wireless fidelity with bwfm 4
play

Wireless Fidelity with bwfm(4) Patrick Wildt September 22, 2019 - PowerPoint PPT Presentation

May 13, 2023 •111 likes •413 views

Why? How? What now? Wireless Fidelity with bwfm(4) Patrick Wildt September 22, 2019 Patrick Wildt Wireless Fidelity with bwfm(4) Why? Personally How? Hardware What now? Milestones Who am I? OpenBSD developer ARM64-subtree maintainer

  1. Why? How? What now? Wireless Fidelity with bwfm(4) Patrick Wildt September 22, 2019 Patrick Wildt Wireless Fidelity with bwfm(4)

  2. Why? Personally How? Hardware What now? Milestones Who am I? OpenBSD developer ARM64-subtree maintainer LLVM-subtree updater SBC hoarder Patrick Wildt Wireless Fidelity with bwfm(4)

  3. Why? Personally How? Hardware What now? Milestones Collection of devices Cubox-i Macbook Raspberry Pi 3 Z83 Mini-PC Patrick Wildt Wireless Fidelity with bwfm(4)

  4. Why? Personally How? Hardware What now? Milestones Milestones USB Skeleton WiFi OpenBSD Host AP PCIe SDIO Firmware ??? Driver Scan commit Mode backend backend Upload May June September October December January February ??? 2016 2016 2017 2017 2017 2018 2018 Patrick Wildt Wireless Fidelity with bwfm(4)

  5. Why? Start How? Details What now? Tricky bits Study 1 Find documentation Search the web for datasheets (by chip name) git grep in various OS (chip name, vendor/product ID) Neither code nor datasheet? Quit now. Alternative: reverse engineering 2 Study code and/or documentation to grasp concepts Attention: license concerns! 3 Realize it’s going to be a long project Patrick Wildt Wireless Fidelity with bwfm(4)

  6. Why? Start How? Details What now? Tricky bits Full vs Soft (simplified) Linux OpenBSD Network nl80211 Layer Configuration cfg80211 net80211 Layer MAC mac80211 Layer FullMAC Hardware SoftMAC SoftMAC Patrick Wildt Wireless Fidelity with bwfm(4)

  7. Why? Start How? Details What now? Tricky bits brcm80211 ISC-licensed brcm80211 drivers (Linux): brcmfmac brcmsmac FullMAC SoftMAC 35 496 LoC 75 177 LoC brcmsmac/phy/phy_n.c: 28 624 Lines Of Magic Patrick Wildt Wireless Fidelity with bwfm(4)

  8. Why? Start How? Details What now? Tricky bits Jobs What do we not have to do? What do we have to do? No beacons Initiate scan No frequency changes Configure SSID No MCS handling Configure keys Handle events Handle network packets Patrick Wildt Wireless Fidelity with bwfm(4)

  9. Why? Start How? Details What now? Tricky bits Skeleton bwfm(4) BCDC Msgbuf USB SDIO PCI Patrick Wildt Wireless Fidelity with bwfm(4)

  10. Why? Start How? Details What now? Tricky bits Dongle 1 Started with SDIO But realized testing kernels will take too long Unsure if SDIO layer actually worked 2 Bought a USB device 3 Started with the lower layers 4 Added PCIe/SDIO backend later Patrick Wildt Wireless Fidelity with bwfm(4)

  11. Why? Start How? Details What now? Tricky bits Write code that compiles 1 Skeleton-driver 2 Initialize bus access 3 Try to figure out whether the device is alive read chip id read MAC address receive an interrupt Patrick Wildt Wireless Fidelity with bwfm(4)

  12. Why? Start How? Details What now? Tricky bits USB Configuration Control Pipe Data Data Pipe Data+Events Data Pipe Patrick Wildt Wireless Fidelity with bwfm(4)

  13. Why? Start How? Details What now? Tricky bits Configuration Initiate Scan: struct bwfm_escan_params *params; [...] bwfm_fwvar_var_set_data(sc , "escan", params , params_size ); Connect to SSID: struct bwfm_ext_join_params *params; [...] bwfm_fwvar_var_set_data(sc , "join", params , sizeof (* params )); Patrick Wildt Wireless Fidelity with bwfm(4)

  14. Why? Start How? Details What now? Tricky bits Connect to SSID cmd len flags status variable + params j o i n 0 3 0 0 0 B S D ... SSID join SSID Len Patrick Wildt Wireless Fidelity with bwfm(4)

  15. Why? Start How? Details What now? Tricky bits BCDC Packets Ethernet Ethernet data firmware Data Data flags prio flags2 Destination Source Ethertype offset signals Payload Mac Mac Ethernet Ethernet data firmware Ethertype Events flags prio flags2 Destination Source Event offset signals 0x886c Mac Mac event-specific ... type status reason ... payload Patrick Wildt Wireless Fidelity with bwfm(4)

  16. Why? Start How? Details What now? Tricky bits SDIO Configuration Events FIFO Data Data Patrick Wildt Wireless Fidelity with bwfm(4)

  17. Why? Start How? Details What now? Tricky bits SDIO Interrupt INT Shared pin: DAT[1]/IRQ Sampled as IRQ during 1 2 3 4 5 6 7 8 Interrupt Period Some host controllers have troubles Workaround: externally routed GPIO Chip Patrick Wildt Wireless Fidelity with bwfm(4)

  18. Why? Start How? Details What now? Tricky bits PCIe Packet-based Multiple Ringbuffers 1010101 TX Control Ring 1010101 TX RX-Post Ring 1010101 (Control, TX, RX) Complete Rings 1010101 n Flowrings Patrick Wildt Wireless Fidelity with bwfm(4)

  19. Why? Start How? Details What now? Tricky bits Package RAM PCIE Read/write access to backplane B Write Firmware & NVRAM ARM U SDIO S Turn on/off ARM core OTP Read dmesg DOT11MAC 802.11 PHY 2.4/5 GHz Radio Patrick Wildt Wireless Fidelity with bwfm(4)

  20. Why? Start How? Details What now? Tricky bits dmesg hndarm_armr addr : 0 x18002000 , cr4_idx : 0 000000.001 RTE (SDIO − MSG_BUF) 7 . 3 5 . 1 8 0 . 1 1 9 ( r594535 ) on BCM4350 r8 @ 3 7 . 4 / 2 4 0 . 8 / 2 4 0 . 8MHz 000000.001 a l l o c a t i n g a max o f 255 r x c p l i d b u f f e r s 000000.002 pciemsgbuf0 : Broadcom PCIE MSGBUF d r i v e r 000000.003 r e c l a i m s e c t i o n 0 : Returned 59036 b y t e s to the heap 000000.131 e n a b l e 1 : q0 frmcnt 0 , wrdcnt 0 , q1 frmcnt 0 , wrdcnt 0 000000.131 e n a b l e 1 : q0 frmcnt 0 , wrdcnt 0 , q1 frmcnt 0 , wrdcnt 0 000000.175 wl0 : Broadcom BCM4350 802.11 W i r e l e s s C o n t r o l l e r 7 . 3 5 . 1 8 0 . 1 1 9 ( r594535 ) 000000.175 TCAM: 256 used : 255 exceed : 0 000000.176 r e c l a i m s e c t i o n 1 : Returned 147512 b y t e s to the heap 000005.375 wl0 : wlc_enable_probe_req : s t a t e down , d e f e r r i n g s e t t i n g o f h os t f l a g s 000005.413 wlc_bmac_switch_macfreq : 4350 need f i x f o r 37.4Mhz 000005.421 wl0 : wlc_enable_probe_req : s t a t e down , d e f e r r i n g s e t t i n g o f h os t f l a g s 000005.421 e n a b l e 1 : q0 frmcnt 0 , wrdcnt 0 , q1 frmcnt 0 , wrdcnt 0 Patrick Wildt Wireless Fidelity with bwfm(4)

  21. Why? Start How? Details What now? Tricky bits Firmware Features 4356a2-roml/ pcie -ag-msgbuf-splitrx- p2p -pno-aoe-pktfilter- keepalive- sr - mchan -pktctx-proptxstatus-ampduhostreorder-lpc- pwropt-txbf-wl11u-mfp-tdls-amsdutx-sarctrl-proxd-hs20sta-rcc- wepso-ndoe-linkstat-gscan-hchk-logtrace-roamexp-rmon Version: 7.35.101.6 (r702795) CRC: 4f3f65c5 Date: Sun 2017-06-04 16:51:38 PDT Ucode Ver: 963.316 FWID: 01-5e8eb735 Patrick Wildt Wireless Fidelity with bwfm(4)

  22. Why? Start How? Details What now? Tricky bits Tricky bits Flow-control Asynchronous control messages Asynchronous creation of flowrings net80211 Integration Patrick Wildt Wireless Fidelity with bwfm(4)

  23. Why? Issues How? Status What now? Future Firmware Remote Control Message Injection (CVE-2016-0801): Updated firmware in November 2017 KRACK (October 2017): Updated firmware in June 2018 (based on linux-firmware.git) Patrick Wildt Wireless Fidelity with bwfm(4)

  24. Why? Issues How? Status What now? Future KRACK /* * The firmware supplicant can handle the WPA * handshake for us , but we honestly want to * do this ourselves , so disable the firmware * supplicant and let our stack handle it. */ bwfm_fwvar_var_set_int(sc , "sup_wpa", 0); Patrick Wildt Wireless Fidelity with bwfm(4)

  25. Why? Issues How? Status What now? Future NVRAM Purpose: Provides configuration for the specific package Sets up antenna configuration, max dB, etc. Needed on: PCIe (sometimes) SDIO (always) USB (not yet?) Provided by: Hardware designer (in their git repo) EFI BIOS (in an EFI variable) Patrick Wildt Wireless Fidelity with bwfm(4)

  26. Why? Issues How? Status What now? Future Current Status Patrick Wildt Wireless Fidelity with bwfm(4)

  27. Why? Issues How? Status What now? Future Current Status Works as client Properly fast 802.11ac (Wi-Fi 5) Implemented on recent Macbooks Implemented on raspberry Pis Available as official raspberry Pi USB Dongle (while supplies last) Works as access point often enough Patrick Wildt Wireless Fidelity with bwfm(4)

  28. Why? Issues How? Status What now? Future Future Better AP support Multi-AP support Suspend/Resume Firmware Signals Support for more devices Patrick Wildt Wireless Fidelity with bwfm(4)

  29. Why? Issues How? Status What now? Future Questions? Patrick Wildt Wireless Fidelity with bwfm(4)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo,

High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo,

High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo, Richard Schroeppel, Michael Scoggin, Brian Van Leeuwen June 17, 2016 Sandia National Laboratories is a multi-program laboratory managed and operated

134 views • 10 slides
ACHIEVING HIGH FIDELITY ASSERTIVE COMMUNITY TREATMENT THROUGH THE IMPLEMENTATION OF FIDELITY

ACHIEVING HIGH FIDELITY ASSERTIVE COMMUNITY TREATMENT THROUGH THE IMPLEMENTATION OF FIDELITY

ACHIEVING HIGH FIDELITY ASSERTIVE COMMUNITY TREATMENT THROUGH THE IMPLEMENTATION OF FIDELITY EVALUATION AND TECHNICAL ASSISTANCE Lorna Moser, Ph.D. ACT TA Center Center for Excellence in Community Mental Health, UNC Department of Psychiatry

691 views • 46 slides
Tier 2 Fidelity Data: Strengthening your Tier 2 PBIS Implementation: Using Fidelity Measures to

Tier 2 Fidelity Data: Strengthening your Tier 2 PBIS Implementation: Using Fidelity Measures to

Tier 2 Fidelity Data: Strengthening your Tier 2 PBIS Implementation: Using Fidelity Measures to Promote Growth in Tier 2 Implementation March 2020 Celeste Rossetto Dickey, M.Ed. University of Oregon Introductions and Welcome School Staff

865 views • 55 slides
Fidelity Bank Presentation Non-Deal Roadshow May Jun 2018 www.fidelitybank.ng Profile of

Fidelity Bank Presentation Non-Deal Roadshow May Jun 2018 www.fidelitybank.ng Profile of

Fidelity Bank Presentation Non-Deal Roadshow May Jun 2018 www.fidelitybank.ng Profile of Fidelity Bank Road-Show Team Nnamdi Okonkwo Managing Director / Chief Executive Officer Appointed Managing Director of Fidelity Bank PLC in January

601 views • 38 slides
What You Need to Know The importance of Up-Front and Multi-Fidelity simulation

What You Need to Know The importance of Up-Front and Multi-Fidelity simulation

www.cd-adapco.com Flow Assurance By Design Multi-Fidelity Simulation for Improved Design, Development, and Validation of Subsea Pipelines and Equipment What You Need to Know The importance of Up-Front and Multi-Fidelity

780 views • 38 slides
Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading, interference, hidden terminal problem IEEE 802.11 ( wi-fi ) CSMA/CA reflects wireless channel characteristics DIFS, SIFS,

1.43k views • 83 slides
Informal/formal sector partnerships: Fidelity Bank Ghana BUSINESS UNIT: MICROFINANCE DATE: 22 nd

Informal/formal sector partnerships: Fidelity Bank Ghana BUSINESS UNIT: MICROFINANCE DATE: 22 nd

Informal/formal sector partnerships: Fidelity Bank Ghana BUSINESS UNIT: MICROFINANCE DATE: 22 nd February 2013 Dr. William Derban Director, Financial Inclusion, CSR & PMO Fidelity Bank Ghana Fidelity Bank - a growing local bank in Ghana

1.2k views • 16 slides
1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

Outline Outline What is wireless? Overview Wireless parameters Cellular architecture Wireless Networks Wireless Networks Media multiple access Wireless LAN 802.11 MANET Mobile Ad-hoc NETworks Amnon Jonas

525 views • 13 slides
1 L Nov-29-05 SMD157, High-Fidelity Prototyping Overview Prototyping revisited

1 L Nov-29-05 SMD157, High-Fidelity Prototyping Overview Prototyping revisited

INSTITUTIONEN FR SYSTEMTEKNIK LULE TEKNISKA UNIVERSITET High-Fidelity Prototyping and Flash SMD157 Human-Computer Interaction Fall 2005 1 L Nov-29-05 SMD157, High-Fidelity Prototyping Overview Prototyping revisited

689 views • 10 slides
Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad

Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad

Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad Hoc MAC protocols ad Hoc routing DSR AODV 2 Wireless Networks Autonomous systems of mobile hosts connected by wireless links Nodes are

1.3k views • 102 slides
BUILDING ENERGY AUDITING NETWORK Authors -Xiaofan Jiang et. al Published- ACM SenSys 2009

BUILDING ENERGY AUDITING NETWORK Authors -Xiaofan Jiang et. al Published- ACM SenSys 2009

Paper- EXPERIENCES WITH A HIGH FIDELITY WIRELESS BUILDING ENERGY AUDITING NETWORK Authors -Xiaofan Jiang et. al Published- ACM SenSys 2009 presented by- Amanvir S. Sudan What this paper is about? A wireless sensor network Used

419 views • 24 slides
Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS PEAP-MSCHAPv2

278 views • 14 slides
Fidelity to the EBDP Programs in Michigan: Findings of Evaluation Report Joan Ilardo, PhD, LMSW

Fidelity to the EBDP Programs in Michigan: Findings of Evaluation Report Joan Ilardo, PhD, LMSW

APPENDIX F3 Fidelity to the EBDP Programs in Michigan: Findings of Evaluation Report Joan Ilardo, PhD, LMSW Assistant Professor, Director of Research Training. Core Faculty-Geriatric Education Center of Michigan Purpose of PATH Fidelity

288 views • 17 slides
Timothy R. Newman, Ph.D. Wireless @ VT Wireless @ Virginia Tech Wireless Umbrella Group

Timothy R. Newman, Ph.D. Wireless @ VT Wireless @ Virginia Tech Wireless Umbrella Group

Timothy R. Newman, Ph.D. Wireless @ VT Wireless @ Virginia Tech Wireless Umbrella Group MPRG, CWT, VTVT, WML, Antenna Group, Time Domain Lab, DSPRL Officially rolled out June 2006 Currently 32 tenure track faculty and more

304 views • 19 slides
Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets

Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets

FIXED INCOME WEBINAR Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets Richard Carter VP, Fixed Income Products Fidelity Brokerage Services LLC, Member NYSE, SIPC 900 Salem Street, Smithfield, RI 02917

431 views • 24 slides
4/30/2019 1 Attainable: The ABLE Savings Plan Offered by MEFA and managed by Fidelity

4/30/2019 1 Attainable: The ABLE Savings Plan Offered by MEFA and managed by Fidelity

4/30/2019 1 Attainable: The ABLE Savings Plan Offered by MEFA and managed by Fidelity Investments 2 MEFA and Fidelity Partnership MEFA is a not-for-profit state authority, not reliant on state or federal appropriations, established under

409 views • 7 slides
Welcome to AP Computer Science! Please sit where you want Mrs. Donaldson, Room I-4 Go Bears!

Welcome to AP Computer Science! Please sit where you want Mrs. Donaldson, Room I-4 Go Bears!

Welcome to AP Computer Science! Please sit where you want Mrs. Donaldson, Room I-4 Go Bears! Math Major at UC Berkeley Taught many years in district Work Skills, Algebra, Geometry 9, AlgII/Trig, Computer Science, AP Computer

865 views • 22 slides
Welcome! We'll be getting started promptly at the top of the hour, and until then you will

Welcome! We'll be getting started promptly at the top of the hour, and until then you will

Welcome! We'll be getting started promptly at the top of the hour, and until then you will NOT be hearing any audio (aside from a sound check). In the meantime, feel free to reach out via the Chat/Questions panel. @fdncenter

626 views • 40 slides
e : Evolving Databases for New-Gen Big Data Applications R. Barber, C. Garcia-Arellano, R.

e : Evolving Databases for New-Gen Big Data Applications R. Barber, C. Garcia-Arellano, R.

Wildfire e : Evolving Databases for New-Gen Big Data Applications R. Barber, C. Garcia-Arellano, R. Grosman, R. Mueller, V. Raman , R. Sidle, M. Spilchen, A. Storm, Y. Tian, P. Tozun, D. Zilio, M. Huras, G. Lohman, C. Mohan, F. Ozcan, H.

286 views • 16 slides
Inference Suppose you are given a Bayesian network with the graph structure and the parameters

Inference Suppose you are given a Bayesian network with the graph structure and the parameters

Inference Suppose you are given a Bayesian network with the graph structure and the parameters CS 331: Artificial Intelligence all figured out Bayesian Networks (Inference) Now you would like to use it to do inference You need

417 views • 5 slides
Slide 1 / 68 Slide 2 / 68 The Cathode Rays experiment is associated 2 The electron charge

Slide 1 / 68 Slide 2 / 68 The Cathode Rays experiment is associated 2 The electron charge

Slide 1 / 68 Slide 2 / 68 The Cathode Rays experiment is associated 2 The electron charge was measured the first time 1 with: in: A Millikan A Cathode ray experiment B Thomson B Photoelectric effect experiment C Townsend C

404 views • 12 slides
Fixed Point Algorithms for Phase Retrieval and Ptychography Albert Fannjiang University of

Fixed Point Algorithms for Phase Retrieval and Ptychography Albert Fannjiang University of

Fixed Point Algorithms for Phase Retrieval and Ptychography Albert Fannjiang University of California, Davis Mathematics of Imaging Workshop: Variational Methods and Optimization in Imaging IHP, Paris, February 4th-8th 2019 Collaborators:

615 views • 46 slides
Mathematics of Sparsity (and a Few Other Things) Emmanuel Cand` es International Congress of

Mathematics of Sparsity (and a Few Other Things) Emmanuel Cand` es International Congress of

Mathematics of Sparsity (and a Few Other Things) Emmanuel Cand` es International Congress of Mathematicians (ICM 2014), Seoul, August 2014 Some Motivation Magnetic Resonance Imaging (MRI) MR scanner MR image Image from K. Pauly, G. Gold,

1.28k views • 116 slides
Synchrotron radiation Marcin Sikora Academic Centre for Materials and Nanotechnology, AGH-UST,

Synchrotron radiation Marcin Sikora Academic Centre for Materials and Nanotechnology, AGH-UST,

Synchrotron radiation Marcin Sikora Academic Centre for Materials and Nanotechnology, AGH-UST, Krakow, Poland marcin.sikora@agh.edu.pl ESM-2018, Krakow, 26/9/2018 1 Origin of light 1. Charge: a source of electric field, = 0 .

732 views • 50 slides

More recommend