Issue #1937


Liberate the bcm4334 wifi/bluetooth firmware

Added by Kurtis Hanna about 5 years ago. Updated about 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Type of work:
Communication (mails, contacting people, etc)


The driver for this chip seems to already be free software and is in the mainline linux kernel:

Cypress now owns the rights to the bcm4334 chips' firmware. To my knowledge, Cypress is more likely to say yes to a request that they release the source code to this firmware with a free software license than Broadcom would have been. I don't believe anyone has formally asked Cypress to do this. Since this chip is in a lot of Replicant's supported devices, it would make sense for our project to formally ask this of them.

The non-free firmware binary seems to be available here:

There were some efforts to hack this chip's firmware in the past, but it seems to not have gone anywhere...
Some of this work seems to have been done by this developer, who we could maybe contact for help if we also want to hack the chip's firmware:

Actions #1

Updated by Kurtis Hanna almost 5 years ago

Some more information about this has been added to our wiki:

Also, here's a link to a bcm4334 devkit of sorts:

Actions #2

Updated by Anonymous almost 5 years ago

I'm not a hardware guy, but in my opinion, a more direct way to create a dev kit is to buy a few of these:

Then, buy an appropriate BGA to DIP adapter (the bcm4334 is strange (10x11), I'm not sure if getting a bigger one (11x11) would do the trick), and solder the bcm4334 to it (this step requires BGA soldering skills, which as I understand, aren't very common), wire it up properly and start hacking:

By the way, the pinout of the bcm4334 is labeled on page 90 of the datasheet:

Actions #3

Updated by Jack K over 4 years ago

In light of this...

...does anyone think pursuing the firmware source code request with Cypress is worthwhile - asking that since they won't patch this vulnerable, old code, please release it to the community?

Has anyone got any experience with these sorts of requests?

Actions #4

Updated by Kurtis Hanna about 4 years ago

Hello Jack,

I'm not familiar with those sorts of requests. Please feel free to approach them and ask if you have the willingness to do so!


Actions #5

Updated by Kurtis Hanna about 4 years ago

I wonder if the fact that bluetooth works even when the proprietary firmware isn't on the phone is a clue of some sort:

Actions #6

Updated by _I3^ RELATIVISM about 3 years ago

  • Type of work Communication (mails, contacting people, etc) added

Also available in: Atom PDF