[Prism54-devel] Prism54 development update

Sebastien sebastien.bourdeauducq at gmail.com
Wed Aug 31 12:37:53 UTC 2005


Hello list !

First, Jean Baptiste and I are working on low-level hardware reverse 
engineering, in order to write a new firmware from scratch. The project is 
named "FreeMAC" ; the motivations are :
- having high quality wireless hardware, with high quality drivers, running on 
100%-free software
- making the firmware compatible with all the chipsets, regardless the chipset 
was designed for FullMAC or SoftMAC (including GW3887 and ISL3886 with the 
NET2280 hack). As far as I know, the only hardware difference between a 
FullMAC and a SoftMAC chipset is that a SoftMAC chipset has half the memory 
capacity of a FullMAC chipset. The other differences - that made the Prism54 
driver unusable - seem only because the SoftMAC firmware protocol is 
radically different than the FullMAC protocol.
- implementing new wireless protocols, such as WDS and WPA, with no further 
protocol reverse engineering
- being more resistant to possible future protocol and hardware changes - if 
Prism54 didn't rely on FullMAC that much, support for the 3886 and 3887 would 
have been much more easy (probably as simple as cutting down the firmware 
code and offloading operations to the host).
- official information suggests that the radio interface of these chipsets is 
very flexible, making them wonderful devices for tinkering with the ISM 
bands. I don't know how far we could go with this (I don't have a lot of info 
about the radio for now), but for instance making a 802.11/Bluetooth combo 
out of an unmodified Conexant wireless card might not be impossible.
- wireless cards are cheap and nice ARM developement boards, featuring a 
powerful ARM9 core clocked at 30MHz.
- I find learning how the device works very instructive.

It can be argued that "by the time this happens the technology these cards use 
will probably be extremely outdated since guessing how > 2000 
registers/instructions work by trial and error is pretty 
painful" (http://prism54.org/~mcgrof/firmware/). But :
- No major hardware changes seem to have been made between the first Prism 
Indigo (3877) and the latest Prism Cohiba (3887).
- There aren't 2000 registers. They are less than 100, and organized by blocks 
according to their purpose, which makes guessing easier. Moreover, the 3886 
has mechanisms (PCI memory window, ...) which eases reverse engineering. 
Finally, trial and error is not the only solution, we can run the official 
firmware in an ARM emulator with the hardware registers mapped to the 
physical device, and their access logged. We have enough knowledge about the 
chipset for acheiving this by now.
- The instruction set and coprocessor interface are those of the ARM 946E, 
which is heavily documented. The GNU ARM toolchain supports it very well - by 
the time I'm writing this, the FreeMAC firmware compiles with GCC without any 
problem. It's still far for being usable by normal users, though (for now, 
this is mainly a command line interface giving access to the hardware and 
other developer stuff).

That's pretty much my opinion, of course ; comments and criticism are welcome.

Everyone's invited to join and contribute to this project. We've set up wiki 
pages at the temporary adress http://jbnote.free.fr/islsm/. I'll port ISLLDR 
- a quickhack driver for FreeBSD giving access to the FreeMAC command line, 
which will be eventually merged in p54u - to Linux, so that everyone can 
tinker with his device. Please note that the hardware is very robust, it it 
very unlikely that you fry something - my Siemens Gigaset has already been 
written almost everything to every hardware register, and it's still working.


Another good news is that we've learnt a lot from hardware reverse 
engineering, allowing us to understand better how the SoftMAC firmware works.
I will spare you the technical details for now unless anyone's interested - 
this concerns mainly the "SoftMAC addresses" and the interrupt system.
At short term, this will allow us to fix most failures of the SoftMAC drivers.


Finally, we may take the management of the prism54.org website and use it as a 
home page for the SoftMAC drivers and the FreeMAC project. The FullMAC 
section will still be available, of course. This is going on with Luis.

Regards,
Sebastien


More information about the Prism54-devel mailing list