can we extract channel state information on raspberry pi 3+(bcm43430a1)?

[leewez]

hello, Since the nexmon framwork can support raspberry pi 3+(bcm43430a1), so is there any chance that we can extract channel state information on raspberry pi 3+(bcm43430a1)?

[matthiasseemoo]

CSI extraction should work on the Raspberry Pi 3 and 3+ as well. However, I currently do not have the need for this and unfortunately also not the time to implement it. Nevertheless, we opensource all of our solutions so that anyone with some technical skills can apply our hacks to other Broadcom Wi-Fi chips.

On Wed, May 30, 2018 at 12:25 PM, leewez notifications@github.com wrote:

hello, Since the nexmon framwork can support raspberry pi 3+(bcm43430a1), so is there any chance that we can extract channel state information on raspberry pi 3+(bcm43430a1)?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/5, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7lgWip0loCW9Yyi-018RCJdU_AiJks5t3nOJgaJpZM4UTAbm .

-- Matthias Schulz Secure Mobile Networking Lab - SEEMOO

Email: matthias.schulz@seemoo.tu-darmstadt.de Web: http://www.seemoo.de/mschulz Phone (new): +49 6151 16-25478 Fax: +49 6151 16-25471

Department of Computer Science Center for Advanced Security Research Darmstadt Technische Universität Darmstadt Mornewegstr. 32 (Office 4.2.10, Building S4/14) D-64293 Darmstadt, Germany

[leewez]

@matthiasseemoo thanks very much for your reply. I just have a look at the source code, and find out that there are a few chipset (firmware) relatived code like: // Change the rxhdr_len in the initvals attribute((at(0x1D4370, "", CHIP_VER_BCM4339, FW_VER_6_37_32_RC23_34_43_r639704))) GenericPatch4(initvals_rxhdr_len0, 2 * RX_HDR_LEN);

If I want to port this tools to pi 3+(bcm43430a1), how shall I deal with these codes? Would you please give me some advise?

thanks, Li, Yongfeng

[leewez]

@matthiasseemoo , I also found a few funcitons referenced by this project doest not exits in bcm43430a1, like the following one: AT(CHIP_VER_BCM4339, FW_VER_ALL, 0x504A0) void wlc_bmac_write_shm(void *wlc_hw, unsigned int offset, unsigned short v) VOID_DUMMY

Do you have any idea on how to fix things like this?

Thanks, Li, Yongfeng

[matthiasseemoo]

Did you read our Wintech paper on Nexmon, or my PhD thesis? There you can find out more about the reverse engineering of the Wi-Fi chip.

On Mon, Jun 4, 2018 at 9:48 AM, leewez notifications@github.com wrote:

@matthiasseemoo https://github.com/matthiasseemoo , I also found a few funcitons referenced by this project doest not exits in bcm43430a1, like the following one: AT(CHIP_VER_BCM4339, FW_VER_ALL, 0x504A0) void wlc_bmac_write_shm(void *wlc_hw, unsigned int offset, unsigned short v) VOID_DUMMY

Do you have any idea on how to fix things like this?

Thanks, Li, Yongfeng

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/5#issuecomment-394264392, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7tK0YqENVRDyiV5E6nVR_A69OHAIks5t5OY5gaJpZM4UTAbm .

-- Matthias Schulz Secure Mobile Networking Lab - SEEMOO

Email: matthias.schulz@seemoo.tu-darmstadt.de Web: http://www.seemoo.de/mschulz Phone (new): +49 6151 16-25478 Fax: +49 6151 16-25471

Department of Computer Science Center for Advanced Security Research Darmstadt Technische Universität Darmstadt Mornewegstr. 32 (Office 4.2.10, Building S4/14) D-64293 Darmstadt, Germany

[colchristmas]

@matthiasseemoo Your Wintech Paper on Nexmon couldn't be found from the link you provided. https://seemoo.de/mschulz/wintech2017 There was an error in opening the website.

[matthiasseemoo]

I will have to fic the links. However, the information from the paper is also available in my thesis that you can download from our libraries website.

Am Do., 14. Feb. 2019, 01:56 hat Christo Joby notifications@github.com geschrieben:

@matthiasseemoo https://github.com/matthiasseemoo Your Wintech Paper on Nexmon couldn't be found from the link you provided. https://seemoo.de/mschulz/wintech2017 There was an error in opening the website.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/5#issuecomment-463439673, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7huF0A96uWh_BArZxgH05aUUCUZ_ks5vNLQpgaJpZM4UTAbm .

[josemanjarrez92]

@leewez could you do it? I'm trying to do the same @matthiasseemoo could there be a tool like Nexmon Channel State Information Extractor but RPi?

[matthiasseemoo]

We publish a paper on it in wintech 2019 including the code. Btw. B3plus has a bcm43455 chip. You will soon find the code under https://nexmon.org/csi

josemanjarrez92 notifications@github.com schrieb am Di., 20. Aug. 2019, 21:59:

@leewez https://github.com/leewez could you do it? I'm trying to do the same @matthiasseemoo https://github.com/matthiasseemoo could there be a tool like Nexmon Channel State Information Extractor but RPi?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/5?email_source=notifications&email_token=ACZ773UUGT7DKPVMP7FBCTTQFRELNA5CNFSM4FCMA3TKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4XPN2Y#issuecomment-523171563, or mute the thread https://github.com/notifications/unsubscribe-auth/ACZ773VVTNUTBACK2D3YXETQFRELNANCNFSM4FCMA3TA .

[josemanjarrez92]

@matthiasseemoo thanks for your quick response. I'll be waiting for the code, it's all I need to finish my research. Thanks!