Matthias Schulz
ABSTRACT
The most widespread Wi-Fi enabled devices are smartphones. They are mobile, close to people and available in large quantities, which makes them perfect candidates for real-world wireless testbeds. Unfortunately, most smartphones contain closed-source FullMAC Wi-Fi chips that hinder the modification of lower-layer Wi-Fi mechanisms and the implementation of new algorithms. To enable researchers' access to lower-layer frame processing and advanced physical-layer functionalities on Broadcom Wi-Fi chips, we developed the Nexmon firmware patching framework. It allows users to create firmware modifications for embedded ARM processors using C code and to change the behavior of Broadcom's real-time processor using Assembly. Currently, our framework supports five Broadcom chips available in smartphones and Raspberry Pis. Our example patches enable monitor mode, frame injection, handling of ioctls, ucode compression and flashpatches. In a simple ping offloading example, we demonstrate how handling pings in firmware reduces power consumption by up to 165 mW and is nine times faster than in the kernel on a Nexus 5. Using Nexmon, researchers can unleash the full capabilities of off-the-shelf Wi-Fi devices.
- Mango Communications. 2017. WARP Project. (2017). http://warpproject.orgGoogle Scholar
- Jakob Eriksson, Hari Balakrishnan, and Samuel Madden. 2008. Cabernet: vehicular content delivery using WiFi. Proc. of the 14th International Conference on Mobile Computing and Networking (MobiCom). ACM, San Francisco, California, USA, 199--210. Google ScholarDigital Library
- Francesco Gringoli and Lorenzo Nava. 2009. OpenFWWF: Open FirmWare for WiFi networks. (2009). http://netweb.ing.unibs.it/ openfwwf/Google Scholar
- Bo Han, Aaron Schulman, Francesco Gringoli, Neil Spring, Bobby Bhattacharjee, Lorenzo Nava, Lusheng Ji, Seungjoon Lee, and Robert R. Miller. 2010. Maranello: Practical Partial Packet Recovery for 802.11. Proc. of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI). USENIX Association, 205--218.Google Scholar
- Samer S. Hanna, Arsany Guirguis, Mahmoud A. Mahdi, Yaser A. El-Nakieb, Mahmoud Alaa Eldin, and Dina M. Saber. 2016. CRC: Collaborative Research and Teaching Testbed for Wireless Communications and Networks Proc. of the 10th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation, and Characterization (Wintech). ACM, New York, New York, USA, 73--80.Google Scholar
- Justus Hoffmann. 2016. Implementing a Mesh-Routing-Protokoll in the BCM4339 WiFi Chip. Diploma thesis. Technische Universität Darmstadt, Germany.Google Scholar
- P.W. Katz. 1991. String searcher, and compressor using same. (Sept. 24. 1991). https://www.google.com/patents/US5051745 US Patent 5,051,745.Google Scholar
- Michael Koch. 2016. Reactive, Smartphone-based Jammer for IEEE 802.11 Networks. Master's thesis. Technische Universität Darmstadt, Germany.Google Scholar
- Katerina Pechlivanidou, Kostas Katsalis, Ioannis Igoumenos, Dimitrios Katsaros, Thanasis Korakis, and Leandros Tassiulas. 2014. NITOS testbed: A cloud based wireless experimentation facility Proc. of the 26th International Teletraffic Congress (ITC). IEEE, Karlskrona, Sweden, 1--6.Google Scholar
- Matthias Schulz, Francesco Gringoli, Daniel Steinmetzer, Michael Koch, and Matthias Hollick. 2017. Massive Reactive Smartphone-Based Jamming using Arbitrary Waveforms and Adaptive Power Control Proc. of the ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec) 2017. Boston, USA.Google Scholar
- Matthias Schulz, Denny Stohr, Stefan Wilk, Benedikt Rudolph, Wolfgang Effelsberg, and Matthias Hollick. 2015. APP and PHY in Harmony: A Framework Enabling Flexible Physical Layer Processing to Address Application Requirements. In Proc. of the International Conference on Networked Systems (NetSys). IEEE, Cottbus, Germany. Google ScholarCross Ref
- Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework. (2017). https://nexmon.orgGoogle ScholarDigital Library
- Ilenia Tinnirello, Giuseppe Bianchi, Pierluigi Gallo, Domenico Garlisi, Francesco Giuliano, and Francesco Gringoli. 2012. Wireless MAC processors: Programming MAC protocols on commodity Hardware Proc. of the 31st International Conference on Computer Communications (INFOCOM). IEEE, Orlando, FL, USA.Google Scholar
Index Terms
- Nexmon: Build Your Own Wi-Fi Testbeds With Low-Level MAC and PHY-Access Using Firmware Patches on Off-the-Shelf Mobile Devices
Recommendations
DEMO: Using NexMon, the C-based WiFi firmware modification framework
WiSec '16: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile NetworksFullMAC WiFi chips have the potential to realize modifications to WiFi implementations that exceed the limits of current standards or to realize the implementation of new standards, such as 802.11p, on off-the-shelve hardware. As a developer, one, ...
Demo: Nexmon in Action: Advanced Applications Powered by the Nexmon Firmware Patching Framework
WiNTECH '17: Proceedings of the 11th Workshop on Wireless Network Testbeds, Experimental evaluation & CHaracterizationSmartphones and Internet of Things (IoT) devices are widely available and offer interfaces for wireless communication. This makes them perfect candidates for large-scale wireless testbeds. To reduce energy consumption, those devices contain FullMAC Wi-...
Scanning the Future with New Barcodes
Topics include two-dimensional barcodes that are becoming increasingly popular; personal mobile hotspots that let users wirelessly access network services even when no traditional Wi-Fi hotspots are nearby; and a high-tech brush that lets users create ...
Comments