Windows The Realtek RTL8187L Mass Production Kit EEPROM modifier.

Discussion in 'Wireless Drivers & Utilities' started by kevsamiga, 4 Jan 2014.

  1. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    406
    Likes Received:
    126
    Realtek RTL8187L Mass Production Kit.

    A set of programs and a special driver for the RTL8187L based adapters, it allows you to make modifications to the content of the EEPROM of the adapter.

    Example, you can change the transmit power on each channel separately, the MAC address, the margin sensitivity, signal interpretation, default regdomain. The package also includes a program to test the efficiency of the card as well as several types of normal driver for the card, including driver-adjustable power.

    Some terse instructions are included inside the archive...but I would recommend further reading first before even attempting trying to tinker. When finished editing you uninstall this package, and put your original drivers back.

    Changes made using this program are fixed, changing the MAC definitively, regardless of the machine. The program can potentially irreversibly damage the card, and if the card is damaged I own, or take no responsibility. It is an official program distributed by Realtek however, but all use is entirely at your own risk if you can afford to risk destroying your adapter by modifying it and bricking it by setting the TX output far too high for the SiGe power amplifier on board etc...

    Windows XP is probably best to use it under for maximum compatibility in this case...

    Please share any discussion regarding this tool in the thread, and post any .MAP files dumped from your various adapters WifiSky, Kasens, Alfa etc, which can be loaded in by the tool & will help others to adjust their channel TX settings and data accordingly.

    Happy pen testing 2014, Kevsamiga.

    Link

    Realtek RTL8187 Mass Production Kit
    --- Double Post Merged, 4 Jan 2014 ---
    ------------------

    Ok here is my own Kasens G9000 RTL8187L .map file which I pulled today to start your collection off (might need renaming)....

    KasensG9000

    Interestingly, from personal analysis of both ALFA036H and Kasens G9000 EEPROM's chips using the tool :-

    It appears the Alfa sets a higher TX power when operating in CCK mode (11 vs 10 value), OFDM mode is equal between Kasens and Alfa 8187L variants (Value 9 each).
    However the TX setting on this other tool installed goes up to 15 which I presume is the full 1 Watt, but SiGe AMP is only rated for 26dbm ?!?

    I dare not begin to flash any other values available in front of me atm. I'm just having a look around my adapter's EEPROMS for the moment but dare not touch writing any real values just yet. :)

    Sooner or later curiosity will get the better of me though... :)
     
    #1 kevsamiga, 4 Jan 2014
    Last edited: 4 Jan 2014
  2. Remington

    Remington Well-Known Member
    VIP

    Joined:
    17 Dec 2012
    Messages:
    168
    Likes Received:
    24
    So according to your readme this isn't for anything past XP? I'll past on this anyway and just continue to use your 3.1 drivers for now.
     
    • Like Like x 1
  3. .::JiGSaW::.

    .::JiGSaW::. Hello! I want to play a game ...
    VIP

    Joined:
    22 Jun 2012
    Messages:
    94
    Likes Received:
    32
    This is interesting ... this means that whit this tools can modify 8187l card EPROM ? can you share please pictures of the default parameters from your Alfa and Kasens cards captured from the program to compare the deference's with my card!?
    My card is Sky-City with RTL 8187L Chipset I am curious to compare EPROMS settings from these device and if is safe to modify to the highest safe rate! Thank's!
     
  4. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    406
    Likes Received:
    126
    No because it's very old, hence XP only. Plus the special driver that allows this manipulation is only an XP driver.
    --- Double Post Merged, 14 Jan 2014 ---
    I don't have that data to hand (they are saved as .map files) and you load values from eeprom first using the tool (then save .map to save card settings out which overwrites 8187L.map in program files folder) because I've given the 036H a rest and I'm sat on an NHA right now which arrived yesterday, but if your curious and want to just look at what the program does without touching anything you can find more info here (translated from polish)

    Google Translate

    From memory of fooling with it a few weeks ago my Alfa 036H V5 1W had values 9B for channels 1-14 (the values range from 1-15 in HEX)

    First value is for OFDM, second value is CCK TX power stored in 8187L's adapters eeprom.

    My Kasens G9000 RTL8187 had values 9A for channels 1-11, and 9C for channels 12-14. Cards like Wifly may just have values 99. Orignal Alfa 036H 500mw had values 52,53 or 55.

    Have fun, and don't forget to untick increase mac address when doing any writing or it will change it. Apparently you can do such things like turn your old 500mw Alfa 036H into a 1W model by hacking the eeprom and things like that, but if the power amplifer chip on the adapter board not support these new settings, you may destroy the adapter by setting values too high, so it's a risk using these programs to hack the eeprom. I haven't messed up mine by "playing" but....

    If you mess up your adapter by "playing" don't blame me, I'm just the messenger.
     
    #4 kevsamiga, 14 Jan 2014
    Last edited: 14 Jan 2014
  5. air_pull91

    air_pull91 Well-Known Member

    Joined:
    28 Jan 2013
    Messages:
    50
    Likes Received:
    3
    hi..
    i already download the file..
    but dont know what to do next..
    is there anyway u could assist me..
    especially on how to test the RX/TX packet..
    and meaning of the term use like its function so on and so forth :)
    Thanks..
     
  6. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    406
    Likes Received:
    126
    There is some terse documentation included inside. If you can find the Chinese version it has more documentation (apparently).

    I haven't any time, nor inclination to figure every single function that exists and document it all on here, most are self-explanatory.

    There's also a V 1.42 floating around...

    You can load .map files saved from other adapters to compare differences.

    It's an old program from 2005/06 for configuring realtek adapters for OEM at the factory.

    Most end users were not meant to be fiddling around with it unless you know what it does.

    I just posted it on here for those interested in poking around the eeprom, for those who are extremely bored, and for those who like blowing their adapters up and/or have too much time on their hands. :)

    Unfortunately I can't help with every feature and function the RTL8187L EEPROM tool does because I didn't build the thing, so your just going to have to be in charge of your own destiny here and create your own road show I'm afraid.

    ....Because I'm not going to be coerced into destroying, or being responsible for the fate of your adapter by inputting incorrect values, when I don't yet understand how everything works with it myself.
     
    #6 kevsamiga, 14 Jan 2014
    Last edited: 14 Jan 2014
  7. air_pull91

    air_pull91 Well-Known Member

    Joined:
    28 Jan 2013
    Messages:
    50
    Likes Received:
    3
    Ok..noted..
    I'll do some experiment with this thing whenever im free..n see how it goes..

    Sent from my Lenovo P770 using Tapatalk
     
  8. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    406
    Likes Received:
    126
    Realtek RTL8187L EEPROM Mass Production Kit version 1.42.

    - Release notes in the package.

    8187L_MP_v142_Realtek
     
  9. surecat

    surecat Well-Known Member
    VIP

    Joined:
    19 Jun 2012
    Messages:
    12
    Likes Received:
    3
    Pleasant chat in anticipating the first who will try)))
     
  10. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    406
    Likes Received:
    126
    Well people, I was brave enough to try it for :censored's and giggles 100% seriously today and did some tests, because I already have
    x2 RTL8187L's with one spare to waste...

    I set the values to maximum of FF for my Kasens G9000 RTL8187L as I'm not really too fussed if it dies because I still have an 036H v5 as a backup on the other hand...

    I set the region to FCC while I was in there same as 036H has, but keeping the unique Kasens MAC address that doesn't exist on any database unlike Alfa. :)

    The slider for CCX diagnostics now goes up to 17dbm as a result, and there is a tangible increase in output, with no detriment to the connections.

    100% power using the power control drivers equates to 17dbm, around 50mw. I'm in Europe as well btw.

    (measured this positive increases in output by the level of strength of inductance sounds next to the the PC stereo speakers when operating next to them, and doing speed tests on a connection comparing with Alfa 036H, and values Kasens had before on maximum power slider all tested in same spot with a 5dbi omni)

    It's now approaching much closer to my ALFA 036h's output, although the ALFA doesn't need to be messed with anyway using this tool since it appears
    strong if not stronger in output already to start with by somehow bypassing these EEPROM controls (probably due to Skyworks 2576L quality PA inside).

    But the Kasens output was (and sounded) very weak in output until I edited the values with this utility compared to 036H. Now less so...

    I won't pass up on a free boost to make a cheap and nasty 036H knockoff tricked out with a free power increase so the changes are permanent.

    So ok I might shorten the Kasens G9000's lifespan, or prematurely burn out the piss poor PA inside, but at the price of a Kasens to tweak it's output up for free who cares.

    Better to burn out than fade away...:)
     
    #10 kevsamiga, 15 Mar 2014
    Last edited: 15 Mar 2014
    • Like Like x 1
  11. pedropt

    pedropt Active Member

    Joined:
    21 Sep 2014
    Messages:
    7
    Likes Received:
    1
    Hi guys , i have here a broken alfa 036h witch does not TX , it stopped work when i use it at 27dbm in linux .
    the card can RX and see the wifis around , but is not able to transmit .
    I can use it for testing .
    I have here another card with also the same chipset , how can i read the data from the good card , save the map and then write that eeprom data on my broken alfa to test ?
    --- Double Post Merged, 24 May 2016, Original Post Date: 23 May 2016 ---
    Wow !!!! i just fixed my alfa network card that was broken .
    I have a crotalus witch also have the rtl8187 chipset , i copy the values from crotalus card to a map file , and then i write those values on my alfa 036h card .
    Now it is working again .
    Thanks for the software to re-program the eeprom .
     
  12. Axis0fEvil

    Axis0fEvil Active Member

    Joined:
    29 Dec 2014
    Messages:
    16
    Likes Received:
    2
    Hey guyz I bricked my 036h when it was writing to the EEPROM ... the usb cable detached by mistake ... now when I connect the ALFA to VMWARE (XP) or even the main OS windows 7 ... the CPU cycles to 100% ... the VMWARE becomes so slow ... and the mass production driver doesn't recognize the card ... do I kill myself ?! or there's hope ? @kevsamiga
    --- Double Post Merged, 13 Apr 2017, Original Post Date: 13 Apr 2017 ---
    If and only if the wretched software doesn't need to verify the existence of an rtl8187 chip !! ... "rtl8187 not found" " cannot load driver" "exit"
    I could really need your help .. the last thing I remember setting values to 15 or FF .... I already tried the old and the new 1.42 versions of the mass production software .. the card blinks 2 times and that's it ... CPU turning like a washing machine until I restart the laptop
    --- Double Post Merged, 13 Apr 2017 ---
    Please help me ... I know there are new cards but it is a pain in the ass to order one from the internet and wait for it to come.
     
  13. D3ADL1F3

    D3ADL1F3 New Member

    Joined:
    13 Dec 2022
    Messages:
    1
    Likes Received:
    0
    Hello,

    Is there anyway we can get a reupload of this?

    Thank you!
    --- Double Post Merged, 20 Dec 2022, Original Post Date: 13 Dec 2022 ---
    Hey, same boat here.

    I bricked mine. Hoping to get it back to life with a new .map file. Ill let you know if i have any luck.
     

Share This Page

Loading...