How to extract, modify and install a Dell 5530 HSPA (and variant) Mini PCI-Express WWAN card on a non-Dell approved system (on a Lenovo S10, per-se)


Update March 25, 2010

The white-list problem has been taken care off, you can read it HERE.


Preface

Before I dig into the juicy part of the story, I should tell you the reason why I decided to write this.

It all started when I acquired a brand new Lenovo S10 Netbook, model 4333-36U. Being an IT guy I decided to pimp it out a little bit by giving it additional RAM, swap out the crappy 802.11g/b only card with an Intel WiFi-Link 5300 802.11a/b/g/n and, take the advantage of the 2nd mini PCI-Express slot with WWAN antenna connections all primed up and ready to go.

After some research, I found the Lenovo S10's 2nd Mini PCI-Express slot is designed to take a F3507g WWAN card made by Sony Ericsson. As for the card itself, it's quite pimped out if you ask me. HSPA support to 7.2mbps downstream (after a firmware update and so far, ONLY the Dell card), standalone GPS (not the cell-tower assisted) built in, and all the bells and whistles. I also discovered that not only S.E. has the card under it's own name, it was also re-branded for Lenovo, Dell, HP and Toshiba. Why would they do that? If you shop parts (FRU) directly from the manufacturer of your lap/net book, then you will come to know just how expensive they can be. Talk about a jacked up profit!

I was able to found a seller offering the Dell-variant for $50 shipped, used but in working condition of course, versus the cheapest Lenovo-variant I found for $130. Without much of a thought I purchased it and was hoping it'll be here soon.

So, Monday came and the UPS guy showed up. I tear the package up like a kid (talk about excessive packaging) on Christmas Day morning, plugged it into the S10, connected the antenna and slipped in the SIM card, turn it on and this is what I got:

"UNAUTHORIZED WWAN CARD." S.O.B.! Lenovo WAS IBM, and IBM is notoriously known for putting a "white list" of devices the system may take into their BIOS, forcing you to use high priced, IBM-approved devices.

Well, what next? If it won't let me boot, maybe I can still plug it in after it loads the OS, right? After all the 2nd mini PCI-Express slot on the S10 is designed to take USB-bus based devices only.

*** WARNING: STATIC ELECTRICITY CAN AND WILL KILL YOUR PRECIOUS COMPUTER, SO MAKE SURE YOU ARE PROPERLY GROUNDED BEFORE YOU ATTEMPT TO DO THE FOLLOWING ***

After the Windows was loaded, I decided to plug the card in and see what might happen.

Windows (or should I say, Lenovo) was nice enough to detect the card and prompted me for drivers. Now that wasn't too bad is it?

Wishful thinking actually, because I just opened up a whole new can of worms.

After Bing-ing (Google-ling is getting old) for the drivers of the 5530, seems like Dell is the ONLY vendor (at the time of the writing) provided an Official Windows 7 driver for it.

(And how did I got Windows 7 to work on the machine that was designed for XP? I am not going to give you the whole picture but if you know what you are doing, "SLIC 2.1 injection".)

As we know earlier, all these variants are identical hardware, only difference is the branding and how the cards identify themselves. Even the INF files from multiple drivers I came across on the Internet confirms it:

%Ericsson.Dg_DeviceDesc_WWAN% = ericssondg.ndi, USB\VID_0BDB&PID_1902&Mi_07 ; Generic DG
%Dell.Dg_DeviceDesc_WWAN% = ericssondg.ndi, USB\VID_413C&PID_8147&Mi_07 ; Dell DG
%Lenovo.Dg_DeviceDesc_WWAN% = ericssondg.ndi, USB\VID_0BDB&PID_1900&Mi_07 ; Lenovo DG
%Toshiba.Dg_DeviceDesc_WWAN% = ericssondg.ndi, USB\VID_0930&PID_130B&Mi_07 ; Toshiba DG


The Drivers

Well then, I guess it's just matter of installing the driver now. After I extract the driver downloaded from Dell, an error poped out:

Umm, what do you mean? Authentication failed? I need the approval letter from some agency to install the card now?

Remember earlier I said, although all these cards were made by Sony Ericsson, but they were also re-branded to different manufacturer? After some careful research, Dell's website confirmed my suspicion: PLATFORM LOCKDOWN. Otherwise how would they be making a profit? You think they'll be that dumb to let someone with knowledge to simply swap a different branded card even though they are identical in terms of hardware layout to avoid paying a premium of "approved devices"?

Of course they are not dumb, but I wasn't an idiot neither. I am dedicated to not let this little bump stop my journey to pimp my S10.

First thing I noticed, is that the content of the Dell self-extracting package was a packaged InstallSheild self-extractor. Oh no problem, Universal Extractor can take care that. Free and easy to use, I was able to extract the true content of the InstallSheild packaged installer out. Exposing the installation files:

Typical, InstallSheild, structure.

However by launching the setup.exe that I extracted gave me the same error message as I started, so the InstallSheild self-extracting package is not the suspect in this case. Then what is?

I launched the utility called "Process Monitor", made by SysInternals, which can be obtained for free from Microsoft TechNet, I was able to monitor the file operations of the setup.exe.

After sorting through a long list of activities, I noticed the installation executable actually created two GUID folders onto the local user temporary folder highlighted here (in Vista/7 it's C:\Users\(user name)\AppData\Local\Temp\, make sure you enable show invisible folders in the Folder Options in Control Panel.):

NOTE: In order to gain access to the temporary folders the installer created, the error message must be shown and you must not click on the "OK" button, otherwise these temporary folders will be deleted.

NOTE 2: To skip using the Process Monitor to find out what folders are named by the installer, you can simply browse to your user temporary folder mentioned above and simply sort by date, look for the folders that were just created, you won't miss them.

Upon opening one of them, I noticed that there were another folder full of the goodies, includes installation files for both 32-bit and 64-bit OS:

Aha, now it's more clear to me that these installation files are packed layer-by-layer.

I copied the folder above out to another location so I can further investigate it. Also I have dismissed the error dialog so the temporary folders will be cleaned up to free some space.

Upon execute the setup32.exe, I received the same error again so that tells me the true cause of the problem is somewhere, but where?

I decided to keep the error dialog open so if there are any temporary files being created in the local temporary folder, I will be able to see them. What you know, here they are:

Now keep in mind, I don't want any of you to actually remember all these GUIDs, they are quite useless in terms of locating the files. But if you want to investigate, make sure you keep the error message open and do not click on the "OK" button until you are done copying the files out!

NOTE: For 64-bit package, just run the setup64.exe from above the follow the same procedure and you will be able to extract them.

Same procedure, but more folders to go through, and this, is what I found:

The magical, Windows Installer Package, the SOURCE of the installation files. Time to copy them out to another location.

I thought the platform check was performed before the MSI was executed, but I was wrong, because the Windows Installer gave me an error again, but it looks slightly different:

This time, it has an error code. It may not mean much to you, but that is a dead give away of how the platform check is performed: from a DLL.

Now I don't have the ability to reverse engineer an already complied DLL, nor I can work with assembly code to skip that step, but here's the trick: It's a Windows Installer Package, written with InstallShield script; and Windows Installer uses database table to set the parameter for the installation behavior so...


The Installer

It's ORCA time! No I'm not going to Sea World and get soaked, I'm talking about a free MSI database table editor released under Windows Installer SDK. What does it do? Well let's put it in practical use.

Open the MSI file that you copied out and let's see, as I suspected the platform check was performed from an outside DLL so it should qualify under... right there, "CustomAction". And what do we see? "Authenticate" and the source is... "ISSetup.DLL"

BINGO!

Very typical InstallShield scripting. In additional the LaunchCondition that Windows Installer uses by default to check the hardware requirements, InstallShield supports custom script to be used but it has to be called using external DLL or call since it's NOT a standard Windows Installer function.

So now what we do? Well, right click on that sucker and pick "Drop Row":

That's it. Save it and time to install.

Note: I did notice that under "InstallExecuteSequence" and "InstallUISequence" there are also function call for "Authenticate". Although you may delete these two off the list but I felt it would be safer to simply delete it off the CustomAction list since that is where the installer script look for that function. If it doesn't exist, no matter how many calls are there in the installation script, it will not be called.


Aftermath

Now I can install the darn thing without hitches and approval letter from the authorities. I plugged the card in again and the drivers were correctly installed.

So now how about the connection management? Someone has figured out to connect without any management software. However it just doesn't seems to be working in my case.

Well, someone also suggested to use the latest Sony Ericsson Connection Manager to make the connection since the Windows native method cannot guarantee what type of connection standard it will be able to use (you won't and can't force it to connect via EDGE/GPRS or HSPA/UTMS).

Now the connection manager can properly see and communicate with the card, as you can see here:

... but the problem is, and I believe it's the BIOS' white-list issue, whenever I click on "Enable Radio", it simply tells me that the wireless switch is at "off" position, which I don't have one on the S10.

So how do I know the card is even working? Well because every time when I launch the connection manager, I can see it found the signal, goes from 2nd generation signal to 3rd generation, then it switches right back to "Radio Disabled".

Right now I'm seeking a way to remove the pesky white-list issue in the BIOS, but that's the last step. Otherwise? I'm getting pretty close to making it a true Netbook! The white-list problem has been taken care off, you can read it HERE.


I hope this little tutorial isn't as boring as I thought it would be, but since I cannot find anything in this subject on the web so I thought I might just as well share what I know.

Once I have solved the white-list issue I will give it an update, including the GPS function since I cannot use it when the radio is disabled.