Firmware for reverse engineering b43?
Johannes Berg
johannes at sipsolutions.net
Tue Apr 14 02:14:56 PDT 2026
Hi,
> As I've been getting into kernel development,
Welcome :)
> When it comes to figuring out what code to write and how to implement
> functions, I see that there has been a mix of answers across the driver.
>
> Lots of functions refer to specs RE'd from the 4.x firmware[1], but
> my own install uses 5.x firmware. Additionally, the 6.x firmware is
> available.
>
> For my reverse engineering process, I opened the firmware in Ghidra
> and basically try to map the functionality to the driver, which appears
> to be what was done with the 4.x specs?
Pretty much, though no Ghidra or AI assist or anything back then, we had
to hand-roll our own tools ;-)
The concern then was that we should have two teams so nobody can claim
copyright violations, but I obviously don't know what Broadcom's stance
on this is (now or then.) I do know they were impressed by the level of
reverse engineering, especially down into the device firmware itself :)
> But, as I compare to the newer firmware, some functions have been moved
> or replaced. And sometimes, the newer firmware functions contradict the
> RE'd 4.x specs, or have extra steps in its process.
No surprise I guess, things could even just shift by compiling them
differently.
> Take b43_nphy_perical, or as known in the v4 firmware,
> wlc_phy_perical_nphy. I got to this function because wlc_nphy_init calls
> it. But actually, the RE'd version says init calls
> wlc_phy_perical_nphy_run, which the firmware says is not the case
> (it goes through wlc_phy_perical_nphy first, which has its own
> conditions).
>
> So, which is the best source of truth(s) for this driver? The v4.x
> specs, the v5 firmware, or the v6 firmware? Which one should be used,
> and which has a higher priority level over the other?
I think there's no easy answer - what are you even trying to achieve?
Does b43 not work sufficiently well? Do you even know if some specific
calibration have a tendency to go out of whack? Is there later firmware
that has some advantage (given how little actually happens in firmware
in these devices, I'd be surprised by that) but isn't compatible with
the driver now, and you want to change that?
I'd be tempted to say that if there's no problem there don't try to fix
anything, the hardware is ancient anyway, likely has few users, and
those users would probably be fine with just leaving it?
johannes
More information about the b43-dev
mailing list