Broadcom FullMac Wi-Fi Chips offer the possibility to configure its internals such that IQ samples can be fetched at several stages in the RX chain. This opens up the opportunity to repurpose those Wi-Fi Chips as Software-defined Receivers. As the firmare is proprietary and the configuration is non-trivial, reverse engineering of the underlying processes are required. In this thesis, we try to better understand the possible configuration options, tackle bottlenecks like memory and bus bandwidth restrictions, and create a tool that abstracts the SDR RX feature to end-users.
You should have experience with C, Reverse Egineering and interest in hardware features of RF receiver chains.