Difference between revisions of "/dev/usb/btrm"
< /dev
Jump to navigation
Jump to search
Marionumber1 (talk | contribs) (Write up ioctlv 0 badly (as I know very little)) |
(Add structure for →0x0a - Set btConfig) |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | {{DEFAULTSORT:dev/usb/btrm}} | ||
| + | [[Category:Wii U Filesystem]] | ||
/dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by [[padscore.rpl]]. Inside IOSU, it uses [[:/dev/uhs|/dev/uhs/1]] to talk to the Bluetooth module, which is connected via internal USB. | /dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by [[padscore.rpl]]. Inside IOSU, it uses [[:/dev/uhs|/dev/uhs/1]] to talk to the Bluetooth module, which is connected via internal USB. | ||
| + | |||
| + | ==ioctl() interface== | ||
| + | ===0x01 - Init smd=== | ||
| + | Initializes the Simply Message Dequeue(?) used to send HID packages between the IOSU and PPC. | ||
| + | ===0x02 - Create disconnect timer=== | ||
| + | ===0x03=== | ||
| + | Sends an event to the resource queue | ||
| + | ===0x04 - Isolate channels=== | ||
| + | Sets the afh channels | ||
| + | ===0x05 - Sys update=== | ||
| + | Flashes a bluetooth firmware image | ||
| + | ===0x06 - Init OHCI=== | ||
| + | ===0x07 - Report process data=== | ||
| + | ===0x08 - Set devInfo=== | ||
| + | ===0x09 - BT Disconnect=== | ||
| + | ===0x0a - Set btConfig=== | ||
| + | Sends the following 0x10 byte structure: | ||
| + | <syntaxhighlight lang="C"> | ||
| + | typedef struct { | ||
| + | uint32_t wbc_enabled; // enable / disable Wii Balance Board communication | ||
| + | uint32_t urrc_enabled; // enable / disable Wii U Pro Controller communication | ||
| + | uint32_t wii_remote_enabled; // enable / disable Wii Remote communication | ||
| + | uint8_t max_controllers; // the maximum amount of controllers that can be connected | ||
| + | uint8_t padding[3]; | ||
| + | } btConfig_t; | ||
| + | </syntaxhighlight> | ||
==ioctlv() interface== | ==ioctlv() interface== | ||
===0x00 - Execute function=== | ===0x00 - Execute function=== | ||
| − | This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a [[#Function | + | This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a [[#Function request|function request]] as input and a [[#Function result|function result]] as output. |
==Structures== | ==Structures== | ||
| − | ===Function | + | ===Function request=== |
| − | This structure identifies which function call to make. It is 0x1008 bytes long, with | + | This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function. |
<syntaxhighlight lang="C"> | <syntaxhighlight lang="C"> | ||
| − | /* Function | + | /* Function request */ |
typedef struct | typedef struct | ||
{ | { | ||
| − | + | uint8_t request_data[0x1000]; | |
uint8_t lib, func; | uint8_t lib, func; | ||
char unknown1002[0x1004-0x1002]; | char unknown1002[0x1004-0x1002]; | ||
uint32_t unknown1004; | uint32_t unknown1004; | ||
| − | } | + | } btrm_request_t; |
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ===Function result | + | ===Function result=== |
This structure contains the output of a function executed by the Bluetooth resource manager. | This structure contains the output of a function executed by the Bluetooth resource manager. | ||
| Line 26: | Line 54: | ||
typedef struct | typedef struct | ||
{ | { | ||
| − | + | uint8_t result_data[0x1000]; | |
uint8_t some_id; | uint8_t some_id; | ||
char unknown1001[0x1004-0x1001]; | char unknown1001[0x1004-0x1001]; | ||
uint32_t unknown1004; | uint32_t unknown1004; | ||
uint32_t unknown1008; | uint32_t unknown1008; | ||
| − | } | + | } btrm_result_t; |
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | ==Libraries and Functions== | ||
| + | These are the different lib and func parameters which are set in the request struct. | ||
| + | |||
| + | === Libraries === | ||
| + | {| class="wikitable sortable" | ||
| + | ! Library | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x01 | ||
| + | | | ||
| + | | Initializes some internal flags | ||
| + | |- | ||
| + | | 0x02 | ||
| + | | | ||
| + | | Sets the Bluetooth visibility to connectable | ||
| + | |- | ||
| + | | 0x03 | ||
| + | | CMD_WUD | ||
| + | | | ||
| + | |- | ||
| + | | 0x04 | ||
| + | | CMD_BTE | ||
| + | | | ||
| + | |- | ||
| + | | 0x05 | ||
| + | | | ||
| + | | Sends a message to the resource queue and waits for a reply | ||
| + | |} | ||
| + | |||
| + | === Functions === | ||
| + | The function names are only guessed based on their behavior. | ||
| + | |||
| + | ==== CMD_WUD (3) ==== | ||
| + | {| class="wikitable sortable" | ||
| + | ! Function | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x04 | ||
| + | | start_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x05 | ||
| + | | | ||
| + | | Also device sync related | ||
| + | |- | ||
| + | | 0x06 | ||
| + | | purge_device_info | ||
| + | | Removes the UC entries for devInfo and devInfoExt | ||
| + | |- | ||
| + | | 0x07 | ||
| + | | set_loop_count | ||
| + | | Sets the loop count used when pairing new controllers | ||
| + | |- | ||
| + | | 0x08 | ||
| + | | cancel_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x09 | ||
| + | | set_disable_channel_imm | ||
| + | | Sets the afh channels | ||
| + | |- | ||
| + | | 0x0a | ||
| + | | start_cleardevice | ||
| + | | Clears all devInfo and devInfoExt entries in UC to 0 | ||
| + | |- | ||
| + | | 0x0b | ||
| + | | set_visibility | ||
| + | | | ||
| + | |- | ||
| + | | 0x0c | ||
| + | | set_sniff_mode | ||
| + | | | ||
| + | |- | ||
| + | | 0x0d | ||
| + | | register_new_device | ||
| + | | Adds a new device pairing using it's BDA, name and link key | ||
| + | |- | ||
| + | | 0x0e | ||
| + | | enable_cleardevice_callback | ||
| + | | If enabled, send a callback to the resource queue when cleardevice is done | ||
| + | |- | ||
| + | | 0x0f | ||
| + | | enable_sync_callback | ||
| + | | If enabled, send a callback to the resource queue when a device is synced | ||
| + | |- | ||
| + | | 0x10 | ||
| + | | enable_wbc | ||
| + | | Enables WBC (Wii Balance Board connections) | ||
| + | |- | ||
| + | | 0x11 | ||
| + | | | ||
| + | | Serial flash related | ||
| + | |- | ||
| + | | 0x12 | ||
| + | | serial_flash_mode | ||
| + | | | ||
| + | |- | ||
| + | | 0x13 | ||
| + | | serial_flash_write | ||
| + | | | ||
| + | |- | ||
| + | | 0x14 | ||
| + | | serial_flash_read | ||
| + | | | ||
| + | |- | ||
| + | | 0x16 | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | | 0x17 | ||
| + | | start_sync_device | ||
| + | | | ||
| + | |- | ||
| + | | 0x19 | ||
| + | | store_entry | ||
| + | | Stores an entry in the devInfo array | ||
| + | |- | ||
| + | | 0x1a | ||
| + | | delete_controller_order | ||
| + | | Deletes the controller order | ||
| + | |- | ||
| + | | 0x1b | ||
| + | | disable_sync_callback | ||
| + | | See enable_sync_callback | ||
| + | |- | ||
| + | | 0x1c | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | | 0x1e | ||
| + | | disable_wbc | ||
| + | | See enable_wbc | ||
| + | |- | ||
| + | | 0x1d | ||
| + | | | ||
| + | | Returns 0 | ||
| + | |} | ||
| + | |||
| + | ==== CMD_BTE (4) ==== | ||
| + | {| class="wikitable sortable" | ||
| + | ! Function | ||
| + | ! Name | ||
| + | ! Notes | ||
| + | |- | ||
| + | | 0x00 | ||
| + | | remove_acl | ||
| + | | Disconnects an acl connection | ||
| + | |- | ||
| + | | 0x01 | ||
| + | | | ||
| + | | Returns 0 | ||
| + | |- | ||
| + | | 0x02 | ||
| + | | hh_close | ||
| + | | Closes an HID host connection | ||
| + | |- | ||
| + | | 0x03 | ||
| + | | retrieve_oob | ||
| + | | Retrieves OOB data from the host controller | ||
| + | |} | ||
Latest revision as of 15:38, 11 October 2021
/dev/usb/btrm is the IOSU device node for the internal Bluetooth module. It provides an interface to communicate with the Wii Remote, Wii Balance Board, and Wii U Pro controller, which is exposed to Cafe OS by padscore.rpl. Inside IOSU, it uses /dev/uhs/1 to talk to the Bluetooth module, which is connected via internal USB.
ioctl() interface
0x01 - Init smd
Initializes the Simply Message Dequeue(?) used to send HID packages between the IOSU and PPC.
0x02 - Create disconnect timer
0x03
Sends an event to the resource queue
0x04 - Isolate channels
Sets the afh channels
0x05 - Sys update
Flashes a bluetooth firmware image
0x06 - Init OHCI
0x07 - Report process data
0x08 - Set devInfo
0x09 - BT Disconnect
0x0a - Set btConfig
Sends the following 0x10 byte structure:
typedef struct {
uint32_t wbc_enabled; // enable / disable Wii Balance Board communication
uint32_t urrc_enabled; // enable / disable Wii U Pro Controller communication
uint32_t wii_remote_enabled; // enable / disable Wii Remote communication
uint8_t max_controllers; // the maximum amount of controllers that can be connected
uint8_t padding[3];
} btConfig_t;ioctlv() interface
0x00 - Execute function
This function is used to execute some sort of function call. It takes two buffers through the ioctlv interface: a function request as input and a function result as output.
Structures
Function request
This structure identifies which function call to make. It is 0x1008 bytes long, with a request buffer passed to each function. The main identifiers for a function call are two bytes, a library and a function.
/* Function request */
typedef struct
{
uint8_t request_data[0x1000];
uint8_t lib, func;
char unknown1002[0x1004-0x1002];
uint32_t unknown1004;
} btrm_request_t;Function result
This structure contains the output of a function executed by the Bluetooth resource manager.
/* Function result */
typedef struct
{
uint8_t result_data[0x1000];
uint8_t some_id;
char unknown1001[0x1004-0x1001];
uint32_t unknown1004;
uint32_t unknown1008;
} btrm_result_t;Libraries and Functions
These are the different lib and func parameters which are set in the request struct.
Libraries
| Library | Name | Notes |
|---|---|---|
| 0x01 | Initializes some internal flags | |
| 0x02 | Sets the Bluetooth visibility to connectable | |
| 0x03 | CMD_WUD | |
| 0x04 | CMD_BTE | |
| 0x05 | Sends a message to the resource queue and waits for a reply |
Functions
The function names are only guessed based on their behavior.
CMD_WUD (3)
| Function | Name | Notes |
|---|---|---|
| 0x04 | start_sync_device | |
| 0x05 | Also device sync related | |
| 0x06 | purge_device_info | Removes the UC entries for devInfo and devInfoExt |
| 0x07 | set_loop_count | Sets the loop count used when pairing new controllers |
| 0x08 | cancel_sync_device | |
| 0x09 | set_disable_channel_imm | Sets the afh channels |
| 0x0a | start_cleardevice | Clears all devInfo and devInfoExt entries in UC to 0 |
| 0x0b | set_visibility | |
| 0x0c | set_sniff_mode | |
| 0x0d | register_new_device | Adds a new device pairing using it's BDA, name and link key |
| 0x0e | enable_cleardevice_callback | If enabled, send a callback to the resource queue when cleardevice is done |
| 0x0f | enable_sync_callback | If enabled, send a callback to the resource queue when a device is synced |
| 0x10 | enable_wbc | Enables WBC (Wii Balance Board connections) |
| 0x11 | Serial flash related | |
| 0x12 | serial_flash_mode | |
| 0x13 | serial_flash_write | |
| 0x14 | serial_flash_read | |
| 0x16 | ||
| 0x17 | start_sync_device | |
| 0x19 | store_entry | Stores an entry in the devInfo array |
| 0x1a | delete_controller_order | Deletes the controller order |
| 0x1b | disable_sync_callback | See enable_sync_callback |
| 0x1c | ||
| 0x1e | disable_wbc | See enable_wbc |
| 0x1d | Returns 0 |
CMD_BTE (4)
| Function | Name | Notes |
|---|---|---|
| 0x00 | remove_acl | Disconnects an acl connection |
| 0x01 | Returns 0 | |
| 0x02 | hh_close | Closes an HID host connection |
| 0x03 | retrieve_oob | Retrieves OOB data from the host controller |