The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "BTServer"

From The iPhone Wiki
Jump to: navigation, search
(New page: Daemon that implements iPhone bluetooth stack. Based on BLUEmagic 2.1. Implemented services: Handsfree, Phonebook, Remote, A2dp, Hid, Sensor, NetSharing, Gaming, WiAP, Braille. IPC Cli...)
 
(Adding to daemon category.)
 
(7 intermediate revisions by 5 users not shown)
Line 8: Line 8:
 
Written in C++ with STL classes.
  
Written in C++ with STL classes.
   
  +
Packet log :
OS 4.0 Beta 4 - logging: creating /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist with DiagnosticMode bool set to true and DefaultLevel string set to Debug will create a verbose log in /var/mobile/Library/Logs/BTServer_stdout.log.
  
  +
touch /var/mobile/Library/Logs/BTServer_hci.pklg
  +
killall BTServer
   
  +
(Copy to Mac, open with PacketLogger)
Each service is accessed by the stack using a virtual function table of functions inherited from a base service class, so it's possible to easily intercept all functions for a given service and/or modify its behavior. It should also be possible (although not too easy) to create new services overriding about 5-10 functions in the VTable of the base Service class.
  
   
  +
OS 4.0 Beta 4 - logging:
Debugging: during debugging Bluetooth may interfere with WiFi, use USB tunneling in that case.
  
   
  +
plutil -create /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
Some client library functions:
 
  +
plutil -key DiagnosticMode -value true -type bool /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
  +
plutil -key DefaultLevel -value Debug -type string /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
  +
killall BTServer
   
  +
Verbose log in /var/mobile/Library/Logs/BTServer_stdout.log.
<code>typedef void *BTSESSION, **PBTSESSION;
  
   
  +
Each service is accessed by the stack using a virtual function table of functions inherited from a base service class, so it's possible to easily intercept all functions for a given service and/or modify its behavior. It should also be possible (although not too easy) to create new services overriding about 5-10 functions in the VTable of the base Service class.
typedef void *BTDISCOVERYAGENT, **PBTDISCOVERYAGENT;
  
   
  +
Debugging: during debugging Bluetooth may interfere with WiFi, use USB tunneling in that case.
typedef void *BTDEVICE, **PBTDEVICE;
  
 
typedef void *PAIRING_AGENT, **PPAIRING_AGENT;
  
 
typedef int (*SESSION_EVENT_CALLBACK)(BTSESSION session, void* arg2, void* arg3, void* arg4);
  
 
typedef struct {
  
SESSION_EVENT_CALLBACK eventCallback;
  
} SESSION_CALLBACKS, *PSESSION_CALLBACKS;
  
 
enum BT_DISCOVERY_EVENT
  
{
  
BT_DISCOVERY_DEVICE_FOUND = 0,
  
BT_DISCOVERY_DEVICE_LOST = 1,
  
BT_DISCOVERY_DEVICE_CHANGED = 2,
  
};
  
 
typedef void (*DISCOVERY_STATUS_CALLBACK)(void* arg1, void* arg2);
  
 
typedef void (*DISCOVERY_EVENT_CALLBACK)(BTDISCOVERYAGENT agent, BT_DISCOVERY_EVENT event, BTDEVICE device);
  
 
typedef struct _DiscoveryAgentCallbacks {
  
DISCOVERY_STATUS_CALLBACK discoveryAgentStatusEventCallback;
  
DISCOVERY_EVENT_CALLBACK discoveryAgentDiscoveryEventCallback;
  
} DISCOVERY_CALLBACKS, *PDISCOVERY_CALLBACKS;
  
 
typedef void (*PAIRING_STATUS_CALLBACK)(PAIRING_AGENT agent, int status, BTDEVICE device, void* ctx);
  
typedef void (*PAIRING_PINCODE_CALLBACK)(PAIRING_AGENT agent, BTDEVICE device, int unk1, void* ctx);
  
typedef void (*PAIRING_AUTHORIZATION_CALLBACK)();
  
typedef void (*PAIRING_USER_CONFIRMATION_CALLBACK)();
  
typedef void (*PAIRING_PASSKEY_DISPLAY_CALLBACK)();
  
 
 
typedef struct _PairingAgentCallbacks {
  
PAIRING_STATUS_CALLBACK pairingStatusCallback;
  
PAIRING_PINCODE_CALLBACK pairingPincodeCallback;
  
PAIRING_AUTHORIZATION_CALLBACK pairingAuthorizationCallback;
  
PAIRING_USER_CONFIRMATION_CALLBACK pairingUserConfirmationCallback;
  
PAIRING_PASSKEY_DISPLAY_CALLBACK pairingPasskeyDisplayCallback;
  
} PAIRING_AGENT_CALLBACKS, *PPAIRING_AGENT_CALLBACKS;
  
 
 
extern "C" int BTSessionAttachWithRunLoopAsync(CFRunLoopRef runLoop, const char* sessionName, PSESSION_CALLBACKS pCallbacks, void* context, PBTSESSION pSession);
  
 
extern "C" int BTDiscoveryAgentCreate(BTSESSION session, PDISCOVERY_CALLBACKS pCallbacks, void* ctx, PBTDISCOVERYAGENT pAgent);
  
 
extern "C" int BTDiscoveryAgentStartScan(BTDISCOVERYAGENT agent, int magic1, int magic2);
  
 
extern "C" int BTDeviceGetSupportedServices(BTDEVICE device, int* svc);
  
 
extern "C" int BTDeviceGetName(BTDEVICE device, char name[0x200]);
  
 
extern "C" int BTDeviceAddressFromString(const char* addrString, char macAddr[0x6]);
  
 
extern "C" int BTDeviceFromAddress(BTSESSION session, char macAddr[6], PBTDEVICE pDeviceOut);
  
 
extern "C" int BTDeviceSetVirtualType(BTDEVICE device, int type);
  
 
extern "C" int BTDeviceConnect(BTDEVICE device);
  
 
extern "C" int BTDeviceDetect(BTDEVICE device, int unk1, int* outUnk2);
  
 
extern "C" int BTDeviceSetAuthorizedServices(BTDEVICE device, int services);
  
 
extern "C" int BTDeviceGetComPortForService(BTDEVICE device, int svcIdOrSmth, char*buf, int cbBuf/*0x40*/);
  
 
extern "C" int BTPairingAgentCreate(BTSESSION session, PPAIRING_AGENT_CALLBACKS PairingAgentCallbacks, void* ctx, PPAIRING_AGENT pPairingAgent);
  
 
extern "C" int BTPairingAgentStart(PAIRING_AGENT pairingAgent);
  
 
extern "C" int BTPairingAgentStop(PAIRING_AGENT pairingAgent);
  
 
extern "C" int BTPairingAgentDestroy(PAIRING_AGENT pairingAgent);
  
 
extern "C" int BTPairingAgentSetPincode(PAIRING_AGENT pairingAgent, BTDEVICE device, const char* pinUtf8);
  
 
 
typedef void* BTLOCALDEVICE;
  
 
extern "C" int BTLocalDeviceGetDefault(BTLOCALDEVICE* pLocalDevice);
  
   
  +
Reverse engineered header here: http://code.google.com/p/iphone-bluetooth/source/browse/trunk/btGpsServer/MobileBluetooth.h
extern "C" int BTLocalDeviceSetModulePower(BTLOCALDEVICE localDevice, BOOL powerOn);
  
   
  +
{{stub|software}}
extern "C" int BTLocalDeviceGetModulePower(BTLOCALDEVICE localDevice);</code>
  
  +
[[Category:Daemons]]

Latest revision as of 08:08, 11 August 2014

Daemon that implements iPhone bluetooth stack. Based on BLUEmagic 2.1.

Implemented services: Handsfree, Phonebook, Remote, A2dp, Hid, Sensor, NetSharing, Gaming, WiAP, Braille.

IPC Client library: MobileBluetooth (a private framework). Obj-C level library: BluetoothManager.

Written in C++ with STL classes.

Packet log : 

touch /var/mobile/Library/Logs/BTServer_hci.pklg 
killall BTServer

(Copy to Mac, open with PacketLogger)

OS 4.0 Beta 4 - logging: 

plutil -create /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
plutil -key DiagnosticMode -value true -type bool /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
plutil -key DefaultLevel -value Debug -type string /var/mobile/Library/Preferences/com.apple.MobileBluetooth.debug.plist
killall BTServer

Verbose log in /var/mobile/Library/Logs/BTServer_stdout.log.

Each service is accessed by the stack using a virtual function table of functions inherited from a base service class, so it's possible to easily intercept all functions for a given service and/or modify its behavior. It should also be possible (although not too easy) to create new services overriding about 5-10 functions in the VTable of the base Service class.

Debugging: during debugging Bluetooth may interfere with WiFi, use USB tunneling in that case.

Reverse engineered header here: http://code.google.com/p/iphone-bluetooth/source/browse/trunk/btGpsServer/MobileBluetooth.h

Tango Media-cdrom.png This software article is a "stub", an incomplete page. Please add more content to this article and remove this tag.
Retrieved from "https://www.theiphonewiki.com/w/index.php?title=BTServer&oldid=41742"