diff --git a/Project Olympic/README b/Project Olympic/README
deleted file mode 100644
index 8b13789..0000000
--- a/Project Olympic/README	
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/Project Olympic/README.md b/Project Olympic/README.md
new file mode 100644
index 0000000..ffb7271
--- /dev/null
+++ b/Project Olympic/README.md	
@@ -0,0 +1,307 @@
+# Project Olympic: BCM4388 Autonomous Operating System Analysis
+## Documentation of Chipset-Level RTOS and Host Visibility Limitations
+
+---
+
+## Overview
+
+This directory contains analysis of the **Poppy_CLPC_OS** autonomous operating system running on the Broadcom BCM4388 wireless chipset. The research documents how this dedicated Real-Time Operating System (RTOS) operates independently of the Host iOS/Android kernel, creating visibility and auditability gaps for Host security controls.
+
+**Key Finding:** The BCM4388 runs a complete operating system (Poppy_CLPC_OS with Oly.Nash 1.70.2 calibration modules) that executes continuously—including during Host CPU sleep states—with direct memory access privileges and persistent storage that survives factory reset.
+
+---
+
+## Files
+
+### Primary Artifacts
+
+| File | Size | MD5 | Description |
+|------|------|-----|-------------|
+| **bluetoothd-hci-2025_01_02-12_47_38.pklg** | 1,729,081 bytes | `3c32f6926fa043e57c76b585a02341d0` | HCI packet log with runtime behavior |
+
+### Analysis Documents
+
+| Document | Focus |
+|----------|-------|
+| **Technical Analysis.md** | Comprehensive security architecture analysis |
+---
+
+## The Poppy_CLPC_OS Environment
+
+### Identification
+
+**Firmware String Found in HCI Log:**
+```
+BCM4388C0_22.2.507.1323_PCIE_Poppy_CLPC_OS_STATS_20241003.bin
+```
+
+**Components:**
+- **BCM4388C0:** Chipset model identifier
+- **Poppy:** Project codename
+- **CLPC_OS:** Closed-Loop Power Control Operating System
+- **STATS:** Telemetry collection enabled
+- **Build Date:** October 3, 2024
+
+### Architecture
+
+**Operating System Modules Identified:**
+
+| Component | Version | Location | Function |
+|-----------|---------|----------|----------|
+| **Poppy_CLPC_OS** | 22.2.507.1323 | Firmware image | Main RTOS for power and RF control |
+| **Oly.Nash** | 1.70.2 | RAM offset 0x0032d6 | CLM calibration module (NVRAM) |
+| **ClmImport** | 1.69.0 | RAM offset 0x0032d6 | Regulatory domain enforcement |
+
+**Compilation Evidence:**
+```
+"Oly.Nash............1.70.2...........ClmImport: 1.69.0.............v2 Final 231204"
+```
+Build date: December 4, 2023
+
+### Hardware Privileges
+
+**Direct Memory Access (DMA) Channels:**
+
+10 independent DMA channels mapped in RAM dump:
+
+| Channel | Offset | Descriptor Base | Buffer Address |
+|---------|--------|----------------|----------------|
+| wl0:dma0 | 0x1a99c0 | 0x008f9b28 | 0x18031220 |
+| wl0:dma1 | 0x1e54d8 | 0x008f9b28 | 0x18031260 |
+| wl0:dma2 | 0x1be214 | 0x008f9b28 | 0x180312a0 |
+| ... | ... | ... | ... |
+| wl0:dma9 | 0x1be44c | 0x008f9b28 | (varies) |
+
+**DMA Capabilities:**
+- Device-to-Host (D2H) memory writes confirmed via error strings
+- Host-to-Device (H2D) memory reads confirmed via error strings
+- Hardware-level access bypasses Host OS memory protection
+- Operates during Host CPU sleep states
+
+---
+
+## Operational Characteristics
+
+### Autonomous Execution Evidence
+
+**From HCI Packet Log Analysis:**
+
+| Metric | Value | Implication |
+|--------|-------|-------------|
+| AP Sleep/Wake cycles | 599 | Extensive autonomous operation periods |
+| Packets in longest sleep | 90 (67 commands + 23 data) | Chipset processes traffic without Host oversight |
+| Total HCI commands | 87,654 | Substantial autonomous decision-making |
+| State machine error | 1 ("state:10") | Firmware encountered undefined state |
+
+**Key Observation:** During extended Host sleep (1,307-byte window), Poppy_CLPC_OS processed 90 packets completely independently—managing Bluetooth connections, memory allocation, and network decisions without Host OS involvement.
+
+### Power State Correlation
+
+**Critical State Warnings:**
+- 79 total "2.4 GHz critical state" warnings observed
+- 29 warnings (36.7%) occurred within 500 bytes of AP Sleep events
+- Most common timing pattern: 89-byte distance (27.6% of correlations)
+
+**Interpretation:** Power transitions create timing windows where Poppy_CLPC_OS state machines experience increased instability—consistent with complex asynchronous event handling during sleep/wake coordination.
+
+### Persistence
+
+**NVRAM-Backed Modules:**
+
+The Oly.Nash and ClmImport modules reside in non-volatile memory:
+
+| Sanitization Procedure | iOS User Data | iOS System | Poppy_CLPC_OS Firmware | Oly.Nash NVRAM |
+|----------------------|---------------|------------|----------------------|---------------|
+| Erase All Content | ✓ Deleted | Preserved | **Preserved** | **Preserved** |
+| DFU Restore | ✓ Deleted | ✓ Reinstalled | **Preserved** | **Preserved** |
+| Factory Reset | ✓ Deleted | ✓ Reinstalled | **Preserved** | **Preserved** |
+
+**Implication:** The autonomous operating system and its calibration modules survive all standard Host OS reset procedures.
+
+---
+
+## Security Architecture Implications
+
+### The Host OS Visibility Gap
+
+**What Host OS Can Monitor:**
+- High-level WiFi/Bluetooth on/off state
+- Network traffic after encryption (application layer)
+- General power state transitions (sleep/wake)
+
+**What Host OS Cannot Monitor:**
+- Poppy_CLPC_OS internal operations during Host sleep
+- Real-time DMA transactions (only IOMMU policy enforcement)
+- NVRAM module contents (Oly.Nash, ClmImport)
+- Chipset state machine transitions
+- Packet-level decisions during autonomous operation
+
+### Trust Boundary Analysis
+
+| Security Control | Host OS Domain | Poppy_CLPC_OS Domain |
+|-----------------|---------------|---------------------|
+| **Execution Control** | Kernel enforces process isolation | Operates independently with dedicated RTOS |
+| **Memory Access** | MMU enforces page tables | DMA with IOMMU policy (hardware-enforced) |
+| **Persistence** | Factory reset clears all data | NVRAM survives factory reset |
+| **Audit Logging** | Comprehensive syscall logs | Limited HCI logs (post-hoc only) |
+| **Real-Time Monitoring** | Yes (when CPU active) | No (especially during sleep) |
+
+**Critical Finding:** Poppy_CLPC_OS operates in a separate trust domain from the Host OS, with hardware-level privileges but limited real-time Host visibility.
+
+---
+
+## Relationship to Main Repository
+
+### Main Repo (BCM4387c2): Universal Architecture
+
+The parent repository documents features **common across all wireless chipsets**:
+- ThreadX RTOS presence
+- DMA operations (52 references)
+- Power state management
+- NVRAM calibration storage
+
+### This Study (BCM4388): Specific Implementation
+
+Project "Poppy_CLPC_OS" extends the analysis with:
+- **Named RTOS identification:** Poppy_CLPC_OS (not generic ThreadX)
+- **Versioned modules:** Oly.Nash 1.70.2, ClmImport 1.69.0
+- **Runtime behavior:** 599 sleep cycles with autonomous packet processing
+- **Timing patterns:** 36.7% correlation, 89-byte event structure
+- **Detailed DMA mapping:** 10 channels with exact memory addresses
+
+**Bridge:** Main repo shows **what** chipsets do architecturally. This study shows **how** Poppy_CLPC_OS implements that architecture with specific modules and runtime behavior.
+
+---
+
+## Key Takeaways
+
+### Technical Reality
+
+1. **Autonomous Operating System:** BCM4388 runs Poppy_CLPC_OS—a complete RTOS managing power, RF, and network operations
+2. **Hardware Privileges:** 10 DMA channels provide direct memory access (IOMMU-constrained)
+3. **Persistent Modules:** Oly.Nash calibration in NVRAM survives factory reset
+4. **Independent Operation:** Processes 90 packets during Host sleep with zero Host oversight
+5. **Timing Dependencies:** 36.7% correlation between power transitions and critical warnings
+
+### Security Implications
+
+**If Poppy_CLPC_OS Firmware Were Compromised:**
+- Would operate with DMA privileges during Host sleep states
+- Could persist through factory reset (NVRAM modules)
+- Would have limited Host OS visibility or detection
+- Could make autonomous network and memory decisions
+
+**Current Protections:**
+- IOMMU enforces DMA access policies (hardware-level)
+- Firmware signing by Broadcom (update integrity)
+- Limited attack surface (no direct user input to chipset)
+
+**Gaps:**
+- No real-time Host monitoring during chipset autonomous operation
+- No Host OS verification of NVRAM contents
+- Limited audit logging of chipset-level decisions
+- Factory reset does not clear chipset firmware/NVRAM
+
+---
+
+## Context and Limitations
+
+### Why This Architecture Exists
+
+Poppy_CLPC_OS autonomous operation is **required for:**
+- 802.11 Power Save Mode (maintain connectivity during Host sleep)
+- Real-time packet processing (multi-gigabit WiFi 6 performance)
+- Battery life optimization (Host CPU sleep while maintaining network)
+- Regulatory compliance (independent CLM enforcement)
+
+### What This Analysis Does NOT Show
+
+✗ Evidence of active exploitation or surveillance  
+✗ Intentional backdoors in Poppy_CLPC_OS  
+✗ Vulnerabilities unique to Broadcom (similar RTOS in all vendors)  
+✗ Methods to bypass IOMMU or compromise firmware  
+✗ Proof-of-concept attacks against this architecture  
+
+### What This Analysis DOES Show
+
+✓ Detailed identification of autonomous OS (Poppy_CLPC_OS)  
+✓ Documentation of hardware privileges (10 DMA channels)  
+✓ Evidence of persistent modules (Oly.Nash NVRAM)  
+✓ Runtime behavior patterns (autonomous packet processing)  
+✓ Host OS visibility limitations (especially during sleep)  
+
+---
+
+## Verification
+
+### Quick Check Commands
+
+```bash
+
+md5sum bluetoothd-hci-2025_01_02-12_47_38.pklg
+# Expected: 3c32f6926fa043e57c76b585a02341d0
+
+# Extract Poppy_CLPC_OS reference
+strings bluetoothd-hci-2025_01_02-12_47_38.pklg | grep Poppy_CLPC_OS
+# Output: BCM4388C0_22.2.507.1323_PCIE_Poppy_CLPC_OS_STATS_20241003.bin
+
+# Count DMA channels
+strings SoC_RAM.bin | grep "wl0:dma" | sort
+# Output: wl0:dma0 through wl0:dma9
+```
+
+### Analysis Script Usage
+
+See detailed analysis documents for:
+- Python scripts for DMA channel extraction
+- HCI log parsing for power state correlation
+- Statistical analysis of timing patterns
+- Binary offset verification
+
+---
+
+## Recommendations
+
+### For Security Practitioners
+
+- **Threat Modeling:** Include Poppy_CLPC_OS autonomous operation in device threat models
+- **IOMMU Verification:** Ensure DMA protections properly configured on platforms
+- **Persistent Firmware:** Consider chipset firmware in device sanitization procedures
+- **Visibility Gaps:** Acknowledge limited monitoring during Host sleep states
+
+### For Researchers
+
+- **Comparative Analysis:** Examine RTOS implementations in Qualcomm/Intel/MediaTek chipsets
+- **Dynamic Analysis:** Instrument DMA transactions during power transitions
+- **NVRAM Study:** Investigate Oly.Nash module integrity verification
+- **Timing Analysis:** Further study of 89-byte event structure pattern
+
+### For Industry
+
+- **Firmware Transparency:** Disclose autonomous OS capabilities (e.g., Poppy_CLPC_OS)
+- **Attestation:** Standardize firmware integrity verification mechanisms
+- **Audit Logging:** Enhance real-time visibility into chipset operations
+- **User Controls:** Provide mechanisms to audit NVRAM-backed modules
+
+---
+
+## Attribution
+
+**Analysis Date:** December 2025  
+**Researcher:** Joseph Goydish II  
+**Primary Finding:** Identification and characterization of Poppy_CLPC_OS autonomous operating system in BCM4388
+
+### Citation
+
+```
+Goydish II, J. (2025). Poppy_CLPC_OS: BCM4388 Autonomous Operating System Analysis.
+Documentation of Chipset-Level RTOS and Host Visibility Limitations.
+```
+
+---
+
+## License
+ 
+**Analysis & Documentation:** Public benefit, freely shareable with attribution  
+
+This research documents architectural characteristics of commercial chipset firmware for educational and security research purposes.