Hack 82. Use Your Orinoco Card with Hermes AP

Enable BSS master mode on Hermes-based radios.

Hermes-based radio cards (such as the tremendously popular but confusingly named Lucent/Orinoco/Avaya/Proxim Silver and Gold cards) are notoriously difficult to operate in BSS [Hack #63] master mode. By design, the cards themselves are actually not able to provide BSS master services on their own.

You might find this surprising, since they are the radio card embedded in the original AirPort AP, as well as the RG1000, RG1100, AP1000, and many others. Before these cards can operate as a BSS master, they need additional firmware uploaded to the card. This tertiary firmware is uploaded to the card's RAM, and is lost if the card loses power. To make matters even more difficult, the firmware in question is licensed software, and can't legally be distributed by anyone but the manufacturer.

The ingenious Hermes AP project, located at http://hunz.org/hermesap.html, addresses both of these tricky issues. It consists of a set of modified drivers, a utility for uploading the tertiary firmware, and a simple script that downloads the firmware from Proxim's public FTP server. Hermes AP isn't trivial to get running, but can be the perfect piece of software if you absolutely need a host-based Orinoco AP.

To get Hermes AP running, you need a 2.4-series kernel (2.6 kernels will not work with this hack) with Dev FS enabled. This allows the kernel to manage the /dev directory, dynamically creating device files for every physical device that the kernel supports. You'll need to compile your own kernel with Dev FS enabled. If you haven't compiled a kernel before, you might want to skip this hack.

Run a make menuconfig, and select "Code maturity level options" "Prompt for development and/or incomplete code/drivers." Now, go back to the main menu, and under "File systems," enable "/dev file system support," as well as "Automatically mount at boot." When running Dev FS, its also a good idea to disable "/dev/pts file system support."

Before you recompile your kernel, copy all of the source code under the drivers/ directory from Hermes AP over top of the existing drivers in the kernel (right over top of the files in linux/drivers/net/wireless/). Now, build your kernel and modules as you normally would, and reboot.

Your Orinoco card should come up as usual with the new driver, but won't support BSS master mode yet. First, cd to the Hermes AP source directory. To download a copy of the tertiary firmware from Proxim's site, run the hfwget.sh script in the firmware/ directory. Next, build the hfwload utility by running make in the hfw/ directory. This utility uploads the tertiary firmware to your card. Copy the utility and the card firmware somewhere handy (I keep mine in /usr/local/hermesap) and run a command like this at boot time, before the interface comes up:

cd /usr/local/hermesap; ./hfwload eth1 T1085800.hfw

Note that the card must not be configured as up when you load the firmware; if it is already up, an ifconfig eth1 down will bring it down for you. If all goes well, an iwconfig should show that etH1 is in Master mode! You can now configure the radio with an ESSID, WEP keys, and any other features as you normally would.

For an 802.11b access point, we prefer HostAP and a Senao/EnGenius card, or Madwifi and an Atheros card [Hack #63] to Hermes AP. The radio cards are more powerful and sensitive, the drivers are under active development, and they have many more features. But if you are stuck with an Orinoco flavor radio card, Hermes AP might be just the code you need.

Категории