Channel State Information (CSI) is a metric describing amplitude and phase changes introduced by the communication channel between two devices. It is estimated for WiFi communication by default to compensate channel effects. Recent research shows that this metric can be used for sensing, e.g. localization, fingerprinting, or motion detection. However, CSI is typically not available to applications on consumer devices.
Broadcom entered the game by providing a CSI monitor with some of its latest WiFi SoCs. These chips can be found on numerous Access Points. But, there is no public documentation of this feature's implementation nor usage. In this thesis, we analyze Broadcom's proprietary CSI monitor feature by dynamically and statically reverse engineering userland, driver, and firmware binaries and compare the results with state-of-the-art CSI extractors.
You should be confident with the programming language C and with digging into unknown territories.