From: "Michael Büsch" <mb@bu3sch.de>
To: linux-wireless@vger.kernel.org
Cc: David Woodhouse <dwmw2@infradead.org>
Subject: [ANN] Assembler/disassembler for brcm80211 / b43 / b43legacy r15 firmware
Date: Sun, 19 Sep 2010 19:25:58 +0200 [thread overview]
Message-ID: <1284917158.14353.37.camel@maggie> (raw)
Hi,
I updated the firmware toolchain for the broadcom wireless chipsets
to support newer >=r15 wireless cores.
Old wireless cores r5-r14 are fully supported. For r15 cores, there
are a few unknown instructions left. Subroutine calling seems to have
changed in r15 cores.
However, the toolchain is already pretty much usable as-is on r15 cores.
To install the toolchain, fetch the git tree:
git clone git://git.bu3sch.de/b43-tools.git
Then build and install the tools in the "assembler" and "disassembler"
subdirectories. (make && make install).
Note that the assembler depends on flex and bison. So install these.
To use the toolchain on brcm80211 firmware, the firmware blobs first have
to be converted to raw format. The "brcm80211fwconv" tool shipped with
the disassembler can be used for that.
This will show you a dump of what is in the firmware files:
brcm80211fwconv --header bcm43xx_hdr-0-610-809-0.fw --bin bcm43xx-0-610-809-0.fw --dump
If you want to extract the r16 microcode (which is index 10. See the --dump),
run the following command:
brcm80211fwconv --header bcm43xx_hdr-0-610-809-0.fw --bin bcm43xx-0-610-809-0.fw --extract 10:ucode16.raw
This will create the file "ucode16.raw", which can be disassembled:
b43-dasm ucode16.raw ucode16.asm --arch 15 --format raw-le32
Now modify the ucode16.asm source code file and re-assemble it to a
binary with that command:
b43-asm ucode16.asm ucode16.modified --format raw-le32
If you want to use the modified firmware with the brcm80211 driver, you have
to merge the modified ucode binary back into the bcm80211 image:
brcm80211fwconv -H bcm43xx_hdr-0-610-809-0.fw -B bcm43xx-0-610-809-0.fw --merge 10:ucode16.modified
Note that this modified the two .fw files in place!
Also note that the --format and --arch options to b43-dasm and b43-asm are important.
If you don't pass these, it won't work.
And finally note that I did not try to run a re-assembled and re-merged
firmware on an actual device, yet. So there might be bugs left.
Happy hacking! :)
--
Greetings Michael.
reply other threads:[~2010-09-19 17:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1284917158.14353.37.camel@maggie \
--to=mb@bu3sch.de \
--cc=dwmw2@infradead.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox