See Wap11Ver22UnHack for instructions to go back to linksys or other OEM firmware after applying this hack
Well, in the last big hack of wireless gear, the craze was to put Linksys firmware on anything and everything that would run it. This time around, the tables have turned. Linksys appears to have dropped the firmware ball so to speak, and the firmware touting the most features (and speed) is that of the D-Link DWL-900AP+. Maybe this should then be called the DWL-900AP+ hack, but since Wap-11 Hack seems to be such a known phrase, it's probably best for everyone's sake to keep the name somewhat the same. You're probably saying, "But I already tried that, and it always said 'Checksum Error'". This just goes to show that Global Sun Tech got smarter, this time, about how easy it would be to put one OEM's firmware on another OEM's hardware. What they've done is towards the end of the firmware file, there's a 2 digit OEM code. Try to put firmware that has a different OEM code than the firmware you currently have, and whamo 'Checksum Error'. So, just change the OEM ID and all will be well -- no, they couldn't make it that easy. There really is a checksum that has to be compensated for the OEM ID change. I personally got to the stage of looking for the checksum, then discovered that it had already been discovered and fixed. Why re-invent the wheel.
We must give much thanks to the guys at WirelessLeiden (http://www.wirelessleiden.nl) who seem to be the first ones to have figured this out. Your work is greatly appreciated. The original page seems to be here: http://www.wirelessleiden.nl/wcl/cgi-bin/moin.cgi/WAP11
guys, sorry to put a comment here, but the credits for the wap11 hack belong to Frank from beverwijk wireless. Frank only posted the hack on our wirelessleiden site because he thought it would be meaningful. He did a marvelous job and even corrected linksys and d-link bugs from the original firmware!
Evert Verduin from the Wirelessleiden organization http://www.wirelessleiden.nl.
Ok, to the hacking...
******follow these 10 steps to change your 2422AP OEM to a DWL900ap+*****
Download the necessary files, which I will mirror on my server. Please try not to trash my server too bad, or I'll have to limit the amount of transfer that is allocated to that web page. I'm not on a huge pipe, and it's shared with around 800 other people.
It would be nice if people downloaded it from me or from the original source and set up a mirror as well. I have a feeling that this particular hack will be quite big, with the prospects of running a WAP-11 ver 2.2 at 44Mbps when the new firmware comes out if Linksys doesn't also release a firmware upgrade.
Original Download Location
This link seems to be broken currently - you can use the mirrors below
http://184.108.40.206/~frank/Linksys/ (01-30-2003) I've made some new files available , Mirrors please update! Line 41: Line 287: Frank
Mirrors - Please add yours
DE - Germany - http://www.vallstedt-networks.de/?vendors/ap_flash
ES - Europe - http://hal9000.eui.upm.es/~xir/wireless/ver22/
What follows is basically a fixed up readme.txt from the zip file
- Check if firmware of your OEM is in this directory
- Go to "update firmware" and select: YOUROEM-to-DWL900ap+_nml.bin
- Install the firmware like you would install a normal 'Linksys' update
- Switch off your AP by unplugging the power cord and re-inserting it.. restart the AP with a hardware reset (the reset button on the back.)
- Set your ip address to 192.168.0.6 your netmask to 255.255.255.0
- Install your D-Link Access point Utility.
- Start the software and if all goes well it detects a DWL 900ap+ with unknown Firmware. (press "refresh" a couple of times if necessary)
- Select the firmware update that is presented to you and let it update! Wait until the green blinking light stops and press "refresh" so your AP will be detected again.
- Use tftp to upload rom.img to your AP. rom.img is the ROM Global Sun Tech puts in every D-Link before it ships. The ROM I included it the most recent one at the moment. Use the tftpc included in this file and upload rom.img to the address you gave to you AP 'the standard address is 192.168.0.50' Put the client In BINARY mode for a good transfer!
- Configure the ip and WIFI configuration and when you are done and it asks for a login, give it username admin and leave the password empty. Reconfigure your network to your usual settings and login to your improved AP.
Extra features: Full 22mbit support between other DWL's or reflashed wap11's! (probably also with unflashed wap11's but that hasn't been tested)
Repeater mode! (wireless!) DCHP server (with DNS support) Scan mode for finding other AP's when AP is used in client mode.
more logging possibilities. more filtering possibilities (you can clone a mac address from the logs) More security (setup program asks for a password and SSID broadcast can be switched off) A lot more help and info...
Because the DWL900 AP has only one antenna, the antenna selection is not included, this is not a problem, because you can do it with the weca.htm menu. You get this by going to the IP address of your AP and adding /weca.htm to the end of the URL. You can also switch on the power saving mode.
Firmware 23 has a broken repeater mode and the tftp bug 'fixed' in it is only half fixed Wait for firmware 24 the also promise a speed improvement of 100 % by allowing 44 Mbps (12Mbps real world supposedly)!
I've just tried firmware 25 and it works with one problem - none of the configuration utilities allow access to the AP now (either web or the dlink tools) and it's reset the settings to an SSID of 'default'. Just realized it has completely reset all settings and thus gone back to the default IP address. The Dlink Tools for 2.5 are available from the German Dlink site (ftp.dlink.de) and can gain you access again by changing the default IP address back. 25 has 802.1x support and some sort of radius authentication which looks interesting. It's also rock solid with my Orinoco card. The options for antenna selection and output power settings have also been integrated in to the main firmware. - Tim Kerby
Some other pages of interest include:
Wiki by AndrewHakman
Have a look at this link to find out how to get the power output to reach 100mw on the dlink firewall
Theres also a Hardware-Side Powerhack:
Line 127: Line 289:
January 6 2008
I have been having tons of wireless problems since moving to a newer Netgear wireless router; basically my WET11 stopped working reliably with it. So, I pulled out the WAP11 which had been sitting in a closet, and downloaded the latest stuff from Linksys and found that it still didn't really work the way I wanted it to. Plus, I couldn't upgrade the firmware at all because apparently it can only be done from a Win9x machine.
What I found, if others want to upgrade the firmware (as is the first step above, too), you can use tftp to do it. Either pull the tftpc_free installer out of one of the archives mirrored above, or use another one. I used the Cygwin version and it worked a treat.
- Set my machine's NIC to 192.168.1.1, because the default WAP11 address is 192.168.1.251.
tftp -i 192.168.1.251 put LinksysV2-to-DWL900ap+_nml.bin (although I suspect this would work for upgrading to the Linksys official firmware too) Note that this process didn't cause me any pain, I didn't have to twiddle any bits? Is the checksum only checked by the "official" upgrade path?
- Power cycle the WAP11 and hit reset for good measure.
- Change my PC's NIC to 192.168.0.6 as the documentation instructs me to.
tftp -i 192.168.0.50 put rom.img
Install and start the D-Link AirPlus manager software.
At the moment actually I'm stuck and can't find the WAP11 on my network, but I've been communicating with it and it has the DLink firmware and HTML pages and all that jazz on-board. Score!
Tom Plunket (at gmail.com)
July 12th 2004
I was having some major problems with making my wap11 d-link... It originally decided not to work for wireless full stop as a linksys ap so I thought, it's sitting doing nothing - let's play "Upgraded" to the D-Link as per the instructions above and it seemed to work. Changed the IP back to DHCP so my DHCP server would pick it up properly etc and then it died It didn't reply to pings and then when I tried all manner of hardware resets and resetting the NVRAM, I thought argh! I managed to get it to display a web page on 192.168.0.50 which asked for the firmware to be uploaded. I tried the D-Link bin file, the linksys bin file and the rom.img, but none worked :(. I decided instead to try something hardware based and took the thing to pieces - really easy Took out the PCMCIA card and booted it, go the webpage straight off asking for firmware so tried the d-link firmware, gave it 30 seconds to reset and bingo it worked.
Decided to finish setting it all up, upgraded to the latest firmware (2.61) and tested it a little without it's pcmcia card plugged in. All working fine and dandily
then plugged the pcmcia card back in and it seems to be fine once more. My guess is that it didn't like the pcmcia on the older firmware. It's one of the original ver 2.2 WAP11's so that could be why. I'm going to continue testing and i'll post if I have any problems, otherwise assume that this trick worked.
Just in case anyone else has had similar problems :0)
Hope this helps someone,
July 21, 2003
Has anyone running Appletalk protocol over WAP11's with the D-Link firmware? One problem I noticed with the Linksys AP is that it won't bridge any Appletalk packets between the wired & wireless ports, only IP... maybe running the D-link code would help? I'll probably give it a try, regardless.
I purchased a WAP11 v2.2 today with intent to hack/break it. My first impression: neither the factory firmware nor the latest Linksys firmware (1.1) would interoperate with my two Orinoco cards, both of which I've had for awhile and have worked with a bunch of vendors' APs. I'd get link for a moment, then lose connectivity, and it wasn't the result of a WEP/MAC filter configuration mismatch. I went straight to flashing the box with the D-Link A900+ v2.5 firmware... Works like a charm. I'm intrigued by the embedded DHCP server... could be useful in a home-office DMZ environment. One less box with moving parts sitting on the LAN. If I get a chance to do some stress testing on the new firmware and services, I'll report back. (I'm expecting the thing to crap out, considering the market - home users - and the street price)
Thanks to everyone who's contributed to this thread.
-jg Line 163: Line 291:
I have been using two WAP11 units in bridging mode and "upgraded" them last night to the DWL-900AP+ 2.5 firmware I downloaded from the hack attack link above. Everything went smoothly. My units now appear as D-links. The file at hack attack includes everything you need, including the d-link AirPlus manager utility. The 2.5 firmware does have an option to set the antenna configuration to "diversity" -- this option is only available from the web admin and not the AirPlus manager.
It seems that this hack works on Trendnet TEW-301APBX too.
New firmware 2.52 on ftp.dlink.com works perfectly.. New option appears: 4x mode.. It adjusts some parameters.. Don't know if it works or if it is supposed to be the 44mbps mode...
oops. I tried the 2.5 and 2.52 firmware, but only the 2.3 works perfectly. In 2.52 only show 4x parameter if mode is AP. In other mode can not visible this. Maybe, over 2.3 when no weca.htm the power is lower. I use this devices long distance 5-15 Km in town.
I've been running 2.52 for a couple of weeks without any problems. I talked a friend into upgrading his flaky wap11 2.2 to the latest d-link firmware and the AP stopped locking up intermittently. I was able to get 802.1x working w/ w2k IAS RADIUS with minimal effort, despite the lack of documentation @ D-link. Pretty cool for a low-cost AP. I haven't touched the enhanced throughput options since I'm using Orinoco cards in my client machines... I'm not a big fan of d-link's hardware... had one of the original dwl-650s & dwl-1000aps.. total crap.. but they're definitely on the ball with the TI WAP chip set firmware!
Does anyone know if this hack will work with the (Latest) Linksys WAP11 Ver 2.6 w/ firmware 1.06 (Nov 14 02) ? Mostly interested in increasing the power without using and external amp for a point-to-point bridge > 15mi.
Updated a USR 22 MHz Access Point Model 2249 today to 2.5 and worked flawlessly - Thanks for providing the info and the files!
-cno , Austria
I ran some messages on http://www.wirelessleiden.nl/wcl/cgi-bin/moin.cgi/WAP11 through a translator. I don't believe it with work with a WAP11 v. 2.6 since it is based on other hardware.
[ 15 Jan 2003 ] yes is already succeeded back to handle to WAP11 the firmware. THE WAP 2. 6 one bases on other hardware. [ 15 Jan 2003 also I have ] WAP11 v 2. 2, however before I it switches itself to waag in order to D-link firmware. .. Know someone or this simple reversible are? Did someone this try already? And knows someone it differs between WAP11 v 2. 2 and new 2. 6? ceebee@freeler. nl
[ 15 Jan 2003 also I have ] WAP11 v 2. 2, however before I it switches itself to waag in order to D-link firmware. .. Know someone or this simple reversible are? Did someone this try already? And knows someone it differs between WAP11 v 2. 2 and new 2. 6? ceebee@freeler. nl
-Chris. Dallas, TX Line 225: Line 293:
Line 227: Line 294: 03/07/03
TRENDnet TEW-310APB (from TRENDware) updated today to 2.52 with the hack and works perfect! Thanks for providing the information and the files!
I run the device as an AP client and now I would like to see data like SIGNAL, NOISE, SNR, ... of other APs. Any idea? (Maybe something with SNMP?)
- su, Germany
Works with Pheenet SOHO AP. Used EUSSO-to-DWL900ap+_nml.bin.
Does this firmware mod give access to any kind of signal strength indicator ? Using 2 WAP11 2.2's as a 4km wireless bridge and could really use some signal data.
*** someone help me*** How in the world can I flash back to the original WAP11 ver 2.2 I am having the checksum error problem. I tried to read the posts about this but they are not in English. Anyone have any ideas.I'm sure I am not the first to have this problem. I can't get into the Atmel with any software that I have found yet. Thanks AGH
I'm new to this wireless LAN setup, but I'm very interested in doing this hack to my linksys WAP11. However, I have question before I do so. After hacking, would I still be able to use my existing Linksys PCMCIA card (with 11mbps) to the hacked AP (with 22 or 44mbps)?
deGuzman - Singapore
All this equipment use the ThreadX RTOS (pico kernel) developed by Express Logic (http://www.expresslogic.com/threadxintro.html). This ARM7 processor support Linux. It will be a nice challenge to put Linux on them. BTW the PCMCIA from inside it is a Prism2 based card.
Anyone have problems with duplicate packets on wireless network with this equipment ?
I am going to try and hack my WAP11 ver 2.2 AP for my Linux box am also using a WMP11 PCI card , but before I do I need to ask a question. I am not getting an Internet connection from an ISP. I am getting it off an existing network. The reason I want to try this is to share it with 2 other computers I have. The wireless AP and card are working great in my Win XP box but unfortunately I can't share it because of the IP addressing. Microsoft's Internet sharing requires a different type of configuration other than the existing one on the network. Will my Linux box allow me to share it?
I have successful converted my Linksys Wap11 v2.2 back to the Linksys firmware. I had updated mine to the D-Link firmware and really liked the new options, however I was setting up a link with a friend who has a Wap11 2.6 and his would not link to mine. Basically all I did was download the newest Linksys firmware and then edited the hex in the very last line. The eight pair over was a 32, I changed it to 34, and then subtracted two from the last pair in the row. When I went to update the firmware there was no checksum error and after rebooting everything was back to normal. I got this idea from a web site telling how they edited the firmware to go from Linksys to D-Link. Here is the link to the picture here
9 Apr 03
I have just succeeded in changing my Linksys to a DLink box. Now to leave it running overnight and see if it loses the connection randomly, which it did with the linksys firmware (all versions).
Only one problem, but it does not seem to cause a problem - could not upload rom.img. Every time I tried (v2.5 firmware) it failed, TFTP client reported a server error and now the exLinksys box would not answer pings and only worked when rebooted - but now it was back to v2.2 firmware and asked me to update it again - so around in a circle I went a few times until I decided not to bother uploading rom.img
Anyone know what the possible problem is?
Brian, Oxford, UK
23 April 2003
Update to the above. It has not failed for the last two weeks when running with the latest DLink firmware (2.56) which adds support for 4X (but no documentation so unsure what it is), but I recommend this to all WAP11 owners just to improve its reliability.
Brian, Oxford, UK
25 April 2003
I had to change the hacked wap11 ver22 to a wap54g, because the users with wusb11 client had trouble connecting to it. The wap54g has SNMP in it, and the web interface still much dumber than the 2.52 Dlink version. The wpci11, and the other hacked wap11 had no problem to connect, but the weth11 had too. Anyone has an idea what causes it? Linksys uses the protocol slightly modified? Are there hacks to wusb11? And why is so unreliable the XP wireless LAN part? Sometimes it forgets the WEP key, or the users tamper with it?
Apparently it seems the output power was lowered by the firmware.
Szaki , Hungary Bryan, USA
Trendnet 310APBX - AP Client - Signal strength meter: howto?
what about SMC 2655W V.2? Is this hack works on it?
13 May 2003
Just tried DLink 2.57 on my WAP11s and it failed. The WAP flashed OK but upon reboot the activity light remained steady - config was accessible but no wireless was available. Downgraded back to 2.56 OK. Maybe they found out ;-(
Chris, Winslow, UK firstname.lastname@example.org
15 May 2003
OK so I have now come to the conclusion that none of the D-Link firmware I have tried in my WAP11s is totally solid. I am using AP-Client to AP with two WAP11v22s and I had a mixture of issues, especially when connected via hub/wire and wireless to the same AP (no traffic went anywhere). The *only* version that works without *any* issue is Linksys Firmware 1.010 which is hard to find (e-mail me if you want it) - and Linksys support are pretty useless as well! Good Luck.
Chris, Winslow, UK email@example.com
18 May 2003
I tried to upgrade Dlink 2.57 firmware on my WAP11 V2.2 it work well, my PCMCIA client can connect and transfer data quite well. But I did not see major change on this version.
Arjinpattara, Krisada, TH firstname.lastname@example.org
28 May 2003
Just applied Dlink 2.57 on my WAP11 V2.2 with no ill effects. I'm wondering what the new 3.x version that showed up is and whether it will work on the WAP11.
David Rasch, Durham, NC email@example.com
June 1, 2003
I'm new to this and I apologize if I'm intruding and not submitting correctly, but I've a question and didn't know where else to turn. D-Link currently makes the DWL-800AP+, a Range Extender/Access Point. It seems to be the exact same hardware as the DWL-810+, a wireless ethernet bridge. The Bridge costs nearly twice as much as the range extender. I'm wondering how to get the firmware of the DWL-810+ into the DWL-800AP+. I try uploading the firmware, but it ends in a checksum error. So, does anyone know how to get past this?
Chris Y., San Francisco, CA littlebeancurd @ hotmail.com
June 4 2003
I have built a WLAN around our local town using Netgear ME102 APs and same as clients. Then I bought 6 Linksys WAP11 2.2 APs. As soon as I started installing them things went downhill. The network slowed to a crawl and eventually stopped. It turned out the Linksys APs where flooding the network with hundreds (thousands?) of duplicate packets. The bridging code is broken. This is especially bad with WAP11s in client mode. In bridge mode they are OK (so far). I have tried Linksys firmware 1.01f and 1.1 and D-Link firmware up to 2.56 - no better. Luckily I have just found some DLink DWL900AP (not +) Atmel chip set same as the ME102 and original WAP11 so the 2.2s are getting scrapped (after three weeks). DON'T BUY THEM !!
June 7th, 2003
We just bought 10 of these units LinkSys WAP54G, for a client project at their request and man are crap. Instantly Activity is pinging uncontrollable, they have 20 Feet of range, and they bleed signal across 3 channels after 23 minutes. Basically can this upgrade work on the WAP54G access points. Customer go fooled into the 54G sticker on the box & now we have to make it work.
10 June 2003
The D-Link 3.0.2 firmware for the Revision C1 DWL-900AP+ does not work with the Wap11 v2.2. When I try to upgrade the firmware, it says checksum error. Oh well.
June 14th 2003
Further to David's earlier entry, I also applied the DWL-900AP+ ver 2.57 firmware to my WAP11 and configured per instructions. Using the new options, I cranked the transmit power up to max and left the 4x mode enabled. Works perfectly with existing Linksys WPC11 PCMCIA card and WMP11 standard PCI wireless card at 11 Mbps. Excellent signal strength and link quality throughout the house - no dropped sessions like the original Linksys WAP11 firmware was prone to. Just purchased a Dlink DWL-650+ PCMCIA adapter and DWL-520+ PCI adapter. Incredibly, these also work perfectly with the flashed WAP11 in the new 22mb/s 4x mode!!! The connection speed from my notebook is now virtually indistinguishable from a hard wired connection to the router/cable modem. This hack has added years to the life of my WAP11 - thanks to all for your pioneering efforts.
June 15th 2003
Applied the hack to my WAP11, which is connected to the Linksys WSB24 Wireless Signal Booster. I now get 22mb/s 4x mode with a Dlink DWL-650+ a hundred meters from the house. It also works perfectly with seven other 802.11b devices in my house like a Philips iPronto and Philips media streamers. It also works well with a Dlink DWL-900+ AP in repeater mode with the same 2.57 firmware.
July 2nd 2003
Hello, I'm able to apply the 2.56 firmware with no problem. However, when I upgrade to the 2.57 firmware the Act light stays on solid as soon as it reboots. I've tried getting the firmware from multiple sites. I also noticed in the configuration that it does not give the device a MAC address. Any suggestions or ideas would be greatly appreciated!
- Mike firstname.lastname@example.org
July 8th 2003
I run a node with a WAP11 2.2 with Dlink 2.56 firmware without problems. No dropped connections and works flawlessly even from 4km with Roamabout and Buffalo cards. Repeater function on another node also works without problems.
- Baz www.newrywan.org
July 8th 2003
Can someone tell me are hacked wap11 v2.2 will work with other Linksys AP's (wap11 v2.2 unhacked and/or wap11 v2.6)? Can you boost output power of wap11 v2.2 with D-link utility/firmware?
July 12th 2003
I've just successfully flashed my wap11 v2.2 to the Dlink 900AP+ 2.57 firmware with no problems. Link is rock solid. update 13th : I've now connected it successfully in client mode to an Orinoco RG1000 with AP500 firmware . the client mode appears to be what everyone else calls a bridge mode, the bridge mode didn't work at all for me.
July 18th 2003
I am running DWL-900AP+ firmware 2.57 on my WAP11 v2.2 with no problems. Without turning on 4X, link is rock solid. much better than linksys firewall. I suggest to turn off the 4X, if you are not using 4x NIC, cuz it causes disconnection quite often when d