[HN Gopher] Building an open-source Wi-Fi Mac layer for the ESP32
___________________________________________________________________
Building an open-source Wi-Fi Mac layer for the ESP32
Author : pabs3
Score : 150 points
Date : 2025-03-09 00:32 UTC (21 hours ago)
(HTM) web link (esp32-open-mac.be)
(TXT) w3m dump (esp32-open-mac.be)
| pabs3 wrote:
| A list of other open source firmware:
|
| https://wiki.debian.org/Firmware/Open
| iou wrote:
| Timely post with the vulnerability research this week?
| https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-...
| dugite-code wrote:
| That was related to Bluetooth. Interesting undocumented low
| level commands but it's a bit of a stretch to call it a
| vulnerability IMHO.
|
| But having the whole stack open would just be better in
| general.
| gibibit wrote:
| Correct. HN thread
| https://news.ycombinator.com/item?id=43301369
|
| Not a vulnerability in the way that Tarlogic makes it sound.
| Disingenuous and misleading article for sure.
| nottorp wrote:
| A good bunch of "security" articles that make the news look
| more like scareware to me in the past years.
| luma wrote:
| This outfit has changed the term "backdoor" to mean "any
| undocumented feature". The findings reported are absolutely not
| a backdoor in any conventional usage of the term. One would
| need to flash their own code to the micro to make use of these
| features, which is the normal operating mode for any micro
| device.
|
| This is nothing other than a security research team trying to
| get some attention by crying wolf.
| mystified5016 wrote:
| This isn't a backdoor, it's just an undocumented debugger in
| the HCI stack. You still need a physical UART connection to the
| device AFAIK. The exact same type of connection you use to
| program and debug the device normally.
| megamix wrote:
| I'd like someone to explain this to me as I find this
| interesting. I have tech background but the OSI model is not
| something I've interacted with directly.
|
| Some questions I come to think of
|
| 1. Why ESP32 made it closed? 2. What does the MAC layer in the
| OSI model make it so important to either make this closed/open
| source ?
|
| From the article: "security auditability", possibility for
| features not supported, make research into Wi-Fi networks with
| lots of nodes more affordable.
|
| E.g. ESP32 is proprietary, but it doesn't limit the connection to
| certain routers, but could it be made to be?
| pvtmert wrote:
| i'm also not professional networking engineer but overall open
| core will allow;
|
| better interfacing and integration as a wifi chip on SBCs like
| raspberry pi, potentially allowing faster rates and lower
| latencies on SPI or I2c buses
|
| better security and possibly handling further standards than
| the espressif allows.
|
| for example, you may implement wpa3 or wpa4 (if it comes out at
| some point) without needing to wait for espressif to implement
| and release themselves. plus, they may never have the
| incentives to do so if a newer chip (esp64?) comes out...
| mannyv wrote:
| One big win might be power savings.
| magnat wrote:
| 1. They might have used IP cores with license that forbids
| disclosing any technical details, including firmware
| implementation.
|
| 2. Manipulating RF registers could cause the device to operate
| outside of regulatory parameters, perhaps invalidating FCC
| certification for the whole device. By not disclosing how to
| use MAC directly, they can claim they did their best to prevent
| device from misbehaving.
| xattt wrote:
| There's many devices that can get uncapped (Yaesu handhelds
| for example) without losing FCC certification.
| Eduard wrote:
| "uncapped"?
| luma wrote:
| Item 1 is certainly the case here. Espressif licensed most of
| their original IP from tensilica, and this is completely
| normal for building a commercial microcontroller. If you
| don't have the in-house skill to build a complete WiFi radio
| stack from the ground up, you simply license the IP core and
| roll it into your product.
|
| Nice work by the presenters here, it's a good idea and might
| help the community, but the current state is not the result
| of Espressif trying to be jerks.
| KennyBlanken wrote:
| The second item has been trotted out for roughly two decades
| as an excuse for why router companies block open source
| firmwares.
|
| In those two decades there's been no evidence the FCC or
| other regulatory bodies follow that theory, and no evidence
| that open source firmware causes "misbehavior."
|
| Please stop talking about it like it's an issue. It isn't.
| MadnessASAP wrote:
| The chaos that surrounded the Flipper Zero clearly
| indicates that it is an issue.
| rubatuga wrote:
| OSI MAC =/= WIFI MAC + PHY
| IshKebab wrote:
| Just in case you didn't know, the OSI model is wrong. The world
| uses the "TCP/IP model" - there's no "presentation layer" for
| example.
| brookst wrote:
| I would argue that the higher layers of OSI become more
| abstract and blurry, but it's not wrong per se. TLS maps
| fairly well (not perfectly) to presentation layer.
|
| Then again, OSI works best as a descriptive model rather than
| prescriptive. Plenty of applications don't follow the model
| at all. QUIC is largely an optimization by collapsing many
| functions that OSI models as separate layers into one
| monolithic thing.
| londons_explore wrote:
| A huge part of the cost of developing a WiFi chip is in the
| firmware. WiFi is a complex set of protocols, and is especially
| tricky to implement in a low ram, low compute, power
| constrained device.
|
| There is perhaps a 50/50 effort split between firmware and
| hardware design. Open source the firmware and suddenly an
| upstart competitor has only half the cost to market, and
| therefore could undercut you in price.
| numpad0 wrote:
| It's just local maxima of utility. Not global ideal but
| pragmatic useful solutions. They could have delayed release for
| a century or two until a truly fair and open chip could be
| designed and fabricated, or you can get the chip today and
| complain about its pathetic proprietary nature along this long
| journey towards idealist heaven. The latter is way better.
| mannyv wrote:
| People have been trying to shoehorn the Internet into the OSI
| model for decades. It's like the OSI supporters have waged a
| campaign to be relevant...and won.
|
| It's a nice model, but once it gets above the phy layer it
| becomes sort of bad.
| bastard_op wrote:
| I was watching the 38c3 talk about this a few months ago, and
| just laughed seeing the recent news. Guess they have a good
| reason to be paranoid, hmm.
|
| https://youtu.be/r8IqkUTGjlA
___________________________________________________________________
(page generated 2025-03-09 22:01 UTC)