Notes and utilities for reverse engineering the firmware used in MediaTek's WiFi cores. This includes the cores used in PCIe/USB/SDIO-attached chips, standalone WiFi microcontrollers, and SoCs with built-in WiFi.
- Install dependencies.
- Run
maketo generate the parser code used byextract_fw.py. - Obtain the
WIFI_RAM_CODE*binaries you're interested in. You can find these on many MediaTek-based Android phones in the/system/etc/firmwaredirectory, but if that doesn't work for you, you can also find these firmware files on the Internet--typically in the "vendor.zip" files posted by Android ROM developers. You can also find them, for example, using this GitHub search query, but you'll need to be logged in to GitHub in order for that to work. - Extract the code and data sections from each binary with
./extract_fw.py ..., where...is the name of theWIFI_RAM_CODE*firmware binary.
See Notes.md.
Except where otherwise stated:
- All software in this repository (e.g., tools for unpacking firmware, etc.) is made available under the GNU General Public License, version 3 or later.
- All copyrightable content that is not software (e.g., reverse engineering notes, this README file, etc.) is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.