There are two protections that your Wi-Fi has to limit it’s maximum power output to a legal value (100mW for example). First is the Wi-Fi interface internal HW limit. But if you buy a Wi-Fi adapter designed for a market of different country, this limit can be higher (500mW for USA, or even 1W for Chille). However if your linux computer knows internally in what country it is located, then another layer of protection is inside the linux kernel. In this post I will show you how to circumvent the linux kernel Wi-Fi limits per-country.
- Step by Step guide to change regulatory database
First let me point out that I am not doing anything ilegal with my Wi-Fi and unlocking different power output is strictly for some internal tests. I am also doing all this on our weekend house quite far from civilization so I am not harming anybody by distorting surrounding Wi-Fi signals. Also, if I go from default limit of 100mW on 2.4Ghz to 500mW on 2.4Ghz, I am not even going beyond the legal 500mW limit that is legal in my country for 5Ghz Wi-Fi signals. So I am quite sure that 500mW is not harmful to anyone.
What do we need to get beyond 100mW limit
First, you will need a Wi-Fi adapter that doesn’t have an internal limiting, the most simple method is to buy an adapter on ebay.com that is targeted for a different market country where the limits are higher. It is no problem to buy a Wi-Fi adapter with limits of the USA that are 500mW, but maybe you can get lucky and buy something that can go up to 1W as an adapter targeting countries like Chille.
I have personally bought Alfa AWUS036NEH adapter that can go 1000mW (1W) and you can pretty much get this thing on Amazon.com. Below is a picture how it looks like.
Then the only other thing you need is a PC with linux installed that we will be creating the custom regulatory database to. I am personally using the BackTrack 5r3 distribution, but this is ubuntu based distro so you should be capable of following the guide on any debian/ubuntu-like distro.
Step by Step guide to change regulatory database
The following steps should be followed, I will try to explain each step to the best of my abilities.
Step 0. Check you current regulatory database limits for your country
First, it is a good idea to see if you are actually limited already. You can check this with command iw reg get as shown below.
root@parasite:~# iw reg get country 00: (2402 - 2472 @ 40), (3, 20) (2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS (2474 - 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS (5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS (5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
In my particular instance, the country is not provided, so the system went back to “safe default” and inserted country 00. This non-existent country has the most restrictive transmission levels on all possible country spectrum. Note that all the levels are maximized on 20db, what is 100mW, this is visible in the (3, 20).
This means that despite that my Wi-Fi cart can go up to 1W (30db) or 500mW (27db), I can only set values from 1 to 20 and if I try to enter higher value, I will get an error.
root@parasite:~# iwconfig wlan0 wlan0 IEEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on root@parasite:~# iwconfig wlan0 txpower 27 Error for wireless request "Set Tx Power" (8B26) : SET failed on device wlan0 ; Invalid argument.
This is the limit that we would like to avoid so that we can configure txpower fo 27 or 30.
Step 1. Gathering all components for a new regulatory database
First have apt-get install you a few needed packages by using the apt-get command. Most of these will already be installed, but this is good to be sure to check.
apt-get install python-m2crypto
Secondly, download source code for the regulatory database (debian version) here, or via backup link.
Thirdly, you will also need the crda regulatory package here, or via backup link.
Step 2. Editing the files before compilation
Unpack the wireless-regdb_2009.11.25.orig.tar.bz2 and enter the new directory wireless-regdb_2009.11.25. Inside, first open the db2bin.py file and change the first line from:
This will enable you to compile the database with the newer python2 package.
Now, lets move to the regulatory database, itself. The database is actually stored as a text file called db.txt and it contains a lot of countries and for each country a specific levels of power protection like this for the generic country 00.
country 00: (2402 - 2472 @ 40), (3, 20) # Channel 12 - 13. No HT40 channel fits here (2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS # Channel 14. Only JP enables this and for 802.11b only (2474 - 2494 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS, NO-OFDM # Channel 36 - 48 (5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS # NB: 5260 MHz - 5700 MHz requies DFS # Channel 149 - 165 (5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
What you can do with this db.txt is to either edit the country you are in (based on the iw reg get command), or you can create your own country. In this example, I will be creating editing the default country 00 because my system thinks this is the country I am in. I have edited country 00 like this:
country 00: (2402 - 2494 @ 40), (N/A, 30) (4910 - 5235 @ 40), (N/A, 30)
This basically overrides all the “PASSIVE-SCAN” and “NO-IBSS” limits and also upgraded the limits to 30db for each frequency.
Step 3. Compilation & Install
Ok, now we have our custom regulatory database created, we have to generate it in binary format for the linux kernel.
root@parasite:~/custom_regulatory/wireless-regdb-2009.11.25# make Generating private key for root... openssl genrsa -out ~/.wireless-regdb-root.key.priv.pem 2048 Generating RSA private key, 2048 bit long modulus ..........................................+++ ....................................................................................................+++ e is 65537 (0x10001) Generating public key for root... openssl rsa -in ~/.wireless-regdb-root.key.priv.pem -out root.key.pub.pem -pubout -outform PEM writing RSA key Generating regulatory.bin digitally signed by root... ./db2bin.py regulatory.bin db.txt ~/.wireless-regdb-root.key.priv.pem
And then make install
root@parasite:~/custom_regulatory/wireless-regdb-2009.11.25# make install gzip < regulatory.bin.5 > regulatory.bin.5.gz install -m 755 -d //usr/lib/crda install -m 755 -d //usr/lib/crda/pubkeys if [ -f .custom ]; then \ install -m 644 -t //usr/lib/crda/pubkeys/ root.key.pub.pem; \ fi install -m 644 -t //usr/lib/crda/pubkeys/ linville.key.pub.pem install -m 644 -t //usr/lib/crda/ regulatory.bin install -m 755 -d //usr/share/man//man5/ install -m 644 -t //usr/share/man//man5/ regulatory.bin.5.gz
Step 4. CRDA
Ok, Step 1 is to extract the package with command like tar -xvf ./crda-1.1.3.tar.bz2, then edit the python script for creating the directory for the newer python version. This is the same that we did before in Step 2.
root@parasite:~# head -1 ./crda-1.1.3/utils/key2pub.py #!/usr/bin/env python
root@parasite:~/custom_regulatory2# head -1 ./crda-1.1.3/utils/key2pub.py #!/usr/bin/python2
Now for the new CRDA package, we need the public keys we compiled previously. So copy the two public keys from the wireless-regdb to crda-1.1.3/pubkeys directory.
root@parasite:~/custom_regulatory2/crda-1.1.3# cp -v ../wireless-regdb-2009.11.25/*.key.pub.pem ./pubkeys/ `../wireless-regdb-2009.11.25/linville.key.pub.pem' -> `./pubkeys/linville.key.pub.pem' `../wireless-regdb-2009.11.25/root.key.pub.pem' -> `./pubkeys/root.key.pub.pem'
Great, now lets compile the regulatory database with make.
root@parasite:~/custom_regulatory2/crda-1.1.3# make GEN keys-gcrypt.c Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/root.key.pub.pem CC reglib.o CC crda.o LD crda CC intersect.o CC print-regdom.o LD intersect CC regdbdump.o LD regdbdump CHK /usr/lib/crda/regulatory.bin
And install with make install.
root@parasite:~/custom_regulatory2/crda-1.1.3# make install GZIP crda.8 GZIP regdbdump.8 INSTALL crda INSTALL regdbdump INSTALL 85-regulatory.rules INSTALL crda.8.gz INSTALL regdbdump.8.gz
Step 5. Reboot and Test
Great, after all the previous steps, simply reboot and after reboot, you can use the iw reg get command to check if your regulatory database has taken effect.
root@parasite:~# iw reg get country 00: (2402 - 2494 @ 40), (N/A, 30) (4910 - 5235 @ 40), (N/A, 30)
Well, bingo!, the regulatory database is active and the kernel now should have no problem to allow you to use 1000mW or 30db power.
To see your new power in action, the quickes test you can do is to start a quick Ad-Hoc network with these commands:
ifconfig wlan0 down iwconfig wlan0 mode Ad-Hoc iwconfig wlan0 essid powerTest iwconfig wlan0 channel 4 iwconfig wlan0 up ip link set dev wlan0 up
And you will be able to manipulate the power output with the iwconfig wlan<x> txpower <number> commands.
root@parasite:~/wpa_supplicant# iwconfig wlan0 txpower 30 root@parasite:~/wpa_supplicant# iwconfig wlan0 wlan0 IEEE 802.11bgn ESSID:"powerTest" Mode:Ad-Hoc Frequency:2.427 GHz Cell: 26:8F:4B:21:7C:2A Tx-Power=30 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on
So what can I say, I hope this article was informative for you and that you will be able to enjoy some higher power outputs on your wi-fi cards. But please note that doing this is a violation of regulatory laws in most countries, so do this only for lab/test environment!