hngopher.com

       [HN Gopher] Adventures in reverse engineering Broadcom NIC firmware
       ___________________________________________________________________
        
       Adventures in reverse engineering Broadcom NIC firmware
        
       Author : hasheddan
       Score  : 69 points
       Date   : 2023-12-26 15:57 UTC (7 hours ago)
        
 (HTM) web link (www.devever.net)
 (TXT) w3m dump (www.devever.net)
        
       | levidos wrote:
       | Noob question but why is it the firmware that needs reverse
       | engineered and not the driver?
        
         | ajb wrote:
         | In the simplest sense, because they already have source for the
         | driver, and not for the firmware.
         | 
         | More broadly (no pun intended), NIC vendors want to work with
         | Linux and the GPL means they have to release the source of a
         | driver to do so. No such legal requirement applies to firmware.
        
         | ta988 wrote:
         | Because the open drivers are good enough but have to deal with
         | a proprietary blob that can't be fixed for bugs and has
         | undefined features/behavior.
        
         | doesnotexist wrote:
         | In this instance, it appears the author's motivation was to
         | facilitate a clean room reimplementation by "producing a
         | natural-language specification for others to reimplement". In
         | other instances security researchers might reverse firmware in
         | order to find vulnerabilities. As the article states:
         | 
         | > One example motivating the production of open source firmware
         | for the BCM5719 is that it's the only closed-source firmware
         | blob found in the Talos II, a high-performance POWER9-based
         | system otherwise wholly free of firmware blobs... Once this is
         | delivered, it will be possible to use Raptor's POWER9 systems
         | with purely 100% free, open source firmware. As far as I am
         | aware, there is no other machine in the same performance class
         | which can make such a claim.
        
           | Palomides wrote:
           | >All Raptor systems shipped after May 10, 2021 use the open-
           | source Ortega firmware for the BCM5719 device.
           | 
           | https://wiki.raptorcs.com/wiki/BCM5719
        
         | salawat wrote:
         | Because vendors have realized GPL condoms are a thing and have
         | started basically sacrificing the driver layer to the legal
         | requirements of GPL, while keeping the secret sauce secret
         | through firmware.
         | 
         | Firmware is the new proprietary/FLOSS boundary layer.
        
       | doesnotexist wrote:
       | Impressive work. Looking at the presentation slides which
       | accompany the 37C3 talk, the author covers their "Your princess
       | is in another castle" experience. Turns out they fully reversed
       | the firmware for the MIPs cores (one core per port) only to
       | discover the MIPs cores were almost entirely vestigial relics
       | retained from past generations. I think anyone who has done real
       | world reverse engineering can empathize with having spent a
       | significant amount of time and hard work reversing what turns out
       | to be a ton of dead code. In the end, success in reverse
       | engineering is mostly about being relentlessly persistent in your
       | pursuit to understand what is going on and getting back up after
       | big set backs and disappointing dead-ends.
        
         | dwattttt wrote:
         | There's a lot to be said for when dynamic analysis is possible;
         | it doesn't have to be perfect in order to eliminate code that
         | isn't involved in an interaction (worst case you cause that
         | code to die horribly & observe the fail, or lack thereof)
        
       | mdaniel wrote:
       | The 2019 submission which had some commentary from the author:
       | https://news.ycombinator.com/item?id=19679640
        
       | LgWoodenBadger wrote:
       | What would it cost for a philanthrope to produce a fully-open-
       | source chipset/soc/board for Linux?
        
       | hlandau-travel wrote:
       | Author here. This is finally being given as a talk by me tomorrow
       | at 37C3. I've wanted to give this as a talk for many years at
       | CCC, but CCC's long hiatus got in the way. This will be my first
       | time at CCC.
       | 
       | If anyone attending 37C3 wants to talk more about this, or
       | anything else, or about open source firmware/owner control in
       | general, don't hesitate to get in touch with me in person or
       | online.
       | 
       | I don't have access to my usual email when traveling for security
       | reasons, so use my travel email:
       | https://www.devever.net/~hl/contact
       | 
       | I'll also set up a DECT phone at the event (4526/HUGO).
       | 
       | Comments and questions welcome!
        
       ___________________________________________________________________
       (page generated 2023-12-26 23:00 UTC)