Different countries and regions have different radio management regulations (Regulatory Domain), and there are also different rules for the division of the ISM 5 GHz band.
Regulatory Domian has three major families: the FCC represented by the United States, ETSI represented by the European Union, and TELEC, once again a maverick in Japan (both in the cellular network and WLAN, japan has always been a weird existence ). China adopts ETSI regulations. The specific frequency band management is different from that of the EU.
Wireless Network Card Driver according to ISO-3166 alpha2 National Code (such as US, China CN, Germany DE, Korea KR, Japan JP), the Network Card operating frequency management.
Qualcomm Atheros adds the Regulatory Doamin management function to the public part of the NIC Driver. For NIC products sold to different countries, the corresponding country code is written directly in the erasable memory (EEPROM) of the NIC chip. When the driver is working, the code is read and the corresponding working frequency band is enabled.
Due to project requirements, we purchased several wireless NICs of the Atheros 93xx series, which support 2.4/5 GHz dual-band, but unfortunately these NICs are sold to Australia, the middle section of 5 GHz is not supported. Country code can be viewed using the following command.
# Dmesg | grep ath
# Iwlist chan
Although the iw tool is used to modify the country code of the Regulatory Domain management section of the linux system:
# Iw reg set US
# Iw reg get
# Iwlist chan
However, due to the limitations of the EEPROM, the shielded frequency band cannot be enabled.
To enable as many 5 GHz frequencies as possible, I can only modify the band management section of the cracking driver without directly modifying the EEPROM method. Google to reghack and its source code <Baidu online storage>, but the program compiled by the author is used on a router using MIPS or PowerPC architecture, and needs to be re-compiled on the PC.
### Google's reghack on the internet is for Routers. The routers generally use MIPS and PowerPC architectures.
### PC is x86 architecture, so the downloaded reghack. mips. elf program cannot run on PC.
### Recompile the reghack cracking program for the x86 architecture on the PC based on the reghack source code.
### The command is as follows (-o parameter specifies the name of the program file for compilation and output, which can be customized at Will ):
Root @ linux: gcc reghack. c-o reghack
### Gcc is a C language compiler provided by linux, and g ++ can be used to compile C ++ source programs.
### If the system prompts that these commands are not available, install the following Software Package
Sudo apt-get install build-essential
### The installed Ubuntu 12.04.4 system is the linux 3.11 kernel. The module signature and verification mechanism are added to the linux 3.7 kernel.
### The following cracking process is successful, but after restart, the wireless modules 201780211.ko and ath. ko cannot be loaded, and the NIC cannot be driven.
Root @ linux:/home/user #./reghack/lib/modules/3.11.0-15-generic/kernel/net/wireless/41080211.ko
Patching @ 0x0004cf30: core world6 regdomain in limit 80211/reg. o
Root @ linux:/home/user #./reghack/lib/modules/3.11.0-15-generic/kernel/drivers/net/wireless/ath. ko
Patching @ 0x00002110: ath world regdomain with 5 rules in ath/regd. o
Patching @ 0x000021a0: ath world regdomain with 4 rules in ath/regd. o
Patching @ 0x00002220: ath world regdomain with 3 rules in ath/regd. o
Patching @ 0x00002280: ath world regdomain with 3 rules in ath/regd. o
Patching @ 0x000022e0: ath world regdomain with 4 rules in ath/regd. o
### To solve this problem, we need to downgrade back to the linux 3.2 Kernel
### If your kernel version is earlier than 3.7 by default, you do not need to perform this operation.
### Kernel version check Command uname-
### Use the following command sudo apt-get install linux-image to automatically download and install the linux 3.2 kernel and source code.
### Restart Prevous Linux Versions and enable the 3.2 kernel.
### For security reasons, perform backup processing first.
User @ linux :~ $ Gcc reghack. c-o reghack
User @ linux :~ $ Sudo cp/lib/modules/3.2.0-60-generic/kernel/net/wireless/cfg80211.ko/lib/modules/3.2.0-60-generic/kernel/net/wireless/cfg80211.ko. backup
User @ linux :~ $ Sudo cp/lib/modules/3.2.0-60-generic/kernel/drivers/net/wireless/ath. ko/lib/modules/3.2.0-60-generic/kernel/drivers/net/wireless/ath. ko. backup
User @ linux :~ $ Sudo./reghack/lib/modules/3.2.0-60-generic/kernel/drivers/net/wireless/ath. ko
Patching @ 0x00001e10: ath world regdomain with 5 rules in ath/regd. o
Patching @ 0x00001e90: ath world regdomain with 4 rules in ath/regd. o
Patching @ 0x00001ef8: ath world regdomain with 3 rules in ath/regd. o
Patching @ 0x00001f48: ath world regdomain with 3 rules in ath/regd. o
Patching @ 0x00001f98: ath world regdomain with 4 rules in ath/regd. o
User @ linux :~ $ Sudo./reghack/lib/modules/3.2.0-60-generic/kernel/net/wireless/ipv80211.ko
Patching @ 0x0002260: core world5 regdomain in limit 80211/reg. o
The frequency after the attack is as follows:
Wlan0 32 channels in total; available frequencies:
Channel 01th: 2.412 GHz
Channel 02: 2.417 GHz
Channel 03: 2.422 GHz
Channel 04: 2.427 GHz
Channel 05: 2.432 GHz
Channel 06: 2.437 GHz
Channel 07: 2.442 GHz
Channel 08: 2.447 GHz
Channel 09: 2.452 GHz
Channel 10: 2.457 GHz
Channel 11: 2.462 GHz
Channel 36: 5.18 GHz
Channel 40: 5.2 GHz
Channel 44: 5.22 GHz
Channel 48: 5.24 GHz
Channel 52: 5.26 GHz
Channel 56: 5.28 GHz
Channel 60: 5.3 GHz
Channel 64: 5.32 GHz
Channel 100: 5.5 GHz
Channel 104: 5.52 GHz
Channel 108: 5.54 GHz
Channel 112: 5.56 GHz
Channel 116: 5.58 GHz
Channel 132: 5.66 GHz
Channel 136: 5.68 GHz
Channel 140: 5.7 GHz
Channel 149: 5.745 GHz
Channel 153: 5.765 GHz
Channel 157: 5.785 GHz
Channel 161: 5.805 GHz
Channel 165: 5.825 GHz
Currently Frequency: 2.437 GHz (Channel 6)