Rolling the D11: An Emulation Game for the Whole BCM43 Family

The D11 is Broadcom's proprietary IEEE 802.11 MAC implementation and an essential part of their WiFi chips. It is a microcontroller that orchestrates the Physical Layer and Radio Front-end implementation and is programmable through a custom microcode. We provide a new emulation framework for the D11 microcode and a corresponding firmware patch for the WiFi chip that enables essential debugging methods, including microcode breakpoints and D11 state extraction. This toolset allows researchers to analyze the D11 microcode in a controlled environment dynamically. To facilitate research on the D11, we provide an overview of state-of-The-Art knowledge of the chip and publish all presented tools to the open-source community. We encourage everyone interested to enter the game, roll the D11, and provide new insights on Broadcom's MAC implementation.