Group: Hardware/Strategies/ReverseEngineering

From LibrePlanet
< Group:Hardware‎ | Strategies
Revision as of 10:53, 15 October 2017 by GNUtoo2 (talk | contribs) (Is the work difficult ? (0 easy, 9 hard))
Jump to: navigation, search

Introduction

A lot of hardware require software to work (often as drivers and/or firmware(s)). However when the only software to make a given hardware work is proprietary, there is no way to use that hardware in freedom.

When hardware documentation is available, is is a matter of writing the missing software. When it is not, the hardware has to be reverse engineered to either write such documentation and/or to write such software.

Which hardware should be prioritized ? We propose criterions and a few examples.

Is it a widely distributed hardware ?

For instance, millions of Raspberry PI have been sold. A functional free software firmware for the VideoCore IV GPU it uses would be beneficial to all existing users. Another example is the Samsung Galaxy SIII which sold over 70 million units and can easily be bought second hand world wide. A free software driver for the BCM4334 wifi chip could enable new Replicant users.

Is it the last step in completing the liberation of whole device(s) ?

For instance, consider the Allwinner A20 System on a Chip in the Olimex Lime2. If we can make it work with free software, all the hardware of that chip will become functional in the free world. All of the hardware in that single board computer will likewise become functional in the free world.

How long will it take ? (0 fast, 9 long)

How much time such work can take depends on:

  • how much the tasks at hand fits the skills of the people working on it. The various tasks can require very different skillets.
  • How much documentation there is and how much work there is to do
  • If making such software usable usually takes times. For instance a GPU driver often needs quite some time to get a low enough number of bugs.

Is reverse engineering needed?

Reverse engineering might not be needed as documentation might already exist, either published by the hardware manufacturer, or by people that did some reverse engineering on the hardware.

Examples:

  • The etna-viv project states: Nearly all of the reverse engineering work has been done, [...] However I don't have time nor will to do everything myself. This project needs developers that help with the Mesa driver for [...] I did my thing, now do yours. There is no point in waiting because whatever you want just won't happen out of itself.

How useful is the hardware ? (0 not really, 9 very)

For instance, in the Samsung mobile phones, the Wifi, GPS and bluetooth drivers need reverse engineering. The wifi driver is more useful than the bluetooth driver.

Is it crucial ?

It is in hardware that does a job that is crucial for us to support. A job can be crucial even if only few people need to do it.

Hardware list

Units Last step Difficult Long Useful Crucial
#Mali GPU >100M Yes 5/9 9/9 No
BCM4334 Wifi >70M No 9/9 9/9 No
BCM4334 Bluetooth >70M No ?/9 2/9 No
BCM43438 Wifi >10M No 9/9 2/9 No
Vivante GPU ?? No 5/9 2/9 No

Mali GPU

The Mali GPU can be found in a lot of Allwinner System on a chip, since the Cedrus project took care of the video decoding offloading, only the Mali GPU isn't usable with free software. Such System on a chip can be found in many boards or devices which can easily be bought.

The Mali is also used in many Exynos System on a chip found in most Samsung phones (12) from the S2 to the S7 which sold over 100 million units combined (1, 2, 3). They can easily be purchased second hand world wide.

Reverse engineering is made easier because the driver is in user space and all dialogs with the hardware via a kernel driver published as free software.

The Lima project exists and is useable in some cases. But is incomplete and did not see much activity since 2016.

BCM4334 Wifi

The BCM4334 Single Chip IEEE 802.11 a/b/g/n MAC/Baseband/Radio with Integrated Bluetooth 4.0 + HS and FM Receiver is used in the Samsung Galaxy SIII which sold over 70 million units. It can easily be purchased second hand world wide. Reverse engineering would is very difficult. It would be very useful because it would enable Replicant. There are no ongoing reverse engineering projects for this chip.

BCM4334 Bluetooth

It is a part of the BCM4334 chip which also includes [[#BCM4334 Wifi|wifi], only it is less useful and the difficulty is unknown.

BCM43438 Wifi

The BCM43438 Single-Chip IEEE 802.11ac b/g/n MAC/Baseband/ Radio with Integrated Blue tooth 4.1 and FM Receiver is used in Raspberry Pi which sold over 10 million units. The user base is large and could upgrade to a free software driver. Reverse engineering would is very difficult. Although the bootloader is free software other hardware parts do not work wihout nonfree software. Since there also is an ethernet port, the availability of the wifi is not a blocker to operate the Raspberry PI.

Vivante GPU

The Vivante GPU is used in the i.MX_6 SoC which is used in the Novena laptop which sold ??? units. Reverse engineering is made easier because the driver is in user space and all dialogs with the hardware via a kernel driver published as free software. The Etnaviv project exists and is useable but it needs completion.

The only other part in the SoC requiring reverse engineering is the VDU.

TODO

SSD firmware blobs

It's pretty easy to hide data in an SSD or mount an attack on a machine when those blobs are totally unknown. You don't have to load the SSD firmware as part of boot, of course, but it is typically updateable. There's been a few demonstrations of attacks on USB/hard drive firmwares in the past. An exploit was found on an SD card firmware but was not weaponized. It is relatively trivial to hide data and do TOC/TOU attacks on unsuspecting hosts from mass storage firmwares.

Updating the firmware of a ssd / hdd

VDU used in the Novena

TBD

Raspberry hardware setup and bootloader

The Raspberry Pi needs nonfree software to start up. I think it initializes the hardware. This is a big problem; it means we have to call that machine "fatally flawed". I suspect that "bootloader" refers to just _part_ of the software that runs at startup time. It must run _after_ initializing the hardware.

Startup software consists of:

  • Proprietary hardware setup.
  • Free bootloader.

Freedom box

There are a number of hardware referenced at http://www.freedomboxfoundation.org/. Which one would benefit from reverse engineering and on which hardware part ?

Retrieved from "https://libreplanet.org/wiki?title=Group:Hardware/Strategies/ReverseEngineering&oldid=47526"