[ltp] Re: Intel 2100b WiFi Card

[James P. K. Gilb]

Tod Harter wrote:
>>>Second, those are exactly the people smart enough to pick up the
>>>Windows driver, disassemble it and find out what they want to know
>>>anyway.
>>
>>Nope, that only gets them so far. It doesn't matter if they take apart
>>the Windows driver or the closed-source binary Linux driver, all they
>>see is that the driver pokes mysterious values into the hardware.
>>Getting to the meaning of those values is not as easy as looking at the
>>driver disassembly.
>>
> 
> I don't agree. I wrote a lot of device drivers back in the old days. You give 
> me a piece of paper that says 'when the driver wants to output at frequence X 
> it sets register A to value Y' and a few examples of that and I guarantee it 
> won't take but a couple hours to figure it out.

The hard part is that the data sheets for these radios are only 
available under NDA, so the information isn't legally available in this 
way for free software.  You can legally get it via reverse engineering, 
however.  This is true for almost all modern 802.11a/b/g RFICs and MACs.

> Basically whatever the value is thats input is going to be somehow scaled to a 
> frequency. Most likely its a direct input to a clock divider. If you know 
> what clock chip they're using then you probably have the documentation you 
> need in the clear.

The synthesizers on the chips are custom designed and are not standard 
parts.  They will have an external crystal or perhaps crystal 
oscillator, but beyond that all of the frequency generation is done 
on-chip.  You can probably assume a 1 MHz comparison frequency for 
integer-N synthesizers, but all bets are off if they use a fractional-N 
synthesizer.

> Worst case scenario is that they've totally scrambled the bits along the way, 
> xored them with something, etc. In that case its STILL just a matter of 
> trial-and-error, pretty soon your going to learn that bit 1 of register A 
> doubles the frequency, and bit 6 increments it by some other factor, etc. Or 
> at least you'll find which bit patterns result in output on certain 
> frequencies.

That will probably work and is the best way to figure it out.  However, 
you will need something nicer than just an oscilloscope (unless it is a 
really fast one).  A spectrum analyzer would probably be the best way to 
do it.  You are looking for a signal between 2.4 and 2.4835 GHz (in the US).

> Granted you might need SOME test equipment, but I know plenty of guys that 
> have good enough 'scopes in their garages to get the job done. Just an 
> afternoon's worth of puzzle-solving is all it is ;o).

BTW: If you fiddle the TX power or frequency wrong you could easily end 
up interfering with someone's licensed allocation.  The primary users 
did pay for their spectrum and it is the FCC's job to make sure that it 
is available for them.

The manufacturer may even be liable, to some extent, if people mis-use 
the product and cause interference.  The FCC could require a recall of 
the product, for instance.

James Gilb