Open thisischrys opened 5 years ago
This is definitely a model II thing, model I doesn't have that button.
I'm currently reverse engineering these headphones as well -- in case this is useful to you:
BTN_MODE_ALEXA(shortArrayOf( 0x1, 0x9, 0x2, 0x3, 0x10, 0x4, 0x1)),
BTN_MODE_NC(shortArrayOf( 0x1, 0x9, 0x2, 0x3, 0x10, 0x4, 0x2)),
I just got these values from wireshark and they work fine
@DavidVentura would you mind doing a writeup of your wireshark environment to capture programming change? There's a few other things that I think could benefit from verification that way.
Also, you only captured Alex & noise-cancellation; can you capture Google Assistant as well easily? based on the pattern it's probably 0x3 in the last byte, but...
In my app the button for google assistant is greyed out so I can't capture it. I've decompiled the APK to check this and found
public enum VoicePersonalAssistant implements C6086b<Byte> {
GOOGLE_ASSISTANT(0),
ALEXA(1),
NONE(Byte.MAX_VALUE);
but when I sent the last byte as 0
my headphones did not change to google assistant (and they came with google assistant by default). I did not try to send any other values
To capture bluetooth on android you have to enable HCI snoop log
, you can do
so by going to Preferences -> System -> Developer Options -> Enable Bluetooth HCI Snoop log
and then turning bluetooth off and on again.
Now that you can capture bluetooth you have two options:
/data/misc/bluetooth/logs/btsnoop_hci.log
(requires root).androiddump
(from the package wireshark-common
) to do live capture of the bluetooth packets.I'll use androiddump
as inspecting what you do live is a lot easier for me, to
do so you have to find your bluetooth interface:
$ androiddump --extcap-interfaces
...
interface {value=android-bluetooth-btsnoop-net-fc6c2719}{display=Android Bluetooth Btsnoop Net Poco_F1 fc6c2719}
If you don't see the btsnoop
interface here most likely you didn't enable the
HCI Snoop log and restarted bluetooth afterwards.
Then set up a fifo, have wireshark look at it and start dumping the packets to it
$ mkfifo /tmp/fifo
$ wireshark -k -i /tmp/fifo &
$ androiddump --extcap-interface=android-bluetooth-btsnoop-net-fc6c2719 --fifo=/tmp/fifo --capture
In wireshark you want to filter by btspp
In my app the button for google assistant is greyed out so I can't capture it. I've decompiled the APK to check this and found
public enum VoicePersonalAssistant implements C6086b<Byte> { GOOGLE_ASSISTANT(0), ALEXA(1), NONE(Byte.MAX_VALUE);
but when I sent the last byte as
0
my headphones did not change to google assistant (and they came with google assistant by default). I did not try to send any other values
Is it possible that the array of bytes you send includes a checksum? So maybe the last byte is just an XOR of all the previous bits/bytes or something like that? Or does bluetooth implicitly check for correctness (i.e. the above sequence is the actual payload)?
I'm not sure if this is specific to the QC35 II or it's a recent firmware update (I just got this thing), but I have an option in the Android app that seems to be missing here:
Configuring the action button:
If it's only on the model II, I could get info you need, if you can tell me how.