Laptop Wireless Card Whitelists: An upgrade nightmare

What if I told you that an Intel 7260 dual-band dual-stream (marketing value 1200Mbit/s) 802.11ac mPCIe card with Bluetooth 4.0 costs just $26.50 including shipping and with just 5 to 15 minutes of your own work, you should be able to ditch the sub-par 802.11n single-band single-stream cards that many laptop manufacturers fit as standard equipment? Sounds like a great deal, but hang on … as I and many others have discovered, things are not so simple.

A Wireless Upgrade – Why it Makes Sense

Throughout the different iterations of wireless technology, the speeds and coverage have always improved from generation to generation. Even if you might be happy with your Wi-Fi today, it can make good sense to upgrade your card now.

For one, if you have a faster dual-band card, you are able to move off the crowded interference-prone 2.4Ghz network to a quieter and often much-faster 5Ghz network. If you already have the infrastructure, this is a pretty good move as it will free up the more limited and contented 2.4Ghz band for the few devices that require it.

If you have a faster dual or triple-stream card, you will be able to “talk faster” on the same band within the same bandwidth. As the air-time is shared amongst all wireless clients, having more streams at both ends will allow supporting clients to use less air-time for the same amount of throughput, or gain more throughput for the same amount of RF bandwidth. This in effect, leaves more air-time for other clients and co-channel networks to use.

Finally, by upgrading your card to the later, or latest standards, you can improve network performance as backwards compatibility with legacy 802.11a, b and g clients have significant overheads and disable some of the throughput enhancement functionality in 802.11n. By ridding your network of such legacy clients, you can run 802.11n ONLY modes in 2.4Ghz and 802.11ac ONLY modes in 5Ghz and receive much better quality of service.

But it’s not all about you either. If you ever use shared infrastructure Wi-Fi, say at a university or free Wi-Fi hotspot, by upgrading to the latest technology, you can get better service, while helping their networks perform optimally by de-congesting 2.4Ghz and operating in very-high throughput modes in 5Ghz freeing up air-time for other users on the same AP. Considering this doesn’t cost an arm and a leg, a good citizen should strongly consider this. A malicious user, however, might just try to get their 802.11b card joined on …

In the past, such upgrades were rare because internal wireless cards were not easily available, and often had high costs, especially for leading edge cards which featured the latest enhancements. Interestingly, it seems, this is no longer the case and even dual-band dual-stream wireless 802.11ac cards are affordable. Triple-stream wireless 802.11ac cards still cost a lot, and similarly to how triple-stream wireless 802.11n works, typically offers limited benefits when vendors are mixed. At this relatively affordable price, it would even make sense to buy cards for a future standard, say 802.11ac if you are only running 802.11n at home as you will be able to utilize the capabilities in the future without paying much more.

DSC_7508

In the case where a dual-band dual-stream wireless N card is already installed, it is simply a matter of exchanging the cards which normally means undoing two antenna connectors, one or two screws, levering the card out, pushing the new one in, screwing it down and re-attaching the antennas.

DSC_7511

DSC_7663See? The hardware side of things is hardly difficult. Most computers come with two antennas installed already, although I did meet one with just a single antenna. It wasn’t a hassle to shoehorn a second antenna into the chassis somewhere else, and glue it in place. If your computer is relatively older, it may have a full-length card, in which case a low-cost metal bracket adapter from eBay should fix that up.

If you only have antennas for single band 2.4Ghz, then operation at 5Ghz will be sub-optimal and could result in higher VSWRs resulting in shorter range and greater losses. However, with the low power, it’s unlikely the card will be damaged.

DSC_7507

Rather excited, I ordered a total of four cards to upgrade various machines that I owned, so as to help free up the 2.4Ghz band for the many devices that can only operate there, and improve the quality of service and throughput to those clients.

The Plan Falls Apart

I was feeling relatively good about this, because I had upgraded my refurbished Asus laptop with no trouble, and I did do this in the past when wireless A became a little bit popular, and I wanted some of my most used wireless G clients to have a chance to use 5Ghz A, so I started hoarding Intel PRO/Wireless 3945ABG cards.

But alas, it seems things had changed in-between some time, and my fairly well-used HP Probook 4525s complained about the card.

DSC_7513

The system stood there, unhappy, refusing to go forth until either the slot was completely vacated or the original card was re-inserted. That’s one laptop which won’t see the sweetness of dual-band 802.11ac.

I then tried to do the same to my HP dm1-4xxxAU, which … also didn’t like the card. It stood its ground, with a slightly different message.

DSC_7503

As it turns out, this phenomenon is known as whitelisting, and is where the system vendor (HP in this case) decides to limit the system through the BIOS software to only certain approved wireless card product and vendor IDs. As a result, only approved wireless cards with the correct part numbers, sourced from the vendor can be used.

The Whitelist Conspiracy

It seems that this whole whitelist issue has had limited media coverage, but has been met by many relatively technical people and may be one of the reasons mPCI/mPCIe wireless cards aren’t more widely available and upgrades are not often done.

At this time, it is known that some recent Lenovo, Toshiba, Dell, HP and Compaq follow this whitelisting practice. From my experience, it appears that Asus, Acer, and MSI don’t.

From what we known, it seems the whole whitelisting initiative has to do with making the system compliant to FCC standards, so that the unit as a combination can be passed. But unfortunately, such a reasoning doesn’t really wash with me for several reasons:

  • The FCC certifies the combination as compliant, but if any change to configuration occurs, then the new combination isn’t technically compliant, even if by using other FCC compliant devices. This may mean that a laptop and charger is FCC compliance tested, but there is no way to guarantee that plugging in an FCC approved USB wireless adapter won’t void it.
  • The manufacturer doesn’t really have any requirement to ensure the product remains compliant once an owner deals with it. For example, you can upgrade the RAM or hard drive and that could easily immediately void the FCC compliancy – so why not the wireless adapter?
  • Other manufacturers are able to sell into the US market, and thus would be required to meet FCC requirements, but do so without the use of whitelisting.
  • Identical wireless card hardware is sold with the same model numbers and approvals but do not work as the whitelisting is often based on custom vendor-based VID/PID combinations.
  • The concept of FCC compliancy doesn’t apply outside of the US. Products outside of the US are to be certified to different local standards, and I don’t believe that those preclude the change of hardware by end users.
  • Laptop users are known to roam the world, say, for business – having wireless cards with incorrect country code settings are likely to be an even bigger issue than having an upgraded wireless card, which in itself is FCC approved …

In the end, this is just another form of DRM and is really not welcome. Just like any other DRM, it has been shown to cause inconvenience to users:

  • In some cases, it was proved that the cards that are on the whitelist are not actually coded into the BIOS and ordering these part numbers will still run into issues.
  • In other cases, it is shown that the parts were sold at a huge mark-up compared to the non-whitelisted part despite containing the same hardware.
  • It causes inbuilt obsolescence – should you wish to move to an 802.11ac-only network for the best performance, you have a choice of either staying on the (very slow) 802.11n 2.4Ghz band, or use an inconvenient USB external adapter with some performance and convenience penalties.
  • By shipping many SKUs with the bare minimum wireless technologies (i.e. “align” 1×1 2.4Ghz Wireless N “150Mbit/s” cards), they are contributing to wireless spectrum congestion by making their computers consume more air-time for the same amount of data transferred. They are also reducing user satisfaction by making their laptops use the more congested and interference-prone band. Considering wireless-spectrum is a shared “public” property, this is very inefficient and prolongs the use of older wireless technologies which mean that higher throughput modes are unable to take full advantage of their abilities when operating in mixed (protected) modes.
  • Users of other operating systems, for example, Linux may have to contend with the fact the adapter supplied may be poorly supported without any option to change to a better supported adapter.
  • This fact is not communicated to end users when purchasing the laptop, and such whitelisting is known to extend to WWAN and GPU cards.
  • Moving countries with a laptop with a WWAN card, there may be no possibility to change the WWAN card to one that supports local bands or standards.

In all cases, this is not a hardware limitation and there is no hardware reason why the cards are not compatible. The incompatibility stems from the software in the BIOS. It’s gotten some people quite angry to the point of having a petition online, but we all know that these things don’t really get really far.

Evade the Block? Oh no you don’t!

When the issues were first reported, several evasion methods have been reported. Reports of taping up certain pins, modifying the EEPROM of the wireless cards to have a different VID/PID have been made, although they can be quite difficult to achieve. Modifying the EEPROM will have other effects, such as causing the incorrect drivers to install, and making installation of the correct drivers more difficult.

Most of these are generally unsuccessful against modern machines or come with significant caveats with the exception of a modified BIOS. Unfortunately, such modified BIOSes come with no warranties and are mostly the work of community BIOS hackers with limited time and resources. With the vendors changing their BIOSes periodically, keeping up with the latest BIOSes is an issue.

For older HP laptops, some BIOSes are available if you do a search. However, with my laptops, I couldn’t find any. I did find one for a similar HP dm1-3xxx but flashing that one bricked the laptop until I recovered it manually.

HP laptops currently use an Insyde BIOS. There have been instructions (here, and here) to remove the whitelists from these BIOSes, but I think they really only apply to the older 1Mb size BIOS. Both my laptops are 2Mb size.

Both instructions are similar in that they are changing the opcode for a conditional jump that closes an infinite loop after test al,al with an unconditional jump.

The first step was to use the Universal BIOS Backup Toolkit to extract the BIOS from my HP laptops. This is because the BIOS in the flasher is generally encrypted and compressed to prevent direct tampering. Following the instructions, I used the Phoenix/Dell/EFI SLIC Mod Toolkit to decompress the BIOS image and extract the DXE Core and analyze it in WinHex to find the relevant module with the error message.

Module in HP DM1 F.19

In the HP dm1-4xxxAU F.19 BIOS, it was found in the StartUpMenu module.

Module in SP57753 Probook 4525s F.21

In my HP Probook 4525s F.21 BIOS, it was found in the ErrorLog module.

Analyzing the modules in IDA Pro, I could not find test al,al, nor could I find any calls to subroutines with an obvious infinite loop “trap”. In fact, the only looping structure in the whole module I could see was this one, which was present with subtle differences between the two BIOSes. This one seems to have a possibility of exiting, so it probably has a meaningful purpose, although the line test rdi, rdi is not test al,al … and the condition at the end of that block is a jz not a jnz as the instructions alude.

IDA-Probook4525s IDA-HPDM1

It’s really not a good idea to make changes without a good idea what is being done, and my understanding of x86 opcodes is almost non-existent, and I haven’t the faintest clue on how to trace the execution properly. My assumption is that the locking method has changed in the Insyde 2Mb BIOSes, and as a result, very few hacked/patched BIOSes are available. The locking may be taking place in another module altogether.

This took me a whole afternoon of playing around – which led to me learning a little more about how complex modern BIOSes are, but alas, no success.

Conclusion

Whitelisting is a software-based practice which limits the usable wireless cards in a system to those which have been pre-approved by the vendor. There appears to be no hardware-based reason for this, and it seems this form of DRM produces an inbuilt obsolescence and financial benefit for the vendor while providing no benefit to the end consumer.

If the vendors wanted to care for their end users, they would release an unencumbered version of their BIOS. Even if it’s marked “beta” or “warranty voiding”, I would not care because I know that’s what I want. It’s my hardware, it should be my choice. By making their BIOSes needlessly complex, and involving code signing, even community-driven BIOS modification is not able to keep up with the variety of locking methods that exist. Unfortunately, I don’t have sufficient skills to contribute either.

I think that those who care should vote with their feet and avoid the vendors that whitelist so as to keep their options open in the future. However, the majority of users probably won’t ever see or understand the message … and this will probably continue into the future.

As a result, of the cards that I had ordered, many of them went into less-frequently-used old netbooks, rather than the much more modern systems which see more use.

Update

Almost two years later (24/07/2016), with thanks to information supplied by a reader, the Probook 4525s has been liberated. Read here to find out more.

About lui_gough

I'm a bit of a nut for electronics, computing, photography, radio, satellite and other technical hobbies. Click for more about me!
This entry was posted in Computing, Telecommunications and tagged , , , , , . Bookmark the permalink.

27 Responses to Laptop Wireless Card Whitelists: An upgrade nightmare

  1. rasz_pl says:

    You can hardcode new card PCI ID Instead of skipping the check result.
    Search those bioses for the whitelist (hex of known whitelisted PCI ID), and replace one of the entries with your card.
    Maybe you could also modify card itself to report different PCI ID(possible with intel 2200).

    http://forums.mydigitallife.info/threads/20223-Remove-whitelist-check-add-ID-s-to-break-hardware-restrictions-mod-requests

    • lui_gough says:

      Good idea – provided you can find the VID/PID combination within the DXE Core, and it’s unique (isn’t a common byte sequence, otherwise you might patch something important). Will still only work for the card you’ve “exchanged” the VID/PID for. In fact, I’m going to go looking for it right now and see if I have any luck! Thanks for the idea.

      Modifying the card itself is unlikely, the 2200 is a very old PCI card, and I’m not sure if the same methods work for the mPCIe cards. My main annoyance is that I will have to go around modifying INFs for Windows drivers to get the cards to operate, and hope that should the wrong drivers for the previous card pick-up the card during installation (for example) that no crashes/damage occur.

      In the end, it’s very much a frustration which didn’t need to exist. With my Asus, it’s as simple as two connectors and one screw, and everybody benefits. Why can’t more companies think of their consumers!?

      – Gough

      • lui_gough says:

        Alas, I was able to find the VID/PID combination after noting the advice in the link that it is stored in byte-reversed order. I patched the module and repacked the BIOS image, but then I realized I have no way of actually flashing the damn thing onto the laptop!

        I tried making a bootable flash USB using HP’s tools and replacing their 2Mb BIN file with my 2Mb BIN file, but it complains it can’t read from disk (tried several USBs too). I tried the Insyde Win+B recovery method, using SMC.BIN (suggested by Andy’s tool), as well as 68CPK.BIN (as supplied by HP) and neither want to work. As a last ditch attempt, I did try using the HP Qflash Tools to create a recovery USB key which produced a folder named HEWLETT-PACKARD with subfolders BIOS (with subfolders Current and New) and BiosUpdate. Unfortunately the key doesn’t trigger BIOS recovery, and while there are 2Mb BIN files which I can replace, they are accompanied by a .SIG file which may stop them from verifying.

        As far as I can tell, this particular series of laptop (HP Probook 4525s) doesn’t ship with InsydeFlash to do the BIOS flashing. I wonder if employing InsydeFlash would be a wise idea given that I have no confirmed working recovery method …

        A quick gander through the HP DM1 BIOS shows it uses InsydeFlash, but the BIN file provided is larger than 2MB by a bit, and is “encrypted” in some way. I don’t think replacing this one with a raw dump is going to flash properly either. Grrr!

        Thanks a lot HP. And yes, I did check I have the right BIOS for the right laptop …

        – Gough

  2. TheJGB3 says:

    I have the same notebook Probook4525s, and the same card 7260HMW. I will even pay a reasonable amount for a solution for this.

  3. Phil says:

    Is there anyway to find out if the E5-571P-55TL has a bios with a whitelist?

  4. grant says:

    Yup, after 2 days of playing around on my hp dm4-2191us trying to get whitelists working, I gave up. It seems that noone has been able to figure out the encryption or get it successfully working on the later models.
    It does leave a VERY bad taste in my mouth considering that they have purposefully blocked something with the only goal of increasing profits, while trying to claim it has to do with compatibility/compliance.
    My current dm4, apart from the extremely terrible wifi card is the best all-around laptop i’ve owned. (my previoius AcerAspire 5479g takes the cake as the best performance but was lacking in battery and lightness).
    I’m about to order an external card for it, and continue using this laptop until it runs out… BUT this is my last time buying an HP laptop.
    I do find it funny that I am an IT buyer for the company I work for and we periodically look at our accounts to figure out if another supplier is better suited for us…

  5. It seems HP likes to play this game, and even in the lower range this is rather prevalent. Please do vote with your wallets. No more HP for me and my friends.

  6. Tony Carr says:

    I recently bought an HP laptop and it will be my last. After trying to upgrade the PCI-E wi-fi and getting the ‘unsupported’ message I regard the PoS as being unmerchantable. I am planning on returning it to the retail outlet and demanding my money back as it is not fit for the purpose for which I bought it. I am a PC tech and that should quash any claims warranty invalidation

  7. Louis Le says:

    I’m lucky, got 2 hp laptops and replaced both with BCM94352HMB or AW-CE123H dual band wifi and bluetooth 4.0 without any problems, yes, on both I had to tape a pin, but it let me to boot. I like HP because they’re great for Mac OS X. Envy 4-1117nr Ivy Bridge and x360 15-u011dx i7 haswell. I think they removed the white list or I bought the ones made for HP.

    • Thanks for this. Apparently they removed it on your laptops cause that model is not listed in the “supported” cards. This info lead me to buy the Intel 7260HWM ac for my new HP and risk it! Worst case scenario I resell it I guess.

  8. Maren. says:

    I am finding that this Whitelisting is also done at Windows level.

    I am trying to upgrade a ASUS laptop with a Intel 7260 mini PCI E board and find that I get Error Code 10 driver wont start in Windows 7 Device Manager however it works perfectly within Linux.

    On the Intel site it seems that Intels generic drivers won’t load (Code 10) on OEM versions of Windows and that we should refer to the laptop manufacturer for the Drivers.

    We have a similar problem here, where the vendor wants to ensure we don’t upgrade our laptops.

    If you google on 7260 problems with the WIFI no starting, it is a huge problem. Most people dump the board and go to Broadcom.

    • lui_gough says:

      I had no problems with my upgrade – I swapped in an Intel 7260 into my Asus K55A running OEM Windows 8 upgraded to 8.1 and it installed first time just fine. A code 10 normally indicates an issue with resource allocation or driver conflicts, which may happen more often on OEM installs of Windows as they might already come pre-baked with many drivers for their expected cards which may be causing conflicts. Installing a fresh copy of Windows without the crapware bundled in by OEMs might help, but is a long way to go for a wireless card. I also swapped in an Intel 7260 into an Asus R011CX running OEM Windows 7 with no such issue, so I suspect it highly depends on the particular model and build, and is NOT likely a whitelisting effort, merely a conflict of some sort that hasn’t been clearly identified.

      – Gough

  9. Zulu says:

    My Lenovo Y510P came with a single band wireless-n card which is slowly dying. I was going to upgrade it but my search for a card didn’t turn up many results, which seemed odd. Then I found out about this whitelisting nonsense and that even if I get the same model it may not work, much like you covered. But then your page here turned up as a result and I think I will go ahead and upgrade… just so an Asus or Acer laptop instead. I’ve made sure to tell everyone who I know is looking for a new laptop as well. These manufacturers should be a little more upfront with the fact that it’s more of a conditional ownership on our part.

  10. required says:

    So, this UEFI BS is yet another way to fu..dge the consumer… I’ve never had a good opinion about it, especially when the much trumpeted feature of integration with the OS never materialized.
    We’re going to live interesting IT times…

    • eunderhill says:

      Actually this white listing nonsense predates UEFI. Many traditional BIOS’es have white listing as well. I had to deal with it on an old IBM Thinkpad T42 laptop. There where three methods of dealing with the problem. Two of them are the BIOS hacks discussed here. The third one was considerably easier. You just booted up DOS and ran a small program which would toggle a bit some place. I’m not sure what was being modified, but my guess was that the bit resided in the BIOS CMOS storage area. Once the bit was toggled, the white list on wifi cards was effectively disabled.

      • lui_gough says:

        I suppose that was true, and again seems to be a very much “vendor” oriented thing, especially with those that had custom BIOSes. It’s interesting to hear that the check could potentially be disabled with a simple bit-toggle, but in any case, it’s not known how this could be applied (safely) to more modern devices.

        In general, pre-UEFI BIOSes tended to be much more simple with less signing verification and other hoops to jump through to load up a new BIOS. Back then, you could run the appropriate MS-DOS flash utility (e.g. AMIFLASH/AFUDOS/etc) with the /f flag and it would overwrite your BIOS with anything you pleased (including bricking your device, changing boot logos and onboard NIC MAC addresses). Things are not so simple anymore, which leads us to the “do you really own your product?” arguments of today. The other reason why UEFI gets dragged into this is that it adds more complexity to the BIOS making bypassing it on a code level more difficult than with conventional BIOSes (which often had 2-4MiB of code rather than 8-64MiB of today’s fancy “graphical” UEFI BIOS implementations).

        – Gough

  11. ghostmechanic says:

    I came here because of a google search since I’ve been researching whether or not I can upgrade the wifi NIC in my HP Sleekbook. I already knew about the whitelist thing but I’m trying to figure out if it can be bypassed or what my options are. I have owned several HP laptops in the past. In fact the only reason I’m using this one now is because my Compaq that I had been using (that I loved & had setup exactly as I wanted) has an issue with the graphics chip so it won’t boot anymore. I bought this one used to use temporarily until I get my motherboard repaired but I thought it might be time to just upgrade. I have the model Envy 6-1019nr which has a flimsy AMD A6 APU as compared to my old Phenom II at 3.6 GHz. But it has better graphics, can accept more & faster RAM plus it has USB 3.0 ports. Also it’s thinner & all pretty with brushed black aluminum lol. Anyway the wifi card in it is terrible & from what I’m gathering it’s pretty much not replaceable. Because of this BS I think I’m done buying HP. I had already written them off for printers…

  12. required says:

    As a tech workaround I imagined changing the new wifi board SPI EPROM contents as to reflect the old wifi VID/PID, and modifying the INF file for the new driver (the new board may be based on a different flavor of the wifi chip) to contain the old VID/PID along the new one. IDK if it works, no time and environment to test it.

    • lui_gough says:

      That could be a possibility if you had the time to work out where the PID/VID is stored in the EEPROM and also fix up the checksum after you’ve modified the EEPROM so that the card will accept the new values. Modifying the INF will break driver signing, which may mean that you will have an extra hoop or two to jump through during installation – but either way, wrong PID/VID will always be an inconvenience especially when installing other OSes or if you get a driver update package.

      – Gough

  13. eunderhill says:

    Here’s a method of getting around the white list at boot time without modifying the BIOS. The con is that you need to get a hold of a copy of a Linux distribution that uses Grub2 as it’s bootloader, some Windows tools and your motherboard chipset documentation. With Linux, you install Grub2 to your hard drive and pass a string to the PCI memory space. The idea is to enable the device after the BIOS white list disables it before any OS is up and running. here is the site on this http://milksnot.com/content/project-dirty-laundry-how-defeat-whitelisting-without-bios-modding

    • lui_gough says:

      I’m not sure this method is applicable to the vast majority of present whitelist implementations which results in the BIOS hanging into an infinite loop without any way to continue booting until the offending card is removed. I can see how if an OS was allowed to boot, of course, with the right manipulation of the bus controllers it can be possible to reactivate software-disabled slots/cards … but if you can’t actually get to the bootloader, this is all moot.

      – Gough

  14. DT says:

    Hello

    I just finished whitelist removal on similar HP notebook as yours is. I can help you finish yours if you like, maybe you can update this article then. Contact me via email or FB.

    • lui_gough says:

      Hi there,

      Sorry, as comments are moderated, you did not see that your comment indeed made it through the system waiting for me to “wake up out of bed” and go and approve it :).

      It’s definitely interesting news, although it’s been a very long time since I looked at it and the laptop in question isn’t really that useful to me anymore. However, it will still be interesting to find out exactly how you managed your way around it. I’m presuming you were not able to flash the BIOS using regular tools, and had to resort to patching a binary dump and flashing it back to the chip in some means (e.g. disassemble laptop, desolder the chip)?

      – Gough

  15. I believe at least nowadays that HP’s UEFI bioses have a manual bios update feature. Hit “BIOS Rollback” or something to that effect, and it lists the contents of the UEFI partition (BIOS/Current/xxx.bin), etc. This just takes a .bin. I know with later updates to the Probook 4520 BIOS they enabled signing of the bin file, but you should be able to program an EEPROM with any old BIOS and solder it on (or, with the power off, connect something like a BusPirate and bitbang-program the SPI EEPROM. Just a thought, as i haven’t tried it explicitly)

  16. Jesus says:

    Excellent thread. Thanks for keeping this alive.

  17. Melchior says:

    Nice thread.. I am worried for my friends laptop..an DELL Alienware.. model unknown at this point…
    I do know it came with a Killer 1525 AC card..
    white-listed idk… but if a driver update fails to fix his extreme ping issues replacing it with either a
    Intel 8260 AC or Intel 7260 AC might work if his gaming laptop is not white-listing… :/

Error: Comment is Missing!