<a href="http://h18007.www1.hp.com/support/files/HandheldiPAQ/us/locate/105_5644.html">http://h18007.www1.hp.com/support/files/HandheldiPAQ/us/locate/105_5644.html</a><br /><br />HP has released some updates to their WiFi enabled 5400 and 5500 devices running the Windows Mobile 2003 OS.<br /><br />• HP iPAQ Pocket PC h5400/h5500 Series WLAN Driver Update<br />• HP iPAQ Pocket PC h5500 Series Wireless LAN Driver Update with WPA Support <br /><br />Both updates are RAM patches. Please read the requirements to make sure you have the correct ROM revision on your device.

To avoid any possible mishaps read everything and backup before you install the updates. You must also have ROM v1.10.10 (h5500) already installed. Then install the updates in this order:
1. SP27632 (Softpaq v3.2.4.133)
2. SP27595 (Softpaq v4.3.5.414)
3. SP27605 (Softpaq v1.10.5.164)
Soft-Reset after each one.

Do not install SP27658 (Softpaq v.0.103.5.41) unless you want to revert back to the original factory-installed wireless LAN firmware (v100.5.39).

this was a very uneventful update, can you see the difference, I can't see the difference, can you see the difference other than the memory loss. I will have to play around to see if the update did in fact fix things.

To avoid any possible mishaps read everything and backup before you install the updates. You must also have ROM v1.10.10 (h5500) already installed. Then install the updates in this order:
1. SP27632 (Softpaq v3.2.4.133)
2. SP27595 (Softpaq v4.3.5.414)
3. SP27605 (Softpaq v1.10.5.164)
Soft-Reset after each one.

Do not install SP27658 (Softpaq v.0.103.5.41) unless you want to revert back to the original factory-installed wireless LAN firmware (v100.5.39).
Could HP have made this any more confusing? :roll: As discussed in the "New WiFi Firmware/Drivers for 5550 available" thread (http://www.pocketpcthoughts.com/forums/viewtopic.php?t=28318), these updates seem more painful than necessary.

Steve

I was hoping that these new drivers would help me finally connect to my Belkin Wireless AP. With the previous drivers, whenever I tried to connect, the AP name would flash instantly on and off the screen, and it would never connect.
With the new drivers, it finds the AP, it stays on screen i.e. visible so that I can enter the wep key, but even though it says its connected, I cant ping the device or get to the internet. The AP is 54g but is backwards compatible, I have no problems using it with an older Dell notebook for example.
When I went into the network settings on the ipaq, and was checking the security options a message popped up on screen saying that a personal certificate is required for authorisation, but I have no idea how to pass or create this certificate.
Do any of you have one of these switches and have you managed to successfully connect your ipaq with it?

Andrew

This is a GOOD thing. Now I can (and have....it's that easy..did it all in about 5 minutes) moved from WEP to WPA. WPA defintiely hase some nice features. The 5555 supports both the Radius and the WPA-PSK options. This is SOOOO much better then WEP. Entering in big long WEP keys was a PAIN. I have to do more research, but I think that WPA is supposed to be more secure. Now, HP, WHERE'S THE WM 2003 SE ROM IMAGE! :bad-words:

I don't think you need both of those first 2 softpaqs, but I did as you had suggested and it worked. One thign I did notice is that the first two wanted to overwrite the same files so odds are you don't need both, but you can probably be OK by installing both AND the firmware update Which does everything in place like a good firmware update should meaning no Hard Reset!

I was hoping that these new drivers would help me finally connect to my Belkin Wireless AP. With the previous drivers, whenever I tried to connect, the AP name would flash instantly on and off the screen, and it would never connect.
With the new drivers, it finds the AP, it stays on screen i.e. visible so that I can enter the wep key, but even though it says its connected, I cant ping the device or get to the internet. The AP is 54g but is backwards compatible, I have no problems using it with an older Dell notebook for example.
When I went into the network settings on the ipaq, and was checking the security options a message popped up on screen saying that a personal certificate is required for authorisation, but I have no idea how to pass or create this certificate.
Do any of you have one of these switches and have you managed to successfully connect your ipaq with it?

Andrew

You broasdcast yoru BSSID??? Bad thing. You don't specifically mention it, but from what you say is happening it looks like thats what you are doing. Turn off the broadcastung of the BSSID, then configure it. The 5555 will connect to it even if it never shows up in a bubble. To configure, click on the connection icon after turning it on, then click settings and go to the advanced tab. Clicking on network card will bring up your list of AP's that it sees. Don't worry if you can't see it...thats OK! Thats what we want! Tap Add New and add your AP's name and then tap on Network Key and enter in the appropriate info depending on if you need WEP or WPA. Enter in the key. Click out of the screen and it should connect.

Why do you not want to broadcast your BSSID?? First, it's harder to hack your AP if they can't see it. They may be able to tell you have an AP, but they will have to work much harder to find out the name and then they also have to guess your WEP key or WPA Key or scan enough packets to pick the WEP key up. It's not the total security panacea, but it adds another layer.

Also, regarding the BSSID, change it from the default. you don't know how many people I have seen who broadcast their ID's have the default linksys or 2wire as their AP name. Defaults are bad things on AP's!

Now, HP, WHERE'S THE WM 2003 SE ROM IMAGE! :bad-words:

&lt;sarcastic>Where's the ROM? I think HP is just waiting for all of us to put our wallets back in our pockets &amp; give up on them before they release the WM2003SE ROM (I need the 4150/55 ROM).&lt;/sarcastic>

From a marketing perspective, if I were HP, I'd wait until my new line of iPaqs (with WM2003SE on them) were in the channel and on the shelves for a few months before I released a "non-necessary update" to end users (thus hoping some consumers would purchase the new units, partially to get the new OS).

You broasdcast yoru (sip) BSSID??? Bad thing. You don't specifically mention it, but from what you say is happening it looks liek thats what you are doing. Turn off the broadcastung of the BSSID, then configure it. The 5555 will connect to it even if it never shows up in a bubble. To configure, click on the connectin icon after turning it on, then click settings and go to the advanced tab. Clicking on network card will bring up your list of AP's that it sees. Don;t worry if you can't see it...thats OK! Thats what we want! Tap Add New and add your AP's name and then tap on Network Key and enter in the appropriate info depending on if you need WEP or WPA. Enter in the key. Click out of the screen and it should connect.

I have been broadcasting my BSSID from my Linksys WRT54G ever since I got my 4155, I couldn't "see" it to be able to connect to it otherwise.

Thank you for showing me how to do it "the right way!" :D

I have to do more research, but I think that WPA is supposed to be more secure.

WPA is definitely much more secure than WEP. For one thing, it uses a rotating encryption scheme (in fact, it uses a different key for each 802.11 frame), whereas WEP uses only a static key. WPA also adds integrity checks to ensure that the frames haven't been tampered with along the way, something WEP lacks. There are a ton of other features, and while WPA isn't perfect, it is designed to eliminate all of the flaws in WEP.

However, be warned. Since most of you don't have the RADIUS server required for true WPA (which uses 802.1x), you'll use the "Pre-Shared Key" variety (WPA-PSK). This type of WPA has been found to be easily cracked ***IF*** you use a passphrase that is susceptible to dictionary attacks. In other words, make sure your passphrase is at least 20 or so characters long (spaces don't count) and have a good mixture of upper/lower case letters, numbers, and non-alphanumeric characters.

By the way, on my home network, I DO happen to have a RADIUS server setup for 802.1x authentication, and I can tell you that with these new patches, my network is now WEP free. My iPAQ was my only non-WPA-capable device, which brings up another good point. For you to get rid of WEP completely, your Access Point, your wireless (client) hardware (e.g. PCMCIA cards for laptops), and your operating system (or at least the software handling your wireless connection) must ALL support WPA. If they don't, they'll fall back to WEP encryption. If your don't have WEP active, then those clients won't connect. Windows XP (even with SP1) doesn't support WPA, but there is an update available through Windows Update (it's not one of the critical ones, so you need to select it to install it).

At any rate, I use true WPA with 802.1x, and my iPAQ accesses the network (and more importantly, the internet) just fine. It was a pain in the butt to register my locally-generated certificate on my iPAQ, since I don't have a cradle available at home, and the root certificate must be installed and registered BEFORE you can access the WLAN, but once I exported my root certificate, and (via the SD card) installed it on the iPAQ, things fell in place.

For those of you with RADIUS servers, keep in mind, that the iPAQ does not generate (or use) a computer object in Active Directory, so you'll need to limit the USER OBJECTS that can authenticate if you want to prevent alien iPAQs from accessing your network. Of course, these unauthorized iPAQs would still have had to get your root certificate somehow, so there's not much to worry about here. Just something to keep in mind.

You must also have ROM v1.10.10 (h5500) already installed. Then install the updates in this order:
1. SP27632 (Softpaq v3.2.4.133)
2. SP27595 (Softpaq v4.3.5.414)
3. SP27605 (Softpaq v1.10.5.164)


I just noticed this, and thought I should point out. SP27595 incorporates all of the changes in SP27632, so there's no need to install that first SP. Just make sure you have ROM v1.10.10 (SP27674), then install numbers 2 and 3 in the list above (in that order), and you'll be fine.

I have just installed the latest 1.10 ROM and the WLAN driver and firmware updates (in that order) both with WPA support on my Ipaq 5555.

All was working great at first - noticably faster and got the WPA security working within 15 minutes.

However, I then synced the Ipaq with my PC and ever since it has been running incredibly slowly - syncing takes over 10 minutes to 'look for changes' and running the Ipaq takes ages to load apps and open windows, close apps using the ITask bar etc. - no other apps have been installed - just the WLAN driver and firmware updates.

I've tried normal resests but nothing appears to make any difference to the speed of the Ipaq.

What's going wrong? What can I do to fix it?

Thanks,

James

Why do you not want to broadcast your BSSID?? First, it's harder to hack your AP if they can't see it. They may be able to tell you have an AP, but they will have to work much harder to find out the name and then they also have to guess your WEP key or WPA Key or scan enough packets to pick the WEP key up. It's not the total security panacea, but it adds another layer.

Sorry but that's incorrect, anyone with kismet can see your "disabled" ssid so that a very moot point. It doesn't add any layer of security and it actually makes things like windows zero configuration act nuts.

So far this update is great although I wish they would have added aes encryption as I'm using this on my other ap but for my ppc cell It's good. Now I'm happy cause wep is out of my network and I let radius do it's thing.

So far this update is great although I wish they would have added aes encryption as I'm using this on my other ap but for my ppc cell It's good. Now I'm happy cause wep is out of my network and I let radius do it's thing.
Technically, the WPA interim standard only supports TKIP (Temporal Key Integrity Protocol). AES (Advanced Encryption System) won't be added until WPA2, otherwise known as 802.11i. Because of this, few devices support AES with WPA. Even those that do may end up having to change some things once the 802.11i standard is ratified, so most companies are going to wait before supporting AES. Remember, just like the rest of WPA, every device involved must support AES, or it won't work. Thus, your access point, your WIFI card, and the operating system (not to mention your RADIUS server) must all support it. Right now, that's not realistic for the SOHO user, so few PDA manufacturers will even bother with it right now.

The good news is that most devices that support WPA will support WPA2 with a firmware upgrade (there aren't supposed to be THAT many differences between the two, other than the addition of AES), so AES will come, eventually. Of course, there will doubtless be devices for which the manufacturer won't release a firmware update, but that's the price of being on the bleeding edge, I suppose.

Still, I'd rather have the additional security that WPA provides NOW, than wait 6-12 months for 802.11i.

...anyone with kismet can see your "disabled" ssid so that a very moot point. It doesn't add any layer of security...
The thing to realize, however, is that few people have even HEARD of kismet, much less know how to use it, so turning off SSID broadcast DOES increase security, albeit only against the "casual" hacker. It is a very slight security increase, but it is still a good idea. Unless, of course, it causes other issues. Anyone who has had ANY wireless security training will tell you that the first step is turning off SSID broadcasts. Think of it this way. Locking your front door won't stop a determined thief from breaking into your house, but it's still a good first step.

I just installed the updates on both my wife's 5455 and my 5555. I was a little nervous, because for both machines, the update didn't seem to take after the soft-reset until I fired up wifi. Only then would driver and firmware numbers change. I was also nervous right after the WPA update on the 5555 because it wouldn't connect. So I did the WPA firmware update, works fine now.

I don't use WPA but did everything on the 5555 to keep current. I will say that the first WLAN update seems to have improved connect speed on both machines. I used to get 2-3 orange LED flashes before the green connect one. Now, it's one orange, then green for connected. Wifi does *seem* a little faster, too, but I haven't done anything to test that.

Technically, the WPA interim standard only supports TKIP (Temporal Key Integrity Protocol). AES (Advanced Encryption System) won't be added until WPA2, otherwise known as 802.11i. Because of this, few devices support AES with WPA.

Yeah guess the aes on the ppc would be somewhat intense, I do use aes on my laptop and have one of my 4 ap's setup for aes. The other three are for my ppc's but at least I can use wpa now instead of wep.


The good news is that most devices that support WPA will support WPA2

That's really good to know, hopefully this means that I won't have to go out and buy new equipment when WPA2 rolls out.


Anyone who has had ANY wireless security training will tell you that the first step is turning off SSID broadcasts.

The security training I've had suggests otherwise, securtiy though obscurity doesn't cut it with me. A transmitted signal is just that, it doesn't take much to tell you one is there and disabling the ssid won't do much for you in terms of security. It may help against the person who installs netstumbler on their laptop or pda and goes out sniffing, but there are many other programs and devices that don't care about ssid and will show what's there. I have an anritsu spectrum analyzer that will show me anything that's transmitting and I can use it to direction find as well as view both the upstream and downstream signals. The tools are out there and people are using them. Don't be fooled into thinking that the number is small.

The security training I've had suggests otherwise, securtiy though obscurity doesn't cut it with me. A transmitted signal is just that, it doesn't take much to tell you one is there and disabling the ssid won't do much for you in terms of security.
It depends on what you mean by security. If you've got critically sensitive data for which you believe there will be active malicious entities sniffing, then yes, disabling SSID broadcast is not particularly useful. However, I can say with some confidence that in NYC people are floating around with NetStumbler and Pocket PC variants thereof, and turning off SSID broadcasts is an excellent step. (Considering the number of other APs around at any given point, that one step will make your network somewhat invisible due to the sheer amount of APs on any given channel.)

--janak

The security training I've had suggests otherwise, securtiy though obscurity doesn't cut it with me. A transmitted signal is just that, it doesn't take much to tell you one is there and disabling the ssid won't do much for you in terms of security.
It depends on what you mean by security. If you've got critically sensitive data for which you believe there will be active malicious entities sniffing, then yes, disabling SSID broadcast is not particularly useful. However, I can say with some confidence that in NYC people are floating around with NetStumbler and Pocket PC variants thereof, and turning off SSID broadcasts is an excellent step. (Considering the number of other APs around at any given point, that one step will make your network somewhat invisible due to the sheer amount of APs on any given channel.)
Exactly. It's like automobiles -- a locked door won't discourage a determined car thief, but it will discourage Joe Joyrider.

And somehow, I suspect that not every wardriver has an Anritsu spectrum analyzer. :-) (Especially if they cost $24,000 (http://www.testequity.com/products/831/) used!)

Steve

And somehow, I suspect that not every wardriver has an Anritsu spectrum analyzer. :-) (Especially if they cost $24,000 (http://www.testequity.com/products/831/) used!)

Steve

LOL if they did I'd need to hook up with them because I'm in the wrong business :wink:. I'm more concerned with the overall picture but I guess for the average consumer it's good(hmm does this mean i'm abnormal :?: )

I'm more concerned with the overall picture but I guess for the average consumer it's good(hmm does this mean i'm abnormal :?: )
Compared to the "average consumer", I suspect we're all abnormal; the average consumer probably doesn't use a PDA. However, you may be further out on the bell curve. :lol:

Steve

Hi, sorry it took me so long to respond to this, but Ive been a bit tied up at work.
Just to correct my earlier post, as it seems I wasnt very clear, I DO NOT broadcast my SSID. Thats the very first thing that I disable with any access point I have, so Im not worried that I cant 'see' the AP from within windows wireless config etc.
My problem with my Ipaq is that after updating the drivers to WPA, and creating a new connection for my AP on the Ipaq (I have a 5450 btw),
I can connect to the AP, but only for a second, then the Ipaq immediately disconnects, then reconnects, then disconnects, etc, etc. Are there any other files that I need to install on the ipaq besides the WPA driver to make this work?
Incidently at home I have 3 Dell laptops, one with a Truemobile 1150 PC card, one with a truemobile internal Mini-PCI card, and one with a Belkin 54g card. All three of them have Win XP installed, all updates, latest version of drivers for their wireless cards and the MS winxp WPA 'patch'. With all three laptops, I can connect, but after 10 minutes, they also lose their connection, and I have to disable and renable the wireless connection for it to work again. Its then ok for around 2 hours before I have to repeat the process. This seems to be a problem with the IP addresses and the lease from DHCP or so I though, but assigning a manual IP doesnt resolve it either. (Btw I have the Belkin wireless router/access point combo, with the latest firmware).
Do any of you have any ideas how I can get the ipaq connected and make it stay connected please?

Thanks in advance.

Andrew

Andrew - I have a smilar problem with my Ipaq 5555 which disconnects from my Netgear DG834G router after a few days - every time I have to enable SSID broadcasting and then turn it back off again for it to work (I do not broadcast my SSID usually).
Maybe the Ipaq needs to have SSID broadcasting left on to function correctly (?)

I have heard that speakers or a digital cordless phone near to your router can interfere with it (?) - maybe try moving them away if you have them.

Regards to the WPA, I cannot connect my Ipaq atall - even with all the latest drivers and firmwares - like you I have tried assigning a manual IP but it still doesnt work.

James

Thanks for the suggestion James, but my AP isnt anywhere near to anything that could disrupt the signal. After doing some searches on the web, Ive found Im not the only one who is having problems with laptops, WPA and disconnections, it seems that most people who switched on WPA are experiencing it.

Back on topic though, is there someone out there who has managed to connect an ipaq 5450 to an AP using WPA? If I switch off the security, then the Ipaq connects fine, so it seems it is directly related to WPA.

Thanks in advance for any help.

Andrew

You guys just turned on the light for me. I have a 5455 that used to work via WLAN just fine. Then at some point I noticed it didn't work, but since I was moving and really not focused, I didn't realize it was something to do with the BIOS version.

I downloaded SP 27632 and 27658, which I think are the two I need. I don't really know how to check what versions I have now - when I power on, I see 1.10.00 on the main screen. I unzipped the files, but when I run the executable, it starts but then just goes away before getting to a main screen of any type.

Here is where I'm stuck:

1. Can anyone verify the SP's that I should be using?
2. I am now on Vista. I don't know a thing about using the cradle with Vista (just found the cradle out of storage today). Can anyone advise on that usage?
3. Is this supposed to be this hard?

Sorry for asking so much. I thought I knew more about computers but I'm not finding this intuitive at all.

Tom