{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:10:09Z","timestamp":1750219809433,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,2]],"date-time":"2023-10-02T00:00:00Z","timestamp":1696204800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Deutsche Forschungsgemeinschaft"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,6]]},"DOI":"10.1145\/3615453.3616520","type":"proceedings-article","created":{"date-parts":[[2023,9,20]],"date-time":"2023-09-20T14:31:04Z","timestamp":1695220264000},"page":"88-95","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Rolling the D11"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1068-6053","authenticated-orcid":false,"given":"Jakob","family":"Link","sequence":"first","affiliation":[{"name":"Secure Mobile Networking Lab, TU Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0325-1844","authenticated-orcid":false,"given":"David","family":"Breuer","sequence":"additional","affiliation":[{"name":"Secure Mobile Networking Lab, TU Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2621-582X","authenticated-orcid":false,"given":"Francesco","family":"Gringoli","sequence":"additional","affiliation":[{"name":"University of Brescia\/CNIT, Brescia, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9163-5989","authenticated-orcid":false,"given":"Matthias","family":"Hollick","sequence":"additional","affiliation":[{"name":"Secure Mobile Networking Lab, TU Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,10,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. WARP Project. Retrieved June 30 2023 from http:\/\/warpproject.org"},{"key":"e_1_3_2_1_2_1","volume-title":"Retrieved","author":"Anguelkov Hugues","year":"2019","unstructured":"Hugues Anguelkov. 2019. Reverse-engineering Broadcom wireless chipsets. Retrieved June 30, 2023 from https:\/\/blog.quarkslab.com\/reverse-engineering-broadcom-wireless-chipsets.html"},{"key":"e_1_3_2_1_3_1","volume-title":"Retrieved","author":"Artenstein Nitay","year":"2017","unstructured":"Nitay Artenstein. 2017. Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets. Retrieved June 30, 2023 from https:\/\/blog.exodusintel.com\/2017\/07\/26\/broadpwn\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/1247360.1247401"},{"key":"e_1_3_2_1_5_1","volume-title":"Retrieved","author":"Beniamini Gal","year":"2017","unstructured":"Gal Beniamini. 2017. Over The Air: Exploiting Broadcom's Wi-Fi Stack. Retrieved June 30, 2023 from https:\/\/googleprojectzero.blogspot.com\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_4.html"},{"key":"e_1_3_2_1_6_1","volume-title":"Retrieved","author":"Berg Johannes","year":"2016","unstructured":"Johannes Berg. 2016. BCM43XX Specification. Retrieved June 30, 2023 from https:\/\/bcm-v4.sipsolutions.net"},{"key":"e_1_3_2_1_7_1","volume-title":"Retrieved","author":"B\u00fcsch Michael","year":"2022","unstructured":"Michael B\u00fcsch. 2022. b43-tools. Retrieved June 30, 2023 from https:\/\/github.com\/mbuesch\/b43-tools"},{"key":"e_1_3_2_1_8_1","volume-title":"Ranasinghe","author":"Chesser Michael","year":"2023","unstructured":"Michael Chesser, Surya Nepal, and Damith C. Ranasinghe. 2023. ICICLE: A Re-Designed Emulator for Grey-Box Firmware Fuzzing. arXiv:2301.13346 [cs.CR]"},{"key":"e_1_3_2_1_9_1","volume-title":"HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Clements Abraham A","year":"2020","unstructured":"Abraham A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1201--1218."},{"volume-title":"CYW4339: Single-Chip 5G WiFi IEEE 802.11ac MAC\/Baseband\/ Radio with Integrated Bluetooth 4.1 and FM Receiver","author":"Cypress Semiconductor Corporation","key":"e_1_3_2_1_10_1","unstructured":"Cypress Semiconductor Corporation\/Infineon Technologies 2016. CYW4339: Single-Chip 5G WiFi IEEE 802.11ac MAC\/Baseband\/ Radio with Integrated Bluetooth 4.1 and FM Receiver. Cypress Semiconductor Corporation\/Infineon Technologies."},{"volume-title":"CYW43455: Single-Chip 5G WiFi IEEE 802.11n\/ac MAC\/Baseband\/Radio with Integrated Bluetooth 5.0","author":"Cypress Semiconductor Corporation","key":"e_1_3_2_1_11_1","unstructured":"Cypress Semiconductor Corporation\/Infineon Technologies 2019. CYW43455: Single-Chip 5G WiFi IEEE 802.11n\/ac MAC\/Baseband\/Radio with Integrated Bluetooth 5.0. Cypress Semiconductor Corporation\/Infineon Technologies."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3349623.3355477"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/VTC2020-Spring48590.2020.9128614"},{"key":"e_1_3_2_1_14_1","volume-title":"SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. In 9th USENIX Workshop on Offensive Technologies (WOOT 15)","author":"Koscher Karl","year":"2015","unstructured":"Karl Koscher, Tadayoshi Kohno, and David Molnar. 2015. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. In 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association, Washington, D.C."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"},{"key":"e_1_3_2_1_16_1","volume-title":"Retrieved","author":"Nava Lorenzo","year":"2008","unstructured":"Lorenzo Nava and Franzesco Gringoli. 2008. Open FirmWare for WiFi networks: a UniBS NTW group project. Retrieved June 30, 2023 from http:\/\/netweb.ing.unibs.it\/openfwwf\/"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","author":"Nico Ralf","year":"2017","unstructured":"Ralf Nico. 2017. Emulation and Exploration of BCM WiFi Frame Parsing using LuaQEMU. Retrieved June 30, 2023 from https:\/\/comsecuris.com\/blog\/posts\/luaqemu_bcm_wifi\/"},{"key":"e_1_3_2_1_18_1","volume-title":"Unicorn: Next generation cpu emulator framework.","author":"Quynh Nguyen Anh","year":"2015","unstructured":"Nguyen Anh Quynh and Dang Hoang Vu. 2015. Unicorn: Next generation cpu emulator framework."},{"key":"e_1_3_2_1_19_1","volume-title":"Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. 2022. Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA."},{"key":"e_1_3_2_1_20_1","unstructured":"Matthias Schulz. 2018. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications. Ph. D. Dissertation. Technische Universit\u00e4t Darmstadt."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098253"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3210240.3210333"},{"key":"e_1_3_2_1_23_1","volume-title":"Retrieved","author":"Schulz Matthias","year":"2017","unstructured":"Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework. Retrieved June 30, 2023 from https:\/\/nexmon.org"},{"key":"e_1_3_2_1_24_1","volume-title":"Smith and Ravi Nair","author":"James","year":"2005","unstructured":"James E. Smith and Ravi Nair. 2005. Virtual Machines - Versatile Platforms for Systems and Processes. Morgan Kaufmann."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"}],"event":{"name":"ACM MobiCom '23: The 29th Annual International Conference on Mobile Computing and Networking","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"],"location":"Madrid Spain","acronym":"ACM MobiCom '23"},"container-title":["Proceedings of the 17th ACM Workshop on Wireless Network Testbeds, Experimental evaluation &amp; Characterization"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3615453.3616520","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3615453.3616520","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:45:46Z","timestamp":1750178746000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3615453.3616520"}},"subtitle":["An Emulation Game for the Whole BCM43 Family"],"short-title":[],"issued":{"date-parts":[[2023,10,2]]},"references-count":25,"alternative-id":["10.1145\/3615453.3616520","10.1145\/3615453"],"URL":"https:\/\/doi.org\/10.1145\/3615453.3616520","relation":{},"subject":[],"published":{"date-parts":[[2023,10,2]]},"assertion":[{"value":"2023-10-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}