I thought I was done writing about Bouffalo Lab BL602 WiFI & Bluetooth RISC-V SoC for a while after first covering the chip itself, and then an inexpensive BL602 development board this weekend.
But the BL602 SDK has shown up in various Github repositories, including Bouffalo Lab’s own bl_iot_sdk repository, and as more people are looking into it, there’s now an effort to develop a fully open-source blob-free WiFi & Bluetooth stack for BL602, and other Bouffalo Lab WiFi and/or Bluetooth wireless chips.
Last day we communicate with Bouffalolab, finally they release the SDK of BL602 (RV32 chip of wifi+bt), all code is open, except libblecontroller.a, libatcmd.a, libbl602_wifi.a (while they have all symbol inside)https://t.co/giHsQ4ezXx
we have a fork too https://t.co/FiaAIxLBc8
— Sipeed (@SipeedIO) October 27, 2020
First, Sipeed says the code is mostly open-source except for three libraries: ibblecontroller.a, libatcmd.a, libbl602_wifi.a, all of which are un-obfuscated, and easy to disassemble.
Then we have Pine64 that offers free BL602 “PineCone” development boards to anyone that submits a pull request to help the community obtaining an open-source, blob-free WiFi and BLE stack as part of their Nutcracker Challenge. I find the initiative interesting, but a bit backward, as they ask people to commit code before having the hardware to play with. Hopefully, they’ll find a better way to distribute hardware to developers especially they have 1,000 samples on hand.
I don’t have photos of the PineCone board but only renders. It’s comprised of a breakout board and a BL602 module with the same form factor as the Pine64 PADI IoT stamp.
The company is not yet fully committed to selling the board and module, but if they do they plan to sell the module for $1.99 and PineCone EVB for $3.99.
[Update: photos and schematics
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
33 Replies to “The quest for a blob-free WiFi & Bluetooth stack for BL602 WiSoC”
I don’t know if this was the real intention, but it actually seems quite clever: they can get pseudo anonymous people online to do the disassembling and rewriting of the code while keeping their hands clean legally
If they did the reverse engineering themselves they could get into some trouble
As far as I understand pine has no substantial SW know how in-house, they always cooperate with “the community”.
Also reverse engineering is not per se illegal, if done correctly.
>As far as I understand pine has no substantial SW know
>how in-house, they always cooperate with “the community”.
That might explain why they seem to release interesting boards that end up to not be that useful because the software is crappy.
>Also reverse engineering is not per se illegal, if done correctly.
Taking apart the binary is probably fine. The thing is that just taking apart the binary doesn’t explain totally how the hardware works and it might take a lot of work to actually get it to do anything. The best you can hope for is that it shows that the hardware is actually an off the shelf part that is documented somewhere.
That said I can’t think of any WiFi chipsets that have publically available documentation.
It probably is something off the shelf. They even copied the nordic SDK. They are avoiding to do any additional work. So, it might be a good idea to compare the binary to other known SDKs.
> they always cooperate with “the community”
Exactly. I would go even further and call some of their devices simply ‘a hardware service for a software community’.
It needs to be blind…group one disassembles code to determine the functionality. They write a detailed spec describing the functionality but not the code. They hand that spec to developers who have never worked with that hardware develop code to implement functionality and test it. The result will be object code different than the original so it does not infringe on copyright.
Yepp that’s exactly what I meant with my lazy “if done right”…
That will be very interesting, especially if the BLE radio gets properly reversed and documented. I’d love to have direct access to the registers to use the radio for proprietary RF modes similar to i.e. an NRF24L01, while profiting of the quite reasonable BLE radio (I hope theirs is as good as Nordic’s).
Unfortunately Espressif seems to keep their BT/BLE quite hidden AFAICT.
Someone needs to update this maybe?
Reverse engineering is not illegal in Europe|an union.
So Good luck!
What’s the rationale for WiFi binary blobs? Are there still patents for WiFi like for GPUs? Or is it more due to things like FCC regulations. Maybe companies don’t want people to mess with some parts of the code as they could then become liable?
Yes, that’s it. Espressif semi-officially states that. Because, you know, most haxxors cannot resist the 12 year old hooligan in them…
I think they don’t want to be liable. In many places it’s forbidden to distribute hardware, software, or even howtos that may be used to disrupt radio communications. And in this sense, a source file that explains how to reconfigure the radio to use it beyond regulations could be seen as a way to disrupt radio communications. To be honest I don’t think there’s any risk at all, but when you have lawyers, any sentence starts with “imagine if…”.
You don’t think there is any risk of people reconfiguring the radio beyond regulations?
Some end-users using third-party firmware seem quite happy to run WiFi access points on channels that aren’t approved for the use in their jurisdictions. Some are just ignorant, others seem to think they are special.
So, you are telling me people are doing illegal things and even protections against it are not stopping them? What a surprise 😀 It is just very helpful to have open source software, even though some people may misuse it. If someone sees this, they get punished accordingly.
Tell that to the varying Gooberments they have to be responsible to and deal with that this is the case… X-D
I’ve been dealing with the stuff for the better part of a decade plus and had to deal with the Homologation aspects of things when I worked for an Industrial Wireless Comms company
Not patent control. RF emissions control. It’s considerably harder to get homologation (FCC, etc. approval on the RF emitters on the device) when it’s fully open sourced. The factory floor calibration software for most chips is restricted similarly- you end up with a 2.4 GHz jamming device as a result of this access, even if you don’t misuse it that way.
“Hi All, thanks for your enthusiasm.
After discussion, we decided to move one step further towards open source. We plan to provide one set of low level APIs on mac layer some time later, with that BL602 can work well as one high performance raw packet tranceiver. These APIs will cover HW encryption & deencryption/HW retransmission/HW packet filter/HW DateRate control/HW PowerTable/TSF/Qos/HW Backoff/HW Aggreation. We think these are powerful enough to import Mac80211 and supplicant to implement one open source stack. Things under this layer are related to the HW(RF/PHY) register settings, which can not be open.
BTW, the original libs are also kept for other kind of users.
Hope this is helpful’
Sounds interesting. Thanks for the update. So it really sounds like they don’t want to open source, because you could increase the power on the RF transmitter. I hope we get eventually something similar to Nimble. A Nimble fork would be also good, I think. Quite simple to integrate into existing infrastructure. The best would be, if they just get it merged into Nimble.
>So it really sounds like they don’t want to open source,
>because you could increase the power on the RF transmitter.
I think that’s maybe one of the reasons.
The other reason I can think of is that a lot of open source licences have effects on patents i.e. the license doesn’t just grant access to the code but also any patents involved. That might expose their own patents and on the other hand it might expose that they are using stuff that is covered by someone else’s patents.
Exposing patents is not a concern. By definition, a Patent is explicitly exposed publicly and worldwide wherever it’s given unless it’s classified- which would preclude them selling the device in the first place to anyone OTHER than the Government.
Trade secrets have to not be disclosed.
Trust me…it’s about Homologation concerns. Purely so.
Exposing a patent by applying for it != granting a licence to it. Many OSS licenses have implied and explicit patent grants.
Understandable from a radio regulatory/liability perspective, but sad this surely very capable radio can’t be used for such things: http://www.rowetel.com/?p=7467
I mean you can also argue that people who are able to change it know what they are doing. So, set the default parameter according to the ISM band standards and this should be fine. I also think it would be beneficial for them as a company. Open source will lead to more adoption. Especially considering all the other, especially Chinese, competitors. A well supported and open source library will increase their market shares.
Sure, I’m a bit torn apart, between I want it as open as possible, open source is not enough, I want the register definitions in their entirety. And otoh I see the ignorance by some Arduino tinkerers when it comes to radio regulations…
Of course with my legal car I can speed, so what is the conclusion?
Yes, but these Arduino tinkerers will never change the register. They normally don’t change the library itself. They just want to use BLE or WiFi with their routers. The people who want to go against regulations are also able to do so. They can just use a SDR or something else. There are enough ways.
Give tinkerers a knob they can twiddle to operate in unauthorized spectrum and some of them will twiddle the knob out of ignorance or self-centeredness. Most of them would never bother getting an SDR rig.
I’m not commenting on whether or not the knob should be open-sourced, I just think its naive to think that adding it won’t make it available to more people who will abuse it by making it available at an Arduino-like price point rather than an SDR price-point.
SDRs are available for what? 20 or 30 bucks. So that doesn’t stop them. There are enough people buying these unauthorized walkie-takies. That is a bigger deal than this IC. I also don’t think you can adapt this IC to a wide range of frequencies. It only supports WiFi and Bluetooth. Therefore something in the 2.4 and 5 Ghz area. The only parameter you are probably able to change is the output power. If your neighbor is disrupting your WiFi, eventually some technicians of some ISP will see that and this person get punished for it.
>to more people who will abuse it by making it available
>at an Arduino-like price point rather than an SDR price-point.
This is like saying the price of sports cars means the people that drive them always keep to the speed limit even though their car can accelerate well beyond it but on the other hand people that drive low cost cars really want to break the speed limit and only don’t do so because their car can’t physically do it.
I like the sports car analogy. You also don’t restrict cars, just because some people might drive too fast. You punish these people who do.
In RF Homologation circles, they don’t think/work that way. Even though they should.
That’s still not open source, gang. It’s better than most everyone else- but it’s still telling fibs about what it is.