jaovitubr
commented
3 years ago yes I also want to know where it came from
Closed risinek closed 3 years ago
jaovitubr
commented
3 years ago yes I also want to know where it came from
henriquenunez
commented
3 years ago Yep, Ghidra was used to decompile the firmware, and a call to that function was found and then bypassed.
risinek
commented
3 years ago Great! Thanks for confirming.
Hola, I'm curious how
ieee80211_raw_frame_sanity_checkfunction was found? Was it done by decompiling official ESP WiFi libraries similarly to how it was done in Jeija/esp32-80211-tx project? I understand how the patch itself works, but I'm interested in details about how it was researched.