Difference between revisions of "/dev/usb/btrm"
(Add more info about lib and function requests) |
(Add btrm ioctl calls) |
||
| Line 2: | Line 2: | ||
[[Category:Wii U Filesystem]] | [[Category:Wii U Filesystem]] | ||
/dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by [[padscore.rpl]]. Inside IOSU, it uses [[:/dev/uhs|/dev/uhs/1]] to talk to the Bluetooth module, which is connected via internal USB. | /dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by [[padscore.rpl]]. Inside IOSU, it uses [[:/dev/uhs|/dev/uhs/1]] to talk to the Bluetooth module, which is connected via internal USB. | ||
| + | |||
| + | ==ioctl() interface== | ||
| + | ===0x01 - Init smd=== | ||
| + | Initializes the Simply Message Dequeue(?) used to send HID packages between the IOSU and PPC. | ||
| + | ===0x02 - Create disconnect timer=== | ||
| + | ===0x03=== | ||
| + | Sends an event to the resource queue | ||
| + | ===0x04 - Isolate channels=== | ||
| + | Sets the afh channels | ||
| + | ===0x05 - Sys update=== | ||
| + | Flashes a bluetooth firmware image | ||
| + | ===0x06 - Init OHCI=== | ||
| + | ===0x07 - Report process data=== | ||
| + | ===0x08 - Set devInfo=== | ||
| + | ===0x09 - BT Disconnect=== | ||
| + | ===0x0a - Set btConfig=== | ||
==ioctlv() interface== | ==ioctlv() interface== | ||
| Line 11: | Line 27: | ||
This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function. | This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function. | ||
<syntaxhighlight lang="C"> | <syntaxhighlight lang="C"> | ||
| − | /* Function | + | /* Function request */ |
typedef struct | typedef struct | ||
{ | { | ||
| Line 63: | Line 79: | ||
| 0x05 | | 0x05 | ||
| | | | ||
| − | | | + | | Sends a message to the resource queue and waits for a reply |
|} | |} | ||
Revision as of 23:00, 9 October 2021
/dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by padscore.rpl. Inside IOSU, it uses /dev/uhs/1 to talk to the Bluetooth module, which is connected via internal USB.
ioctl() interface
0x01 - Init smd
Initializes the Simply Message Dequeue(?) used to send HID packages between the IOSU and PPC.
0x02 - Create disconnect timer
0x03
Sends an event to the resource queue
0x04 - Isolate channels
Sets the afh channels
0x05 - Sys update
Flashes a bluetooth firmware image
0x06 - Init OHCI
0x07 - Report process data
0x08 - Set devInfo
0x09 - BT Disconnect
0x0a - Set btConfig
ioctlv() interface
0x00 - Execute function
This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a function request as input and a function result as output.
Structures
Function request
This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function.
/* Function request */
typedef struct
{
uint8_t request_data[0x1000];
uint8_t lib, func;
char unknown1002[0x1004-0x1002];
uint32_t unknown1004;
} btrm_request_t;Function result
This structure contains the output of a function executed by the Bluetooth resource manager.
/* Function result */
typedef struct
{
uint8_t result_data[0x1000];
uint8_t some_id;
char unknown1001[0x1004-0x1001];
uint32_t unknown1004;
uint32_t unknown1008;
} btrm_result_t;Libraries and Functions
These are the different lib and func parameters which are set in the request struct.
Libraries
| Library | Name | Notes |
|---|---|---|
| 0x01 | Initializes some internal flags | |
| 0x02 | Sets the Bluetooth visibility to connectable | |
| 0x03 | CMD_WUD | |
| 0x04 | CMD_BTE | |
| 0x05 | Sends a message to the resource queue and waits for a reply |
Functions
The function names are only guessed based on their behavior.
CMD_WUD (3)
| Function | Name | Notes |
|---|---|---|
| 0x04 | start_sync_device | |
| 0x05 | Also device sync related | |
| 0x06 | purge_device_info | Removes the UC entries for devInfo and devInfoExt |
| 0x07 | set_loop_count | Sets the loop count used when pairing new controllers |
| 0x08 | cancel_sync_device | |
| 0x09 | set_disable_channel_imm | Sets the afh channels |
| 0x0a | start_cleardevice | Clears all devInfo and devInfoExt entries in UC to 0 |
| 0x0b | set_visibility | |
| 0x0c | set_sniff_mode | |
| 0x0d | register_new_device | Adds a new device pairing using it's BDA, name and link key |
| 0x0e | enable_cleardevice_callback | If enabled, send a callback to the resource queue when cleardevice is done |
| 0x0f | enable_sync_callback | If enabled, send a callback to the resource queue when a device is synced |
| 0x10 | enable_wbc | Enables WBC (Wii Balance Board connections) |
| 0x11 | Serial flash related | |
| 0x12 | serial_flash_mode | |
| 0x13 | serial_flash_write | |
| 0x14 | serial_flash_read | |
| 0x16 | ||
| 0x17 | start_sync_device | |
| 0x19 | store_entry | Stores an entry in the devInfo array |
| 0x1a | delete_controller_order | Deletes the controller order |
| 0x1b | disable_sync_callback | See enable_sync_callback |
| 0x1c | ||
| 0x1e | disable_wbc | See enable_wbc |
| 0x1d | Returns 0 |
CMD_BTE (4)
| Function | Name | Notes |
|---|---|---|
| 0x00 | remove_acl | Disconnects an acl connection |
| 0x01 | Returns 0 | |
| 0x02 | hh_close | Closes an HID host connection |
| 0x03 | retrieve_oob | Retrieves OOB data from the host controller |