More information please?

[WildCryptoFox]

1. Which files need reverse engineering?

2. Does the license on the blob permit reverse engineering and could any derived work be open sourced?

3. What information may be promoted to the README to aid everyone interested?

3a. What are all the components of this repository? How do they fit together? Build instructions? Links to external documentation for these devices or for general protocols in use?

IIUC the SDK includes example applications in customer_app and common libraries in components. Using drivers which interact with the problematic binary blob and/or the hardware directly.

4. Is there any reason the toolchain is old? GCC version 8.3 vs. >=10.1.

5. Is C the only acceptable language or may we write our code in Rust or any other systems suitable language?

6. What is the exact ISA target? I.e. rv32gc? rv32im[a]fc? Where are the custom extensions documented? I.e. the crypto coprocessor.

[BryanQuigley]

Also what is the relationship (or ideal relationship) with the upstream project?

[gamelaster]

Hi @WildCryptoFox ,

1. This files needs to be reversed: libbl602_wifi.a, libblecontroller.a and libatcmd.a
2. From what I know, only repo license is there. So should be OK to reverse it and work can be open-sourced
3. Since whole SDK is made in C, I think it will be best to continue with using it.
4. (Partial response, I will provide more info later) In samples, there should be a file "genromap", which calls makefile and this should compile the example.
5. From information what I have at the moment, it's RV32IMAFC

For other questions I need to checkout with other devs. I will write here again when I will have more information.

[gamelaster]

Also what is the relationship (or ideal relationship) with the upstream project?

At the moment, there isn't any special relationship with upstream project (only pulling updates from upstream), but this can change.

[aiden-ct]

Has anyone found a data sheet / programming manual with register maps?

[WildCryptoFox]

@aiden-ct "Register maps" would be the RISC-V ISA and assembly manual. Memory ranges for MMIO are present in this datasheet for the device, hosted by pine64. These ranges are coarse, only representing the allocations of large regions. Not the fine-grain layout within the regions.

https://github.com/riscv/riscv-isa-manual/releases
https://github.com/riscv/riscv-asm-manual/blob/master/riscv-asm.md

(TLS error -> certificate only valid for other .pine64.org domains.)(Fixed!)
https://files.pine64.org/doc/datasheet/padi-ii/BL602_BL604_DS_Datasheet.pdf

[aiden-ct]

@WildCryptoFox - none of those document the wifi or ble modules. The datasheet you've linked gives a location in memory for the "Wireless SRAM" but no detail on the control registers.

[gamelaster]

(TLS error -> certificate only valid for other .pine64.org domains.)

Thanks for noticing, TLS problem was fixed.

[WildCryptoFox]

Thanks for fixing the certificate issue @gamelaster. This is also missing a HTTP->HTTPS redirect.

[WildCryptoFox]

It appears these binaries are compiled for rv32imfc not rv32imafc. Although the target may support atomics, the blobs do not use them.

GNU C99 8.3.0 -march=rv32imfc -mabi=ilp32f -gdwarf -Os -std=gnu99 -ffunction-sections -fdata-sections -fstrict-volatile-bitfields -fshort-enums -ffreestanding -fno-strict-aliasing

[maidenone]

see https://github.com/pine64/ble602-re