jlinktu
commented
5 months ago Hi @quantumhub,
happy to see that you are enjoying the tool. Unfortunately, there is no simple direct answer to your question.. but I'll give my best.
Emulating microcode intended to run on D11 cores of revisions that can be found on Broadcom based Wi-Fi FullMAC IEEE 802.11ax chips would require:
1) Adding new instructions
This might be simple for new instructions that we already analyzed and understood, but depending on the D11 core revision there might be some that we haven't understood yet. Fortunately, we will add a more up-to-date b43 disassembler/assembler to the nexmon repo soon that also supports instructions of more recent revisions. In general, d11-emu is intentionally build in a way that allows adding new instructions quite easily.
1) Extending the emulator to consider a second PSM and its peripherals
Starting with D11 core revision 65 (iirc) a second PSM, called PSMx, was introduced, and with it a second microcode memory (UCMx), shared memory (SHMx), scratch registers (SCRx), and internal hardware registers (IHRx). This might need some re-structuring of the emulator.
1) More more..
There are more special cores, peripherals, memories, and modules in general that were introduced for some of the D11 core revisions or specific FullMAC chipsets. More complex hardware and software is required to fully support the IEEE 802.11ax standard and with this the whole chipset gets more complicated to understand. There might be dependencies that we don't know of yet that would need to be added for emulation.
TLDR: No, I can't provide you a tutorial on that.
quantumhub
Thank you for providing such amazing tool to allow understanding of wifi chip operations! It is interesting to study the trigger behavior in 11ax WLAN. However, it seems that this tool has only be optimized for Broadcom/Cypress WiFi 11ac chip bcm43455c0 used on the Raspberry Pi 3B+/4B. Could you provide tutorial on some 11ax router, e.g. ax86u? Thank you!