Re: Announce: ndiswrapper

From: Andrew Miklas
Date: Thu Nov 20 2003 - 21:57:47 EST


Hi,


On November 20, 2003 02:00 am, Benjamin Herrenschmidt wrote:
> Still, I've looked into possibly reverse engineering the Broadcom
> one for 802.11g from MacOS X (with 2 machines kernel debugging and
> functions names embedded in the driver, it's not _that_ bad). But
> it's a +500k binary .... I didn't go very far and decided I had
> better ways to spend my time.
>

Just in case anyone here is interested, a few of us over at
linux-bcom4301.sourceforge.net have been working (albeit slowly) at reverse
engineering this driver.

Actually, one ongoing project is to get the Broadcom driver with ndiswrapper
to run inside an emulator like bochs, so we can monitor all the IO.
Actually, something I posted last week about doing DMA to userspace was for
this project.

For reference, Linksys has provided the source code for the components of the
Broadcom wireless driver that are statically linked with the kernels included
in many of their new 802.11g wireless products [1]. However, there remains a
component that we still have in binary-only form.

For the curious, the total size of the binary-only part is 386K of mipsel
code. We also have this module in it's unlinked form.

I've looked at a few functions to see how simple it would be to reverse
engineer. Some of it is pretty easy to follow. However, there are parts
that become very complicated, where they start doing branches on conditions
like: "if it is a BCM4301 chip, integrated on a Dell board, where the core
revision is less than ver. X then set some flag".



-- Andrew


[1] http://www.linksys.com/support/opensourcecode/wap54g/wap54g.1.08.tar.gz
(Download the WAP54G package)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/