Sunday, January 20, 2013

Intel wifi driver brand-check removal

It's fairly common knowledge that Lenovo like many other makers uses a bios whitelist to restrict the wireless cards that can be used in their laptops. I've bypassed that with a modded bios on mine a long time ago when I upgraded various parts of the machine and I've had the original Intel 4965AGN lying around collecting dust ever since. The time has come to finally use it somewhere and ... it doesn't work!

Windows complains about failing to start the device. "This device cannot start! Code 10"

Event log contains two entries
5001 - Could not allocate the resources necessary for operation
5006 - The version number is incorrect for this driver

Head-scratching ensues then Linux is booted where the card works flawlessly.
Several other driver versions are installed on Windows yielding the same result.
Time to Google.
It seems like the issue is fairly common and usually appears when people try to use branded cards in different machines than they are originally for.. At this point I'm beginning to suspect that the Intel drivers are specifically blocking the branded cards from working in non-matching machines. 
With a very low tolerance for annoying practices like this and a free weekend I load up the driver in IDA.

I have to confess never reaching the source of the issue. I've run out of time and got the driver working so I didn't investigate any further. There could be a less nefarious explanation for the behavior, although the same driver working flawlessly with the card in a Lenovo machine would suggest otherwise.
[Update: Next weekend] -
I can now confirm that the driver checks for a special entry in the DMI table for Lenovo branded cards and checks the manufacturer name of the machine for HP branded ones. It would seem that Lenovo branded cards would work fine in HP machines without any modifications to the driver. I'm not sure that patch #2 below is required at all. Just nop-ing out all the brand-check specific ID comparisons in #1 might/should be enough to get a completely unlocked driver.


There are two areas that I patched.
#1 Seems to be doing something specifically for my card's device ID (0x4230). Since my card doesn't work right now and I'm suspecting that the driver does an extra check for branding on my card (and AFAIK the 0x4230 ID is strictly a Lenovo ID) this seemed fairly suspicious so I nop-ed out the jump at 53DF5




#2 0x4229, a generic ID is receiving some attention here that looks to be the right kind. I want in on that. Changed 0x4229 to 0x4230



A PE checksum fix and a driver reinstall later I had working wifi.

I did have a couple of cases where I had to "powercycle" the card get it to see networks or to connect to one. Not sure if that's due to the patch since I couldn't reproduce the behavior after switching to Intel's PROSet tool to manage the connection. Will update this post if the problem resurfaces but even with that issue the driver was working well once it was connected to an AP even after downloading several hundred megabytes so it could be that this driver just doesn't like being managed by XP directly.

[Update: Few Days Later]  - The problem hasn't surfaced since.

Patch info:
File: NETwLx32.sys
Version: 13.4.0.139 (but note that every newer version of the driver seems to contain the same version of this sys at least. Guess it was never developed further)


fileoffset original patch
000002B1 2E 62
000002B2 B8 BB
00043DF6 0F 90
00043DF7 84 90
00043DF8 9F 90
00043DF9 00 90
00043DFA 00 90
00043DFB 00 90
00044103 29 30

Checksum fix included

ps.
This is almost guaranteed to not work with any other card (besides device id 0x4230) as-is but working patches could be created for other cards based on the principle.. maybe.

I'm not responsible for anything you do with this information, you do it at your own risk.
Please don't ask me to patch drivers :)
Leave a comment if this has helped you get your wifi card working.

4 comments:

  1. Hi Viktor!

    Thank you very much for this hint. I've spent some time wondering why the driver did not work with the card.

    However I went for different approach to fix the problem. Luckily there is an EEPROM tool for Intel WiFi cards.

    iwleeprom - https://code.google.com/p/iwleeprom/

    So I've used it to change the Lenovo specific device id to the generic one - 0x4229.

    After the change it was possible to manually selected the driver in the device manager. Windows did not find the driver automatically. I suspect that the SUBSYS has to be changed as well to match the device identifier in the stock driver. I'll give it a try later ... perhaps.

    Thanks again!

    ReplyDelete
    Replies
    1. Great to hear :) IIRC I've read some bad things about modifying the eeprom through the controller (lockout after the first try or something along those lines) so I've never tried it, good to know it works!

      Delete
  2. Hi Viktor,

    OK, I have to admit I was a little bit too fast to judge. It was possible to change the EEPROM exactly ONCE and all subsequent attempts to change it again (after restart that is) failed.

    I tried iwleeprom on Linux and DumpIWL on Windows (with current drivers13.x.x.x and older versions 11.x.x.x as well - assuming the drivers could potentially contain different versions of the microcode) but no luck.

    I wonder ... is the card using some form of checksum and when if fails to verify it then the microcode blocks any subsequent writes to the EEPROM?

    Regards, Roman

    ReplyDelete
    Replies
    1. Ack! That's what I feared. Sorry to hear that.
      That could very well be the case, no idea. At least it sounds like that card is still usable with manual driver installation so it's not a complete loss :)
      I _think_ the eeprom is actually a discrete physical chip and not an integrated device so you could possibly desolder and reprogram it externally if it was absolutely crucial but I'm not sure now, It's been a while.

      Delete