The WMP implementation has been developed by the CNIT research team (under the EU project FLAVIA) on a specific commercial wireless card (namely, AirForce One 54g, by Broadcom). The WMP has been implemented by re-flashing the card original firmware with a new one, working as a generic state machine executor (rather than as a specific protocol executor). Such an update of the card firmware has been possible thanks to the availability of a documented open firmware ( for the AirForce One cards.

The document also describes the API available on this platform (i.e. the list of events, actions and conditions to be used for defininf MAC programs) and some tools for developing and debugging MAC state machines. Specifically, the tools include:

  • a graphical tool, working as an editor for describing a MAC program in terms of a graphical representation of state transitions and state labels;
  • a compiling tool, able to map the graphical representation into a textual transition table and in a ByteCode (i.e. a coded representation of the table to be loaded on the card);
  • a ByteCode manager, able to read a ByteCode from the card and/or to inject the code in the WMP;

The combination of the MAC Engine, graphical editor, compiler, bytecode manager and driver is a complete and cheap tool-chain that allows developing and testing a new MAC scheme in a very simple, robust and quick way over an ultra-cheap platform. Each component of the tool-chain can be found on the site, where we provide:

  • this documentation;
  • the MAC Engine firmware that should replace the original card firmare;
  • the graphical editor, called WMP-Editor;
  • some ByteCode examples (including standard DCF, Time-Division multiple access, direct link);
  • the ByteCode manager.

Note that the current MAC Engine firmware has been tested on 4311 and 4318 chipset revisions, under the driver b43 and with kernel 3.1.4 (for more information see the specific appendix). The firmware supports both the infrastructure (working as a station) and the ad-hoc mode, it is compatible (in terms of protocol timings, frame fields, etc.) with legacy DCF stations in b and g mode, and it provides throughput performance comparable with the proprietary card firmware when executing the DCF state machine. It does not currently support: the RTS/CTS handshake (to be disabled when loading the b43 module), the hardware cryptography acceleration (to be used without encryption!) and the dot11 QoS mode (to be disabled when loading the module). Moreover, it has not been tested for working in a mode.

Additional information