CYSEC and CROSSING researchers Matthias Schulz, Daniel Wegemer, and Prof. Matthias Hollick from the Secure Mobile Networking Group (SEEMOO) received a Best Paper Award at WiNTECH Workshop 2017 for their paper “Nexmon: Build Your Own Wi-Fi Testbeds With Low-Level MAC and PHY-Access Using Firmware Patches on O-the-Shelf Mobile Devices”.
The 11th ACM International Workshop on Wireless Network Testbeds, Experimental evaluation & CHaracterization (WiNTECH) took place on October 20, 2017, in Snowbird, Utah, USA.
The most widespread Wi-Fi enabled devices are smartphones. They are mobile, close to people and available in large quantities, which makes them perfect candidates for real-world wireless testbeds. Unfortunately, most smartphones contain closed-source FullMAC Wi-Fi chips that hinder the modification of lower-layer Wi-Fi mechanisms and the implementation of new algorithms. To enable researchers' access to lower-layer frame processing and advanced physical-layer functionalities on Broadcom Wi-Fi chips, we developed the Nexmon firmware patching framework. It allows users to create firmware modifications for embedded ARM processors using C code and to change the behavior of Broadcom's real-time processor using Assembly. Currently, our framework supports five Broadcom chips available in smartphones and Raspberry Pis. Our example patches enable monitor mode, frame injection, handling of ioctls, ucode compression and flashpatches. In a simple ping offloading example, we demonstrate how handling pings in firmware reduces power consumption by up to 165 mW and is nine times faster than in the kernel on a Nexus 5. Using Nexmon, researchers can unleash the full capabilities of off-the-shelf Wi-Fi devices.