I happen to have this device laying around. I am disappointed in the state of BCM SoCs and their support in OpenWRT. I find myself with some free time on my hands.
I am up for it - I can grab the blobs, walk through them (if necessary), and I can look at the hardware and I believe the way to start is with a JTAG header.
Or would you recommend a more raw approach and get something like a BCM dev kit ?
There are no wireless drivers for BCM6750/ BCM43684, there will never be any either. Even if you want to ignore that elephant in the room, the rest of the hardware is nothing to write home about either.
If you want honest advice, 10-30 bucks on your local used markets will give you better devices that just work - if you sell the rt-ax3000 you might even roughly get away with it at +/- ~0.
See, that's what I am targeting.
Maybe it's worth clarifying a bit...
What @slh was getting at was essentially: Don't waste your time, especially when there are so many great alternatives that are available in OpenWrt.
With all that in mind, obviously you're welcome to do whatever you want with your spare time. However, it is also unlikely that any fruits of that labor could be included in OpenWrt for the above reasons (and others). Can the reverse engineering -> recoding work? Yes, of course it's possible with enough time and effort. Is it worth it? Probably not for the vast majority of developers... but for the few who like really complex challenges, sure... maybe.
Makes me think of the joke:
What is the fastest way to get an engineer to solve a problem?
Tell them that it is unsolvable.
Thank you for typing this all out. I am aware of these concerns.
The Trade Secrets Directive states in Article 3(1)(b) that the acquisition of a trade secret is lawful if it is obtained by “observation, study, disassembly or testing of a product or object that has been made available to the public or that is lawfully in the possession of the acquirer of the information who is free from any legally valid duty to limit the acquisition of the trade secret”.
The proposed clean room technique is ONE way to achieve reverse engineering, I agree that this is a concern.
Think world-wide, though. Protections in one country do not guarantee legality in others. And it is possible for an entity to take legal actions in countries that have different laws.
The legal questions are moot until there is actually code to consider merging. For that code to be merged into any official project (OpenWrt or upstream Linux), there are license terms and processes related to those commits that you'll need to satisfy (but that is a discussion for another day -- sometime probably way in the future).
You don't need anyone's permission to attempt to develop your own version of the Broadcom drivers, though, so feel free to get started if this is of interest to you. At the very least, it will be an impressive engineering effort and a learning opportunity.
Also keep in mind that disassembling a physical device is different from running a disassembler over some binary code and then using ai to obfuscate this, copyright law reaches further than patent law (just think about Sherlock Holmes vs details about Watson or Steamboat Willie vs Mickey Mouse). The linux kernel community is sensitive to these topics, we've seen good clean room development (e.g. b43) and bad precedence (tiacx), which has been rejected with prejudice. If you want to start developing on these drivers, you will have to deal with upstream linux (linux-wireless and netdev) more than with OpenWrt itself.
Are you saying you're willing to pay for, contract, etc. with BCM to obtain their dev kit?
That's against BCM's license.
Interesting.
Does bcm do anything like LV mode on their arm SoCs? You might be reverse engineering the JTAG before anything else.
Have you tried contacting the vendor for the GPL source? Or looked for source for the same SoC? You are going to want to bring up basic functionality like clocks, flash, ethernet, etc before reverse engineering anything complicated.
If you really want to work on the wifi, look for the same radio chip in PCIe form factor. It's all the same problems, but without the extra friction of working on an embedded platform. Still a huge boulder to push up a huge hill though.