#BL602 #WiFi Payload Handler calls rxu, txl and txu functions ... Fortunately these are defined in the AliOS / RivieraWaves Source Code we saw earlier
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L20220-L20398
Here's the Decompiled #BL602 #WiFi Supplicant that handles WiFi Authentication ... Decompiled code looks readable
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L29805-L29860
Thankfully #BL602 #WiFi Library libwifi was compiled with Assertions Enabled ... Makes Reverse Engineering simpler 👍
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.c#L38512-L38609
Let's do Quantitative Analysis of the Decompiled #BL602 #WiFi Demo Firmware ... How many lines of code do we actually need to Reverse Engineer ... Now that we've found some matching source files?
https://github.com/lupyuen/bl602nutcracker1/blob/main/bl602_demo_wifi.txt
Load the Decompiled #BL602 #WiFi Functions into a spreadsheet ... For easier crunching
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit?usp=sharing
Matching the Decompiled #BL602 #WiFi Functions with AliOS / RivieraWave Source Code ... And identifying the differences
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit?usp=sharing
Work In Progress: What's inside the #BL602 #WiFi Demo Firmware ... And how many lines of code need to be Reverse Engineered
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit#gid=1323188614
2,500 lines of Decompiled Code in #BL602 #WiFi Supplicant seem to match Rockchip RK3399 ... Leaving 700 lines to be deciphered
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit#gid=1323188614
#BL602 #WiFi Firmware: 87,000 lines of Decompiled Code have been classified ... 24,000 more lines to go!
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit#gid=1323188614
Quantitative Analysis of Decompiled #BL602 #WiFi Firmware is nearly complete! Actual lines of WiFi code to be reverse engineered: 10,500
Google Sheets: https://docs.google.com/spreadsheets/d/1C_XmkH-ZSXz9-V2HsYBv7K1KRx3RF3-zsoJRLh1GwxI/edit#gid=1323188614
Here's how we start the #WiFi Driver in our #BL602 Firmware
https://lupyuen.github.io/articles/wifi?2#bl602-wifi-demo-firmware
How we connect to a #WiFi Access Point in our #BL602 Firmware
https://lupyuen.github.io/articles/wifi?3#connect-to-wifi-network
What happens when #BL602 connects to a #WiFi Network
https://lupyuen.github.io/articles/wifi?5#connect-to-wifi-access-point
What goes on inside the State Machine of the #BL602 #WiFi Manager
https://lupyuen.github.io/articles/wifi?6#wifi-manager-state-machine
How #BL602 talks to its #WiFi Radio Hardware to transmit packets
https://lupyuen.github.io/articles/wifi?7#send-request-to-lmac
How #BL602 triggers a Lower MAC Interrupt in the #WiFi Radio Hardware
https://lupyuen.github.io/articles/wifi?8#trigger-lmac-interrupt
Let's dive into the #BL602 #WiFi Driver ... Decompiled into C by BraveHeartFLOSSDev!
https://lupyuen.github.io/articles/wifi?9#decompiled-wifi-demo-firmware
#BL602 runs a #WiFi Firmware Task ... To transmit and receive WiFi packets in the background
https://lupyuen.github.io/articles/wifi?10#wifi-firmware-task
What happens inside the #BL602 #WiFi Firmware Task? 🤔 The decompiled code reveals all secrets! 🤫
https://lupyuen.github.io/articles/wifi?11#start-firmware-task
#BL602 #WiFi Driver deciphered thanks to GitHub Search!
https://lupyuen.github.io/articles/wifi?12#schedule-kernel-events
#BL602 #WiFi Kernel calls these Event Handlers to transmit and receive WiFi packets
https://lupyuen.github.io/articles/wifi?15#schedule-kernel-events
#BL602 #WiFi packet transmission looks undecipherable... Bit there's hope!
https://lupyuen.github.io/articles/wifi?16#handle-transmit-payload
How does #BL602 transmit a #WiFi Packet? Let's walk thru the decompiled code
https://lupyuen.github.io/articles/wifi?17#another-transmit-payload
#BL602 #WiFi Driver is based on CEVA RivieraWaves
https://lupyuen.github.io/articles/wifi?18#ceva-rivierawaves
What is RivieraWaves? How is it used for #BL602 #WiFi?
https://lupyuen.github.io/articles/wifi?19#ceva-rivierawaves
#BL602 #WiFi Driver includes these modules from RivieraWaves Upper MAC
https://lupyuen.github.io/articles/wifi?20#upper-medium-access-control
Here are the Lower MAC Interfaces exposed by #BL602 #WiFi Radio Hardware
https://lupyuen.github.io/articles/wifi?21#lower-medium-access-control
#BL602 #WiFi Physical Layer looks a little murky 🤿
https://lupyuen.github.io/articles/wifi?23#wifi-physical-layer
How we do Quantitative Analysis of the Decompiled #BL602 #WiFi Firmware
https://lupyuen.github.io/articles/wifi?24#quantitative-analysis
How we classified 97,000 Lines of Code in our Decompiled #BL602 #WiFi Firmware
https://lupyuen.github.io/articles/wifi?25#load-functions-into-spreadsheet
Matching the Decompiled #BL602 #WiFi Firmware ... With the source code we've discovered on GitHub Search
https://lupyuen.github.io/articles/wifi?26#match-the-decompiled-functions
#BL602 #WiFi Quantitative Analysis says: A huge chunk of the WiFi Source Code is already out there!
https://lupyuen.github.io/articles/wifi?27#count-the-lines-of-code
@lupyuen This is very good news.
@AmpBenzScientist Yep hope to finish the article soon 🙂
@AmpBenzScientist Yep thanks 🙂