Laptops And Wlan Card Whitelisting

not sure how many people know about this already, but many laptop manufacturers are whitelisting certain wireless network adaptors at the firmware level. by "whitelist" i mean that t he firmware checks the wireless lan devices vendor ID and product ID bytes during POST, if it can match it to a device in the whitelist it proceeds to load a bootloader (which subsequently loads the OS kernel); if the device is not found in the whitelist, then the system will halt at that point and the UEFI/BIOS firmware will never load the bootloader.

what this means is that you can only use approved PCI-E wireless lan devices (by the manufacturer). this is bullshit. the only way to get around this is firmware hacking, to manually edit the firmware image (adding the appropriate hex line to the whitelist), reassemble and flash the firmware with a modified image. i think if you could suspend the system somehow before the kernel is loaded and then introduce the device it might work, as at that point the firmware has handed over the processor to the bootloader which then loads the kernel from that point.

apparently, HP, on some models, use RSA hashing so that if you modify the image, even if you keep the length correct, and make sure that the memory addresses are correct, the hash verification will fail, effectively bricking the maching!

toshiba also implements a whitelist for PCI-E wlan adaptors in it's UEFI firmware. i don't think anyone should support this kind of practice on general principal. placing unnecessary restrictions on hardware is bullshit, when the hardware is perfectly capable.

think about the future, this does not need to be accepted practice in the future because i can already envision how things could be. you have to think about "when does hardware really become hardware" and things like that .. because it's code all the way down. how many more levels of code will there be say, 50 years from now?

 

.....really? That's some bullshit.

Vote with your wallet, don't buy anti-freedom devices, even if they're shiny and all the cool kids have them.

Do you have one of these machines? The direction I'd go (maybe just from lack of knowledge) is trying to hot swap it in, not just even after POST, maybe after boot, maybe there's some utility that can help you with re-configuring or recognizing PCI like during boot, while running.

 

well, that would mean to never buy apple ;P i would suggest anyone boycott any vendor employing these sorts of tactics, on general principal. it does not need to become the status quo that this is okay. i have read that recent HP laptops no longer feature a wlan whitelist but the HP laptop i have definitely does, atnd i havent been able to read the product ID and vendor ID because i can't boot with it. i really don't wanna brick this laptop, i may tinker with the other laptop i have .. overcoming restrictions teaches you things i have heard.

i wonder what other motives are behind these practices. i suspect it is another method to track people, they want to know who bought which laptop, and the MAC address of the network adaptor it came with. they don't want you to swap network adaptors, unless you consult with them first, so that they can record it in their database ...

usb wlan adaptors work tho, you just can't switch out the internal PCI-E adaptor that came with the machine for any other card. i can see the future going more than one way .. and it all depends on what people deem acceptable and ok .. and the general public .. gee, i'm pretty fuckin scared ... cuz they're fuckin sheep, they don't know, don't care, and don't care to know. but someone knows, they know .. know too much.

 

Ahh, well yeah.... it's been a few years since I've felt it's okay to buy apple products. I won't support them with the turns they've been taking.

Laptops have always been a bit more proprietary, for what it's worth - honestly, I had no idea that (for PCIE or or any other protocol) there was any standardized wireless (or other) internal slot type...laptops are usually ram/hd, and maybe CPU, and the rest is a black box. It's too bad that they try to hamstring them to only be able to use their approved crap, but it's not surprising, most of us wouldn't even consider it, wireless hardware comes with pretty much everything nowadays anyway, I'd be less surprised to find ethernet missing than wifi missing (holy shit, has the world changed fast). Most people who'd care about this sort of thing are buying their (stone-age) desktops piecemeal.

I'm currently on a toshiba laptop with it's stock wifi.... my piecemeal desktop (of 8 years or so) suffered a chain of failures, and is awaiting examination at the end of this semester - I have a lot less reason to worry about it now though, I accidentally destroyed the data on the drive that didn't crash, so.... I basically have nothing, at all, and am living in the digital moment on this laptop, like a digital hobo. Thousands of hours of (purchased) music, games, photos, books/PDF, etc, gone, most of which I didn't have physical media for anymore (and even so, re-importing is so time consuming).

I guess my point was mainly, jesus, how old is your laptop? And, like you said, USB, brah. those dongles work just fine and are recognized instantly and well by just about every operating system over every old-ass USB 1.1 or whatever.

I'm sure they'd like to be able to better-track us all, but who's got the money to buy shit new anyway... probably mostly just a sneaky way to start locking out competitor's hardware, to see if any loud linux-types noticed. I'm sure they also like the tracking, but I doubt that's the main motive. Besides, MAC spoofing is absolutely standard, it's not sketchy or anything, just standard networking tool/functionality.

 

it's not the PCI-E spec .. it's a whitelist implemented in code .. after if recognizes the device on the PCI-E bus it does the whitelist check.

and this HP laptop is 2 years old. faster laptop than my 1 year old toshiba laptop, which unfortunately implements whitelisting as well. it seems this is pretty common, these are the only vendors i have direct exprirence of this issue with tho. i was thinking it might be more feasible to try and rebrand the wlan device itself as a whitelisted device.

 

I just meant I didn't know there was any cross-manufacturer compatability of any internal devices on laptops, like that the PCIE plug was even standard or that they'd fit in a different manufacturers dimensions.

Yeah, it would probably be easier to flash the card than the computer - and you stand to lose a lot less.

But aside from the sake of doing it, what's the point of doing this? Again, can't you just spoof if you want a different MAC? Didn't machines that new come with wifi standard?

 

yeah, the MAC address can be spoofed easily. but it's mostly on general principle, and the fact that i "lost" the wlan adaptor for the laptop. also, some wlan adaptors implement a soft limit, below what the hardware itself is capable of (limit on Mb/s).

 

UEFI is a bit of nonsense in practice anyway. It should exist, the check-sums for drivers should be validated before loaded into the kernel as a security measure.

But in practice, it's been largely ineffective against rootkits, has prevented alterations of hardware and headaches for open source developers.