Tricky Task, need a hand from linux experts

Aod

Aod

Aod

Soldato
Joined
7 Oct 2004
Posts
8,662
Location
London
Hey guys, i've recently managed to acquire two Intel WiFi-Link Ultimate-N 6300 cards from ebay, one of which was intended for my desktop and the other bound for my laptop.
However, my laptop is a Lenovo Thinkpad X200 which has BIOS whitelisting for the VendorID on WiFi cards used on the system to ensure that Laptop/Card combinations are FCC approved.

As a result of this, the new card isn't a Lenovo-brand part and thus won't function in my laptop.
What i need to do is using linux, dump the cards firmware, modify the vendorID in the firmware to match the authorised Lenovo VendorID and then re-flash the card, so i can then use it in the lappy.

i have the hardware needed for this (a miniPCI-express adapter for the desktop) with which to do the modifying since the Thinkpad won't boot with the hooky card in it yet.

however, my experience with linux has been focused much more on other areas and i'm not sure how to go about this task. advice would be strongly appreciated. :)
 
Just off the top of my head (and quite possibly wrong) im not sure it's going to be possible.

I would think it's more complex than it's worth. For example, the firmware probably has checksums to verify it's integrity, meaning that to change the vendor ID you would need to:

- Locate the vendor ID in the dump + change it
- Locate any checksums
- Learn the checksum/hashing algorithm in use
- Recompute checksum and replace the old one

To get the firmware dump may also be tricky, I don't think you will be able to pull it straight off the card using the standard interface. Possibly more complex electronics involved to pull it directly off the chip.

And im assuming the firmware isn't stored on write-once memory, not sure about that.

Good luck anyway! :D
 
well, I know that for older, less expensive Intel WiFi cards there's no checksumming for the firmware and they can definitely have the firmware dumped through the normal interface, as well as being able to be re-write it back to the card...

i don't have any reason to presume that the 6300 would be any different...
 
Ok cool, now i've rested from work and thought more :)

- The NIC will have EEPROM so obviously r/w should be doable.

- No checksumming is good.

So the BIOS gives the NIC a physical memory range and the kernel maps it to virtual address space. Given the virtual base address of the NIC you can access the EEPROM from userland.

So, it looks like ethtool both allows you to extract the EEPROM image and change it.

Code: 
-e --eeprom-dump
    retrieves and prints an EEPROM dump for the specified ethernet device. When raw is enabled, then it dumps the raw EEPROM data to stdout. The length and offset parameters allow dumping certain portions of the EEPROM. Default is to dump the entire EEPROM. 

-E --change-eeprom 
  Changes EEPROM byte for the specified ethernet device. offset and value specify which byte and it's new value. Because of the persistent nature of writing to the EEPROM, a device-specific magic key must be specified to prevent the accidental writing to the EEPROM.

So, can you obtain the output of: ethtool -e eth0 raw on > firmware.bin and upload it?

Theoretically, I guess you can just edit that binary data in a hex editor, assuming you know what to change.

The first few bytes of my NIC are:
Code: 
AbCdEfG73035BCP�RVMNMarvellSNthernet Controller�IPN

So maybe it's more complex than vendor specific byte you need to change (e.g a ASCII vendor name)? Depends on the BIOS checking mechanism I guess.

Hope that's more help :)
 
Last edited:
tntcoder said:
Ok cool, now i've rested from work and thought more :)

- The NIC will have EEPROM so obviously r/w should be doable.

- No checksumming is good.

So the BIOS gives the NIC a physical memory range and the kernel maps it to virtual address space. Given the virtual base address of the NIC you can access the EEPROM from userland.

So, it looks like ethtool both allows you to extract the EEPROM image and change it.

Code: 
-e --eeprom-dump
    retrieves and prints an EEPROM dump for the specified ethernet device. When raw is enabled, then it dumps the raw EEPROM data to stdout. The length and offset parameters allow dumping certain portions of the EEPROM. Default is to dump the entire EEPROM. 

-E --change-eeprom 
  Changes EEPROM byte for the specified ethernet device. offset and value specify which byte and it's new value. Because of the persistent nature of writing to the EEPROM, a device-specific magic key must be specified to prevent the accidental writing to the EEPROM.

So, can you obtain the output of: ethtool -e eth0 raw on > firmware.bin and upload it?

Theoretically, I guess you can just edit that binary data in a hex editor, assuming you know what to change.

The first few bytes of my NIC are:
Code: 
AbCdEfG73035BCP�RVMNMarvellSNthernet Controller�IPN

So maybe it's more complex than vendor specific byte you need to change (e.g a ASCII vendor name)? Depends on the BIOS checking mechanism I guess.

Hope that's more help :)
Click to expand...

Fab Matey, i'm off to linuxland now and i'll get back to you asap :)
 
see, i was going of the information on the Linux-Thinkpad-Wiki which now appears to be grossly out of date. :(

<edit>
Aaargh, it's not a patch, it's a few tools that've been collected and then used to modify the BIOS, but the explanation given is almost completely nonsensical!

i'll just have the guy do it for me, like just about everyone else is doing.
 
Last edited:
Aod said:
see, i was going of the information on the Linux-Thinkpad-Wiki which now appears to be grossly out of date. :(

<edit>
Aaargh, it's not a patch, it's a few tools that've been collected and then used to modify the BIOS, but the explanation given is almost completely nonsensical!

i'll just have the guy do it for me, like just about everyone else is doing.
Click to expand...

The OP is AWOL, but various peeps are still doing it. Stick a post at the end of the thread & someone ought to get back to you :)

FWIW, it's not that hard really, if you want some sensible instructions, this is half-way through the thread:
http://www.thinkpads.com/forum/viewtopic.php?p=591791#p591791

-Leezer-
 
No problems, I've done mine this way (Z61M, lovely little machine if a little heavy)

Wandering off topic, the 'thing' in my sig is actually based on a little bit of unused concept art from Sid Meier's Alpha Centauri (IIRC was called a grazer). I found the image and added the color & a couple of tweaks the better part of 10 years ago now and it's lived there ever since :)

-Leezer-
 
You must log in or register to reply here.
Back
Top Bottom