_radio_post_sys2ant, // ar9462_2p0_radio_postamble_sys2ant); //test - required for 5 ghz INIT_INI_ARRAY(&ah->iniRadio[ATH_INI_POST], ar9462_2p0_radio_postamble_combined); //end test //INIT_INI_ARRAY(&ah->iniSOC[ATH_INI_PRE], // ar9462_2p0_soc_preamble); //INIT_INI_ARRAY(&ah->iniSOC[ATH_INI_POST], // ar9462_2p0_soc_postamble); //INIT_INI_ARRAY(&ah->iniModesRxGain, // ar9462_2p0_common_rx_gain); /* Awake -> Sleep Setting */ //if ((ah->config.pll_pwrsave & AR_PCIE_PLL_PWRSAVE_CONTROL) && // (ah->config.pll_pwrsave & AR_PCIE_PLL_PWRSAVE_ON_D3)) { // INIT_INI_ARRAY(&ah->iniPcieSerdes, // ar9462_2p0_pciephy_clkreq_disable_L1); //} /* Sleep -> Awake Setting */ //if ((ah->config.pll_pwrsave & AR_PCIE_PLL_PWRSAVE_CONTROL) && // (ah->config.pll_pwrsave & AR_PCIE_PLL_PWRSAVE_ON_D0)) { // INIT_INI_ARRAY(&ah->iniPcieSerdesLowPower, // ar9462_2p0_pciephy_clkreq_disable_L1); //} /* Fast clock modal settings */ //INIT_INI_ARRAY(&ah->iniModesFastClock, // ar9462_2p0_modes_fast_clock); //INIT_INI_ARRAY(&ah->iniCckfirJapan2484, // ar9462_2p0_baseband_core_txfir_coeff_japan_2484); } else if (AR_SREV_9550(ah)) { Link to comment Share on other sites More sharing options...
jalavoui Posted June 12, 2016 Author Share Posted June 12, 2016 if that works under linux then u just need to work on the mac os x rx/tx functions and it will start working if that fails under os x u will need to recheck the needed ucodes this is not a easy task and it will take u some time I also used freebsd sources when working on the driver. This links might help: #define AR_SREV_VERSION_JUPITER 0x280 then u have #define AR_SREV_JUPITER(_ah) \ 3005 ((AH_PRIVATE((_ah))->ah_macVersion == AR_SREV_VERSION_JUPITER)) 3006 3007#define AR_SREV_JUPITER_10(_ah) \ 3008 ((AH_PRIVATE((_ah))->ah_macVersion == AR_SREV_VERSION_JUPITER) && \ 3009 (AH_PRIVATE((_ah))->ah_macRev == AR_SREV_REVISION_JUPITER_10)) 3010 3011#define AR_SREV_JUPITER_20(_ah) \ 3012 ((AH_PRIVATE((_ah))->ah_macVersion == AR_SREV_VERSION_JUPITER) && \ 3013 (AH_PRIVATE((_ah))->ah_macRev == AR_SREV_REVISION_JUPITER_20)) 3014 3015#define AR_SREV_JUPITER_20_OR_LATER(_ah) \ 3016 ((AH_PRIVATE((_ah))->ah_macVersion == AR_SREV_VERSION_JUPITER) && \ 3017 (AH_PRIVATE((_ah))->ah_macRev >= AR_SREV_REVISION_JUPITER_20)) U can check how the driver work in freebsd. Start searching here http://code.metager.de/source/s?refs=AR_SREV_JUPITER&project=DragonFly-BSD Link to comment Share on other sites More sharing options...
simras Posted June 12, 2016 Share Posted June 12, 2016 Hello for me nothing work, for wifi i modify the kext for my specs and do the same for bluetooth but nothing.... I just have for bluetooth the screen that saying that it try to search bluetooth product but nothing, the button for deactivate the bluetooth is gray and impossible to use. For wifi there is no option. I used a combo Killer 1525, the wifi is an atheros with vendor: 168C Device: 003E, seems to match with an QCA6174 For the bluetooth its vendor : 0CF3 Device: 3004, seems to match with an AR3012 So if someone can help me.. Maybe i do something wrong ? Link to comment Share on other sites More sharing options...
coolstarorg Posted June 23, 2016 Share Posted June 23, 2016 Got partial success on AR9462! I managed to get working 5 ghz. The card thinks it's in Japan for some reason. It connects and is stable on 5 ghz. For some reason the system freezes sometimes on 2.4 Ghz. The freezing is intermittent and only seems to be on 2.4 ghz, not 5 ghz. Also, for some reason the card doesn't scan networks on a cold boot. I have to boot into Windows/Linux and do a warm reboot from Windows/Linux into OS X to have working wifi. Update: Fixed 2.4 Ghz freezing. Just had to change country code from JP to FCC. 2 Link to comment Share on other sites More sharing options...
coolstarorg Posted June 23, 2016 Share Posted June 23, 2016 Working binary for AR9462 MacRev 2. Tested on Acer C720 chromebook. Fully working 2.4 Ghz and 5 Ghz WiFi. Modify Info.plist to switch 168c:30 id to 168c:34. Does not work on a cold boot. Boot into Windows and then warm reboot into OS X for working wifi. Place binary in /System/Library/Extensions/IO80211Family.kext/Contents/Plugins/AirPortAtheros40.kext/Contents/MacOS/ as AirPortAtheros40. Current issues: Sleep/Resume kills wifi WiFi doesn't work on a cold boot. Only when warm rebooting from Windows or Linux System sometimes freezes when connecting to a 2.4 Ghz network [fixed in patch12] Download appears to have slower than normal speeds than Windows/Linux (maxes at 100 mbit instead of 200 mbit), although upload seems to be fine. If you run into issues with wifi on this kext, please use IORegistryExplorer, find "AirPort_AtherosNewma40" and get its en0's IO80211HardwareVersion and include its contents with the message. Changelog: * patch10 - initial version verified working for 5 ghz * patch11 - remove several 0x200 -> 0x280 changes to use code for 0x1C0 instead * patch12 - set correct locale code (FCC) instead of JP to fix 2.4 Ghz freezing AirPortAtheros40-patch10 AR9462 MacRev 2.zip AirPortAtheros40-patch12 AR9462 MacRev 2.zip 4 Link to comment Share on other sites More sharing options...
coolstarorg Posted June 24, 2016 Share Posted June 24, 2016 @jalavoui how did you patch the ucodes in rx/tx? I found the address it loads the ucodes from, but I didn't see any length parameter I could patch/change... Link to comment Share on other sites More sharing options...
jalavoui Posted June 24, 2016 Author Share Posted June 24, 2016 Amazing job. i'm happy to see other cards working with this metod. if u can't boot in cold boot its maybe cause u miss some ucodes (if u boot 1st from linux or windows and reboot they get loaded). i'll check the rx/tx patch. brb did u enable bluettoth with BTFirmwareUploader ? Ok things to check: - Check if u didnt mistake the patched ucode sizes. I got a few errors on them b4. From your's patch: signed __int64 __fastcall ar9300RxGainTableApply(__int64 a1) { bool v1; // zf@3 int v2; // eax@3 void *v3; // rax@6 signed __int64 result; // rax@17 if ( *(_DWORD *)(a1 + 2060) != 448 || *(_WORD *)(a1 + 2064) ) { v1 = ar9300RxGainIndexGet(a1) == 1; v2 = *(_DWORD *)(a1 + 2060); if ( !v1 ) { if ( v2 == 448 ) { if ( *(_WORD *)(a1 + 2064) == 2 ) { v3 = &ar9300Common_rx_gain_table_osprey_2p0; goto LABEL_17; } } else if ( v2 == 640 ) { v3 = &ar9330Common_rx_gain_osprey2_0; goto LABEL_17; } v3 = &ar9300Common_rx_gain_table_osprey_2p2; goto LABEL_17; } if ( v2 != 448 || *(_WORD *)(a1 + 2064) != 2 ) v3 = &ar9300Common_wo_xlna_rx_gain_table_osprey_2p2; else v3 = &ar9300Common_wo_xlna_rx_gain_table_osprey_2p0; } else if ( ar9300RxGainIndexGet(a1) == 1 ) { v3 = &ar9300Common_wo_xlna_rx_gain_osprey1_0; } else { v3 = &ar9300Common_rx_gain_osprey1_0; } LABEL_17: *(_QWORD *)((char *)&loc_14610 + a1) = v3; result = 8589934848LL; *(_QWORD *)(a1 + 83480) = 8589934848LL; return result; This code is similiar as in frebsd tree but in linux u have: v2 = ar9003_hw_get_rx_gain_idx(a1); if ( v2 == 2 ) { result = *(_QWORD *)(a1 + 632) & 0xFFFEFFFFFFFFLL; if ( result == 8589935232LL ) { *(_QWORD *)(a1 + 6472) = &ar9462_2p0_common_mixed_rx_gain; *(_DWORD *)(a1 + 6480) = 256; *(_DWORD *)(a1 + 6484) = 2; *(_QWORD *)(a1 + 6600) = &ar9462_2p0_baseband_core_mix_rxgain; *(_DWORD *)(a1 + 6608) = 1; *(_DWORD *)(a1 + 6612) = 2; *(_QWORD *)(a1 + 6616) = &ar9462_2p0_baseband_postamble_mix_rxgain; *(_DWORD *)(a1 + 6624) = 6; *(_DWORD *)(a1 + 6628) = 5; *(_QWORD *)(a1 + 6584) = &ar9462_2p0_baseband_postamble_5g_xlna; *(_DWORD *)(a1 + 6592) = 1; *(_DWORD *)(a1 + 6596) = 5; } return result; } if ( v2 == 3 ) { result = *(_QWORD *)(a1 + 632) & 0xFFFEFFFFFFFFLL; if ( result == 8589935232LL ) { *(_QWORD *)(a1 + 6472) = &ar9462_2p0_common_mixed_rx_gain; *(_DWORD *)(a1 + 6480) = 256; *(_DWORD *)(a1 + 6484) = 2; *(_QWORD *)(a1 + 6584) = &ar9462_2p0_baseband_postamble_5g_xlna; *(_DWORD *)(a1 + 6592) = 1; *(_DWORD *)(a1 + 6596) = 5; } return result; } This wont be easy to patch. I'll do some more checks Did u checked this (AR_SREV_JUPITER) in source code? http://code.metager.de/source/s?refs=ar9300_attach&project=DragonFly-BSD Check if in ar9300Attach you hit this code (i mean the "return v13" ) x18_populate_regdomain_tables(v13, 33372LL, v37); *(_DWORD *)(v13 + 2484) = 25; return v13; } Link to comment Share on other sites More sharing options...
coolstarorg Posted June 24, 2016 Share Posted June 24, 2016 @jalavoui yes, I enabled bluetooth with BTFirmwareUploader Also, in case this helps, I made 2 text files of which bytes I patched (excluding ucode) and a text file of the ucode I patched in. Hope this makes it easier to look at my rx/tx patch. diff-patch12.txt ucode patch summary.txt Link to comment Share on other sites More sharing options...
jalavoui Posted June 24, 2016 Author Share Posted June 24, 2016 In 9565 i did check code for rx/tx in: http://code.metager.de/source/xref/DragonFly-BSD/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_attach.c#ar9300_rx_gain_table_apply and http://code.metager.de/source/xref/DragonFly-BSD/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_attach.c#ar9300_tx_gain_table_apply But i didint need to use 5ghz. I think your card can be harder - but not impossible cause u already make it work Hope other users with your card can give feedback. Ok i just remenbered that in 9565 i used this (same as in rx) signed __int64 __fastcall ar9300TxGainTableApply(__int64 a1) { int v1; // eax@3 void *v2; // rax@7 void *v3; // rax@15 int v4; // eax@17 void *v5; // rax@18 int v6; // eax@19 signed __int64 result; // rax@22 if ( *(_DWORD *)(a1 + 2060) != 448 || *(_WORD *)(a1 + 2064) ) { v1 = ar9300TxGainIndexGet(a1); switch ( v1 ) { case 1: if ( *(_DWORD *)(a1 + 2060) == 448 && *(_WORD *)(a1 + 2064) == 2 ) { v2 = &ar9300Modes_high_ob_db_tx_gain_table_osprey_2p0; goto LABEL_22; } v3 = &unk_129890; break; case 2: if ( *(_DWORD *)(a1 + 2060) == 448 && *(_WORD *)(a1 + 2064) == 2 ) { v2 = &ar9300Modes_low_ob_db_tx_gain_table_osprey_2p0; LABEL_22: *(_QWORD *)(a1 + 83488) = v2; result = 21474836554LL; goto LABEL_32; } v3 = &unk_121F80; break; case 3: if ( *(_DWORD *)(a1 + 2060) == 448 && *(_WORD *)(a1 + 2064) == 2 ) { v2 = &ar9300Modes_high_power_tx_gain_table_osprey_2p0; goto LABEL_22; } v3 = &unk_12B428; break; default: v6 = *(_DWORD *)(a1 + 2060); if ( v6 == 448 ) { if ( *(_WORD *)(a1 + 2064) == 2 ) { v2 = &unk_121F80; goto LABEL_22; } } else if ( v6 == 704 ) { *(_QWORD *)(a1 + 83488) = &unk_121F80; result = 21474836545LL; goto LABEL_32; } v3 = &unk_121F80; break; } *(_QWORD *)(a1 + 83488) = v3; result = 21474836582LL; goto LABEL_32; } v4 = ar9300TxGainIndexGet(a1); if ( v4 == 1 ) { v5 = &unk_129890; } else if ( v4 == 2 ) { v5 = &unk_121F80; } else { v5 = &unk_12B428; } *(_QWORD *)(a1 + 83488) = v5; result = 21474836551LL; LABEL_32: *(_QWORD *)(a1 + 83496) = result; return result; } the &unk_xxx as u can see is replaced ucode (i only did this when the original code size didint match 9565 ucode) btw why did u kept the original ucode labels ? recheck the sizes from 9462 Anyway i remenbered that in rx/tx and while i was trying to compare the unix/freebsd code agains mac os x the driver just wouldn't work So i end up using the low_ob_db_tx_xxxx ucode as a litle hack to make the driver work This means u might need to test in 9462 and find wich ucodes will work better doing this made 9565 work at max tx/rx speed Link to comment Share on other sites More sharing options...
TheRacerMaster Posted June 26, 2016 Share Posted June 26, 2016 Excellent work jalavoui and coolstar. I have a supported card (AR9380) but it has an invalid regdomain (0x21); using your info I figured out how to patch AirPortAtheros40 to change it: Comment: Override regdomain (1 of 2) Find: 83bb2008 00000674 64 Name: com.apple.driver.AirPort.Atheros40 Replace: 83bb2008 000006eb 36 Comment: Override regdomain (2 of 2) Find: 66c78316 09000043 0066b843 00 Name: com.apple.driver.AirPort.Atheros40 Replace: 66c78316 09000000 0066b800 00 Just had to change one JE at 0xb1b37 to a JMP pointing to 0xb1b6f (where rbx+0x916 and ax are set to 0x43), then used coolstar's patch (the second one) to change the regdomain from 0x43 (JP) to 0x00 (US - thanks to ReddestDream for clarifying). 10.11.5 patch (the second patch is identical): Comment: Override regdomain (1 of 2) Find: 83bb2008 00000674 5f Name: com.apple.driver.AirPort.Atheros40 Replace: 83bb2008 000006eb 31 2 Link to comment Share on other sites More sharing options...
ReddestDream Posted June 26, 2016 Share Posted June 26, 2016 Just had to change one JE at 0xb1b37 to a JMP pointing to 0xb1b6f (where rbx+0x916 and ax are set to 0x43), then used coolstar's patch (the second one) to change the regdomain from 0x43 (JP) to 0x00 (automatic). Just FYI, 0x00 is not automatic. It's FCC/USA for Atheros. I was playing around with this with CoolStar when we figured it out . . . "The 0x0 value of a regulatory domain is to be used by Atheros devices to map to the “US”, always. This is as per Atheros documentation to manufacturers. Manufacturers wanting to enable users to use cards as “region free” should supply their own builds of CRDA and a signed regulatory database." https://wireless.wiki.kernel.org/en/users/drivers/ath http://article.gmane.org/gmane.linux.kernel.wireless.general/38410 1 Link to comment Share on other sites More sharing options...
TheRacerMaster Posted June 26, 2016 Share Posted June 26, 2016 Just FYI, 0x00 is not automatic. It's FCC/USA for Atheros. I was around with this with CoolStar when we figured it out . . . "The 0x0 value of a regulatory domain is to be used by Atheros devices to map to the “US”, always. This is as per Atheros documentation to manufacturers. Manufacturers wanting to enable users to use cards as “region free” should supply their own builds of CRDA and a signed regulatory database." https://wireless.wiki.kernel.org/en/users/drivers/ath http://article.gmane.org/gmane.linux.kernel.wireless.general/38410 Ah, thanks for the clarification. Link to comment Share on other sites More sharing options...
calibre™ Posted June 27, 2016 Share Posted June 27, 2016 * patch10 - initial version verified working for 5 ghz * patch11 - remove several 0x200 -> 0x280 changes to use code for 0x1C0 instead * patch12 - set correct locale code (FCC) instead of JP to fix 2.4 Ghz freezing for which OS X build? Link to comment Share on other sites More sharing options...
Recommended Posts