Difference between revisions of "/dev/usb/btrm"
< /dev
Jump to navigation
Jump to search
(Add more info about lib and function requests) |
|||
| Line 5: | Line 5: | ||
==ioctlv() interface== | ==ioctlv() interface== | ||
===0x00 - Execute function=== | ===0x00 - Execute function=== | ||
| − | This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a [[#Function | + | This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a [[#Function request|function request]] as input and a [[#Function result|function result]] as output. |
==Structures== | ==Structures== | ||
| − | ===Function | + | ===Function request=== |
| − | This structure identifies which function call to make. It is 0x1008 bytes long, with | + | This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function. |
<syntaxhighlight lang="C"> | <syntaxhighlight lang="C"> | ||
/* Function identifier */ | /* Function identifier */ | ||
typedef struct | typedef struct | ||
{ | { | ||
| − | + | uint8_t request_data[0x1000]; | |
uint8_t lib, func; | uint8_t lib, func; | ||
char unknown1002[0x1004-0x1002]; | char unknown1002[0x1004-0x1002]; | ||
uint32_t unknown1004; | uint32_t unknown1004; | ||
| − | } | + | } btrm_request_t; |
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ===Function result | + | ===Function result=== |
This structure contains the output of a function executed by the Bluetooth resource manager. | This structure contains the output of a function executed by the Bluetooth resource manager. | ||
| Line 28: | Line 28: | ||
typedef struct | typedef struct | ||
{ | { | ||
| − | + | uint8_t result_data[0x1000]; | |
uint8_t some_id; | uint8_t some_id; | ||
char unknown1001[0x1004-0x1001]; | char unknown1001[0x1004-0x1001]; | ||
uint32_t unknown1004; | uint32_t unknown1004; | ||
uint32_t unknown1008; | uint32_t unknown1008; | ||
| − | } | + | } btrm_result_t; |
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | ==Libraries and Functions== | ||
| + | These are the different lib and func parameters which are set in the request struct. | ||
| + | |||
| + | === Libraries === | ||
| + | {| class="wikitable sortable" | ||
| + | ! Library | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x01 | ||
| + | | | ||
| + | | Initializes some internal flags | ||
| + | |- | ||
| + | | 0x02 | ||
| + | | | ||
| + | | Sets the Bluetooth visibility to connectable | ||
| + | |- | ||
| + | | 0x03 | ||
| + | | CMD_WUD | ||
| + | | | ||
| + | |- | ||
| + | | 0x04 | ||
| + | | CMD_BTE | ||
| + | | | ||
| + | |- | ||
| + | | 0x05 | ||
| + | | | ||
| + | | Waits for an event from the resource queue | ||
| + | |} | ||
| + | |||
| + | === Functions === | ||
| + | The function names are only guessed based on their behavior. | ||
| + | |||
| + | ==== CMD_WUD (3) ==== | ||
| + | {| class="wikitable sortable" | ||
| + | ! Function | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x04 | ||
| + | | start_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x05 | ||
| + | | | ||
| + | | Also device sync related | ||
| + | |- | ||
| + | | 0x06 | ||
| + | | purge_device_info | ||
| + | | Removes the UC entries for devInfo and devInfoExt | ||
| + | |- | ||
| + | | 0x07 | ||
| + | | set_loop_count | ||
| + | | Sets the loop count used when pairing new controllers | ||
| + | |- | ||
| + | | 0x08 | ||
| + | | cancel_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x09 | ||
| + | | set_disable_channel_imm | ||
| + | | Sets the afh channels | ||
| + | |- | ||
| + | | 0x0a | ||
| + | | start_cleardevice | ||
| + | | Clears all devInfo and devInfoExt entries in UC to 0 | ||
| + | |- | ||
| + | | 0x0b | ||
| + | | set_visibility | ||
| + | | | ||
| + | |- | ||
| + | | 0x0c | ||
| + | | set_sniff_mode | ||
| + | | | ||
| + | |- | ||
| + | | 0x0d | ||
| + | | register_new_device | ||
| + | | Adds a new device pairing using it's BDA, name and link key | ||
| + | |- | ||
| + | | 0x0e | ||
| + | | enable_cleardevice_callback | ||
| + | | If enabled, send a callback to the resource queue when cleardevice is done | ||
| + | |- | ||
| + | | 0x0f | ||
| + | | enable_sync_callback | ||
| + | | If enabled, send a callback to the resource queue when a device is synced | ||
| + | |- | ||
| + | | 0x10 | ||
| + | | enable_wbc | ||
| + | | Enables WBC (Wii Balance Board connections) | ||
| + | |- | ||
| + | | 0x11 | ||
| + | | | ||
| + | | Serial flash related | ||
| + | |- | ||
| + | | 0x12 | ||
| + | | serial_flash_mode | ||
| + | | | ||
| + | |- | ||
| + | | 0x13 | ||
| + | | serial_flash_write | ||
| + | | | ||
| + | |- | ||
| + | | 0x14 | ||
| + | | serial_flash_read | ||
| + | | | ||
| + | |- | ||
| + | | 0x16 | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | | 0x17 | ||
| + | | start_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x19 | ||
| + | | store_entry | ||
| + | | Stores an entry in the devInfo array | ||
| + | |- | ||
| + | | 0x1a | ||
| + | | delete_controller_order | ||
| + | | Deletes the controller order | ||
| + | |- | ||
| + | | 0x1b | ||
| + | | disable_sync_callback | ||
| + | | See enable_sync_callback | ||
| + | |- | ||
| + | | 0x1c | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | | 0x1e | ||
| + | | disable_wbc | ||
| + | | See enable_wbc | ||
| + | |- | ||
| + | | 0x1d | ||
| + | | | ||
| + | | Returns 0 | ||
| + | |} | ||
| + | |||
| + | ==== CMD_BTE (4) ==== | ||
| + | {| class="wikitable sortable" | ||
| + | ! Function | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x00 | ||
| + | | remove_acl | ||
| + | | Disconnects an acl connection | ||
| + | |- | ||
| + | | 0x01 | ||
| + | | | ||
| + | | Returns 0 | ||
| + | |- | ||
| + | | 0x02 | ||
| + | | hh_close | ||
| + | | Closes an HID host connection | ||
| + | |- | ||
| + | | 0x03 | ||
| + | | retrieve_oob | ||
| + | | Retrieves OOB data from the host controller | ||
| + | |} | ||
Revision as of 22:49, 9 October 2021
/dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by padscore.rpl. Inside IOSU, it uses /dev/uhs/1 to talk to the Bluetooth module, which is connected via internal USB.
ioctlv() interface
0x00 - Execute function
This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a function request as input and a function result as output.
Structures
Function request
This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function.
/* Function identifier */
typedef struct
{
uint8_t request_data[0x1000];
uint8_t lib, func;
char unknown1002[0x1004-0x1002];
uint32_t unknown1004;
} btrm_request_t;Function result
This structure contains the output of a function executed by the Bluetooth resource manager.
/* Function result */
typedef struct
{
uint8_t result_data[0x1000];
uint8_t some_id;
char unknown1001[0x1004-0x1001];
uint32_t unknown1004;
uint32_t unknown1008;
} btrm_result_t;Libraries and Functions
These are the different lib and func parameters which are set in the request struct.
Libraries
| Library | Name | Notes |
|---|---|---|
| 0x01 | Initializes some internal flags | |
| 0x02 | Sets the Bluetooth visibility to connectable | |
| 0x03 | CMD_WUD | |
| 0x04 | CMD_BTE | |
| 0x05 | Waits for an event from the resource queue |
Functions
The function names are only guessed based on their behavior.
CMD_WUD (3)
| Function | Name | Notes |
|---|---|---|
| 0x04 | start_sync_device | |
| 0x05 | Also device sync related | |
| 0x06 | purge_device_info | Removes the UC entries for devInfo and devInfoExt |
| 0x07 | set_loop_count | Sets the loop count used when pairing new controllers |
| 0x08 | cancel_sync_device | |
| 0x09 | set_disable_channel_imm | Sets the afh channels |
| 0x0a | start_cleardevice | Clears all devInfo and devInfoExt entries in UC to 0 |
| 0x0b | set_visibility | |
| 0x0c | set_sniff_mode | |
| 0x0d | register_new_device | Adds a new device pairing using it's BDA, name and link key |
| 0x0e | enable_cleardevice_callback | If enabled, send a callback to the resource queue when cleardevice is done |
| 0x0f | enable_sync_callback | If enabled, send a callback to the resource queue when a device is synced |
| 0x10 | enable_wbc | Enables WBC (Wii Balance Board connections) |
| 0x11 | Serial flash related | |
| 0x12 | serial_flash_mode | |
| 0x13 | serial_flash_write | |
| 0x14 | serial_flash_read | |
| 0x16 | ||
| 0x17 | start_sync_device | |
| 0x19 | store_entry | Stores an entry in the devInfo array |
| 0x1a | delete_controller_order | Deletes the controller order |
| 0x1b | disable_sync_callback | See enable_sync_callback |
| 0x1c | ||
| 0x1e | disable_wbc | See enable_wbc |
| 0x1d | Returns 0 |
CMD_BTE (4)
| Function | Name | Notes |
|---|---|---|
| 0x00 | remove_acl | Disconnects an acl connection |
| 0x01 | Returns 0 | |
| 0x02 | hh_close | Closes an HID host connection |
| 0x03 | retrieve_oob | Retrieves OOB data from the host controller |