Upgrading encryption on original Apple Airport base stations

Historical note

This page refers to the first generation of Apple Airport base stations. The current version supports 128-bit encryption out of the box. It can be easily identified by its dual ethernet ports and the “snow”-colored Apple logo, as compared to the “graphite” of the original. The new version is totally different internally.

When the Airport base station was released, its price of $299 was a breakthrough low. Since then prices have fallen dramatically and 128-bit WEP is now a minimum standard. It no longer makes any real sense to modify a first-generation Airport base station. This page remains online out of historical interest.

Be aware that although 128-bit encryption is somewhat better than the default, 802.11 wireless networks are easy to eavesdrop upon because of design problems in how the encryption was implemented. Additionally, there is an incurable key management problem, since all the client cards must have the same key. But you weren’t trusting the network-layer encryption alone to protect your data, were you?

How to

Apple’s original Airport base station, released in July 1999, sold for US$299 and included a v.90 modem, 10BaseT, and an optional NAT and DHCP server. At the time, most wireless use was corporate and base stations were priced accordingly, generally around $800. The Airport base station was standards-based and used off-the-shelf components repackaged into a very appealingly designed case, sold in volume cheaply enough to be used in a home network. With Apple’s marketing prowess and antennas built into the laptop chassis, they helped push another useful technology into the mass market. In short, good work.

I wanted a wireless base station at home, similar to the Lucent base stations at my office. So when the Airport became available and I heard that it had a Lucent WaveLAN PCMCIA card and a 486 running Karlbridge inside, I had to experiment.

The major deficiency of the Airport was that it only supported inferior-grade encryption, even though better cards were available from Lucent. I considered this inappropriate and unacceptable. I hypothesized that the card could be swapped; but only a MacOS configurator was provided for the base station, and it only knew how to set short keys. Fortunately, the Karlbridge configurator was able to talk to the base station and set it up correctly.

Links

• Apple’s page about the Airport
• Constantin von Wentzel’s Airport page has extensive information about the internals of the various Airport models.
• Current version of the WaveLAN card; it was renamed from “Lucent WaveLAN Turbo Gold” to “Lucent ORINOCO Gold”, and what is now available is the “Agere Short Antenna Type II Extended PCMCIA IEEE 802.11b Wireless LAN Card”. It is now also sold by Proxim, who also sell other incompatible cards under the Orinoco name.
• Apparently the Agere (formerly HP) RG-1000 is the same as the original Airport and can be upgraded in the same way.
• Freebase, an open-source Windows configurator in Visual Basic
• Jon Sevy’s Java configurator
• Bill Fenner’s unfinished Perl configurator
• Reportedly the silver and gold cards are identical and a silver card can be transmuted to a gold card by flashing it with the gold firmware. Here are instructions for doing this using Windows.

Alternative approaches

After this page was linked to from Slashdot, I received an amazing number of emails asking whether it was possible to run Linux on the Airport base station. I did not see this as a useful goal, since the value of the device to me was as an inexpensive, well-constructed, simple bridge. However, I am now frightened to report that, in fact, you apparently can run Linux on the graphite Airport. Decide for yourself whether this is useful.

Thanks

• Rob Seastrom for turning me on to the Airport
• Blake Willis for finding the Karlbridge configurator
• Leo Bicknell for lending me a pair of gold cards
• Troy Corbin for pointing me to Bill Fenner’s configurator
• and to many others

Contact

Michael Shields <shields@msrl.com>