Jasper Devreker Units His Sights on a Totally-Open Wi-Fi Stack for Espressif’s ESP32 Microcontrollers

Jasper Devreker, a member of Ghent College’s scholar affiliation for laptop science, is aiming to make Espressif’s fashionable ESP32 platform a bit extra open — with the event of an open supply Medium Entry Management (MAC) layer.

“The ESP32 is a well-liked microcontroller identified within the maker group for its low value (~ €5) and helpful options,” Devreker explains. “It has a dual-core CPU, built-in Wi-Fi and Bluetooth connectivity and 520kB of RAM. Many of the software program improvement package that’s used to program for the ESP32 is open supply, besides notably the wi-fi bits (Wi-Fi, Bluetooth, low-level RF capabilities): that performance is distributed as pre-compiled libraries, which are then compiled into the firmware the developer writes.”

Sad with this state of affairs, Devreker has arrange a venture to develop a “minimal substitute” for the binary blobs driving Espressif’s ESP32 Wi-Fi radio. “We don’t intend to be API-compatible with current code that makes use of the Espressif ESP-IDF API,” Devreker notes, “relatively, we might prefer to have a completely working, open supply networking stack.”

It is a difficult prospect: Espressif’s personal code is proprietary and solely supplied as opaque binary blobs, and since the corporate would not count on builders to be utilizing the rest the underlying {hardware} shouldn’t be publicly documented. The answer: reverse engineering the {hardware}, constructing on work finished by Uri Shaked again in 2021 and Martin Johnson in 2022.

Taking Espressif’s fork of the QEMU emulator as a place to begin, and utilizing the open supply Ghidra reverse engineering instrument with a plugin for Tensilica Xtensa assist, Devreker and colleagues started their work — together with analyzing the firmware working on a real ESP32 board below the crew’s management. “Along with the JTAG debugger, we additionally related a USB Wi-Fi dongle on to the ESP32,” Devreker explains.

“We join [the] antenna connector to a 60dB attenuator (this weakens the sign by 60dB),” Devreker continues, “then join that to the antenna connector of the wi-fi dongle. That approach we’ll be capable of solely obtain the packets coming from the ESP32, and the ESP32 will solely obtain packets despatched by the wi-fi dongle.”

Inserting the ensuing mixture in a Faraday cage constructed from an empty tin can, the crew was in a position to write a minimal firmware and uncover a high-level overview of the “{hardware} lifecycle” whereas sending a packet. With that in hand, they created a proof-of-concept firmware for transmitting and receiving arbitrary packets with out utilizing any of Espressif’s software program improvement package performance — apart from the proprietary capabilities required to initialize the radio and disable energy saving.

That is a formidable begin, however the venture nonetheless has a methods to go: Devreker’s roadmap consists of controlling the radio’s tuner and energy settings, changing the proprietary radio initialization step, and including code from an current 802.11 MAC inventory to permit the system to affiliate with Wi-fi Entry Level (WAP) gadgets.

“This can be a sizeable venture that might positively use a number of contributors; I’d actually prefer to collaborate with different individuals to create a completely purposeful, open supply Wi-Fi stack for the ESP32,” Devreker provides. “If this seems like one thing you’d prefer to work on, contact me through zeusblog@devreker.be, perhaps we will have a weekly hacking session?”

The complete venture write-up is out there on the Ghent College Zeus WPI web site — with the packet-reception breakthrough in a second publish. the supply code so far is up on GitHub below the permissive MIT license with Espressif’s blobs licensed below Apache 2.0.