how to patch your ram-download firmware image to allow more channels

Wilfried Klaebe hostap at
Mon Jun 23 16:25:50 EDT 2003


I live in Germany and it annoyed me that I could not use all 13 channels
that are allowed in Germany, but only channels 1 to 11.

I also had already extracted a ram-downloadable firmware image from the
windows drivers (RF010504.HEX), which worked perfectly.

Then I read somewhere that PDR 0104 holds the bitmask of the allowed
channels, and experimented a little, and out came this:

Find in the image file the line with PDR 0104:
$ grep 'S3..FF00000004010000' RF010504.HEX

Note down address, delete line.

This makes the firmware download not put the bitmask of the flashed
firmware to the ram download image.

Find the line with that address:

$ grep 'S3..007ED2[BC]' RF010504.HEX

The former line is the correct one (FF1F at ...C0).

Change to FF2F (channels 1 to 13), subtract 0x10 from checksum at end
of line (8A) =>
Save, download, "iwconfig wlan0 channel 13", smile :)

Of course, you could also change that data to FF3F, allowing all 14
channels (which would be against regulations). Don't forget to change
the checksum by 0x20 then...

regards, Wilfried
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 

More information about the HostAP mailing list