2008-06-14 13:54:06

by Michael Büsch

[permalink] [raw]
Subject: b43 open-firmware new snapshot

Hi,

Here comes another snapshot of the Opensource firmware for
the b43 wireless core.
http://bu3sch.de/b43/openfw/b43-openfw-20080614.tar.bz2

The firmware does _ONLY_ work in monitor mode. The TX path is not implemented,
so it can not associate or whatever. It can only receive packets.

This firmware does _only_ work on wireless core revisions 5, 6, 7, 8 or 10.
You can see the core revision by turning on SSB debugging.
It will print something like:
ssb: Core X found: IEEE 802.11 (cc 0x812, rev 0x05, vendor 0x4243)
As you can see there's the revision number in hex.

If you want to test this, first get latest wireless-testing.git kernel driver.
Then get the firmware tarball and extract it.
The tarball contains the full sourcecode and a set of prebuilt binaries.
(If you want to rebuild the stuff, you need to get the assembler toolchain
from http://git.bu3sch.de/git/b43-tools.git).
There are binaries with debugging code (in bin-debug subdir) and without
debugging code (in bin subdir). You want to start with the non-debugging
version for testing. You might want to check the debugging version, if
you see any problems. It might print some useful hints in the kernel
driver for what is going wrong.

Simply get the *.fw files from bin/rev5/ in the tarball and copy them
into /lib/firmware/b43-open.
Then load b43 from latest wireless-testing.git with the module
parameter fwpostfix=-open

--
Greetings Michael.


2008-06-18 18:26:46

by Michael Büsch

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

On Wednesday 18 June 2008 20:06:02 Rafa=C5=82 Mi=C5=82ecki wrote:
> 2008/6/14, Michael Buesch <[email protected]>:
> > Here comes another snapshot of the Opensource firmware for
> > the b43 wireless core.
> > http://bu3sch.de/b43/openfw/b43-openfw-20080614.tar.bz2
> >
> > The firmware does _ONLY_ work in monitor mode. The TX path is not =
implemented,
> > so it can not associate or whatever. It can only receive packets.
>=20
> News about Broadcom' new distater-driver and your opensource firmware
> was posted on our Polish news portal
> (http://osnews.pl/b43-z-wlasnym-mikrokodem/). Let me make little
> off-topic here and post a few translated comments, please:
>=20
> jellonek:
> > for such a people "hacker" term was introduced.
> > they would help more documenting chip...
>=20
> mario:
> > RESPECT for this man!
>=20
> Azrael Nightwalker:
> > Fucgreat!
>=20
> Great work Michael, thanks for your work! I'm extremly happy having
> notebook with so well supported wifi :)

Thanks. ;)

But IMO "well supported wifi" is something else. Broadcom would appear
in this story, if this was well supported. :)

--=20
Greetings Michael.

2008-06-18 18:06:18

by Rafał Miłecki

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

MjAwOC82LzE0LCBNaWNoYWVsIEJ1ZXNjaCA8bWJAYnUzc2NoLmRlPjoKPiAgSGVyZSBjb21lcyBh
bm90aGVyIHNuYXBzaG90IG9mIHRoZSBPcGVuc291cmNlIGZpcm13YXJlIGZvcgo+ICB0aGUgYjQz
IHdpcmVsZXNzIGNvcmUuCj4gIGh0dHA6Ly9idTNzY2guZGUvYjQzL29wZW5mdy9iNDMtb3BlbmZ3
LTIwMDgwNjE0LnRhci5iejIKPgo+ICBUaGUgZmlybXdhcmUgZG9lcyBfT05MWV8gd29yayBpbiBt
b25pdG9yIG1vZGUuIFRoZSBUWCBwYXRoIGlzIG5vdCBpbXBsZW1lbnRlZCwKPiAgc28gaXQgY2Fu
IG5vdCBhc3NvY2lhdGUgb3Igd2hhdGV2ZXIuIEl0IGNhbiBvbmx5IHJlY2VpdmUgcGFja2V0cy4K
Ck5ld3MgYWJvdXQgQnJvYWRjb20nIG5ldyBkaXN0YXRlci1kcml2ZXIgYW5kIHlvdXIgb3BlbnNv
dXJjZSBmaXJtd2FyZQp3YXMgcG9zdGVkIG9uIG91ciBQb2xpc2ggbmV3cyBwb3J0YWwKKGh0dHA6
Ly9vc25ld3MucGwvYjQzLXotd2xhc255bS1taWtyb2tvZGVtLykuIExldCBtZSBtYWtlIGxpdHRs
ZQpvZmYtdG9waWMgaGVyZSBhbmQgcG9zdCBhIGZldyB0cmFuc2xhdGVkIGNvbW1lbnRzLCBwbGVh
c2U6CgpqZWxsb25lazoKPiBmb3Igc3VjaCBhIHBlb3BsZSAiaGFja2VyIiB0ZXJtIHdhcyBpbnRy
b2R1Y2VkLgo+IHRoZXkgd291bGQgaGVscCBtb3JlIGRvY3VtZW50aW5nIGNoaXAuLi4KCm1hcmlv
Ogo+IFJFU1BFQ1QgZm9yIHRoaXMgbWFuIQoKQXpyYWVsIE5pZ2h0d2Fsa2VyOgo+IEZ1Y2dyZWF0
IQoKR3JlYXQgd29yayBNaWNoYWVsLCB0aGFua3MgZm9yIHlvdXIgd29yayEgSSdtIGV4dHJlbWx5
IGhhcHB5IGhhdmluZwpub3RlYm9vayB3aXRoIHNvIHdlbGwgc3VwcG9ydGVkIHdpZmkgOikKCi0t
IApSYWZhxYIgTWnFgmVja2kK

2008-06-18 18:30:27

by Michael Büsch

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

On Wednesday 18 June 2008 20:26:10 Michael Buesch wrote:
> On Wednesday 18 June 2008 20:06:02 Rafa=C5=82 Mi=C5=82ecki wrote:
> > 2008/6/14, Michael Buesch <[email protected]>:
> > > Here comes another snapshot of the Opensource firmware for
> > > the b43 wireless core.
> > > http://bu3sch.de/b43/openfw/b43-openfw-20080614.tar.bz2
> > >
> > > The firmware does _ONLY_ work in monitor mode. The TX path is no=
t implemented,
> > > so it can not associate or whatever. It can only receive packets=
=2E
> >=20
> > News about Broadcom' new distater-driver and your opensource firmwa=
re
> > was posted on our Polish news portal
> > (http://osnews.pl/b43-z-wlasnym-mikrokodem/). Let me make little
> > off-topic here and post a few translated comments, please:
> >=20
> > jellonek:
> > > for such a people "hacker" term was introduced.
> > > they would help more documenting chip...
> >=20
> > mario:
> > > RESPECT for this man!
> >=20
> > Azrael Nightwalker:
> > > Fucgreat!
> >=20
> > Great work Michael, thanks for your work! I'm extremly happy having
> > notebook with so well supported wifi :)
>=20
> Thanks. ;)
>=20
> But IMO "well supported wifi" is something else. Broadcom would appea=
r
> in this story, if this was well supported. :)
>=20

Oh and let's not forget Johannes and his brother. They play a _major_
role in firmware reverse engineering. Most credit should go to them.
They did / are doing the hardest work.


--=20
Greetings Michael.

2008-06-18 16:10:35

by Francesco Gringoli

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

>> This firmware does _only_ work on wireless core revisions 5, 6, 7,
>> 8 or 10.
>
> There are reports of it working on rev.9 cores. Is that possible?
> (Resend of previous mail to the list.)
Hi there,

I get this
Jun 18 16:43:51 b43 kernel: [ 21.152097] ssb: Core 0 found:
ChipCommon (cc 0x800, rev 0x0D, vendor 0x4243)
Jun 18 16:43:51 b43 kernel: [ 21.152113] ssb: Core 1 found: IEEE
802.11 (cc 0x812, rev 0x09, vendor 0x4243)
Jun 18 16:43:51 b43 kernel: [ 21.152122] ssb: Core 2 found: PCI (cc
0x804, rev 0x0C, vendor 0x4243)
Jun 18 16:43:51 b43 kernel: [ 21.152132] ssb: Core 3 found: PCMCIA
(cc 0x80D, rev 0x07, vendor 0x4243)

it should be a rev.9 core. Well, I got it running in monitor mode, I
clear saw tcpdump doing its work. But I think Michael is right, just
after a while it crashed: before doing that syslog filled up with

[ 1213.209871] ------------[ cut here ]------------
[ 1213.209878] WARNING: at drivers/net/wireless/b43/xmit.c:49 b43_rx
+0x1a5/0x630 [b43]()
[ 1213.209880] Modules linked in: b43 rfkill_input arc4 ecb
crypto_blkcipher rfkill mac80211 cfg80211 input_polldev af_packet
radeon drm speedstep_lib cpufreq_stats cpufreq_ondemand freq_table
cpufreq_powersave cpufreq_userspace cpufreq_conservative container sbs
sbshc loop serio_raw psmouse pcspkr usbhid hid ssb battery asus_laptop
led_class ac button sis_agp agpgart evdev xfs ide_disk ide_cd_mod
cdrom ata_generic pata_sis libata dock floppy skge ehci_hcd ohci_hcd
usbcore sis5513 ide_core thermal processor fan fuse [last unloaded: b43]
[ 1213.209926] Pid: 0, comm: swapper Tainted: G W 2.6.26-rc6-wl
#1
[ 1213.209931] [<c011a46f>] warn_on_slowpath+0x5f/0x90
[ 1213.209947] [<c01138c2>] enqueue_task+0x12/0x30
[ 1213.209955] [<c0113934>] activate_task+0x24/0x40
[ 1213.209963] [<c0113b4e>] __wake_up_common+0x3e/0x70
[ 1213.209973] [<c025c5c1>] sock_def_readable+0x41/0x50
[ 1213.209980] [<c025b831>] sock_queue_rcv_skb+0xa1/0xe0
[ 1213.209986] [<c029f090>] udp_queue_rcv_skb+0xb0/0x280
[ 1213.209997] [<e09b892c>] ssb_pci_read32+0x1c/0x60 [ssb]
[ 1213.210010] [<c0163972>] __slab_alloc+0xa2/0x410
[ 1213.210016] [<e0b02990>] __ieee80211_rx_handle_packet+0x5e0/0x7b0
[mac80211]
[ 1213.210038] [<e0b2b7e5>] b43_rx+0x1a5/0x630 [b43]
[ 1213.210050] [<e0b20000>] b43_chip_init+0xa10/0xa20 [b43]
[ 1213.210059] [<e0b30165>] op32_fill_descriptor+0x45/0xe0 [b43]
[ 1213.210077] [<e0b2fd6e>] b43_dma_rx+0x16e/0x400 [b43]
[ 1213.210097] [<e0b21f58>] b43_interrupt_tasklet+0x378/0x910 [b43]
[ 1213.210106] [<c01138c2>] enqueue_task+0x12/0x30
[ 1213.210111] [<c0113934>] activate_task+0x24/0x40
[ 1213.210126] [<c011edc4>] tasklet_action+0x34/0x70
[ 1213.210131] [<c011ec72>] __do_softirq+0x42/0x90
[ 1213.210136] [<c011ece7>] do_softirq+0x27/0x30
[ 1213.210139] [<c011efe5>] irq_exit+0x45/0x60
[ 1213.210142] [<c0105a59>] do_IRQ+0x39/0x70
[ 1213.210151] [<c0103e23>] common_interrupt+0x23/0x30
[ 1213.210162] [<e0813d0f>] acpi_idle_enter_simple+0x16e/0x1db
[processor]
[ 1213.210177] [<e08139b6>] acpi_idle_enter_bm+0xb7/0x2a2 [processor]
[ 1213.210187] [<c0254258>] cpuidle_idle_call+0x68/0xa0
[ 1213.210193] [<c02541f0>] cpuidle_idle_call+0x0/0xa0
[ 1213.210197] [<c01026a4>] cpu_idle+0x24/0x70
[ 1213.210206] =======================
[ 1213.210209] ---[ end trace 4d6796847711ea43 ]---

repeated hundreds of time. I'm using wireless-testing (git-pulled this
morning) e latest firmware image. I succeeded to find three cards and
they all are rev.9!

Regards,
FG


2008-06-15 18:20:27

by Gábor Stefanik

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

On Sat, Jun 14, 2008 at 3:53 PM, Michael Buesch <[email protected]> wrote:
> This firmware does _only_ work on wireless core revisions 5, 6, 7, 8 or 10.

There are reports of it working on rev.9 cores. Is that possible?
(Resend of previous mail to the list.)

--
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)

2008-06-15 20:04:31

by Michael Büsch

[permalink] [raw]
Subject: Re: b43 open-firmware new snapshot

On Sunday 15 June 2008 20:20:27 Stefanik G=E1bor wrote:
> On Sat, Jun 14, 2008 at 3:53 PM, Michael Buesch <[email protected]> wrote:
> > This firmware does _only_ work on wireless core revisions 5, 6, 7, =
8 or 10.
>=20
> There are reports of it working on rev.9 cores. Is that possible?
> (Resend of previous mail to the list.)

Yes it is possible. But there _are_ differences in rev9.
So I won't guarantee it will work.


--=20
Greetings Michael.