@lupyuen I feel like an idiot rn. I reversed engineered some blobs in the sdk into nearly perfect C for the BL602. Am I missing something?
@AmpBenzScientist haha that's great, what blobs did you reverse engineer?
@lupyuen I got sdk_app_ble_sync.elf mostly to C code. It would likely not take much work on my end to get it to work. I have the source for the android app that is associated with it. I have no code to submit, I don't know how to github, I learned more about RE as I'm using different tools now. It is much different than malware RE and optimizing binaries that have the DRM trash.
@lupyuen I'm an old man at 29. These college students keep talking about using VMs to RE malware. It's like an elevator full of vibrators. It's funny on many different levels.
@AmpBenzScientist Haha I'm an ancient man at 51! 🙂
Isn't the sdk_app_ble_sync source code here?
https://github.com/bouffalolab/bl_iot_sdk/tree/master/customer_app/sdk_app_ble_sync
@lupyuen I inquired about what was left of the RE effort and I was directed to bl602-re-master as the remaining portion.
@AmpBenzScientist Sorry for the confusion, what we need is actually to reverse engineer the blobs for BLE and WiFi.
Here's what we know so far, we haven't actually decompiled and recompiled the RF stack (which might be based on RivieraWaves)...
https://github.com/pine64/bl602-docs/tree/main/hardware_notes#rf-ip
@lupyuen it seems as if most of it has been completed. I guess all that remains is to do some simple analysis and then get the code packaged together. I'll talk to the Nuts about this.
@AmpBenzScientist Well the reverse engineering is not quite complete... Let's understand the objective of this reverse engineering...
(1) Ideally we want all code inside BL602 to be open source. We would like to look at all parts of the code that control BL602, tweak it, replace if necessary.
(2) This means we should be able to replace the WiFi and BLE stack inside BL602 with open source ones.
(3) But the WiFi and BLE parts of BL602 are a Black Box right now. Yes we have the API for calling the WiFi and BLE functions. But we don't know how the API actually calls the WiFi and BLE controller. This is the libbl602_wifi.a WiFi Library that we need to reverse engineer: how the WiFi API is implemented.
(4) Then INSIDE the WiFi Controller we have a WiFi Blob. Likely based on RivieraWaves...
https://github.com/pine64/bl602-docs/tree/main/hardware_notes#rf-ip
(5) This WiFi Blob is another Black Box. The WiFi Blob contains some code running inside the controller that does the RF stuff. Not sure if this code is running on RISC-V.
(ESP32 has it's own WiFi Blob that we can't touch either)
(6) Is RivieraWaves code inside libbl602_wifi.a? Not sure, I don't think anybody has checked.
So to say that "BL602 WiFi and BLE" have been reverse engineered, we need to be sure that we understand all the BL602 WiFi and BLE stuff, and possibly overwrite by our own open source version. Right down to the code that controls the RF controller.
@AmpBenzScientist Maybe I should also clarify... Is it really a priority right now to reverse-engineer the BL602 WiFi/BLE stuff?
Well there are already commercial users of the Black Box BL602 WiFi/BLE... Like the MagicHome BL602 WiFi LED Controller.
So we can live perfectly without reverse-engineering the BL602 WiFi and BLE. Unless somebody has an open-source WiFi/BLE stack that they would like to run on BL602. (Which will be substantial porting effort)
Since the BL602 WiFi/BLE is working fine, and people are using it, I'm filling the the docs for the other parts that we don't know how to use: I2C, SPI, ...
That's why I'm not doing anything on WiFi/BLE right now, it's not a priority right now, we got other fires to fight (e.g. LoRa, Rust)
@lupyuen I'm sorry sir, I don't know anything about this. I only work here.
@lupyuen I think most of the code is already available for the ble portion. I kept seeing UART and other interesting things come up in the code. I'm too tired to continue right now but I will try to find that information and relay it in a Kosher way.
@lupyuen I have to go back and reconfigure something but I'm getting almost perfect C code as a result already. I should write a script and just get the nearly perfect C code. Ghidra is one of the few examples of Java being useful. I have never seen a RE tool this versatile and accurate. It's almost as if the brightest of minds crafted this tool with no real budget limit or limitation of any type.