Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bcm43430a1 karma #164

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Bcm43430a1 karma #164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
159d632
Started working on FW hooks for KARMA implementation
mame82 Dec 4, 2017
e30fc68
KARMA Probing/Auth is bassically working for OPEN SYSTEMS AUTH. ToDo:…
mame82 Dec 5, 2017
236fac7
KARMA: Association to spoofed WiFi working (Open System)
mame82 Dec 5, 2017
5480d23
Untested switch to dis-/enable KARMA via IOCTL (uses possible PAD in …
mame82 Dec 6, 2017
b358fa9
Added IOCTL to enable/disable KARMA. ToDo: Disable DEBUG console out
mame82 Dec 8, 2017
42c5e1f
Reduced KARMA DEBUG out (branch based, no preprocessor compile exclued)
mame82 Dec 12, 2017
8fea0dc
Further DEBUG out reduction
mame82 Dec 12, 2017
647517a
Implemenation of firmware based list with unique SSIDs seen in probes…
mame82 Dec 12, 2017
a5b9e5d
Addded/extended some structs + needed function offsets from original …
mame82 Dec 17, 2017
d1bc75e
First implementation of multi beaconing (seen on probe requests + use…
mame82 Dec 17, 2017
ecab689
Removed unneded code/comments
mame82 Dec 17, 2017
1d6e8cd
Changed on-demand configuration via IOCTL, added SSID beaconing (karm…
mame82 Dec 18, 2017
8bbecc9
Added ioctl to dump KARMA config, updated python tool (dump_mem is cr…
mame82 Dec 20, 2017
19769c2
Fw: Fixed GET_MEM; mame82_util: fixed dump_mem, dump_conf prints curr…
mame82 Dec 21, 2017
d840feb
Capability check for KARMA support, CLI seetings tool for KARMA (work…
mame82 Dec 21, 2017
d97fc10
Updated KARMA firmware config tool
mame82 Dec 22, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 135 additions & 29 deletions firmwares/bcm43430a1/structs.common.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,59 @@ struct wlc_if {
struct wlc_if_stats _cnt;
};

#define ETHER_ADDR_LEN 6 /* d11 management header length */
struct ether_addr {
uint8 octet[ETHER_ADDR_LEN];
};

typedef struct wlc_if wlc_if_t;
typedef struct wlc_bsscfg wlc_bsscfg_t;
typedef struct wlc_info wlc_info_t;
typedef struct wl_info wl_info_t;
typedef struct hnd_dev hnd_dev_t;

#define HND_DEV_NAME_MAX 16

/* Device instance */
struct hnd_dev {
char name[HND_DEV_NAME_MAX];
uint32 devid;
uint32 flags;
//hnd_dev_ops_t *ops;
void *ops;
void *softc;
hnd_dev_t *next;
hnd_dev_t *chained;
//hnd_dev_stats_t *stats;
void *stats;
void *commondata;
void *pdev;
};


typedef struct hnd_timer hnd_timer_t;
typedef struct hnd_timer hnd_task_t;
typedef hnd_timer_t wl_timer;
typedef struct wlc_ap_info wlc_ap_info_t;

struct wlc_ap_info {
int PAD;
};

struct hnd_timer
{
int PAD;
};

typedef struct wlc_assoc {
/* MaMe82: struct not verified */

struct wl_timer *timer; //0x00
char gap[0x44];
bool rt; //0x48

} wlc_assoc_t;

struct wlc_info {
struct wlc_pub *pub; /* 0x000 */
struct osl_info *osh; /* 0x004 */
Expand Down Expand Up @@ -564,8 +617,18 @@ struct wlc_info {
int PAD; /* 0x25C */
int PAD; /* 0x260 */
int PAD; /* 0x264 */
int PAD; /* 0x268 */
int PAD; /* 0x26C */
/*
* MaMe82:
*
* The code @0x1d23a shows how the bsscfg array of wlc_info struct is iterated and reveals:
* offset 0x268: wlc_bsscfg_t **bsscfg //array of pointers to bsscfg structs in use, max length is 0x20
* offset 0x26C: wlc_bsscfg_t *cfg //pointer to primary bsscfg
*
* The observations have been verified on FW version 7.45.41.46
*/

wlc_bsscfg_t **bsscfg; /* 0x268 */ //MaMe82: checked, see comments above
wlc_bsscfg_t *cfg; /* 0x26C */ //MaMe82: checked, see comments above
int PAD; /* 0x270 */
int PAD; /* 0x274 */
int PAD; /* 0x278 */
Expand All @@ -576,7 +639,7 @@ struct wlc_info {
int PAD; /* 0x28C */
int PAD; /* 0x290 */
int PAD; /* 0x294 */
int PAD; /* 0x298 */
uint8 FW_PAD_UNUSED[4]; /* 0x298 */ //Dangerous, needs to be validated to avoid hitting channel_quality or *txmod_fs
int PAD; /* 0x29C */
int PAD; /* 0x2A0 */
int PAD; /* 0x2A4 */
Expand Down Expand Up @@ -696,7 +759,7 @@ struct wlc_info {
int PAD; /* 0X46C */
int PAD; /* 0X470 */
int PAD; /* 0X474 */
int PAD; /* 0X478 */
void *pcb; /* 0X478 */
int PAD; /* 0X47C */
int PAD; /* 0X480 */
int PAD; /* 0X484 */
Expand Down Expand Up @@ -732,7 +795,8 @@ struct wlc_info {
int PAD; /* 0X4FC */
int PAD; /* 0X500 */
int PAD; /* 0X504 */
int PAD; /* 0X508 */
//MaMe82: see code @ 0x0083f0cc
int ap; /* 0X508 */
int PAD; /* 0X50C */
short some_chanspec; /* 0X510 */
short PAD; /* 0X512 */
Expand Down Expand Up @@ -797,12 +861,13 @@ struct wlc_info {
int PAD; /* 0X5FC */
};


/* partly CHECKED */
struct wlc_pub {
struct wlc_info *wlc; /* 0x000 */
int PAD; /* 0x004 */
int PAD; /* 0x008 */
int PAD; /* 0x00C */
struct ether_addr cur_etheraddr; /* 0x004 */
uint32 unit; /* 0x00A */ //uint device instance num
short PAD; /* 0x00E */
int PAD; /* 0x010 */
int PAD; /* 0x014 */
int PAD; /* 0x018 */
Expand All @@ -813,8 +878,18 @@ struct wlc_pub {
char field_26; /* 0x026 */
char field_27; /* 0x027 */
int PAD; /* 0x028 */
int PAD; /* 0x02C */
int field_30; /* 0x030 */
//MaMe82 see code @ 0x0083f0be
// int PAD; /* 0x02C */
bool PAD; //0x02c
bool PAD; //0x02d
bool PAD; //0x02e
bool _ap; //0x02f is AP
// int field_30; /* 0x030 */
bool _apsta; //0x030 is APSTA
bool PAD; //0x031
bool PAD; //0x032
bool PAD; //0x033

int PAD; /* 0x034 */
int PAD; /* 0x038 */
int PAD; /* 0x03C */
Expand All @@ -831,27 +906,55 @@ struct wlc_pub {
int PAD; /* 0x050 */
char gap2[147];
char is_amsdu; // @ 0xe7
char gap3[4];
uint32 bcn_tmpl_len; //0xEC

//0xec --> bcn_tmpl_len ??
} __attribute__((packed));


#define WLC_NUMRATES 16
#define MCSSET_LEN 16

typedef uint32 ratespec_t;

typedef struct wlc_rateset {
uint32 count; //likely to be uint16
uint8 rates[WLC_NUMRATES];
//uint8 htphy_membership;
//uint8 mcs[MCSSET_LEN];
//uint16 vht_mcsmap;
//uint16 vht_mcsmap_prop;
} wlc_rateset_t;

typedef struct wlc_bss_info {
struct ether_addr BSSID; //0x00
uint8 GAP[0x32]; //0x06
wlc_rateset_t rateset; //0x38 MaMe82 : see code @ 0x008377fa
uint8 TAIL[1];
} wlc_bss_info_t;

struct wlc_bsscfg {
void *wlc; /* 0x000 */
char associated; /* 0x004 */
char PAD; /* 0x005 */
char PAD; /* 0x006 */
char PAD; /* 0x007 */
int PAD; /* 0x008 */
int PAD; /* 0x00C */
int PAD; /* 0x010 */
struct wlc_info *wlc; /* 0x000 */
bool up; /* 0x004 */ //up
bool enable; /* 0x005 */ //enable
bool _ap; /* 0x006 */ //_ap
bool _psta; /* 0x007 */ //_psta
bool associated; /* 0x008 */
bool PAD; /* 0x009 */
bool PAD; /* 0x00a */
bool PAD; /* 0x00b */
wlc_if_t *wlcif; /* 0x00C */
bool BSS; /* 0x010 */
bool PAD; /* 0x011 */
bool PAD; /* 0x012 */
bool PAD; /* 0x013 */
int PAD; /* 0x014 */
int PAD; /* 0x018 */
int PAD; /* 0x01C */
int PAD; /* 0x020 */
int PAD; /* 0x024 */
int PAD; /* 0x028 */
int PAD; /* 0x02C */
int PAD; /* 0x030 */
int PAD; /* 0x034 */
int PAD; /* 0x038 */
uint8 SSID_len; /* 0x018 */
uint8 SSID[32]; /* 0x019 */
uint8 PAD; /* 0x039 */
uint8 PAD; /* 0x03A */
uint8 PAD; /* 0x03B */
int PAD; /* 0x03C */
int PAD; /* 0x040 */
int PAD; /* 0x044 */
Expand Down Expand Up @@ -898,8 +1001,10 @@ struct wlc_bsscfg {
int PAD; /* 0x0E8 */
int PAD; /* 0x0EC */
int PAD; /* 0x0F0 */
int PAD; /* 0x0F4 */
int PAD; /* 0x0F8 */
//int PAD; /* 0x0F4 */
wlc_bss_info_t *current_bss; /* 0x0F4 */ //MaMe82: see code @ 0x008377f4
//int PAD; /* 0x0F8 */
wlc_assoc_t *assoc; /* 0x0F8 */ //MaMe82: see code @ 0x00847840
int PAD; /* 0x0FC */
int PAD; /* 0x100 */
int PAD; /* 0x104 */
Expand Down Expand Up @@ -1818,6 +1923,7 @@ struct tdls_iovar {
uint8 PAD;
} __attribute__((packed));


/*
struct bdc_ethernet_ip_udp_header {
struct bdc_header bdc;
Expand Down
Loading