A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Manual Page - ath_info(8)

Manual Reference Pages  - ATH_INFO (8)

NAME
ath_info - print module version info, write some eeprom fields

CONTENTS

SYNOPSIS
ath_info [-w [-g N:M]] [-v] [-f] <pci_address> [<field1> <val1> [<field2> <val2> ...]]

DESCRIPTION
ath_info prints some version information of Atheros WLAN modules. It furthermore allows to change regulatory domain and PCI ID fields in the EEPROM.

You must first retrieve the PCI memory address of the module by lspci -v and maybe activate the module by setpci (see example below).

DISCLAIMER: Use the write function only if you know what you are doing! There is the chance to brick your module.The authors aren’t responsible for any damage caused by using this program.

Transmitting on illegal frequencies may violate state laws. Obey the local regulations!

OPTIONS
-w Write to the EEPROM. You need to specify at least one field value pair (see below).
-g N:M Set the GPIO pin N to level M (N=0..5, M=0,1). Only useful with -w. ath_info sets GPIO 4 to 0 (low) for chipsets newer or equal to 5213 to enable writing to the EEPROM. If your module has a different layout, you may need to overwrite this.
-v verbose printouts
-f force, don’t ask before writing to EEPROM (with -w).
<pci_address>
  The PCI address of the module. You must retrieve it with lspci.
<field> <value>
  Field and value names for EEPROM writing. Possible fields are: pci_dev_id, pci_vendor_id, pci_class, pci_rev_id, pci_subsys_dev_id, pci_subsys_vendor_id, regdomain

EXAMPLE

Execute the commands below from a root account.

Retrieve the module’s PCI memory address with lspci:

# lspci -v 0b:00.0 Ethernet controller: Atheros Communications, Inc. AR5211 802.11ab NIC (rev 01)
Subsystem: Standard Microsystems Corp [SMC] Unknown device 2335
Flags: medium devsel, IRQ 20
Memory at 6c000000 (32-bit, non-prefetchable) [size=64K]
Capabilities: [44] Power Management version 2

The above card has its memory mapped at 0x6c000000.

If no madwifi driver is running or the module isn’t recognized by the driver anymore, e.g. due to wrong PCI id values (check your syslog), you must manually enable the PCI device with setpci. The argument to "-s" comes from the output above:

setpci -s 0b:00.0 command=0x41f cache_line_size=0x10

Retrieve some information of the module:

# ./ath_info 0x6c000000
-==Device Information==-
MAC Version: 5211 (0x40)
MAC Revision: 5211 (0x42)
5Ghz PHY Revision: 5111 (0x17)
2Ghz PHY Revision: 2111 (0x23)
-==EEPROM Information==-
EEPROM Version: 3.2
EEPROM Size: 16K
Regulatory Domain: 0x20
-==== Capabilities ====-
| 802.11a Support: yes |
| 802.11b Support: yes |
| 802.11g Support: no |
| RFKill Support: no |
========================

Set the regulatory domain to 0. You need to confirm to write with ’y’ (-f turns this off). Check http://madwifi.org/wiki/UserDocs/CountryCode for more information on regdomains and country codes:

# ./ath_info -w 0x6c000000 regdomain 0
-==Device Information==-
MAC Version: 5211 (0x40)
MAC Revision: 5211 (0x42)
5Ghz PHY Revision: 5111 (0x17)
2Ghz PHY Revision: 2111 (0x23)
-==EEPROM Information==-
EEPROM Version: 3.2
EEPROM Size: 16K
Regulatory Domain: 0x20
-==== Capabilities ====-
| 802.11a Support: yes |
| 802.11b Support: yes |
| 802.11g Support: no |
| RFKill Support: no |
========================
GPIO registers: CR 00000000 DO 00000000 DI 00000000
regdomain (0x00bf) := 0x0000
WARNING: The write function may easy brick your device or
violate state regulation on frequency usage.
Proceed on your own risk!
Shall I write the above value(s)? (y/n)
y

BUGS

The write function is currently not tested with 5210 devices.

Use at your own risk, entering a false device address will have really nasty results!

An invalid magic in the EEPROM will cause ath_info to fail.
Top of page | 

ATH_INFO (8) September 2007

Generated by manServer 1.07 from /usr/local/man/man8/ath_info.8 using man macros.

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast