@lupyuen I feel like an idiot rn. I reversed engineered some blobs in the sdk into nearly perfect C for the BL602. Am I missing something?
@AmpBenzScientist haha that's great, what blobs did you reverse engineer?
@lupyuen I got sdk_app_ble_sync.elf mostly to C code. It would likely not take much work on my end to get it to work. I have the source for the android app that is associated with it. I have no code to submit, I don't know how to github, I learned more about RE as I'm using different tools now. It is much different than malware RE and optimizing binaries that have the DRM trash.
@lupyuen I'm an old man at 29. These college students keep talking about using VMs to RE malware. It's like an elevator full of vibrators. It's funny on many different levels.
@AmpBenzScientist Haha I'm an ancient man at 51! 🙂
Isn't the sdk_app_ble_sync source code here?
https://github.com/bouffalolab/bl_iot_sdk/tree/master/customer_app/sdk_app_ble_sync
@lupyuen I inquired about what was left of the RE effort and I was directed to bl602-re-master as the remaining portion.
@AmpBenzScientist Sorry for the confusion, what we need is actually to reverse engineer the blobs for BLE and WiFi.
Here's what we know so far, we haven't actually decompiled and recompiled the RF stack (which might be based on RivieraWaves)...
https://github.com/pine64/bl602-docs/tree/main/hardware_notes#rf-ip
@lupyuen it seems as if most of it has been completed. I guess all that remains is to do some simple analysis and then get the code packaged together. I'll talk to the Nuts about this.
@AmpBenzScientist Well the reverse engineering is not quite complete... Let's understand the objective of this reverse engineering...
(1) Ideally we want all code inside BL602 to be open source. We would like to look at all parts of the code that control BL602, tweak it, replace if necessary.
(2) This means we should be able to replace the WiFi and BLE stack inside BL602 with open source ones.
(3) But the WiFi and BLE parts of BL602 are a Black Box right now. Yes we have the API for calling the WiFi and BLE functions. But we don't know how the API actually calls the WiFi and BLE controller. This is the libbl602_wifi.a WiFi Library that we need to reverse engineer: how the WiFi API is implemented.
(4) Then INSIDE the WiFi Controller we have a WiFi Blob. Likely based on RivieraWaves...
https://github.com/pine64/bl602-docs/tree/main/hardware_notes#rf-ip
(5) This WiFi Blob is another Black Box. The WiFi Blob contains some code running inside the controller that does the RF stuff. Not sure if this code is running on RISC-V.
(ESP32 has it's own WiFi Blob that we can't touch either)
(6) Is RivieraWaves code inside libbl602_wifi.a? Not sure, I don't think anybody has checked.
So to say that "BL602 WiFi and BLE" have been reverse engineered, we need to be sure that we understand all the BL602 WiFi and BLE stuff, and possibly overwrite by our own open source version. Right down to the code that controls the RF controller.
@lupyuen I used to RE malware and firmware for fun. This is like putting on socks for me.
@lupyuen 2 of the a blobs done.
@lupyuen All three a types are down.
@AmpBenzScientist that's great!
@lupyuen All three are C now. Just ask about it and it will be my pleasure to answer.
@AmpBenzScientist will you be uploading the files here?
@AmpBenzScientist I'm in the middle of doing Rust and LoRaWAN on BL602 now so sorry I might not have the time to look at them right now. But I'll share them with the BL602 community
@lupyuen I love the idea of Rust but it's not C. LoraWAN is really cool but not really free as in freedom.
@lupyuen Legally I don't know if I can do that. I have the source code rn. Just query my database for information pertaining to GPIO (for example) and I will share what I have found about it.
@AmpBenzScientist yep yep thanks!
@lupyuen BTW the compiled binaries used SiFive GCC 8.5.0 with arch=rv32imfc on a Linux box. The code will take time to analyze as it is now over 25MiB of pure C code.
@lupyuen I really don't have much of a life outside of Research. I can just drown in a ocean of code. No TV, no video games or anything else distracting.
@AmpBenzScientist no worries take your time :-)