How to create custom Linux Wi-Fi regulatory database to unlock 30db/1000mW

There are two protections that your Wi-Fi has to limit it’s maximum power output to a legal value (100mW for example). First is the Wi-Fi interface internal HW limit. But if you buy a Wi-Fi adapter designed for a market of different country, this limit can be higher (500mW for USA, or even 1W for Chille). However if your linux computer knows internally in what country it is located, then another layer of protection is inside the linux kernel. In this post I will show you how to circumvent the linux kernel Wi-Fi limits per-country.

Contents

The story

First let me point out that I am not doing anything ilegal with my Wi-Fi and unlocking different power output is strictly for some internal tests. I am also doing all this on our weekend house quite far from civilization so I am not harming anybody by distorting surrounding Wi-Fi signals. Also, if I go from default limit of 100mW on 2.4Ghz to 500mW on 2.4Ghz, I am not even going beyond the legal 500mW limit that is legal in my country for 5Ghz Wi-Fi signals. So I am quite sure that 500mW is not harmful to anyone.

What do we need to get beyond 100mW limit

First, you will need a Wi-Fi adapter that doesn’t have an internal limiting, the most simple method is to buy an adapter on ebay.com that is targeted for a different market country where the limits are higher. It is no problem to buy a Wi-Fi adapter with limits of the USA that are 500mW, but maybe you can get lucky and buy something that can go up to 1W as an adapter targeting countries like Chille.

I have personally bought Alfa AWUS036NEH adapter that can go 1000mW (1W) and you can pretty much get this thing on Amazon.com. Below is a picture how it looks like.

alfa_36neh_body

Then the only other thing you need is a PC with linux installed that we will be creating the custom regulatory database to. I am personally using the BackTrack 5r3 distribution, but this is ubuntu based distro so you should be capable of following the guide on any debian/ubuntu-like distro.

Step by Step guide to change regulatory database

The following steps should be followed, I will try to explain each step to the best of my abilities.

Step 0. Check you current regulatory database limits for your country

First, it is a good idea to see if you are actually limited already. You can check this with command iw reg get as shown below.

root@parasite:~# iw reg get
country 00:
        (2402 - 2472 @ 40), (3, 20)
        (2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
        (2474 - 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
        (5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
        (5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS

In my particular instance, the country is not provided, so the system went back to “safe default” and inserted country 00. This non-existent country has the most restrictive transmission levels on all possible country spectrum. Note that all the levels are maximized on 20db, what is 100mW, this is visible in the (3, 20).

This means that despite that my Wi-Fi cart can go up to 1W (30db) or 500mW (27db), I can only set values from 1 to 20 and if I try to enter higher value, I will get an error.

root@parasite:~# iwconfig wlan0
wlan0     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

root@parasite:~# iwconfig wlan0 txpower 27
Error for wireless request "Set Tx Power" (8B26) :
    SET failed on device wlan0 ; Invalid argument.

This is the limit that we would like to avoid so that we can configure txpower fo 27 or 30.

Step 1. Gathering all components for a new regulatory database

First have apt-get install you a few needed packages by using the apt-get command. Most of these will already be installed, but this is good to be sure to check.

apt-get install python-m2crypto

Secondly, download source code for the regulatory database (debian version) here, or via backup link.

Thirdly, you will also need the crda regulatory package here, or via backup link.

Step 2. Editing the files before compilation

Unpack the wireless-regdb_2009.11.25.orig.tar.bz2 and enter the new directory wireless-regdb_2009.11.25. Inside, first open the db2bin.py file and change the first line from:

#!/usr/bin/env python

to

#!/usr/bin/python2

This will enable you to compile the database with the newer python2 package.

Now, lets move to the regulatory database, itself. The database is actually stored as a text file called db.txt and it contains a lot of countries and for each country a specific levels of power protection like this for the generic country 00.

country 00:
        (2402 - 2472 @ 40), (3, 20)
        # Channel 12 - 13. No HT40 channel fits here
        (2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
        # Channel 14. Only JP enables this and for 802.11b only
        (2474 - 2494 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS, NO-OFDM
        # Channel 36 - 48
        (5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
        # NB: 5260 MHz - 5700 MHz requies DFS
        # Channel 149 - 165
        (5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS

What you can do with this db.txt is to either edit the country you are in (based on the iw reg get command), or you can create your own country. In this example, I will be creating editing the default country 00 because my system thinks this is the country I am in. I have edited country 00 like this:

country 00:
        (2402 - 2494 @ 40), (N/A, 30)
        (4910 - 5235 @ 40), (N/A, 30)

This basically overrides all the “PASSIVE-SCAN” and “NO-IBSS” limits and also upgraded the limits to 30db for each frequency.

Step 3. Compilation & Install

Ok, now we have our custom regulatory database created, we have to generate it in binary format for the linux kernel.

root@parasite:~/custom_regulatory/wireless-regdb-2009.11.25# make
Generating private key for root...
openssl genrsa -out ~/.wireless-regdb-root.key.priv.pem 2048
Generating RSA private key, 2048 bit long modulus
..........................................+++
....................................................................................................+++
e is 65537 (0x10001)
Generating public key for root...
openssl rsa -in ~/.wireless-regdb-root.key.priv.pem -out root.key.pub.pem -pubout -outform PEM
writing RSA key
Generating regulatory.bin digitally signed by root...
./db2bin.py regulatory.bin db.txt ~/.wireless-regdb-root.key.priv.pem

And then make install

root@parasite:~/custom_regulatory/wireless-regdb-2009.11.25# make install
gzip < regulatory.bin.5 > regulatory.bin.5.gz
install -m 755 -d //usr/lib/crda
install -m 755 -d //usr/lib/crda/pubkeys
if [ -f .custom ]; then \
                install -m 644 -t //usr/lib/crda/pubkeys/ root.key.pub.pem; \
        fi
install -m 644 -t //usr/lib/crda/pubkeys/ linville.key.pub.pem
install -m 644 -t //usr/lib/crda/ regulatory.bin
install -m 755 -d //usr/share/man//man5/
install -m 644 -t //usr/share/man//man5/ regulatory.bin.5.gz

Step 4. CRDA

Ok, Step 1 is to extract the package with command like tar -xvf ./crda-1.1.3.tar.bz2, then edit the python script for creating the directory for the newer python version. This is the same that we did before in Step 2.

BEFORE:

root@parasite:~# head -1 ./crda-1.1.3/utils/key2pub.py
#!/usr/bin/env python

AFTER:

root@parasite:~/custom_regulatory2# head -1 ./crda-1.1.3/utils/key2pub.py
#!/usr/bin/python2

Now for the new CRDA package, we need the public keys we compiled previously. So copy the two public keys from the wireless-regdb to crda-1.1.3/pubkeys directory.

root@parasite:~/custom_regulatory2/crda-1.1.3# cp -v ../wireless-regdb-2009.11.25/*.key.pub.pem ./pubkeys/
`../wireless-regdb-2009.11.25/linville.key.pub.pem' -> `./pubkeys/linville.key.pub.pem'
`../wireless-regdb-2009.11.25/root.key.pub.pem' -> `./pubkeys/root.key.pub.pem'

Great, now lets compile the regulatory database with make.

root@parasite:~/custom_regulatory2/crda-1.1.3# make
  GEN  keys-gcrypt.c
  Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/root.key.pub.pem
  CC   reglib.o
  CC   crda.o
  LD   crda
  CC   intersect.o
  CC   print-regdom.o
  LD   intersect
  CC   regdbdump.o
  LD   regdbdump
  CHK  /usr/lib/crda/regulatory.bin

And install with make install.

root@parasite:~/custom_regulatory2/crda-1.1.3# make install
 GZIP crda.8
 GZIP regdbdump.8
  INSTALL  crda
  INSTALL  regdbdump
  INSTALL  85-regulatory.rules
  INSTALL  crda.8.gz
  INSTALL  regdbdump.8.gz

Step 5. Reboot and Test

Great, after all the previous steps, simply reboot and after reboot, you can use the iw reg get command to check if your regulatory database has taken effect.

root@parasite:~# iw reg get
country 00:
        (2402 - 2494 @ 40), (N/A, 30)
        (4910 - 5235 @ 40), (N/A, 30)

Well, bingo!, the regulatory database is active and the kernel now should have no problem to allow you to use 1000mW or 30db power.

To see your new power in action, the quickes test you can do is to start a quick Ad-Hoc network with these commands:

ifconfig wlan0 down
iwconfig wlan0 mode Ad-Hoc
iwconfig wlan0 essid powerTest
iwconfig wlan0 channel 4
iwconfig wlan0 up
ip link set dev wlan0 up

And you will be able to manipulate the power output with the iwconfig wlan<x> txpower <number> commands.

root@parasite:~/wpa_supplicant# iwconfig wlan0 txpower 30
root@parasite:~/wpa_supplicant# iwconfig wlan0
wlan0     IEEE 802.11bgn  ESSID:"powerTest"  
          Mode:Ad-Hoc  Frequency:2.427 GHz  Cell: 26:8F:4B:21:7C:2A   
          Tx-Power=30 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

Summary

So what can I say, I hope this article was informative for you and that you will be able to enjoy some higher power outputs on your wi-fi cards. But please note that doing this is a violation of regulatory laws in most countries, so do this only for lab/test environment!

---
Peter Havrila , published on

11 comments ...

  1. when i use make command in crda package it show me makefile:69: *** cannot find development files for any supported version . stop plzz help i am use it in backtrack 5 r3 i did exactly as u mention above plzz help me ass soon as to be possible

    1. Hello Jeetesh,

      Check the “Makefile” on line 69, it is checking the libnl libraries. So probably there is something wrong with the ones you have. Try installing the libnl-dev package with “apt-get install libnl-dev” package. Or if there is some library problem in your installation, maybe try to install clean Backtrack to a virtual PC (vmWare or VirtualBox) and try the compilation there.

      And do not be afraid of reading the compilation files like Makefile before asking for help, on 99% in linux you can help-yourself sooner than asking on the internet if you try to understand what you are doing. And also there are much better linux forums (like http://www.linuxquestions.org/ or backtrack formus) where you can ask for help in contrast to this blog 😉

      Peter

      1. i have been installed all installation as same as u mansion above and but when i set the country BOLIVIA it will set but after it when i type command iwconfig wlan0 txpower 30 it show me msg faild on device invalid argument and it doesn’t allow me to increase power up to 20 so what should i do

      2. when i see the kernel message root@bt:~#
        root@bt:~# tail -f /var/log/messages
        Dec 3 11:52:43 bt kernel: [ 1608.315294] cfg80211: (2402000 KHz – 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315312] cfg80211: (2402000 KHz – 2494000 KHz @ 40000 KHz), (N/A, 3000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315320] cfg80211: (2457000 KHz – 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315327] cfg80211: (2474000 KHz – 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315334] cfg80211: (4910000 KHz – 5235000 KHz @ 40000 KHz), (N/A, 3000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315341] cfg80211: (5170000 KHz – 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
        Dec 3 11:52:43 bt kernel: [ 1608.315348] cfg80211: (5735000 KHz – 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
        Dec 3 11:53:11 bt kernel: [ 1635.551441] ADDRCONF(NETDEV_UP): wlan0: link is not ready
        Dec 3 12:00:38 bt kernel: [ 2081.980193] usb 1-1: USB disconnect, device number 5
        Dec 3 12:00:38 bt kernel: [ 2082.440038] usb 1-1: ath9k_htc: USB layer deinitialized

        Dec 3 12:01:05 bt kernel: [ 2108.799733] usb 1-1: new high-speed USB device number 6 using ehci_hcd
        Dec 3 12:01:05 bt kernel: [ 2109.262605] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51272
        Dec 3 12:01:05 bt kernel: [ 2109.516976] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
        Dec 3 12:01:06 bt kernel: [ 2110.302788] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.3
        Dec 3 12:01:06 bt kernel: [ 2110.322797] cfg80211: Calling CRDA for country: CN
        Dec 3 12:01:06 bt kernel: [ 2110.329656] ieee80211 phy3: Atheros AR9271 Rev:1
        Dec 3 12:01:06 bt kernel: [ 2110.332363] cfg80211: Regulatory domain changed to country: CN
        Dec 3 12:01:06 bt kernel: [ 2110.332375] cfg80211: (start_freq – end_freq @ bandwidth), (max_antenna_gain, max_eirp)
        Dec 3 12:01:06 bt kernel: [ 2110.332380] cfg80211: (2402000 KHz – 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm)
        Dec 3 12:01:06 bt kernel: [ 2110.332384] cfg80211: (5735000 KHz – 5835000 KHz @ 40000 KHz), (N/A, 3000 mBm)
        Dec 3 12:01:06 bt kernel: [ 2110.340640] usb 1-1: ath9k_htc: USB layer initialized
        Dec 3 12:01:09 bt kernel: [ 2112.757062] ADDRCONF(NETDEV_UP): wlan0: link is not ready

        1. It looks like you are still stuck on 20db based on your lines:
          Dec 3 12:01:06 bt kernel: [ 2110.332363] cfg80211: Regulatory domain changed to country: CN
          and
          Dec 3 12:01:06 bt kernel: [ 2110.332380] cfg80211: (2402000 KHz – 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm)

          What is your output from command “iw reg get”? I think you are still in CN with 20db limit. Did you managed to compile the new CRDA database correctly ? If yes and you are having trouble switching the country from CN to something else (like my country 00), then I would advise you to change the “CN” country in the regulatory database so that you can use 30db inside CN.

        2. after fresh install
          root@bt:~/Desktop/custom_regulatory1/wireless-regdb-2009.11.25# make
          Generating public key for root…
          openssl rsa -in ~/.wireless-regdb-root.key.priv.pem -out root.key.pub.pem -pubout -outform PEM
          writing RSA key
          Generating regulatory.bin digitally signed by root…
          ./db2bin.py regulatory.bin db.txt ~/.wireless-regdb-root.key.priv.pem
          root@bt:~/Desktop/custom_regulatory1/wireless-regdb-2009.11.25# make install
          gzip regulatory.bin.5.gz
          install -m 755 -d //usr/lib/crda
          install -m 755 -d //usr/lib/crda/pubkeys
          if [ -f .custom ]; then \
          install -m 644 -t //usr/lib/crda/pubkeys/ root.key.pub.pem; \
          fi
          install -m 644 -t //usr/lib/crda/pubkeys/ linville.key.pub.pem
          install -m 644 -t //usr/lib/crda/ regulatory.bin
          install -m 755 -d //usr/share/man//man5/
          install -m 644 -t //usr/share/man//man5/ regulatory.bin.5.gz

          for crda
          root@bt:~/Desktop/custom_regulatory2/crda-1.1.3# make
          GEN keys-gcrypt.c
          Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/root.key.pub.pem
          CC reglib.o
          CC crda.o
          LD crda
          CC intersect.o
          CC print-regdom.o
          LD intersect
          CC regdbdump.o
          LD regdbdump
          CHK /usr/lib/crda/regulatory.bin

          root@bt:~/Desktop/custom_regulatory2/crda-1.1.3# make install
          GZIP crda.8
          GZIP regdbdump.8
          INSTALL crda
          INSTALL regdbdump
          INSTALL 85-regulatory.rules
          INSTALL crda.8.gz
          INSTALL regdbdump.8.gz

  2. it’s very help full for me i have post it on many of linux forum but they did not tell me the exact reason of it but u sir thanxs and i am new in linux so thats why

  3. root@bt:~# iw reg get
    country 00:
    (2402 – 2472 @ 40), (3, 20)
    (2402 – 2494 @ 40), (N/A, 30)
    (2457 – 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
    (2474 – 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
    (4910 – 5235 @ 40), (N/A, 30)
    (5170 – 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
    (5735 – 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
    its show me as default country if i set another country like iw reg set US it set successfully and then i check my country by typing command iw reg get it show me
    root@bt:~# iw reg set US
    root@bt:~# iw reg get
    country 00:
    (2402 – 2472 @ 40), (3, 20)
    (2402 – 2494 @ 40), (N/A, 30)
    (2457 – 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
    (2474 – 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
    (4910 – 5235 @ 40), (N/A, 30)
    (5170 – 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
    (5735 – 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS

    crda package shows :-

    root@bt:~/Desktop/custom_regulatory2/crda-1.1.3# ls
    crda debian-example Makefile regdbdump reglib.c
    crda.8 intersect nl80211.h regdbdump.8 reglib.h
    crda.8.gz intersect.c print-regdom.c regdbdump.8.gz reglib.o
    crda.c intersect.o print-regdom.o regdbdump.c udev
    crda.o keys-gcrypt.c pubkeys regdbdump.o utils
    crda.spec LICENSE README regdb.h
    root@bt:~/Desktop/custom_regulatory2/crda-1.1.3# make
    CHK /usr/lib/crda/regulatory.bin
    root@bt:~/Desktop/custom_regulatory2/crda-1.1.3# make install
    INSTALL crda
    INSTALL regdbdump
    INSTALL 85-regulatory.rules
    INSTALL crda.8.gz
    INSTALL regdbdump.8.gz
    and i have change the country in db.txt file CN CHANGE TO CA
    so sir tell me what should i do next should i install it again
    and sorry for any kind of mistake in my english becoz i am not belong to english country

    1. sir now u can tell me insane because i could not read your blog carefully now its working instead configure my default country 00 in db.txt file i was created another country which name 00 so thats why its went on default 00 instead of newer one thank u very much for given me your precious time ..thank you

  4. i needed these libs installed at the python2 part at the top of the how to.

    apt-get install python-m2crypto libgcrypt11 libgcrypt11-dev libnl-dev

    Without these libs I get “Makefile:76: *** Cannot find development files for any supported version of libnl. Stop.”

Comments are closed.