LMAC is the Lower MAC Firmware that runs on the #BL602 Radio Hardware
https://www.ceva-dsp.com/product/rivierawaves-wi-fi-platforms/
#BL602 #WiFi Manager talks to LMAC Firmware via Message Queue ... Let's find out how it works
https://www.ceva-dsp.com/product/rivierawaves-wi-fi-platforms/
But 0x4400 0000 is NOT documented in #BL602 Reference Manual! 😲 Now we know a secret ... BL602 talks to LMAC Firmware at Address 0x4400 0000 🤫
https://github.com/bouffalolab/bl_docs/blob/main/BL602_RM/en/BL602_BL604_RM_1.2_en.pdf
"wifi_main" lives in the mysterious #BL602 #WiFi Library "libwifi" ... Let's study the decompiled C code (thanks to BraveHeartFLOSSDev and Ghidra)
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L32959-L33006
#BL602 "wifi_main" calls "ke_evt_schedule" to do #WiFi Tasks ... GitHub Search shows that "ke_evt_schedule" is also defined in ... AliOS! 😲
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L28721-L28737
But does "ke_evt_schedule" really come from AliOS? Not quite ... "ke_evt_schedule" actually comes from ... CEVA RivieraWaves! 😲
Now the #BL602 #WiFi Stack gets clearer ... We're actually reading the WiFi Driver Code by CEVA RivieraWaves! 💡
https://www.ceva-dsp.com/product/rivierawaves-wi-fi-platforms/
@lupyuen That's so much cleaner than the first version uploaded. It was also using a custom ported Processor that is also in the repository but not yet available in Ghidra. I'm just glad that you are finding it useful. Libwifi should contain 112 object files but 6 were excluded because of errors, I'll get them up when I can get them decompiled.
@AmpBenzScientist Cool thanks! 👍
Ghidra fails to load them? Id like to check if llvms disassembler will be able to parse and decompile them.
@PawelK @lupyuen Ghidra loads them but won't disassemble. It's an error regarding memory and my custom processor has reduced the number of errors. This is a memory issue that I need to address soon. Ghidra is a beast and 9.2.2 had the same quality code as IDA Pro on Arm. Gamiee and I had a little competition comparing the output of the two. He had to admit that it was powerful but it doesn't produce pretty code. Verbose Chainsaw is the actual test that was done. The capabilities are greatly improved in 10.0.0.
@AmpBenzScientist
Btw Benzinski some guys around llvm and clang wanna invest some effort into making their disassembler perfect. One of its targets is riscv.
If You wanted to play with llvms disassemblers, i could link you to guys from project etc. They got perfect code quality and architecture for c++ its written in.
@PawelK @lupyuen After reading deep into SLED and SLEIGH so I could port a processor, I see why Ghidra is so effective. Given the troublesome nature of RISC-V disassembly, I would recommend SLEIGH because of the flexibility of it. Even with Ghidra, I spent 3 months working on this. It took about a week to get the first results and I've been doing work on Ghidra since then.
I might have to pass as I want to get involved more with Ghidra and Rizin development.
@lupyuen I'll see about getting the improved blob code up soon. I'll let you know when it is ready and I'll keep it separate from the older versions.
@AmpBenzScientist No worries I'm going to fork your repo and make reference to my fork ... So you can go ahead and update yours anytime
@lupyuen Thank you sir.
Many thanks to this hilarious (but truthful) comment on #BL602 😂
https://qoto.org/@lupyuen/106454770223645891