Many thanks to this hilarious (but truthful) comment on #BL602 😂
LMAC is the Lower MAC Firmware that runs on the #BL602 Radio Hardware
https://www.ceva-dsp.com/product/rivierawaves-wi-fi-platforms/
#BL602 #WiFi Manager talks to LMAC Firmware via Message Queue ... Let's find out how it works
https://www.ceva-dsp.com/product/rivierawaves-wi-fi-platforms/
But 0x4400 0000 is NOT documented in #BL602 Reference Manual! 😲 Now we know a secret ... BL602 talks to LMAC Firmware at Address 0x4400 0000 🤫
https://github.com/bouffalolab/bl_docs/blob/main/BL602_RM/en/BL602_BL604_RM_1.2_en.pdf
"wifi_main" lives in the mysterious #BL602 #WiFi Library "libwifi" ... Let's study the decompiled C code (thanks to BraveHeartFLOSSDev and Ghidra)
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L32959-L33006
@lupyuen That's so much cleaner than the first version uploaded. It was also using a custom ported Processor that is also in the repository but not yet available in Ghidra. I'm just glad that you are finding it useful. Libwifi should contain 112 object files but 6 were excluded because of errors, I'll get them up when I can get them decompiled.
@AmpBenzScientist
Btw Benzinski some guys around llvm and clang wanna invest some effort into making their disassembler perfect. One of its targets is riscv.
@PawelK @lupyuen After reading deep into SLED and SLEIGH so I could port a processor, I see why Ghidra is so effective. Given the troublesome nature of RISC-V disassembly, I would recommend SLEIGH because of the flexibility of it. Even with Ghidra, I spent 3 months working on this. It took about a week to get the first results and I've been doing work on Ghidra since then.
I might have to pass as I want to get involved more with Ghidra and Rizin development.
@PawelK @lupyuen I've had to defend Ghidra in the past and my work with it. It was developed by NSA Research for use by NSA Agents. It's not simple to use and I've not explored all of it fully. It's amazing and I want to port more processors to it. I actually have a theory that I want to try to test but it's hard to explain.
My theory is llvm backend could be switched into ghidra and You wouldnt need to feel the difference other than faster speed lower load amd disassembly times and lower mem use. I liked using it though. Mere tiny screech was different flow when jumping through code than in ida due to switch imho.
@AmpBenzScientist
Yea feels quite robust. Btw reminds me there was source code of binary that runs on three architectures. Contains smart ways to jump over other archs code and runs with same result on all three or so.
@AmpBenzScientist
Oh my, i just learned sleigh was introed partly or contributed to by one and only cristina cifuentes.
Oh my. I still have her dissertation somewhere. I was intoxicating myself in early childhood with reading it.
@AmpBenzScientist
Mkay. I wished ghidra and llvm got more synchronized. Llvms speed and low mem reqs kick ass. But we could try to use archspecs (isnt it whats sleight used for?) in sleigh and friends into llvm.
@lupyuen