Adam Batori and Robert Pafford Saal discuss the lack of documentation for RF hardware in low-cost microcontrollers, specifically focusing on the TI SimpleLink family. They reveal that the internal workings of these devices are limited to secret ROMs or binary blobs, preventing users from unlocking the full potential of the hardware. By reverse engineering TI’s proprietary RF patch format, they demonstrate how to modify the behavior of the RF subsystem and potentially create a cheap single-chip SDR. This talk serves as an unofficial “Radio Reference Manual” for SimpleLink MCU users, providing insight into how the radio operates from the stack to the antenna.
https://media.ccc.de/v/38c3-beyond-ble-cracking-open-the-black-box-of-rf-microcontrollers