Thanksgiving week looks like it might be dedicated to continuing the project from the last hack night. Ken’s SWN Node south of me on 26th looks like the closest node to my place. Alas, there’s trees and such in between, but we’ve been playing a little bit with some old 900mhz tech, The Arlan (of doom). The product line that lead up to the Cisco Aironet’s that still kick around today was a popular platform for barcode scanners and such inventory tracking devices.
Some ol’ chap named xam ended up with a bunch of the 900mhz models and hacked around with the firmware for a bit. His pages aren’t around anymore but you can hit them up via the archive. Ken and Matt picked up a pile of these and since the last hack night we own all of them in the world (We’ll sell them back to you at $250ea btw). Anyways, we bricked a 630-900 following xam’s instructions for downgrading (most of ours started at 4.2c although they had ‘shipped firmware 2.39 stickers’). Not trusting the downloaded firmware from the archive, a few connections were hit up and we found a couple other places from filename searches. We have since reamassed a collection of arlan firmware on the swn website.
After bricking a second (the downgraded firmware installs, but then reboots, prints “Decompressing the code”, and reboots again (GOTO 10)) we tried upgrading and successfully brought it up to the latest firmware. We weren’t really sure about all of the menu settings so we tried getting a fourth working and managed to swap some parts around from the bricked radios. The product is three boards: the motherboard, a radio board and an network interface board. There are Ethernet and Token ring network interfaces which appear to be swappable. Some of the radio boards are swappable, but there are two different connectors. The odd part is that the motherboards all seem to have traces for both connections. Some of the older 900mhz radios were large and used the larger connector but we had other 900mhz radios that had the smaller radio. We successfully swapped the 900mhz off a bricked arlan into a 630-2400 (2.4ghz) model that we had that was having complaints about it’s radio anyways. (this was the one model we had working at the time).
Another model had a write password (it all seems snmp based) and last I knew we had some brute force scripts running against it.
Power supplies are scarce but we have plans to build a few now that we know the pinouts and power levels. Hopefully next hacknight we can make a bridge and start plans to actually deploy these through some trees.