I'm hoping there's someone on here with experience with the CSR
chipset. This doesn't relate to BlueZ exactly, but I'm working from
BlueZ code so I figure someone here might have a clue what I'm doing
wrong.
I've been working on porting bluez's bdaddr utility to mac, and I
think I'm making pretty good progress. After digging around the
internals of IOBluetooth.framework, I've managed to, I think,
replicate the behavior of bdaddr's csr_write_bd_addr and
csr_reset_device.
The reset appears to be working, however the write address command is
producing a response packet with a status of 0x0009, not 0x0000 as
csr_write_bd_addr seems to check for. here's the low-level HCI
transaction dump:
HCIc: 00 fc 19 c2 02 00 0c 00 11 47 03 70 00 00 01 00
04 00 00 00 cb 00 00 16 1b 00 7e ad
HCIe: ff 19 c2 01 00 0c 00 11 47 03 70 09 00 01 00 04
00 00 00 cb 00 00 16 1b 00 7e ad
as far as I can tell, the command sent matches exactly what
csr_write_bd_addr would have sent with transient=false and addr =
00-16-cb-1b-7e-ad. Anyone see what I'm doing wrong? Or even any clue
what status 0x0009 is?
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
On 12/30/06, Peter Wippich <[email protected]> wrote:
>
> Hi Ian,
>
> On Thu, 28 Dec 2006, Ian Rickard wrote:
>
> > But only UART, not USB? I tried again with transient = true (word 7 =
> > 0x0008) and I still get a response with status 0x0009.
> The bccmd tool should also work over USB (have not tried it, but the code
> is in place).
Yeah, I'm think the problem is that Security_enable is set, preventing
the bt_addr from being changed, even temporarily. Reading pskey 509
(decimal) returns 0x0001.
> > And yeah, I understand changing your BT address is generally a bad
> > idea. This is just for research purposes. I'm trying to get a Wii to
> > connect to a MacBook as if it were a Wii Remote and so far just
> > matching the device name/class has proved insufficient. Current
> > theory is it will only connect to devices in Nintendo's OUI ranges.
>
> Have you checked the SDP service records required ??
>>From what I can tell, and I could be entirely wrong here, if the Wii
was performing an SDP query, that would result in HCI activity. In my
tests I'm not seeing HCI activity beyond me putting the device into
discoverable mode.
My current plan of attack is to look for a USB dongle that uses the
CSR chipset (since I already have working code for it) that either 1.
ships without security_enable set or 2. I can get info on where the
SPI interface is on the board.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
Hi Ian,
On Thu, 28 Dec 2006, Ian Rickard wrote:
> But only UART, not USB? I tried again with transient = true (word 7 =
> 0x0008) and I still get a response with status 0x0009.
The bccmd tool should also work over USB (have not tried it, but the code
is in place).
> And yeah, I understand changing your BT address is generally a bad
> idea. This is just for research purposes. I'm trying to get a Wii to
> connect to a MacBook as if it were a Wii Remote and so far just
> matching the device name/class has proved insufficient. Current
> theory is it will only connect to devices in Nintendo's OUI ranges.
Have you checked the SDP service records required ??
Ciao,
Peter
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
>>
>> Hi,
>>
>> > > I've been working on porting bluez's bdaddr utility to mac, and I
>> > > think I'm making pretty good progress. After digging around the
>> > > internals of IOBluetooth.framework, I've managed to, I think,
>> > > replicate the behavior of bdaddr's csr_write_bd_addr and
>> > > csr_reset_device.
>> > >
>> > > as far as I can tell, the command sent matches exactly what
>> > > csr_write_bd_addr would have sent with transient=false and addr =
>> > > 00-16-cb-1b-7e-ad. Anyone see what I'm doing wrong? Or even any
>> clue
>> > > what status 0x0009 is?
>> >
>> >
>> > Status 0x0009 = PERMISSION_DENIED
>> >
>> > I dont think you can change the bd_addr in the CSR chipset
>> > via UART/USB HCI commmands, only via SPI.
>> > Normally you only want to set the bd_addr during production.
>> >
>>
>> You can change it over the UART by using the bccmd util provided with
>> bluez utils. However, in the default configuration this will only change
>> the
>> address in RAM, not permanently in flash. This is by intention because
>> normaly you're not expected to do this unless you own a block of OUI
>> numbers where you can take a valid address from.
>>
>> So, as Susanne already mentioned normaly only in production.
>>
>> Ciao,
>>
>> Peter
>> |
>> | Gustav-Meyer-Allee 25, Geb. 12 Email: [email protected]
>>
>>
> But only UART, not USB? I tried again with transient = true (word 7 =
> 0x0008) and I still get a response with status 0x0009.
>
> And yeah, I understand changing your BT address is generally a bad
> idea. This is just for research purposes. I'm trying to get a Wii to
> connect to a MacBook as if it were a Wii Remote and so far just
> matching the device name/class has proved insufficient. Current
> theory is it will only connect to devices in Nintendo's OUI ranges.
>
You could check the pskey 509 Security_active, some manufactures
enables this, and you can only disable it via SPI. If it is enabled,
I assume [ not tested :-) ] this will prevent you from changing the bd_addr.
-Susanne
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
But only UART, not USB? I tried again with transient = true (word 7 =
0x0008) and I still get a response with status 0x0009.
And yeah, I understand changing your BT address is generally a bad
idea. This is just for research purposes. I'm trying to get a Wii to
connect to a MacBook as if it were a Wii Remote and so far just
matching the device name/class has proved insufficient. Current
theory is it will only connect to devices in Nintendo's OUI ranges.
On 12/28/06, Peter Wippich <[email protected]> wrote:
>
> Hi,
>
> > > I've been working on porting bluez's bdaddr utility to mac, and I
> > > think I'm making pretty good progress. After digging around the
> > > internals of IOBluetooth.framework, I've managed to, I think,
> > > replicate the behavior of bdaddr's csr_write_bd_addr and
> > > csr_reset_device.
> > >
> > > as far as I can tell, the command sent matches exactly what
> > > csr_write_bd_addr would have sent with transient=false and addr =
> > > 00-16-cb-1b-7e-ad. Anyone see what I'm doing wrong? Or even any clue
> > > what status 0x0009 is?
> >
> >
> > Status 0x0009 = PERMISSION_DENIED
> >
> > I dont think you can change the bd_addr in the CSR chipset
> > via UART/USB HCI commmands, only via SPI.
> > Normally you only want to set the bd_addr during production.
> >
>
> You can change it over the UART by using the bccmd util provided with
> bluez utils. However, in the default configuration this will only change the
> address in RAM, not permanently in flash. This is by intention because
> normaly you're not expected to do this unless you own a block of OUI
> numbers where you can take a valid address from.
>
> So, as Susanne already mentioned normaly only in production.
>
> Ciao,
>
> Peter
>
>
> | Peter Wippich Voice: +49 30 46776411 |
> | G&W Instruments GmbH fax: +49 30 46776419 |
> | Gustav-Meyer-Allee 25, Geb. 12 Email: [email protected] |
> | D-13355 Berlin / Germany |
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Bluez-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/bluez-devel
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
Hi,
> > I've been working on porting bluez's bdaddr utility to mac, and I
> > think I'm making pretty good progress. After digging around the
> > internals of IOBluetooth.framework, I've managed to, I think,
> > replicate the behavior of bdaddr's csr_write_bd_addr and
> > csr_reset_device.
> >
> > as far as I can tell, the command sent matches exactly what
> > csr_write_bd_addr would have sent with transient=false and addr =
> > 00-16-cb-1b-7e-ad. Anyone see what I'm doing wrong? Or even any clue
> > what status 0x0009 is?
>
>
> Status 0x0009 = PERMISSION_DENIED
>
> I dont think you can change the bd_addr in the CSR chipset
> via UART/USB HCI commmands, only via SPI.
> Normally you only want to set the bd_addr during production.
>
You can change it over the UART by using the bccmd util provided with
bluez utils. However, in the default configuration this will only change the
address in RAM, not permanently in flash. This is by intention because
normaly you're not expected to do this unless you own a block of OUI
numbers where you can take a valid address from.
So, as Susanne already mentioned normaly only in production.
Ciao,
Peter
| Peter Wippich Voice: +49 30 46776411 |
| G&W Instruments GmbH fax: +49 30 46776419 |
| Gustav-Meyer-Allee 25, Geb. 12 Email: [email protected] |
| D-13355 Berlin / Germany |
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
> I'm hoping there's someone on here with experience with the CSR
> chipset. This doesn't relate to BlueZ exactly, but I'm working from
> BlueZ code so I figure someone here might have a clue what I'm doing
> wrong.
>
> I've been working on porting bluez's bdaddr utility to mac, and I
> think I'm making pretty good progress. After digging around the
> internals of IOBluetooth.framework, I've managed to, I think,
> replicate the behavior of bdaddr's csr_write_bd_addr and
> csr_reset_device.
>
> The reset appears to be working, however the write address command is
> producing a response packet with a status of 0x0009, not 0x0000 as
> csr_write_bd_addr seems to check for. here's the low-level HCI
> transaction dump:
>
> HCIc: 00 fc 19 c2 02 00 0c 00 11 47 03 70 00 00 01 00
> 04 00 00 00 cb 00 00 16 1b 00 7e ad
> HCIe: ff 19 c2 01 00 0c 00 11 47 03 70 09 00 01 00 04
> 00 00 00 cb 00 00 16 1b 00 7e ad
>
> as far as I can tell, the command sent matches exactly what
> csr_write_bd_addr would have sent with transient=false and addr =
> 00-16-cb-1b-7e-ad. Anyone see what I'm doing wrong? Or even any clue
> what status 0x0009 is?
Status 0x0009 = PERMISSION_DENIED
I dont think you can change the bd_addr in the CSR chipset
via UART/USB HCI commmands, only via SPI.
Normally you only want to set the bd_addr during production.
-Susanne
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel