TU Darmstadt / ULB / TUbiblio

The Nexmon firmware analysis and modification framework: Empowering researchers to enhance Wi-Fi devices

Schulz, Matthias and Wegemer, Daniel and Hollick, Matthias (2018):
The Nexmon firmware analysis and modification framework: Empowering researchers to enhance Wi-Fi devices.
In: Computer Communications, 129. pp. 269 - 285, ISSN 0140-3664,
DOI: 10.1016/j.comcom.2018.05.015,
[Online-Edition: http://www.sciencedirect.com/science/article/pii/S0140366417...],
[Article]

Abstract

The most widespread Wi-Fi enabled devices are smartphones. They are mobile, close to people and available in large quantities, which makes them perfect candidates for real-world wireless testbeds. Unfortunately, most smartphones contain closed-source FullMAC Wi-Fi chips that hinder the modification of lower-layer Wi-Fi mechanisms and the implementation of new algorithms. To enable researchers’ access to lower-layer frame processing and advanced physical-layer functionalities on Broadcom Wi-Fi chips, we developed the Nexmon firmware patching framework. It allows users to create firmware modifications for embedded ARM processors using C code and to change the behaviour of Broadcom’s real-time processor using Assembly. Currently, our framework supports nine Broadcom chips available in smartphones and Raspberry Pis. Our example patches enable monitor mode, frame injection, handling of ioctls, ucode compression, flashpatches, software-defined radio capabilities, channel state information extraction and access to debugging features. To enhance firmware analysis, we present a debugger application that directly accesses the debugging core of the ARM microcontroller executing the Wi-Fi firmware. Additionally, we discuss how Wi-Fi chips can be protected from malicious firmware while still allowing researchers to run custom code. Using Nexmon, researchers can unleash the full capabilities of off-the-shelf Wi-Fi devices.

Item Type: Article
Erschienen: 2018
Creators: Schulz, Matthias and Wegemer, Daniel and Hollick, Matthias
Title: The Nexmon firmware analysis and modification framework: Empowering researchers to enhance Wi-Fi devices
Language: English
Abstract:

The most widespread Wi-Fi enabled devices are smartphones. They are mobile, close to people and available in large quantities, which makes them perfect candidates for real-world wireless testbeds. Unfortunately, most smartphones contain closed-source FullMAC Wi-Fi chips that hinder the modification of lower-layer Wi-Fi mechanisms and the implementation of new algorithms. To enable researchers’ access to lower-layer frame processing and advanced physical-layer functionalities on Broadcom Wi-Fi chips, we developed the Nexmon firmware patching framework. It allows users to create firmware modifications for embedded ARM processors using C code and to change the behaviour of Broadcom’s real-time processor using Assembly. Currently, our framework supports nine Broadcom chips available in smartphones and Raspberry Pis. Our example patches enable monitor mode, frame injection, handling of ioctls, ucode compression, flashpatches, software-defined radio capabilities, channel state information extraction and access to debugging features. To enhance firmware analysis, we present a debugger application that directly accesses the debugging core of the ARM microcontroller executing the Wi-Fi firmware. Additionally, we discuss how Wi-Fi chips can be protected from malicious firmware while still allowing researchers to run custom code. Using Nexmon, researchers can unleash the full capabilities of off-the-shelf Wi-Fi devices.

Journal or Publication Title: Computer Communications
Journal volume: 129
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > A: Construction Methodology
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1053: MAKI – Multi-Mechanisms Adaptation for the Future Internet > A: Construction Methodology > Subproject A3: Migration
Date Deposited: 22 Apr 2020 08:17
DOI: 10.1016/j.comcom.2018.05.015
Official URL: http://www.sciencedirect.com/science/article/pii/S0140366417...
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details