OpenWrt Forum Archive

Topic: ART partition in AR9287 devices

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
johndoe
18 Jun 2016, 21:26

Hello everyone,

I recently got my hands on a TP-LINK TL-WR841ND v7.2 wireless router. I wanted to flash its art partition to remove all Tx power caps and only have the regulatory domain limits apply, as I have already done with several others of the same brand. However, this particular model and revision uses a AR9287 chip, unlike my other routers, which were all AR93xx. Its ART layout is completely different, and thus pepe2k's excellent ar9300_eeprom tool reads (and writes) bogus values.

I found structs for the AR9287's EEPROM here, and they appear to match the contents of my partition. I tried editing the regdomain, but after flashing the new data, I discovered it has an integrity check (although the expected checksum shows up in dmesg, so in theory it should be possible to fix it and reflash). At this point, I halted all further testing, restored the original ART and decided to start this thread.

What is known about the AR9287's art partition layout? Are "high power" modifications possible? This post says the TL-WR841ND v7.x can transmit at up to 27 dBm merely by using a special OpenWrt build. But even after applying reghack2 (which should be the equivalent of "Force Atheros drivers..." for the 00 and US regions, my EEPROM being locked to the latter), I can't get mine to go above 21 dBm. All the other information I was able to find applies to PCI wireless cards using this chip, not routers, but I'll leave it here for reference.

AtherosROMKit
Ath EEPROM Tool
How to change Atheros AR9xxx aka ath9k EEPROM values
Support 802.11n on cards with Atheros AR9xxx chips
Rebranding the Atheros 928x cards - The guide
Atheros 9K Series ROM Modding Tools And Recovery Kit

Also, here's a dump of my router's ART in case anyone wants to investigate (run echo UEsDB... | base64 -d - > art.zip in a terminal to get the file, then unzip).

UEsDBBQAAgAIAKYB0Ugw3UZgNAAAADIAAAAPAAAAYXJ0X2ZhY3RvcnkubWQ1S0sxNU2yMDKySEk2MrewNDS2TEpLSjRLNbIwNjZLtTRUUEgsKolPS0wuyS+q1EvKzOMCAFBLAwQUAAIACACgAdFICT7KGbsCAAAAAAEADwAAAGFydF9mYWN0b3J5LmJpbu3TT0tUURQA8DN/HIpEVHJEeekgs8ywKNoMZFEErcaFBOFiFrNw0WII3ZigW8Gdm1omtJsP4DL6Eu1C+hgGTe89Z0aiKaSVxO/Cu+fcc899f37wej2DAAECBAgQIECAAAECBAgQ+N8FPr6KiFIrqoex3LoWheJ+63b18MP7Zla508wrzfNK+/DTWPnl+KPCUjRfN6aitFoeuxEvVreiFLEazULhc+t+PI1YG69NRmWtfXO6V1/bnO3FTHMzrcxdRcvilx9fT8vVQqqwGHOn6+vrpfRr8nF9JsqF72dn/eU/h8n0ZHoV02u5Vov4FsWJpNcrZs+MSkxMFLNkOUr5yPI/j/0RW52DbmVYfjvMRiWj+lZGNI7qu2hbGR75e9/FicrWIL/0+w2fMTgZ8WaYdurpOMmmXlZLlwvJQTZ1synfXVpMqmmpXs+StHye5Fu1W3NT+VaW5FtZMjU9M/v4ybPnd+89eNipb7eP69mN+7GWxlq6HsSF/rofd+b32kftd/OD2Gls73YbJ41fY3o+r/8edxp7u0e7x41B7CTbG90k7btk3En2No42jpNBjKv4q3knAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgAABAgQIECBAgACB/0DgJ1BLAQIUABQAAgAIAKYB0Ugw3UZgNAAAADIAAAAPAAAAAAAAAAEAIQAAAAAAAABhcnRfZmFjdG9yeS5tZDVQSwECFAAUAAIACACgAdFICT7KGbsCAAAAAAEADwAAAAAAAAAAACEAAABhAAAAYXJ0X2ZhY3RvcnkuYmluUEsFBgAAAAACAAIAegAAAEkDAAAAAA==
Post #2
anarchy99
19 Jun 2016, 21:42

can you find how to enable extra channels on windows ? (2312-2792)

Post #3
johndoe
25 Jun 2016, 21:49

I'm also interested on out-of-band transmission, but I don't think it's possible under Windows, unfortunately. It requires modded drivers, and the source code for Windows binaries (of any brand) is rarely open. Please have a look at the following article.

Using WiFi Atheros chips in hamradio bands

A workaround may be getting online with an Atheros-based router in client or WDS mode and running a version of OpenWrt compiled with the above hacks, effectively using the router as a WLAN adapter.

Anyway, I'm currently using the TL-WR841ND v7.2 with the EEPROM-enforced power limit of 21 dBm. If possible, I'd like to double it to 24 to improve coverage (27, as per the post I linked to, seems excessive), so any pointers would be appreciated. I wonder whether this would work...

Post #4
anarchy99
25 Jun 2016, 22:49

done that. but i don't want to use router as client in this case so there will be no windows.

look what we're dealing with here: https://forums.kali.org/showthread.php? … -UART-JTAG

(Last edited by anarchy99 on 25 Jun 2016, 22:49)

The discussion might have continued from here.