On Sun, 2007-12-02 at 15:55 +0100, Francesco Gringoli wrote: > Hi Johannes, > > I read the interesting note you wrote on September about r4 ucode > reverse engineering. Have you new results since then?
http://bcm-v4.sipsolutions.net/802.11/Microcode has a link to the old format too. I'm not particularly interested in the r4 format. > Did you > understand what kind of core is bcm4318 based on? From broadcom > website it should be a MIPS32 core (check http://www.broadcom.com/ > products/Wireless-LAN/802.11-Wireless-LAN-Solutions they say that > "The AirForce family of network processors features MIPS32 > processor...(cut)"). It's interesting that you found out a 6 bit > prefix, like in MIPS! Nope, I don't think it's MIPS. I think "AirForce network processor" refers to the whole integrated thing that can be used as a full-mac chipset or a whole access point etc. > Before reading your post I came to these conclusions > > - all odd words begins with zero (or a couple of them, this depends > on the firmware version). This led me to think to 8 byte wide > instructions. Unfortunately both mips32 and mips64 use 32bit wide > instructions. No mips? > - odd words are control codes to check even words correctness during > firmware upload: unfortunately there are a lot of even words repeated > throughout the code with different paired odd words. Did you try to > change randomly some values and see what happens? > - disassembling the code after having cut out odd words leads to MIPS > assembly without ret instructions. There is no code too to handle IRQ. You want to read the above link and what is linked from it. > I also tried to change endianness but didn't find anything more > interesting. > > By the way, do you think that a complete reverse engineering could > give us a platform to test new MAC methodologies? E.g. do you think > it would be possible to change timings or medium control? Yes. johannes
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Bcm43xx-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
