[Prism54-devel] Prism54 development update
Sebastien
sebastien.bourdeauducq at gmail.com
Wed Aug 31 12:37:53 UTC 2005
Hello list !
First, Jean Baptiste and I are working on low-level hardware reverse
engineering, in order to write a new firmware from scratch. The project is
named "FreeMAC" ; the motivations are :
- having high quality wireless hardware, with high quality drivers, running on
100%-free software
- making the firmware compatible with all the chipsets, regardless the chipset
was designed for FullMAC or SoftMAC (including GW3887 and ISL3886 with the
NET2280 hack). As far as I know, the only hardware difference between a
FullMAC and a SoftMAC chipset is that a SoftMAC chipset has half the memory
capacity of a FullMAC chipset. The other differences - that made the Prism54
driver unusable - seem only because the SoftMAC firmware protocol is
radically different than the FullMAC protocol.
- implementing new wireless protocols, such as WDS and WPA, with no further
protocol reverse engineering
- being more resistant to possible future protocol and hardware changes - if
Prism54 didn't rely on FullMAC that much, support for the 3886 and 3887 would
have been much more easy (probably as simple as cutting down the firmware
code and offloading operations to the host).
- official information suggests that the radio interface of these chipsets is
very flexible, making them wonderful devices for tinkering with the ISM
bands. I don't know how far we could go with this (I don't have a lot of info
about the radio for now), but for instance making a 802.11/Bluetooth combo
out of an unmodified Conexant wireless card might not be impossible.
- wireless cards are cheap and nice ARM developement boards, featuring a
powerful ARM9 core clocked at 30MHz.
- I find learning how the device works very instructive.
It can be argued that "by the time this happens the technology these cards use
will probably be extremely outdated since guessing how > 2000
registers/instructions work by trial and error is pretty
painful" (http://prism54.org/~mcgrof/firmware/). But :
- No major hardware changes seem to have been made between the first Prism
Indigo (3877) and the latest Prism Cohiba (3887).
- There aren't 2000 registers. They are less than 100, and organized by blocks
according to their purpose, which makes guessing easier. Moreover, the 3886
has mechanisms (PCI memory window, ...) which eases reverse engineering.
Finally, trial and error is not the only solution, we can run the official
firmware in an ARM emulator with the hardware registers mapped to the
physical device, and their access logged. We have enough knowledge about the
chipset for acheiving this by now.
- The instruction set and coprocessor interface are those of the ARM 946E,
which is heavily documented. The GNU ARM toolchain supports it very well - by
the time I'm writing this, the FreeMAC firmware compiles with GCC without any
problem. It's still far for being usable by normal users, though (for now,
this is mainly a command line interface giving access to the hardware and
other developer stuff).
That's pretty much my opinion, of course ; comments and criticism are welcome.
Everyone's invited to join and contribute to this project. We've set up wiki
pages at the temporary adress http://jbnote.free.fr/islsm/. I'll port ISLLDR
- a quickhack driver for FreeBSD giving access to the FreeMAC command line,
which will be eventually merged in p54u - to Linux, so that everyone can
tinker with his device. Please note that the hardware is very robust, it it
very unlikely that you fry something - my Siemens Gigaset has already been
written almost everything to every hardware register, and it's still working.
Another good news is that we've learnt a lot from hardware reverse
engineering, allowing us to understand better how the SoftMAC firmware works.
I will spare you the technical details for now unless anyone's interested -
this concerns mainly the "SoftMAC addresses" and the interrupt system.
At short term, this will allow us to fix most failures of the SoftMAC drivers.
Finally, we may take the management of the prism54.org website and use it as a
home page for the SoftMAC drivers and the FreeMAC project. The FullMAC
section will still be available, of course. This is going on with Luis.
Regards,
Sebastien
More information about the Prism54-devel
mailing list