Cypress/Broadcom WiFi chips commonly hold a microprocessor, also called D11 core, that handles all real-time related 802.11 MAC tasks in form of a programmable state machine. The D11 core's architecture and instruction set are proprietary. Reverse engineering efforts already disclosed a sufficient subset of the instruction set to allow disassembling and assembling of microcodes(firmware of the D11 core) for specific core revisions. Still, analyzing, modifying, and debugging microcodes on-chip is error-prone and time consuming. Emulating the D11 core can be used as support for such tasks. In this thesis, we want to gain more knowledge about the D11 core's functionalities by further reverse engineering its internals, and implement an emulator that supports its instruction set and eases debugging of microcodes.
May 2022
Completed