There are some interesting applications...

Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi. Accepted to appear in Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2018, June 2018.

Matthias Schulz. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements through Wi-Fi Firmware Modifications. Dr.-Ing. thesis, Technische Universität Darmstadt, Germany, February 2018.

But the papers are nowhere to be found. Just went through peer review and still waiting for public publication?

This is exactly the sort of thing why FCC wants to lock down wlan ap/router firmwares. So, while a cool hack indeed, it is also bit unfortunate that it also kinda justifies FCCs position

It is impossible for you to redistribute this software or any sort of resulting binary.

It would be based on both their GPLv3 and their no-military licenses simultaneously. The linked requires another depot based on GPLv3 to function and perform patching. The resulting software would then undistributable as you cannot possibly comply with both the GPLv3 and their no-military license. GPLv3 would permit distribution to military and not permit you to restrict them and the other would prohibit military.

Additionally this should be considered a violation of Gitbub's Terms of Use. It is intentionally discriminatory against another group: Any given military. For example, the content hosted on GitHub is intentionally discriminatory toward the Deutsches Heer.

Considering the wildly varied performance of smartphone GPS implementations I'd love to use this to build my own WAAS emitter so that when me and 10 of my closest friends play ingress we're where we are supposed to be. But that would be based on using a higher accuracy source (think pucks that have better antennae, higher accuracy GPS chips and can see the other satellites as well).

Unfortunately I don't think some people could ignore the potential for abuse. If only I could be 15 feet to the left where the other guy's crappy GPS puts him. At some point I'm hoping my city will put up a few WAAS transmitters to help in the glass canyon that is our downtown.

Only in WiFi bands.. so not super flexible as you would expect from an actual SDR rig.. or maybe I’m missing that it can actually transmit in other bands ?

This is a continuation of a 2016 work on bcm4339 firmware.

https://2016.mrmcd.net/fahrplan/system/event_attachments/att...

RaspberryPee wifi chipset (BCM43438) is a close cousin and previous work (monitor mode, sending raw frames) was ported last year.

https://dev.seemoo.tu-darmstadt.de/bcm/bcm-rpi3/tree/master/...

so there is a chance this could to, it would mean $30 self contained 2.4/5 GHz SDR.

Halfway to making a handheld radar.

Nice to see that instead of a free license they've opted for a bullshit made-up one where they want you to cite their papers.

This opens up some exciting new ways to break radio spectrum laws! (I see the Raspberry Pi W is supported there... Hmmm...)

I'll stick with my RTL-SDR thanks :)

What was required to achieve this result ? That is, what did these folks have to break in order to gain control of the wifi chip in this way ?

How does this work compare to gaining (similar) access to the baseband processor on a phone ?

There should be a bounty for that ...