This comment confused me at first, but I think you're being complimentary?

If so, I think you'd want to use 'first rate' to mean something best in class. First grade is well, first grade(childish), at least in US English.

or "top grade"

Embedded world has low standards, then. :) For $100k+ I'd expect some working PoC FOSS code, based on the RE, not just a nice summary of looking around at code in Ghidra, and searching on Github.

Making a PoC is usually only the beginning. Firmware upgrades for microcontrollers may be difficult to do in the field, without UART and JTAG debugging. If clients expect that pretty demos will continue working, they might be quite disappointed. It's better to follow good design patterns (Active Objects, state machines [1]) from the start when possible.

dmitrygr is a legendary embedded hacker [2]: his Transcend WiFi SD card reverse-engineering is what led to me having a PQI Air Card in my pocket, and he's also written a bit-banged Bluetooth Low Energy driver. Great for a demo or when there's nothing else available, but far from a finished product.

Writing a MISRA-compliant BLE driver would make me MISRA BLE.

[1] https://embeddedgurus.com/state-space/2016/04/beyond-the-rto...

[2] http://dmitry.gr/?r=05.Projects

i enjoyed the pun. it wasnt missed

You underestimate the cost of a competent reverse engineer's time. eg: I charge $995/hour for such stuff (reverse engineering unknown chips/devices) and have no shortage of takers.

A large amount of initial RE work is research, such as this article. Not doing it costs you a lot more time later on.

Working code could easily be over 100 hours of work on an under-documented radio chip, so your cost estimate is too low for that

I know how much re costs in the amount of time spent. I've RE'd all kinds of things, and re-implemented in a better way, from weird payment terminals, camera sensors, to really weird eInk/SoC combos where a big manufacturer is bitbanging eInk protocol over data lines of LCD interface from memory patterns, USB bootloader protocols, software protection schemes... Pre-RE research is valuable, but that's just a start.

Anyway, at $200/h you can spend 500h making something work. ;)

Genuine curiosity, who is paying for that type of work? What is a typical use case? Where is the ROI? I'm not familiar with this world at all. I appreciate any insight!

Some companies want to know how their competitors do things.

Some companies want to find how someone would RE their devices, so they pay someone to find a way, then tell them.

Sometimes just a random person will want something REd so much that they'd pay for it to be done (happened more than once)

Sometimes no cause is given to me, which is fine because that is none of my business, really.

Sometimes I just do it for fun, but then I do not get paid, eg: http://dmitry.gr/?r=05.Projects&proj=30.%20Reverse%20Enginee...

Word to the Wise: Dmitry is legendary. His work is admired the world over.

Did you RE UART protocols?

Thank you for the reply.