Nexus 5 Wireless driver for BCM4339

I want to work on Access Point (AP) and Power Saving Mode (PSM) behaviour with a Nexus 5, which has a BCM4339 wireless chipset.

Currently, there are 4 drivers (1 experimental) available for Broadcom chipsets:

• broadcom-iw (proprietary). Firmware, so no change possible.
• brcm80211 (broadcom open-source mac80211-based). No support for AP mode.
• b43 (reverse engineered). Best choice, because it support AP, Power Saving Mode (PSM), Master Mode (or Monitor Mode).
• bcmon (experimental brcm80211-based driver). Supports AP and Monitor Mode, could be modified to support Power Saving Mode.

As documentation is kind of blurry concerning this particular chipset, my questions are:

• What is the "default" wireless driver used on Nexus 5 ?
• Is b43 supported by BCM4339 ? According to this page, Broadcom - BCM43xx, it should, but it is not listed on this page B43 - Known PCI devices.
• If b43 is indeed supported, what is the procedure to switch to b43 driver ?

EDIT: I found out that my chipset had an SDIO interface, so the driver used is a FullMAC driver (brcmfmac). If I understand correctly, it means that I cannot do any modifications on it since the MAC layer is coded in hardware ... Anyone to corroborate that ? Any alternatives ?

Even though the BCM4339 is a FullMAC or HardMAC chip, that handles all PHY and MAC layer processing in an ARM Cortex-R4 processor that is included in the BCM4339 system on chip, it is possible to change the firmware running on that microcontroller.

To do this, we developed a C-based patching framework, that allows to write patches to the original firmware in C. We used it to enable monitor mode on the BCM4339. If you are interested in the project, please take a look at our nexmon project at https://seemoo.tu-darmstadt.de/nexmon