reverse engineering

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on Reverse engineering the SDK for BL602 RISC-V WiFi & BLE microcontroller

Reverse engineering the SDK for BL602 RISC-V WiFi & BLE microcontroller

BL602 decompiled C code

Bouffalo Lab BL602, and its big brother BL604 with extra GPIOs, are RISC-V microcontrollers with WiFi and Bluetooth LE that offer an alternative to Espressif Systems ESP32 Xtensa based WiSoC, although Espressif has also designed its own RISC-V solution: ESP32-C3. Soon after the “announcement” in October 2020, we found out the SDK and a relatively cheap BL602 board, but the SDK has many closed-source binaries. Soon after Sipeed and Pine64 expressed their interest in developing an open-source toolchain and even an open-source WiFi (and BLE) stack. Time has passed and even got a Pinecone board in January, but did not do anything with it, especially seeing the status of the software. The same cannot be said for Lup Yuen Lee (aka MrTechBlog) who spent a lot of time doing interesting with Pine64 BL602 module and board including playing and thoroughly documenting his work with Tensorflow Lite, connecting the board to […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 9 Comments on Allwinner V831 NPU (Neural Processor Unit) reverse-engineered

Allwinner V831 NPU (Neural Processor Unit) reverse-engineered

V831 NPU open-source toolchain

When Sipeed introduced MAIX-II Dock AIoT vision development kit, they asked help from the community to help reverse-engineer Allwinner V831‘s NPU in order to make an open-source AI toolchain based on NCNN. Sipeed already had decoded the NPU registers, and Jasbir offered help for the next step and received a free sample board to try it out. Good progress has been made and it’s now possible to detect objects like a boat using cifar10 object recognition sample. Allwinner V831’s NPU is based on a customized implementation of NVIDIA Deep Learning Accelerator (NVDLA) open-source architecture, something that Allwinner (through Sipeed) asked us to remove from the initial announcement, and after reverse-engineering work, Jasbir determined the following key finding: The NPU clock defaults to 400 MHz, but can be set between 100 and 1200 MHz NPU is implemented with nv_small configuration (NV Small Model),  and relies on shared system memory for all […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 8 Comments on GR-LoRa is a Reverse-Engineered Open Source Implementation of LoRa PHY

GR-LoRa is a Reverse-Engineered Open Source Implementation of LoRa PHY

LPWAN standards such as LoRa or Sigfox allow you to transmit data over long distance, at ultra low power (up to 10 years on a AA battery), and for free if your use your own network (P2P or gateway), or a few dollars per years if you go through a network provider. The low cost is possible since those standards rely on 900 MHz ISM bands, meaning nobody has to pay millions of dollars to the government to obtain a license fee. Matt Knight looked at LoRa, and while Level 2 and 3 of the protocol (LoRaWan) has public documentation, Level 1 (LoRa PHY) is proprietary and the standard is proprietary. So he decided to reverse-engineer LoRa PHY using Microchip RN2903 based LoRa Technology Mote and Ettus B210 USB software defined radio, and software packages and tools such as Python and GNU Radio to successfully deliver GR-LoRa open source “GNU Radio […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on Fernvale Open Source Hardware IoT Board Based on Mediatek MT6260 SoC with GSM Connectivity

Fernvale Open Source Hardware IoT Board Based on Mediatek MT6260 SoC with GSM Connectivity

Andrew Huang (Bunnie), an hardware engineer, known for hacking the original XBOX, and more recently for Novena open source laptop, has decided it could be interesting to reverse-engineer Mediatek MT6260 processor, as in China, it’s difficult to get documentation, SDK, and tools if you don’t commit to purchase X chips, where X is a rather large number. He and others also checked whether their work could be open sourced legally, and assert their “fair use” rights to reverse-engineer hardware and firmware. And so Fernvale project was born both as a technical challenge and to make a point. MT6260 is a $3 ARM7EJ-S processor clocked at 364 MHz with 8MB built-in RAM, interfaces such as I2C, SPI, PWM, UART, as well as LCD and touchscheen controller, and audio codec, battery charger, USB,  Bluetooth, and GSM support, which make the $6 Atmel MCU used in Arduino board look expensive. The main differences […]