search

Denton-L / based-connect

A reverse-engineered Bose Connect imitation program for Linux.
GNU General Public License v3.0
262 stars 27 forks source link

[Suggestion] Configurable Action button #6

Open thisischrys opened 5 years ago

thisischrys commented 5 years ago

I'm not sure if this is specific to the QC35 II or it's a recent firmware update (I just got this thing), but I have an option in the Android app that seems to be missing here:

Configuring the action button: Screenshot_20190321-113322_Bose Connect

Screenshot_20190321-113327_Bose Connect

If it's only on the model II, I could get info you need, if you can tell me how.

Atemu commented 5 years ago

This is definitely a model II thing, model I doesn't have that button.

DavidVentura commented 4 years ago

I'm currently reverse engineering these headphones as well -- in case this is useful to you:

        BTN_MODE_ALEXA(shortArrayOf(    0x1, 0x9, 0x2, 0x3, 0x10, 0x4, 0x1)),
        BTN_MODE_NC(shortArrayOf(       0x1, 0x9, 0x2, 0x3, 0x10, 0x4, 0x2)),

I just got these values from wireshark and they work fine

robbat2 commented 4 years ago

@DavidVentura would you mind doing a writeup of your wireshark environment to capture programming change? There's a few other things that I think could benefit from verification that way.

robbat2 commented 4 years ago

Also, you only captured Alex & noise-cancellation; can you capture Google Assistant as well easily? based on the pattern it's probably 0x3 in the last byte, but...

DavidVentura commented 4 years ago

In my app the button for google assistant is greyed out so I can't capture it. I've decompiled the APK to check this and found

public enum VoicePersonalAssistant implements C6086b<Byte> {
    GOOGLE_ASSISTANT(0),
    ALEXA(1),
    NONE(Byte.MAX_VALUE);

but when I sent the last byte as 0 my headphones did not change to google assistant (and they came with google assistant by default). I did not try to send any other values

DavidVentura commented 4 years ago

To capture bluetooth on android you have to enable HCI snoop log, you can do so by going to Preferences -> System -> Developer Options -> Enable Bluetooth HCI Snoop log and then turning bluetooth off and on again.

Now that you can capture bluetooth you have two options:

  1. Do nothing (just play around with the bluetooth app controls) and after a while stop bluetooth, then fetch the dump file located at /data/misc/bluetooth/logs/btsnoop_hci.log (requires root).
  2. Use androiddump (from the package wireshark-common) to do live capture of the bluetooth packets.

I'll use androiddump as inspecting what you do live is a lot easier for me, to do so you have to find your bluetooth interface:

$ androiddump --extcap-interfaces
...
interface {value=android-bluetooth-btsnoop-net-fc6c2719}{display=Android Bluetooth Btsnoop Net Poco_F1 fc6c2719}

If you don't see the btsnoop interface here most likely you didn't enable the HCI Snoop log and restarted bluetooth afterwards.

Then set up a fifo, have wireshark look at it and start dumping the packets to it

$ mkfifo /tmp/fifo
$ wireshark -k -i /tmp/fifo &
$ androiddump --extcap-interface=android-bluetooth-btsnoop-net-fc6c2719 --fifo=/tmp/fifo --capture

In wireshark you want to filter by btspp

wireshark-device-status

3ddiddE commented 3 years ago

In my app the button for google assistant is greyed out so I can't capture it. I've decompiled the APK to check this and found

public enum VoicePersonalAssistant implements C6086b<Byte> {
    GOOGLE_ASSISTANT(0),
    ALEXA(1),
    NONE(Byte.MAX_VALUE);

but when I sent the last byte as 0 my headphones did not change to google assistant (and they came with google assistant by default). I did not try to send any other values

Is it possible that the array of bytes you send includes a checksum? So maybe the last byte is just an XOR of all the previous bits/bytes or something like that? Or does bluetooth implicitly check for correctness (i.e. the above sequence is the actual payload)?