diff --git a/main/chm.h b/main/ghidra-exports.h similarity index 81% rename from main/chm.h rename to main/ghidra-exports.h index ef50d8a..c024943 100644 --- a/main/chm.h +++ b/main/ghidra-exports.h @@ -18,11 +18,6 @@ typedef unsigned long long undefined7; typedef unsigned long long undefined8; typedef unsigned short ushort; typedef unsigned short word; -typedef struct chm chm, *Pchm; - -typedef struct channel_specification channel_specification, *PChannelSpecification; - -typedef struct channel_information channel_information, *PChannelInformation; typedef enum channel_width { HT20=0, @@ -30,7 +25,7 @@ typedef enum channel_width { HT40U=2 } channel_width; -struct channel_information { +typedef struct channel_information { char channel_number; undefined field1_0x1; ushort freq_mhz; @@ -39,14 +34,14 @@ struct channel_information { undefined field5_0x6; undefined field6_0x7; uint _flags; -}; +} channel_information; -struct channel_specification { +typedef struct channel_specification { byte channel; - enum channel_width channel_bandwidth; -}; + channel_width channel_bandwidth; +} channel_specification; -struct chm { +typedef struct chm { undefined *ic; undefined field1_0x4; undefined field2_0x5; @@ -130,5 +125,29 @@ struct chm { undefined field80_0xfc; undefined field81_0xfd; undefined field82_0xfe; -}; +} chm; + +typedef enum pp_signal { + PP_PROCESS_TX_QUEUE=3, + PP_TRANSMIT=5, + PP_IOCTL=6, + PP_IEEE80211_TIMER=7, + PP_TIMER=8, + PP_PROCESS_RX_PKT_HDR=13, + PP_WIFI_ASSERT=14, + PP_TASK_KILL=15, + PP_PROCESS_TX_DONE=16, + PP_RX_PKT=17, + PP_RESORT_TX_AMPDU=18, + PP_LMAC_PROCESS_TX_TIMEOUT=22, + PP_LMAC_PROCESS_TX_COMPLETE=23, + PP_LMAC_PROCESS_COLLISIONS_TASK=24, + PP_WDEV_PROCESS_RX_SUCCESS_DATA_ALL=25, + PP_WDEV_PROCESS_MISC_PKT=26 +} pp_signal; + +typedef struct pp_signal_struct { + enum pp_signal signal; + void *data; +} pp_signal_struct; diff --git a/main/hardware.c b/main/hardware.c index ea85161..4cf7856 100644 --- a/main/hardware.c +++ b/main/hardware.c @@ -129,6 +129,23 @@ tx_hardware_slot_t tx_slots[TX_SLOT_CNT] = {0}; uint32_t seqnum = 0; +extern uint32_t esp_dport_access_reg_read(uint32_t); + +// [[openmac-coverage:implemented]] +void enable_wifi_agc_openmac() { + write_register(0x3ff5c080, esp_dport_access_reg_read(0x3ff5c080) & ~(0x1)); + write_register(0x3ff5c030, (esp_dport_access_reg_read(0x3ff5c030) & 0xffffffcf) | 0x10); + write_register(0x3ff5c01c, (esp_dport_access_reg_read(0x3ff5c01c) & 0xff00ffff) | 0xc0000); + write_register(0x3ff5c038, esp_dport_access_reg_read(0x3ff5c038) & 0x4000000); +} +// [[openmac-coverage:implemented]] +void disable_wifi_agc_openmac() { + write_register(0x3ff5c01c, (esp_dport_access_reg_read(0x3ff5c01c) & 0xff00ffff) | 0x7f0000); + write_register(0x3ff5c038, esp_dport_access_reg_read(0x3ff5c038) & 0x4000000); + write_register(0x3ff5c030, esp_dport_access_reg_read(0x3ff5c030) & 0xffffffcf); + write_register(0x3ff5c080, esp_dport_access_reg_read(0x3ff5c080) & 0x1); +} + void log_dma_item(dma_list_item* item) { ESP_LOGD("dma_item", "cur=%p owner=%d has_data=%d length=%d size=%d packet=%p next=%p", item, item->owner, item->has_data, item->length, item->size, item->packet, item->next); } @@ -418,7 +435,7 @@ void wifi_hardware_task(hardware_mac_args* pvParameter) { // It reads from a queue that the proprietary WMAC interrupt handler writes to // We kill it to make sure that no proprietary code is running anymore ESP_LOGW(TAG, "Killing proprietary wifi task (ppTask)"); - pp_post(0xf, 0); + pp_post(PP_TASK_KILL, 0); setup_rx_chain(); diff --git a/main/hardware.h b/main/hardware.h index edb7a93..51794e7 100644 --- a/main/hardware.h +++ b/main/hardware.h @@ -16,4 +16,7 @@ void wifi_hardware_task(hardware_mac_args* pvParameter); extern uint8_t module_mac_addr[6]; #define _MMIO_DWORD(mem_addr) (*(volatile uint32_t *)(mem_addr)) -#define _MMIO_ADDR(mem_addr) ((volatile uint32_t*)(mem_addr)) \ No newline at end of file +#define _MMIO_ADDR(mem_addr) ((volatile uint32_t*)(mem_addr)) + +void enable_wifi_agc_openmac(); +void disable_wifi_agc_openmac(); diff --git a/main/hwinit.c b/main/hwinit.c index d071870..5111263 100644 --- a/main/hwinit.c +++ b/main/hwinit.c @@ -2,7 +2,7 @@ #include "esp_log.h" #include "esp_phy_init.h" #include "hardware.h" -#include "chm.h" +#include "ghidra-exports.h" static const char* TAG = "hwinit"; @@ -41,10 +41,6 @@ void esp_phy_common_clock_enable(); void esp_phy_load_cal_and_init(); // End of open source symbols -// [[openmac-coverage:implemented]] -void wifi_station_start_openmac() { - // this does hal_enable_sta_tsf and ic_set_vif; which we already handle in open code -} void acquire_lock() { mutex_lock_wraper(g_wifi_global_lock); } @@ -52,11 +48,6 @@ void release_lock() { mutex_unlock_wraper(g_wifi_global_lock); } -// [[openmac-coverage:implemented]] -esp_err_t _do_wifi_start_openmac(wifi_mode_t mode) { - wifi_station_start_openmac(); - return ESP_OK; -} void esp_wifi_internal_update_mac_time_openmac(uint32_t diff) { g_wifi_mac_time_delta += diff; } @@ -105,7 +96,7 @@ void timer_process(void* unknown) { ieee80211_timer_process(0x7, 0x8, unknown); } void chm_init_openmac(void* ic) { - // The only refrence to this is upon init. + // The only reference to this is upon init. g_chm->field76_0x4f = 0xe; for (int channel = 0; channel < 14; channel++) { @@ -149,6 +140,16 @@ void wifi_hw_start_openmac(wifi_mode_t mode) { pm_noise_check_enable(); } +// [[openmac-coverage:implemented]] +void wifi_station_start_openmac() { + // this does hal_enable_sta_tsf and ic_set_vif; which we already handle in open code +} + +// [[openmac-coverage:implemented]] +esp_err_t _do_wifi_start_openmac(wifi_mode_t mode) { + wifi_station_start_openmac(); + return ESP_OK; +} void wifi_start_process_openmac() { ESP_ERROR_CHECK(adc2_wifi_acquire()); wifi_hw_start_openmac(0); diff --git a/main/proprietary.h b/main/proprietary.h index 862d897..19ac302 100644 --- a/main/proprietary.h +++ b/main/proprietary.h @@ -1,8 +1,9 @@ #pragma once #include +#include "ghidra-exports.h" // All extern function shown here are symbols in the binary blobs -extern bool pp_post(uint32_t requestnum, uint32_t argument); +extern bool pp_post(pp_signal requestnum, void* argument); // Interrupt-related functions extern void xt_unhandled_interrupt(void * arg);