Is your WiFi AP Missing Channels 12 & 13?

Wi-Fi_Logo.svg

Background

One thing I noticed about TPLink WR703N, was that it only operates on channels 1-11. Pentura is based in the UK – where the WiFi Regulations allow an extra two channels 12 & 13. This post will walkthrough the methods used to give the openwrt image access to these two additional channels and possibly more…

Finding the Problem

Using the dmesg command to view kernel messages we can see that the AP is configured to US settings by default:

$ dmesg
...
[   29.850000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   29.850000] Registered led device: ath9k-phy0
[   29.850000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2
[   29.860000] cfg80211: Calling CRDA for country: US
[   29.860000] cfg80211: Regulatory domain changed to country: US
[   29.870000] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[   29.880000] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm)
[   29.890000] cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm)
[   29.890000] cfg80211:   (5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   29.900000] cfg80211:   (5490000 KHz - 5600000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   29.910000] cfg80211:   (5650000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   29.920000] cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm)

Use the statement below to set the region, based on the two letter country code. In the example below we will use Great Britain (GB):
$ iw reg set GB

$ dmesg
[   90.200000] cfg80211: Calling CRDA for country: GB
[   93.370000] cfg80211: Calling CRDA to update world regulatory domain
[   93.370000] cfg80211: World regulatory domain updated:
[   93.380000] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[   93.380000] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   93.390000] cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
[   93.400000] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
[   93.410000] cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   93.410000] cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)

$iwlist wlan0 channel
wlan0     11 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz

As you can see from the list above; channels 12 and 13 are missing.

First the kernel loads the rules for the ‘world’ domain. No countries exist that allow you to go beyond these set WiFi frequencies. But many countries have additional restrictions. In the USA you cannot use channels 12,13 & 14. Japan, you can use channel 14, in Europe/UK you cannot use channel 14.

The kernel then proceeds to look for any hints from the hardware. The TPLink hardware EEPROM is set to 0×0. A value, which is mapped to the US. The kernel calls a userspace program crda to get the list of allowed frequencies and signal strenghts for the US.
After this has been done, you can typically calliw reg set XX to change your region. But you wont be able to go beyond the limits set previously – So we are still stuck with the US WiFi frequencies.

$dmesg
[   29.850000] ath: EEPROM regdomain: 0x0
[   29.850000] ath: EEPROM indicates default country code should be used
[   29.850000] ath: doing EEPROM country->regdmn map search
[   29.850000] ath: country maps to regdmn code: 0x3a
[   29.850000] ath: Country alpha2 being used: US
[   29.850000] ath: Regpair used: 0x3a

The compilance with radio hardware is that not only the users are subject to regulation, the sellers are too. You cannot sell non-compliant radio hardware. Now, the WiFi chip manufacturers do not physically limit a chip intended for sale in the US to channels 1-11. Chip manufacturers rather, mass produce chips and then the equipment manufacturers are supposed to configure the chip in compliance with its target market.
It appears that TP-Link have defaulted all their equipment to US, as the frequencies and 11 channels are broadly excepted world-wide.

Correcting CRDA

The userspace program crda can be used to supply a modified list of allowed frequencies. For more information on WiFi Regulations read: http://wireless.kernel.org

The CRDA source code can be found here Its easy to compile on any standard x86 or amd64 Linux environment, but the target system is MIPS. This means you need to download and install the development openwrt repository, and cross-compile relevant packages.

Once CRDA is installed you should have the following files/directories:

  • /usr/bin/iw
  • /usr/bin/regdbdump

Depending on your install the following folder is either /usr/lib/crda or /lib/crda:

/usr/lib/crda $ ls
pubkeys  regulatory.bin  setregdomain

Note: Depending on your system you may only see regulatory.bin!

Running the next command should return an editable version of the regulatory database.
regdbdump /lib/crda/regulatory.bin

country 00:
(2402.000 - 2472.000 @ 40.000), (3.00, 20.00)
(2457.000 - 2482.000 @ 20.000), (3.00, 20.00), PASSIVE-SCAN, NO-IBSS
(2474.000 - 2494.000 @ 20.000), (3.00, 20.00), NO-OFDM, PASSIVE-SCAN, NO-IBSS
(5170.000 - 5250.000 @ 40.000), (3.00, 20.00), PASSIVE-SCAN, NO-IBSS
(5735.000 - 5835.000 @ 40.000), (3.00, 20.00), PASSIVE-SCAN, NO-IBSS

country GB:
(2402.000 - 2482.000 @ 40.000), (N/A, 20.00)
(5170.000 - 5250.000 @ 40.000), (N/A, 20.00)
(5250.000 - 5330.000 @ 40.000), (N/A, 20.00), DFS
(5490.000 - 5710.000 @ 40.000), (N/A, 27.00), DFS

You can then make any necessary changes, for example:

country 00:
(2402.000 - 2494.000 @ 40.000), (N/A, 30.00)
(4910.000 - 5835.000 @ 40.000), (N/A, 30.00)

country GB:
(2402.000 - 2482.000 @ 40.000), (N/A, 20.00)
(5170.000 - 5250.000 @ 40.000), (N/A, 20.00)
(5250.000 - 5330.000 @ 40.000), (N/A, 20.00), DFS
(5490.000 - 5710.000 @ 40.000), (N/A, 27.00), DFS

To convert the textfile back into binary form you need the following two python scripts:

  • db2bin.py
  • dbparse.py

Download here which can be found in the wireless-regdb source code releases. To get these scripts to work you need python and m2crypto library.

On Debian:
apt-get install python2.7 python-m2crypto

Dealing with reglatory.bin

Now with your edited regulatory.txt, we need to convert this file back into its binary form:
./db2bin.py regulatory.bin db.txt

Then verify your changes via the regdbdump command:
regdbdump regulatory.bin

You may (depending on your system and version of openwrt) get an error about a signed or public key not found, it that is the case read on below…  Else continue to New Configuration.

Dealing with a Signed reglatory.bin

The following steps were not needed for the attitude-adjustment version of Openwrt on the TPLink WR703n.  They were however, needed to correct regulatory.bin on the Raspberry Pi.  I thought I’d cover signed database binaries here to cover all bases.

Now the binary database may require to be digitally signed. No problem… lets create a private and public key:

openssl genrsa -out your.key.priv.pem 2048

openssl rsa -in your.key.priv.pem -out your.key.pub.pem -pubout -outform PEM

Then just add the private key onto the end of the db2pin.py command
./db2bin.py regulatory.bin db.txt your.key.priv.pem

Then copy (or scp across) the newly generated public key, into crda’s public keys directory:

cp your.key.pub.pem /lib/crda/pubkeys/

New Configuration

Copy (or scp) the new database file regulatory.bin over to Openwrt image. Restart the device

$ dmesg
cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
    (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
    (2402000 KHz - 2494000 KHz @ 40000 KHz), (N/A, 3000 mBm)
    (4910000 KHz - 5835000 KHz @ 40000 KHz), (N/A, 3000 mBm)
ath: EEPROM regdomain: 0x0
ath: EEPROM indicates default country code should be used
ath: doing EEPROM country->regdmn map search
ath: country maps to regdmn code: 0x37
ath: Country alpha2 being used: GB
ath: Regpair used: 0x37
phy0: Selected rate control algorithm 'ath9k_rate_control'
phy0: Atheros AR9100 MAC/BB Rev:0 AR2133 RF Rev:a2 mem=0xb80c0000, irq=2
cfg80211: Calling CRDA for country: GB
cfg80211: Regulatory domain changed to country: GB
    (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
    (2402000 KHz - 2494000 KHz @ 40000 KHz), (N/A, 3000 mBm)
    (4910000 KHz - 5835000 KHz @ 40000 KHz), (N/A, 3000 mBm)

root@pineapple:~# iwlist wlan0 channel
wlan0     13 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Current Frequency=2.452 GHz (Channel 9)

Legalities

The Radio Spectrum is split into different categories and sub categories, in the UK Ofcom (http://www.ofcom.org.uk) manages the allocation. There is good reason why the WiFi signal is split into its numerous channels and why certain channels are omitted. This is to prevent interference and disruption to existing frequencies already in use.

There are serious penalties for breaching ETSI and/or FCC Policies! I strongly advise that you do not tamper with the frequencies or channels outside of your native regulatory body. This blog post has demoed introducing the missing UK frequencies and/or channels, if you live outside the UK do not follow these instructions.

Pentura and myself are not responsible for how you may configure your personal devices!

ETSI

European Telecommunications Standards Institute (ETSI) is the standards body for most of Europe, Africa, the Middle East, and parts of Asia. For more information: http://www.etsi.org

FCC

The Federal Communications Commission is the regulatory agency and standards body for the Americas and parts of Asia. For more information: http://www.fcc.gov/

MIC (Japan)

Ministry of Internal Affairs and Communications (MIC) (formerly TELEC) is the standards body for Japan. For more information: http://www.telec.or.jp/eng/Index_e.htm

Links

  • http://www.ofcom.org.uk/static/archive/ra/topics/broadband/table.doc‎
  • http://www.radio-active.net.au/web3/80211/Regulations/Pozar
  • http://www.summitdata.com/Documents/device_certification_v1.html