AtherosROMKit
AtherosROMKit copied to clipboard
Published
20 hours ago •
andyvand
andyvand
iwleeprom doesn't actually write AR9300 EEPROM
I am trying to use iwleeprom to change the regulatory domain of about twenty AR9380 chips, most of them having annoying 0x64/0x65. They are all EEPROM, not OTP. I can dump the ROM, change the regdomain and checksum, but when I try to write it, nothing changes. The regdomain and checksum just stay the same.
Every time I attempt to write again, the same regions are claimed to be written, but nothing happens.
Is this tool still under development? Because I would really like to get this to work.
This is what happens with iwleeprom:
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -s
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0064 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -o original.bin
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
Saving dump with byte order: LITTLE ENDIAN
0000 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0080 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0100 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0180 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0200 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0280 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0300 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0380 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
EEPROM has been dumped to 'original.bin'
<edited with GHex>
root@ubuntu:~# ./iwleeprom -D1 -n -i new.bin -F ath9300 -s
debug level: 1
Forced driver name: ath9300
Device-less operation...
Using IO driver (forced): ath9300
byte order: LITTLE ENDIAN
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5a6
CRC (eval) : c5a6
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0037 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -i new.bin
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
About to write device EEPROM, press 'Y' if you are sure... Y
Writing data to EEPROM...
'.' = match, 'x' = write
Dump file byte order: LITTLE ENDIAN
0000 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0080 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0100 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0180 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0200 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0280 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0300 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0380 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
EEPROM has been written from 'new.bin'
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -s
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0064 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
This is what happens with MacNB_iwleeprom:
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -s
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0064 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -o original.bin
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
Saving dump with byte order: LITTLE ENDIAN
0000 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0080 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0100 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0180 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0200 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0280 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0300 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
0380 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
EEPROM has been dumped to 'original.bin'
<edited with GHex>
root@ubuntu:~# ./iwleeprom -D1 -n -i new.bin -F ath9300 -s
debug level: 1
Forced driver name: ath9300
Device-less operation...
Using IO driver (forced): ath9300
byte order: LITTLE ENDIAN
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5a6
CRC (eval) : c5a6
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0037 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -i new.bin
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
About to write device EEPROM, press 'Y' if you are sure... Y
Writing data to EEPROM...
'.' = match, 'x' = write
Dump file byte order: LITTLE ENDIAN
0000 [................................................................]
0080 [................................................................]
0100 [................................................................]
0180 [
**** Write verify error: Addr 0180, wrote a6c5, read d3c5 ****...............................................................]
0200 [................................................................]
0280 [................................................................]
0300 [................................................................]
0380 [...............................................
**** Write verify error: Addr 03de, wrote 370e, read 640e ****................]
EEPROM has been written from 'new.bin'
root@ubuntu:~# ./iwleeprom -D1 -d 0000:02:00.0 -s
debug level: 1
Using device 0000:02:00.0 [RW] AR9300 Wireless Adapter (PCI-E)
IO driver: ath9300
Supported ops: read write parse
address: e1500000
HW: AR9300 (PCI-E) rev 0003
RF: integrated
Trying EEPROM access...
OTP address out of range: 0fff
OTP address out of range: 1001
ath9300_eeprom_check_header 00000000 @0fff r=0
Filling ath9300 EEPROM... DONE
OTP address out of range: 0401
ath9300_eeprom_check_header 00650000 @03ff r=1
AR9300 device NVM type: EEPROM (data block @03ff)
Found block at 3ff: code=3 ref=5 length=634 major=2 minor=12 (RAW: 0ca22765)
Calculating EEPROM CRC...
CRC (stored): c5d3
CRC (eval) : c5d3
compression : block
ath9300 short eeprom base: 384 (0x0180) size: 640
==== BASE ====
Version : 02
Template : 05
Cust data : C86120412JUDDV3AW
MAC address : e4:ce:8f:<cut>
Reg. domain : 0064 001f
Tx mask : 0111
Rx mask : 0111
Capabilities: 03
Bands: 5GHz 2.4GHz
HT 2G: HT20 HT40
HT 5G: HT20 HT40
Misc flags : 00
Big endian : 0
==== MISC ====
rfSilent : 00
BT options : 00
deviceCap : 00
deviceType : 05
pwrTableOffset : 00
tuning params : 00 00
featureEnable : 0d
miscConfig : 14
txrxgain : 00
swreg : 00000000
==== GPIO ====
EEPROM WE : 06
WLAN disable : 00
WLAN LED : 08
Rx band select : ff
