What we know about OpenFWWF

I decided to compile all of what we know about the open firmware we use to prototype CSMA/ECA using cheap wireless cards (WNICs).

Maybe this way we can ask for help to understand the underlying (assembly) code.

What’s OpenFWWF?

Basically, it is a firmware containing the instruction set for the WNIC. Given that the manufacturer writes it for a specific arrangement of hardware components, it is very hard (even legally hazardous/challenging) to modify.

A group led by Francesco Gringoli reverse-engineered the firmware for an specific model of WNIC. What they came up with is now called OpenFWWF.

They released the code for everyone to see and modify.

UPDATE 1 (150114): details about the registers used by the firmware are gathered here.

UPDATE 2 (150114): the assembler comes with a README file summarizing the instruction set.

UPDATE 3 (100214)the list of included registers are gathered in: spr.inc, shm.inc, cond.inc and myreg.inc.

UPDATE 4 (130214)the assembler and disassembler, as well as a debugger to dump the content of the firmware’s register is called b43-tools. An interesting thing is that the b43-tools has a file called initvals which initializes a set of registers with specific values, like SIFS of the SlotTime! This is explained at Section III-A of the implementation of IEEE 802.11aa paper.

UPDATE 5 (030314): we are compiling a file with all our understanding of the subject as we go on. Only accesible to collaborators, at the moment at least.

Why is it so important?

Prototyping directly over the WNIC is quite an appealing approach. It is realistic and cheap (WNICs are around $10 each). Nevertheless, WNIC-based prototyping is known to be inaccurate when needing tight synchronization or precise timing.

Where are the files?

Without further ado, the OpenFWWF raw DCF implementation in assembly is here.

Starting from the DCF implementation, we modified it to pick a deterministic backoff if the current contention window is equal to the minimum contention window. This code is also available*.

What are the current challenges?

This is a very wide question. At the moment we only know how to assign the deterministic backoff under the specified conditions. If we plan to prototype Hysteresis and Fair Share, more parts of the code need to be understood.


*: the function that assigns the deterministic backoff is at the end of the file, specifically in the set_backoff_time function.




Leave a Reply