Group: Hardware/research/WiFi access points/brcm47xx

From LibrePlanet
< Group:Hardware‎ | research‎ | WiFi access points
Revision as of 02:47, 25 April 2015 by Lagoset (talk | contribs) (TODO)
Jump to: navigation, search

The router made with Broadcom 47xx card usually runs a 2.4 kenrel with a Proprietary kernel module and a proprietary firmware for the wifi driver by default. But:

  • the 2.6 kernel has support for the bcm47xx in 2 drivers:
    • b43
    • b43-legacy for older cards.

we will focus on b43 because I'm not sure that master mode or the free firmware work with b43-legacy cards

  • there is a free firmware called openfwwf for some broadcom cards
  • openwrt build system supports both(the free firmware and the free driver)

So all what we have to do is to:

  • build a rootfs with support for both
  • customize our rootfs to make it act like a router(the init scripts etc...)

Howto create a free rootfs

Warning It may void your waranty,brick your router etc...,moreover this is a proof of concept and is not polished yet...and I didn't test it without the serial console

checkout the svn of openwrt

svn co svn://

then type:

make menuconfig

and chose your options:

  • in "Target System" choose "Broadcom BCM947xx/953xx [2.6]"
  • in "Target Profile" choose "Broadcom BCM43xx WiFi (default)"
  • in "Target Images" choose: "[*] squashfs"

while it sounds crazy to choose only squashfs(because it's a highly compressed *read only* filesystem),it isn't: openwrt automatically creates some others partitions during the first boot such as some jffs2 partition for storing what you change in the root filesystem.

  • chose the free firmware as wifi firmware here:
-> Kernel modules
   -> Wireless Drivers
      -> kmod-b43.................................. Broadcom 43xx wireless support (PACKAGE_kmod-b43 [=y])
         -> b43 firmware version (<choice> [=y])
  • in "Network" choose "hostapd" "hostapd-mini" "hostapd-utils"

I have chosen the mini and the normal in order to be sure to have everything,hostapd-utils are utilities like hostpad-cli that permit you to access the running daemon: here what it can do:

# hostapd_cli -i wlan1
hostapd_cli v0.6.9
Copyright (c) 2004-2009, Jouni Malinen <> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2. 

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details. 


Interactive mode 

> help
   mib                  get MIB variables (dot1x, dot11, radius)
   sta <addr>           get MIB variables for one station
   all_sta              get MIB variables for all stations
   new_sta <addr>       add a new station
   sa_query <addr>      send SA Query to a station
   help                 show this usage help
   interface [ifname]   show interfaces/select interface
   level <debug level>  change debug level
   license              show full hostapd_cli license
   quit                 exit hostapd_cli
  • chose the additional packages you want
  • if you want the 2.6.30 kernel you need to modify a Makefile(which one?)
  • exit and save your configuration
  • in order to have enough space for having a jffs2 writable partition you might need to do the following:
make kernel_menuconfig

then select the following option:

-> General setup
  ->Optimize for size
  • then exit and save the configuration
  • then type:

and wait a lot of time until completion

After creating the rootfs

  • flash your firmware

then log into your router

  • verify if you have the right kernel with :
uname -a
  • verify what modules are loaded with:
  • verify if you have the right firmware with:
ls -l /lib/firmware

if there is a directory named b43-open the right firmware was compiled and installed then we need to do some work: prepare the firmware directory

cd /lib/firmware
ln -s b43-open b43
rm -rf b43-legacy

maybe we need to understand how to remove b43-legacy support

  • prepare the modules for the free firmware:
rm /etc/modules.d/30-b43-legacy

edit the 30-b43 file and change the line with "b43" in "b43 qos=0" because the free firmware doesn't support QOS yet vi /etc/modules.d/30-b43

testing(optional,for debugging purpose or test purposes)

  • then we need to bring up the wifi interface:
ifconfig wlan0 up

this may take a long time because the file b43/pcm5.fw is not present...this is normal if we use the free firmware here's a result of the command:

root@OpenWrt:~# ifconfig wlan0 up 
b43 ssb0:3: firmware: requesting b43/ucode5.fw
b43 ssb0:3: firmware: requesting b43/pcm5.fw
b43 ssb0:3: firmware: requesting b43/b0g0initvals5.fw
b43 ssb0:3: firmware: requesting b43/b0g0bsinitvals5.fw
b43-phy0: Loading OpenSource firmware version 410.31754
b43-phy0: Hardware crypto acceleration not supported by firmware
b43-phy0: QoS not supported by firmware
Registered led device: b43-phy0::tx
Registered led device: b43-phy0::rx
b43-phy0: Radio turned on by software

then configure the interface:

ifconfig wlan0 netmask

then edit /etc/dnsmasq.conf to match the ip then edit /etc/hostapd.conf:

vi /etc/hostapd.conf

and add the following into it:


I don't know all the details of the configuration file but it's a default configuration a little bit modified then do:

hostapd /etc/hosapd.conf &

it will also take a long time because of b43/pcm5.fw here the output of this command on my router: ~# hostapd /etc/hostapd.conf

Configuration file: /etc/hostapd.conf
b43 ssb0:3: firmware: requesting b43/pcm5.fw
b43-phy0: Loading OpenSource firmware version 410.31754
b43-phy0: Hardware crypto acceleration not supported by firmware
b43-phy0: QoS not supported by firmware
Registered led device: b43-phy0::tx
Registered led device: b43-phy0::rx
Using interface wlan0 with hwaddr 00:14:bf:e1:da:df and ssid 'wrt54gs_freeopenwrt'

then connect to it with a laptop or desktop computer...

Real Setup

  • just edit the /etc/config/wireless file and replace that line:
        option disabled 1

by that line:

        option disabled 0


  • The wifi setup can take some time,please be patient


  • try wep/wpa