I'm a stupid stubborn bastard and spent a good two days to get three orinocos reflashed and the silver to gold hack (ie. 104bit WEP and 14 channels) working. Now, after lots of swearing and gazillions of reboots it works on all three cards, one original lucent silver orinoco and two enterasys/cabletron roamabouts.

Most of the time was spent rebooting lose98 in various configurations to get the various broken WSUs to see the friggin cards. What follows are some notes beyond what you can google for yourself:

The orinoco driver (0.13 and 0.15) on my systems always says "104-bit WEP"...the only way to reliably find out the truth is to hand the card a long WEP key. If it doesn't do 104bit, it'll simply ignore the extra bits and continue to talk to your 40bit equipment. iwlist and iwconfig will show a long key. If it can do 104bit, communications with 40bit equipment will miraculously fail as soon as you finish your iwconfig :-)

The need to reflash the secondary firmware (station firmware) after altering the PDA is real. The contents of the PDA nvram/flash(?) have no effect whatsoever until combined with a firmware (upgrade) and loaded into flash.

The problem with this is that there are no non-windows firmware files available. The closest you get to success is prism2dl (linux-wlan-ng project) which would flash a firmware if you had one available in the weird S3 HEX format. Unfortunately prism2dl doesn't read firmware from flash at all.

the windows WSU crap things are executables, and I haven't found a tool to extract secondary firmwares. the hfwget tool (hermes-ap project) extracts firmware from windows drivers (w*.sys), but these include only tertiary firmware (access-point mode) and ram-only secondary firmware (which can't be flashed), as the fucking win drivers replace the firmware on card load. Also hfwget's format is not S3 but similar (and there is source for it, so that couldn't be a real problem).

alchemy doesn't work on my lose98 box, at all. There goes the 'safe and easy' way of doing things.

The older manual flash.exe / flashold.exe fuglyness worked on the original orinoco, but not on the roamabouts: the program would barf during writing to the PDA nvram: "Offset busy bit never cleared.RID FD01 read error." or "Error - Command 322 never signaled status!" depending on the version of flash.exe tried. This error plagued a few people, but as flash.exe is NDA-ware leaked from within intersil, there is zero chance on getting that thing fixed.

This here is a nice short description of how to use prism2dl to do the PDA update; I might add that prism2dl requires the address of the PDA to write to as an argument (in my case "-l 0x390000").

The linux-wlan-ng Debian package doesn't include prism2dl, but that's zero problem as you have to compile the kernel modules anyway: that set of files actually does build prism2dl (but not package it into a deb package) and after the make-kpkg modules_image you should copy ...where_ever_your_modules_are/linux-wlan..../debian/tmp/sbin/prism2dl somewhere safe.

Modifying only locations 0x104 and 0x109 (as required for the orinoco) left the roamabouts unwilling to associate with my access point, ie. useless and dead. But as I'm a stubborn bastard I just took the orinoco PDA, changed the MAC address therein and flashed that to the roamabouts and voila, now everything works as hoped. Interesting fact on the side: flashing the roamabout's PDA to the orinoco does not break any functionality. I know this because somehow I inadvertently managed to flash the roamabout PDA to the orinoco and then put that card aside after a short test. Later I needed the orinoco (one of the roamabouts being temporarily dead) and wondered very hard about the packet storms suddenly happening on my wavelan....the other, still functional roamabout was the original owner of that PDA...and the PDA controls the MAC address.

The WSU thingies all suck. Contrary to popular opinion, none of the variants works truly vendor-independently: Agere, Proxim, Avaya, Enterasys versions all either overtly check whether the underlying windows driver is theirs or simply fail. You will also experience driver-version madness, as lots of WSUs don't work with newer drivers or older drivers...or any drivers at all. Mucho reboots and cursing ensued.

Enterasys offers version 6.06 as final WSU, which sucks. 8.72 is reasonably current. None of the other WSUs work with the Enterasys drivers, and the other drivers don't work with the Enterasys cards (despite all that crap being the same hardware). There seems to be a registry hack to get the drivers to interoperate with your hardware (documented somewhat with the PDA hack) but I found that too cumbersome to get to work. But there is a trick to make the fucking WSUs talk to the roamabouts: replace the string "LUC" in the executable with "RBT". You still need a functional installation of the Enterasys windows drivers, but now you can flash the cards with the non-Enterasys WSU. The trick does not work with the purportedly vendor-independent Agere WSUs; use Proxim's crap instead.

[ published on Sat 04.12.2004 01:31 | filed in mystuff | ]
Debian Silver Server
© Alexander Zangerl