Last active
November 11, 2017 06:27
-
-
Save khanzf/c670c4b22f2701037be64315aef53786 to your computer and use it in GitHub Desktop.
rtl8188ee rom breakdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <stdio.h> | |
| #define IEEE80211_ADDR_LEN 6 | |
| uint8_t rom[] = { | |
| 0x29, 0x81, 0x0, 0x6c, 0xb, 0x0, 0x0, 0x0, | |
| 0x0, 0xc, 0x40, 0x0, 0x10, 0x0, 0x0, 0x0, | |
| 0x26, 0x25, 0x24, 0x23, 0x22, 0x21, 0x2c, 0x2b, | |
| 0x2a, 0x29, 0x29, 0x2, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0x20, 0x33, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, | |
| 0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0x40, 0x49, 0x0f, 0xa9, 0xb7, 0x61, 0xec, 0x10, | |
| 0x79, 0x81, 0x3c, 0x10, 0x7d, 0x19, 0xc3, 0xff, | |
| 0x40, 0x82, 0x80, 0x08, 0x00, 0x00, 0x11, 0x3c, | |
| 0x27, 0x00, 0x10, 0x20, 0x01, 0x91, 0x81, 0xfe, | |
| 0xff, 0x4c, 0xe0, 0x00, 0x00, 0x0c, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
| 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff | |
| }; | |
| struct _bw40_bw20_ofdm_cck { | |
| uint8_t bw40:4; // Bitshift 07 | |
| uint8_t bw20:4; // Bitshift 08 | |
| uint8_t ofdm:4; // Bitshift 09 | |
| uint8_t cck:4; // Bitshift 10 | |
| }; | |
| struct _r88ee_rom_24g { | |
| uint8_t index_cck_base[6];//R88EE_GROUP_24G]; // 01 - This value is 6 | |
| uint8_t index_bw40_base[6-1];//R88EE_GROUP_24G-1]; // 02 - Number is 5 | |
| // 03 Is not captured anywhere. | |
| uint8_t bw20_ofdm; // 04,05 - bitshift_1; | |
| // 06 is also not captured | |
| struct _bw40_bw20_ofdm_cck bw40_bw20_ofdm_cck[4-1];//R88EE_MAX_CHAINS-1]; // 04 This value is 4 | |
| }; | |
| struct _r88ee_rom_5g { | |
| uint8_t index_bw40_base[14];//R88EE_GROUP_5G]; // 11,12,13 This value is 14 | |
| uint8_t bw20_ofdm; // 14,15 | |
| uint8_t bw40_bw20[4-1];//R88EE_MAX_TX_COUNT-1]; // 16,17 This value is 4-1=3 | |
| uint8_t ofdm_1[2]; // 18,19 and then 20 | |
| // uint8_t ofdm_2[MAX_TX_COUNT-1]; // Value is 4-1=3 | |
| }; | |
| struct _r88ee_rf_path { | |
| struct _r88ee_rom_24g rfpath_24g; | |
| struct _r88ee_rom_5g rfpath_5g; | |
| }; | |
| struct r88ee_rom { | |
| uint16_t id; /* Always 0x8129 */ | |
| uint8_t hpon[4]; | |
| uint16_t clk; | |
| uint8_t testr[8]; | |
| struct _r88ee_rf_path rfpath[4]; //R88EE [MAX_RF_PATH]; // MAX_RF_PATH is 4 [16-168] | |
| uint8_t unknown3[16]; | |
| uint16_t channel_plan; | |
| uint8_t xtal; | |
| uint8_t thermal_meter; | |
| uint8_t unknown4[5]; | |
| uint8_t rf_board_option; | |
| uint8_t rf_feature_option; | |
| uint8_t rf_bt_setting; | |
| uint8_t version; | |
| uint8_t customer_id; | |
| uint8_t reserved1[3]; | |
| uint8_t rf_antenna_option; | |
| uint8_t reserved2[6]; | |
| uint8_t macaddr[IEEE80211_ADDR_LEN]; | |
| uint16_t vid; | |
| uint16_t did; | |
| uint16_t svid; | |
| uint16_t smid; | |
| uint8_t unknown5[290]; | |
| }; // Should be 512 byte | |
| int main() { | |
| struct r88ee_rom *ptr; | |
| int offset = 0; | |
| ptr = (struct r88ee_rom *)rom; | |
| printf("Offsets\n"); | |
| printf("Name \tOffset\tSize\tValue\n"); | |
| printf("r88ee_rom: \t%d\t%d\n", offset, sizeof(struct r88ee_rom)); | |
| printf("id: \t%d\t%d\t%x\n", offset, sizeof(ptr->id), ptr->id); | |
| offset=offset+sizeof(ptr->id); | |
| printf("hpon: \t%d\t%d\n", offset, sizeof(ptr->hpon)); | |
| offset=offset+sizeof(ptr->hpon); | |
| printf("clk: \t%d\t%d\n", offset, sizeof(ptr->clk)); | |
| offset=offset+sizeof(ptr->clk); | |
| printf("testr: \t%d\t%d\n", offset, sizeof(ptr->testr)); | |
| offset=offset+sizeof(ptr->testr); | |
| printf("rfpath: \t%d\t%d\n", offset, sizeof(ptr->rfpath)); | |
| offset=offset+sizeof(ptr->rfpath); | |
| printf("unknown3: \t%d\t%d\n", offset, sizeof(ptr->unknown3)); | |
| offset=offset+sizeof(ptr->unknown3); | |
| printf("channel_plan: \t%d\t%d\t%x\n", offset, sizeof(ptr->channel_plan), ptr->channel_plan); | |
| offset=offset+sizeof(ptr->channel_plan); | |
| printf("xtal: \t%d\t%d\t%x\n", offset, sizeof(ptr->xtal), ptr->xtal); | |
| offset=offset+sizeof(ptr->xtal); | |
| printf("thermal_meter: \t%d\t%d\t%x\n", offset, sizeof(ptr->thermal_meter), ptr->thermal_meter, ptr->thermal_meter); | |
| offset=offset+sizeof(ptr->thermal_meter); | |
| printf("unknown4: \t%d\t%d\n", offset, sizeof(ptr->unknown4)); | |
| offset=offset+sizeof(ptr->unknown4); | |
| printf("rf_board_option: \t%d\t%d\n", offset, sizeof(ptr->rf_board_option)); | |
| offset=offset+sizeof(ptr->rf_board_option); | |
| printf("rf_feature_option:\t%d\t%d\n", offset, sizeof(ptr->rf_feature_option)); | |
| offset=offset+sizeof(ptr->rf_feature_option); | |
| printf("rf_bt_setting: \t%d\t%d\n", offset, sizeof(ptr->rf_bt_setting)); | |
| offset=offset+sizeof(ptr->version); | |
| printf("version: \t%d\t%d\n", offset, sizeof(ptr->version)); | |
| offset=offset+sizeof(ptr->customer_id); | |
| printf("customer_id: \t%d\t%d\n", offset, sizeof(ptr->customer_id)); | |
| offset=offset+sizeof(ptr->reserved1); | |
| printf("reserved1: \t%d\t%d\n", offset, sizeof(ptr->reserved1)); | |
| offset=offset+sizeof(ptr->rf_antenna_option); | |
| printf("rf_antenna_option:\t%d\t%d\n", offset, sizeof(ptr->rf_antenna_option)); | |
| offset=offset+sizeof(ptr->reserved2); | |
| printf("reserved2: \t%d\t%d\n", offset, sizeof(ptr->reserved2)); | |
| offset=offset+sizeof(ptr->macaddr); | |
| printf("offset: \t%d\t%d\t%x:%x:%x\n", offset, sizeof(ptr->macaddr), ptr->macaddr[0], ptr->macaddr[1], ptr->macaddr[2]); | |
| offset=offset+sizeof(ptr->vid); | |
| printf("vid: \t%d\t%d\n", offset, sizeof(ptr->vid)); | |
| offset=offset+sizeof(ptr->did); | |
| printf("did: \t%d\t%d\n", offset, sizeof(ptr->did)); | |
| offset=offset+sizeof(ptr->svid); | |
| printf("svid: \t%d\t%d\n", offset, sizeof(ptr->svid)); | |
| offset=offset+sizeof(ptr->smid); | |
| printf("smid: \t%d\t%d\t%x\n", offset, sizeof(ptr->smid), ptr->smid); | |
| offset=offset+sizeof(ptr->unknown5); | |
| printf("Final offset: %d\n", offset+sizeof(ptr->smid)); | |
| printf("\nSizes\n"); | |
| printf("\t_r88ee_rf_path\t%d\n", sizeof(struct _r88ee_rf_path)); | |
| printf("\t_r88ee_rom_5g\t%d\n", sizeof(struct _r88ee_rom_5g)); | |
| printf("\t_r88ee_rom_24g\t%d\n", sizeof(struct _r88ee_rom_24g)); | |
| printf("\nSearching offset: %d\n", 0xB8); | |
| printf("\nTesting:\n"); | |
| printf("version:\t%x\n", rom[0xc4]); | |
| printf("channel:\t%i %d\t%i\n", (uint16_t)rom[0xB8], 0xB8, ptr->channel_plan); | |
| printf("oemid:\t%x\n", rom[0xC5]); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment