https://redmine.replicant.us/https://redmine.replicant.us/favicon.ico?15984615062019-07-30T19:25:50ZReplicantReplicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=74932019-07-30T19:25:50ZKurtis HannaKurtis@riseup.net
<ul></ul><p>Some more information about this has been added to our wiki: <a class="external" href="https://redmine.replicant.us/projects/replicant/wiki/WiFi#section-6">https://redmine.replicant.us/projects/replicant/wiki/WiFi#section-6</a></p>
<p>Also, here's a link to a bcm4334 devkit of sorts: <a class="external" href="https://store.embeddedworks.net/wlan670/#tab-label-additional">https://store.embeddedworks.net/wlan670/#tab-label-additional</a></p> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=74982019-08-02T17:00:39ZAnonymous
<ul></ul><p>I'm not a hardware guy, but in my opinion, a more direct way to create a dev kit is to buy a few of these:<br /><a class="external" href="https://www.aliexpress.com/item/32871146311.html">https://www.aliexpress.com/item/32871146311.html</a></p>
<p>Then, buy an appropriate BGA to DIP adapter (the bcm4334 is strange (10x11), I'm not sure if getting a bigger one (11x11) would do the trick), and solder the bcm4334 to it (this step requires BGA soldering skills, which as I understand, aren't very common), wire it up properly and start hacking:<br /><a class="external" href="https://www.proto-advantage.com/store/index.php?cPath=4000">https://www.proto-advantage.com/store/index.php?cPath=4000</a></p>
<p>By the way, the pinout of the bcm4334 is labeled on page 90 of the datasheet:<br /><a class="external" href="https://www.cypress.com/file/298706/download">https://www.cypress.com/file/298706/download</a></p> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=79622020-03-12T21:06:33ZJack K
<ul></ul><p>In light of this...</p>
<p><a class="external" href="https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/">https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/</a></p>
<p>...does anyone think pursuing the firmware source code request with Cypress is worthwhile - asking that since they won't patch this vulnerable, old code, please release it to the community?</p>
<p>Has anyone got any experience with these sorts of requests?</p> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=80162020-05-01T16:08:06ZKurtis HannaKurtis@riseup.net
<ul></ul><p>Hello Jack,</p>
<p>I'm not familiar with those sorts of requests. Please feel free to approach them and ask if you have the willingness to do so!</p>
<p>Cordially,<br />Kurtis</p> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=80172020-05-01T16:09:17ZKurtis HannaKurtis@riseup.net
<ul></ul><p>I wonder if the fact that bluetooth works even when the proprietary firmware isn't on the phone is a clue of some sort: <a class="external" href="https://redmine.replicant.us/issues/1928">https://redmine.replicant.us/issues/1928</a></p> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=88042021-03-24T00:46:21Z_I3^ RELATIVISM
<ul><li><strong>Type of work</strong> <i>Communication (mails, contacting people, etc)</i> added</li></ul> Replicant - Issue #1937: Liberate the bcm4334 wifi/bluetooth firmwarehttps://redmine.replicant.us/issues/1937?journal_id=90262021-03-26T23:10:52ZKurtis HannaKurtis@riseup.net
<ul></ul><p><a class="external" href="https://github.com/kriswebdev/bcmon_reverse_engineering/tree/galaxys3">https://github.com/kriswebdev/bcmon_reverse_engineering/tree/galaxys3</a></p>