ipw2200

The ipw2200 device driver limited me to use only 11 channels for wireless LAN, even though I bought my notebook in Germany, where channels 1 to 13 may be used. Although other people on the net faced the same problem, nobody came up with a simple and permanent solution like writing the country code to the card’s EEPROM with just a few commands.

If you want to set the country code to ZZD, which is suitable for 802.11bg in Europe, then first rebuild the ipw2200 driver with the patch above. Afterwards execute the following command:

echo -n ZZD | hd

This tells you the hexadecimal representation of the ASCII characters ZZD (5a 5a 44). If your wireless LAN card is eth1, then follow these additional steps:

# load the patched driver
modprobe ipw2200
# make a backup of the original EEPROM
ethtool -e eth1 raw on > ~/ipw2200_eeprom.bin
# change the three country code letters
ethtool -E eth1 magic 0x2200 offset 0x4c value 0x5a
ethtool -E eth1 magic 0x2200 offset 0x4d value 0x5a
ethtool -E eth1 magic 0x2200 offset 0x4e value 0x44
# reload the driver and repair the checksum
rmmod ipw2200
modprobe ipw2200 repair_eeprom=1

Remember, this is a permanent change. You can render your card unusable. Don’t do this if you don’t know exactly what you’re doing. There is no guarantee that the above steps will work with every card.

For other valid country codes take a look at ipw2200.c included in the driver tarball.

Bluetooth weaknesses in mobile phones

Once I met Collin R. Mulliner at the university, he told me he was having fun exploring weak bluetooth stacks. I liked the idea, and some days later I bought a bluetooth dongle. It was quite a surprise to me that my phone, a Nokia 6310i, silently accepted AT modem commands on some RFCOMM channels without pairing. Later I discovered that some Ericsson phones had the same kind of vulnerability. This is the C code which I wrote while learning how to use the bluez stack and how to get data from a phone using AT commands.