An experimental open-source WiFi stack has been introduced for the ESP32. This project, named Ferris on Air (FoA), is created in async rust and serves as a proof-of-concept 802.11 stack. It aims to enable various interfaces using Embassy, a rust framework for embedded devices. The ultimate goal of this framework is to provide the ESP32 with features such as mesh networking and AirDrop. Although these features are thrilling, they were previously unattainable.
The Challenge of Closed-Sourced Modules
The ESP32 is mainly open-source, but its WiFi and Bluetooth modules are not, likely due to a hardware NDA that Espressif, the company behind the ESP32, is under. Thankfully, Espressif has agreed that the team could legally reverse engineer these modules and share the results under an Apache license. However, the process of reverse engineering is quite complex.
The Reverse Engineering Journey
To unlock the WiFi module, the team utilized Ghidra, a reverse engineering tool from the NSA, to study its code structure, logic, and function names—information that Espressif generously left in the code. This allowed the team to understand the roles of each hardware register that controls the WiFi Module. By combining physical and emulated ESP32 hardware analysis, they successfully reverse-engineered the WiFi module. Interestingly, the team had to create a DIY Faraday cage to separate the WiFi signals from the ESP32. For this, they constructed a wooden cube lined with conductive fabric, a fiberoptic cable to transmit signals to the ESP32, and a car battery to power the whole system.
Future Developments
Ferris on Air is still at the beginning of its journey but is rapidly developing and adding new features. More information about the reverse engineering process and additional project details can be found below.
Check out Frosty314159 on GitHub and 38C3 for further insights.
Source: Link
