Reverse engineering ESP32 Wi-Fi driver: the road ahead

Very cool project. I think efforts like these are among the most promising to get a FOSS WiFi cards. Because these WiFi-capable MCUs are: designed to be generally programmable, have quite a lot of open documentation, are available for purchase in both small and large quantities, have s availability over long time-frames (10 years), can tap into the larger community knowledge-base. This is in contrast to the more specialized chips that dedicated WiFi cards use.

I wonder if they use any of the decompiler tools that are available. There is decompiler support for the Xtensa esp32 instruction in ghidra version 11.0. I also guess that rev.ng, which uses QEMU as its disassembler, could be used for decompiling as QEMU has support for the Xtensa esp32 instructions as well.<p>My experience with decompilers is that are not 100% perfect and that the output often still needs a lot of clean-up. I tried rev.ng on a binary written in assembler that used a register based calling convention (not stack based) and rev.ng produced a huge file many times the size you would expect from the assembler input. It seems that decompiler can only do the most trivial step of the reverse engineering process.

Interesting. 53286 accesses is a lot, I wonder if some of this is writing firmware to another processor, or writing a table. Some may also be busy waiting on status bits.<p>It would be interesting to see what the minimal subset of the 53286 is, which can be automated using the Delta Debugging algorithm, but it would first be necessary to figure out if there were any necessary waits during the writing process. Also blindly deleting stuff may produce a system that, even if it works, isn&#x27;t a good citizen of the RF spectrum.

It baffles me that a company like espressif wouldn’t publish complete API specs of their radio hardware . I could see why they may not want their proprietary source out there, as it might make it easier for competitors to make similar chips, but what is the downside to enabling someone to write software particular to your hardware?<p>It seems like they would have everything to gain and nothing to lose from this?<p>Anyone shed any light on the motivations here?

Does a FOSS wifi driver for esp8266 already exist or is it in the making?

I need _Bluetooth_ OBEX support on ESP32 and Espressif&#x27;s standard lib doesn&#x27;t provide it. Is this project going to look at issues like these too?

Some other examples of open WiFi firmware here:<p><a href="https:&#x2F;&#x2F;wiki.debian.org&#x2F;Firmware&#x2F;Open" rel="nofollow">https:&#x2F;&#x2F;wiki.debian.org&#x2F;Firmware&#x2F;Open</a>

Does this mean we could get open source (hardware) WiFi cards for our Linux Notebooks based on ESP32 in the future?

So this appears to be a clean reversing effort, for what - legal reasons?<p>Espressif Systems is a Chinese company and probably stole half the code in the firmware anyways. No one will blame you if you stick the stick the firmware in Ghidra.

Have you tried utilizing a strong LLM like ChatGPT or Claude to help you out? I&#x27;ve seen some really interesting examples of using it to decompile code to a very readable format.