Jasper Devreker Units His Sights on a Totally-Open Wi-Fi Stack for Espressif’s ESP32 Microcontrollers

Jasper Devreker, a member of Ghent College’s pupil affiliation for laptop science, is aiming to make Espressif’s in style ESP32 platform slightly extra open — with the event of an open supply Medium Entry Management (MAC) layer.

“The ESP32 is a well-liked microcontroller recognized within the maker group for its low value (~ €5) and helpful options,” Devreker explains. “It has a dual-core CPU, built-in Wi-Fi and Bluetooth connectivity and 520kB of RAM. A lot of the software program improvement package that’s used to program for the ESP32 is open supply, besides notably the wi-fi bits (Wi-Fi, Bluetooth, low-level RF features): that performance is distributed as pre-compiled libraries, which are then compiled into the firmware the developer writes.”

Sad with this state of affairs, Devreker has arrange a venture to develop a “minimal alternative” for the binary blobs driving Espressif’s ESP32 Wi-Fi radio. “We don’t intend to be API-compatible with present code that makes use of the Espressif ESP-IDF API,” Devreker notes, “somewhat, we would wish to have a totally working, open supply networking stack.”

It is a difficult prospect: Espressif’s personal code is proprietary and solely supplied as opaque binary blobs, and since the corporate does not count on builders to be utilizing the rest the underlying {hardware} is just not publicly documented. The answer: reverse engineering the {hardware}, constructing on work achieved by Uri Shaked again in 2021 and Martin Johnson in 2022.

Taking Espressif’s fork of the QEMU emulator as a place to begin, and utilizing the open supply Ghidra reverse engineering instrument with a plugin for Tensilica Xtensa help, Devreker and colleagues started their work — together with analyzing the firmware operating on a real ESP32 board underneath the group’s management. “Along with the JTAG debugger, we additionally related a USB Wi-Fi dongle on to the ESP32,” Devreker explains.

“We join [the] antenna connector to a 60dB attenuator (this weakens the sign by 60dB),” Devreker continues, “then join that to the antenna connector of the wi-fi dongle. That approach we’ll be capable to solely obtain the packets coming from the ESP32, and the ESP32 will solely obtain packets despatched by the wi-fi dongle.”

Putting the ensuing mixture in a Faraday cage made out of an empty tin can, the group was in a position to write a minimal firmware and uncover a high-level overview of the “{hardware} lifecycle” whereas sending a packet. With that in hand, they created a proof-of-concept firmware for transmitting and receiving arbitrary packets with out utilizing any of Espressif’s software program improvement package performance — aside from the proprietary features required to initialize the radio and disable energy saving.

That is a formidable begin, however the venture nonetheless has a methods to go: Devreker’s roadmap contains controlling the radio’s tuner and energy settings, changing the proprietary radio initialization step, and including code from an present 802.11 MAC inventory to permit the machine to affiliate with Wi-fi Entry Level (WAP) units.

“It is a sizeable venture that might positively use a number of contributors; I’d actually wish to collaborate with different individuals to create a totally purposeful, open supply Wi-Fi stack for the ESP32,” Devreker provides. “If this feels like one thing you’d wish to work on, contact me through zeusblog@devreker.be, perhaps we are able to have a weekly hacking session?”

The total venture write-up is offered on the Ghent College Zeus WPI web site — with the packet-reception breakthrough in a second publish. the supply code to date is up on GitHub underneath the permissive MIT license with Espressif’s blobs licensed underneath Apache 2.0.