In this thesis, we develop a minimal firmware that initializes vital parts of Broadcom WiFi SoCs and provides a feature extendable base for future projects. We use the modern programming language Rust, which is performant like C but more secure by default, and still provides low-level access as required when designing such a system.
Broadcom develops complex WiFi single-chip systems that can be found in million of devices like recent smartphones and access points. Those WiFi SoCs are running just as complex firmware. This proprietary firmware is originally written in C and only available as binary blob. A framework originally developed at SEEMOO by M. Schulz (Nexmon: The C-based Firmware Patching Framework) simplifies the process of modifying the firmware, but still, doing this correctly is a heavy and error prone task, mostly due to interference of the complex firmware and our modifications. In many cases, we don't need most parts of the original firmware and a minimal running system would benefit us, especially reducing interference with our additions.
Besides coding in Rust, this work includes static and dynamic reverse engineering & analysis of code, drivers, and firmware. You should be confident with reading C code and open to learn new skills. Experience with hardware-near programming / microcontrollers is beneficial.