Decompilation and Analysis of b43 Assembly Code used in Broadcom WiFi Chips

Bachelor Thesis

in progress


Type
Analysis: 6
Empiricism: 4
Implementation: 10
Literature Research: 5

Motivation

Each Broadcom WiFi Chip contains a D11 core that is a programmable state machine used to control the low level WiFi frame handing (you can find more information in the BCM4330 datasheet [3]). For this b43 architecture assemblers and disassemblers already exist [4]. However, it is hard to go through the assembler code to analyze the D11 firmware. In this masterthesis you will create an analysis framework that allows to represent the code in a graph that can be used for further analysis and decompilation or transfer into an immediate representation of the LLVM compiler. You will also create a decompiler and a compiler to convert between program code in C and b43 assembly.

[1] M. Schulz, D. Wegemer, M. Hollick. DEMO: Using NexMon, the C-based WiFi firmware modification framework, Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016, July 2016. [pdf]

[2] M. Schulz, D. Wegemer and M. Hollick. NexMon: A Cookbook for Firmware Modifications on Smartphones to Enable Monitor Mode, CoRR, vol. abs/1601.07077, December 2015. [bibtex]

[3] http://www.cypress.com/file/298016/download

[4] github.com/pfalcon/b43-tools/

 

 


Supervisor:

Student: Nicolas Schickert

Research Areas: Sichere Mobile Netze



Back


Contact

Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471
office@seemoo.tu-darmstadt.de

Affiliations

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang