BCM4325

From The iPhone Wiki
Revision as of 03:44, 12 July 2010 by Schmave (talk | contribs) (always forget code tags..... lol!)
Jump to: navigation, search

This chip is in the iPod2,1 (iPod touch 2G) and iPhone2,1 (iPhone 3GS) and combines Bluetooth/Wifi and a secret FM radio, presumably connected and ready to go on a future firmware release by Apple.

FM Radio

The most peculiar thing is the inclusion of an FM radio. There is a product brief available from broadcom on this chip: {put link here} but it serves little purpose apart from the block diagram and interface hardware/software.

Interfacing the FM radio is done in two stages: Control via the bluetooth modules's UART or I2C and digital audio streaming over the module's I2S/PCM hardware.

most notably: the FM radio never physically leaves the sillicon die, except for the antenna (which may be connected directly to the BT/UMTS/everything else [:P lol] antenna) this means that the control/streaming will be an extension to the BT protocols currently implemented.

For control, the HCI over UART (/dev/uart.bluetooth) seems the most logical solution to turn the radio on/tune/search etc. but the vendor specific HCI commands will need to be *obtained* (or reversed, which could prove hard). A broadcom datasheet would have this information, but unfortunately you have to sign an NDA to obtain one.

For streaming, the i2s bus sounds good... interfacing this could be hard but playing on the stereo bluetooth profile of iphone OS 3 we could piggy back, at least to start with. however we do need the radio ON first...

In terms of sound streaming /etc/bluetool/iPhone2,1.boot.script from iOS3 contains these lines of interest:


## Set the sleep mode params

bcm -s 0x01,0x00,0x00,0x01,0x01,0x00,0x01,0x00,0x00,0x00,0x00,0x01

msleep 200

# Configure I2S GPIO lines <---- here

bcm -g

msleep 50

# route audio to pcm <---- here

bcm -p

## That was easy!

quit


this means that there is more than likely some sound streaming code just waiting to receive data (or send it, in which case it could easily be hacked??)

lets find it!

This code interfaces *a* PCM device... the mic (i havent upgraded to the ios4 sdk so this comment assumes no secondary mic as present in iphone 4)

http://developer.apple.com/iphone/library/samplecode/aurioTouch/Introduction/Intro.html

with reference to pcm devices as 'audio unit' s or 'audio component' s : // Open the output unit AudioComponentDescription desc; desc.componentType = kAudioUnitType_Output; desc.componentSubType = kAudioUnitSubType_RemoteIO; desc.componentManufacturer = kAudioUnitManufacturer_Apple; desc.componentFlags = 0; desc.componentFlagsMask = 0;

AudioComponent comp = AudioComponentFindNext(NULL, &desc); technically all we have to do is turn the radio on, find the correct audio component and then stream the data to the UI, dont we??? ... this app even does all of the streaming and such for us!!!

however; there is no way to verify the radio is on from just the HCI side (its all rx and no output) or just the PCM side... we need to have both parts working simultaneously --remember to route the audio through pcm in the chip initialisation script!!! (which means a tonne of reverse engineering/ fiddling around with undocumented parts of the iphone... lol)

good luck!

Datasheet

The 'datasheet' provided is rubbish and we need the actual datasheet before any real development can be done...