Author Topic: EFR32 RAIL Reverse engineering/Open source alternative  (Read 980 times)

0 Members and 1 Guest are viewing this topic.

Online jsilva

  • Newbie
  • Posts: 4
  • Country: pt
EFR32 RAIL Reverse engineering/Open source alternative
« on: December 20, 2018, 11:28:27 pm »
I have recently discovered Sillicon Labs' Wireless gecko SoCs, the EFR32 series.

Upon reading the datasheet and reference manual for the chip, I noticed that the radio interface chapter is short and just tells people to use RAIL, their closed source radio interface library.

As I am not a big fan of closed source libraries, and I am getting really interested on those chips, I started to search for an open source alternative, but got no success, most likely because they are not wide spread yet.

I though about trying to reverse engineer the library, but I soon realised that would not be easy. I gave it a shot anyways and opened it with IDA to look at some pseudocode that crushed my dreams... Just writes and reads to memory accesses in the radio peripheral address range and even undocumented memory regions.

I would really like to fully use those chips, including the radio. What are your thoughts?
 

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 7812
  • Country: us
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #1 on: December 21, 2018, 12:46:58 am »
My thoughts?  Use what the factory provides and be happy! 

At least they give you more than just a 1200 page manual.
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 7057
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #2 on: December 21, 2018, 01:09:33 am »
. I gave it a shot anyways and opened it with IDA to look at some pseudocode that crushed my dreams... Just writes and reads to memory accesses in the radio peripheral address range and even undocumented memory regions.
What did you expect? That's typical of hardware-interacting code. You will need to make the documentation yourself, based on what the library functions do.
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 7581
  • Country: us
    • SiliconValleyGarage
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #3 on: December 21, 2018, 01:51:26 am »
Most likely this is a kind of SDR. without knowing the actual hardware inside the chip there is no way you will figure out what this library does. Just use it.
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 

Offline chicken

  • Regular Contributor
  • *
  • Posts: 235
  • Country: us
  • Rusty Coder
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #4 on: December 21, 2018, 02:01:30 am »
What is your intended application?

For the sub-GHz side: When I looked at them in the past (EZR32), the interface for the sub-GHz radio was identical with the EZRadioPRO family. So you might have some luck digging through the datasheets of their standalone radios or older chips. Though, from a quick glance at the block diagram in the linked datasheet for the EFR32BG12, this is probably a different radio.

If you target the 2.4 GHz side and want to replace their BT stack, I wish you good luck :-)

PS: I did some reverse engineering of the insides of the EZRadioPRO radios. Turns out they use the same silicon across the whole EZRadio and EZRadioPRO family, only differentiated by a few factory programmed settings. I wouldn't be surprised if that also applies to the EFR32 series of chips.


 

Online jsilva

  • Newbie
  • Posts: 4
  • Country: pt
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #5 on: December 21, 2018, 04:46:54 pm »
Thanks for your replies. Honestly I would prefer a 1200 pages manual describing the PHY...

I am going to take a look at the EZR series.
 

Offline chicken

  • Regular Contributor
  • *
  • Posts: 235
  • Country: us
  • Rusty Coder
Re: EFR32 RAIL Reverse engineering/Open source alternative
« Reply #6 on: December 21, 2018, 08:31:34 pm »
Thanks for your replies. Honestly I would prefer a 1200 pages manual describing the PHY...

I am going to take a look at the EZR series.

But what level of abstraction do you want to declare as the PHY? Behind the (mostly) documented SPI interface of the EZRadioPRO is a 8051 running proprietary firmware, and below that there’s a DSP of some sorts, which talks to the hardware (I think)... It’s turtles all the way down!
https://github.com/astuder/Inside-EZRadioPRO

Sorry for the tangent.

For actually getting things done, ignorance is often bliss  ;D
« Last Edit: December 21, 2018, 09:06:33 pm by chicken »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf