BT Mac

[DrRamm]

It found right (i think so) Mac

bt_vendor: BD Address: 73:69:c6:67:22:22

But then

BluetoothAdapterProperties: Address is:00:00:00:00:5A:AD BluetoothManagerService: Bluetooth Adapter address changed to 00:00:00:00:5A:AD

[DrRamm]

12-28 13:33:59.400 1082 1477 I bt_vendor: ++init 12-28 13:33:59.400 1082 1477 I bt_vendor: bt-vendor : get_bt_soc_type 12-28 13:33:59.400 1082 1477 I bt_vendor: qcom.bluetooth.soc set to smd 12-28 13:33:59.400 1082 1477 I bt_vendor: qcom.bluetooth.soc not set, so using default. 12-28 13:33:59.400 1082 1477 I bt_vendor: BD Address: 73:69:c6:67:22:22 12-28 13:33:59.401 1082 1477 D android.hardware.bluetooth@1.0-impl: Open vendor library loaded 12-28 13:33:59.401 1082 1477 I bt_vendor: bt-vendor : BT_VND_OP_POWER_CTRL: On 12-28 13:33:59.401 1082 1477 W bt_vendor: Hw_config: First Time BT on after boot.Starting hciattach daemon BTStatus= 12-28 13:33:59.467 1488 1488 I qcom-bluetooth: /vendor/bin/init.qcom.bt.sh: init.qcom.bt.sh config = 12-28 13:33:59.703 1554 1554 I qcom-bluetooth: /vendor/bin/init.qcom.bt.sh: Bluedroid stack 12-28 13:33:59.761 1566 1566 I qcom-bluetooth: /vendor/bin/init.qcom.bt.sh: Power Class: 1 12-28 13:33:59.803 1574 1574 I qcom-bluetooth: /vendor/bin/init.qcom.bt.sh: LE Power Class: To override, Before turning BT ON; setprop qcom.bt.le_dev_pwr_class <1 or 2 or 3> 12-28 13:34:03.154 1082 1477 I bt_vendor: bluetooth status is on 12-28 13:34:03.154 1082 1477 I bt_vendor: bt-vendor : BT_VND_OP_USERIAL_OPEN 12-28 13:34:03.155 1082 1477 I bt_vendor: Done intiailizing UART 12-28 13:34:03.155 1082 1477 I bt_vendor: Done intiailizing UART 12-28 13:34:03.155 1082 1477 I bt_vendor: Bluetooth FW and transport layer are initialized 12-28 13:34:03.155 1082 1477 D android.hardware.bluetooth@1.0-impl: OnFirmwareConfigured result: 0 12-28 13:34:03.155 1082 1477 I android.hardware.bluetooth@1.0-impl: Firmware configured in 0.000s 12-28 13:34:03.155 1082 1477 I android.hardware.bluetooth@1.0-impl: OnFirmwareConfigured: lpm_timeout_ms 1000 12-28 13:34:03.155 1082 1477 I bt_vendor: __op: property_get: persist.service.bdroid.lpmcfg: all 12-28 13:34:03.155 1082 1477 D android.hardware.bluetooth@1.0-impl: low_power_mode_cb result: 0 12-28 13:34:03.155 1082 1477 D android.hardware.bluetooth@1.0-impl: OnFirmwareConfigured Calling StartLowPowerWatchdog() 12-28 13:34:03.155 1082 1477 I bt_hci : event_finish_startup 12-28 13:34:03.155 1082 1216 I bt_core_module: module_start_up Started module "hci_module" 12-28 13:34:03.155 1082 1980 I bt_osi_thread: run_thread: thread id 1980, thread name bt_workqueue started 12-28 13:34:03.156 1082 1980 I : [1228/133403:INFO:btu_task.cc(107)] Bluetooth chip preload is complete 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(1004)] GATT_Register 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(1027)] allocated gatt_if=1 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(207)] GATTS_AddService 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(317)] GATTS_AddService: service parsed correctly, now starting 12-28 13:34:03.161 1082 1980 E : [1228/133403:ERROR:gatt_attr.cc(301)] gatt_profile_db_init: gatt_if=1 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(1004)] GATT_Register 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(1027)] allocated gatt_if=2 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(207)] GATTS_AddService 12-28 13:34:03.161 1082 1980 I : [1228/133403:INFO:gatt_api.cc(317)] GATTS_AddService: service parsed correctly, now starting 12-28 13:34:03.162 1082 1981 I bt_osi_thread: run_thread: thread id 1981, thread name btu message loop started 12-28 13:34:03.162 1082 1982 I bt_osi_thread: run_thread: thread id 1982, thread name module_wrapper started 12-28 13:34:03.162 1082 1982 I bt_core_module: module_start_up Starting module "controller_module" 12-28 13:34:03.199 1082 1979 D bt_hci : get_waiting_command VS event found treat it as valid 0xffff 12-28 13:34:03.200 1082 1982 E bt_hci : read_command_complete_header: return status - 0x1 12-28 13:34:03.207 1082 1982 I bt_core_module: module_start_up Started module "controller_module" 12-28 13:34:03.207 1082 1982 W bt_osi_thread: run_thread: thread id 1982, thread name module_wrapper exited 12-28 13:34:03.207 1082 1980 W bt_btm : btm_decode_ext_features_page: feature page 1 ignored 12-28 13:34:03.207 1082 1980 W bt_btm : btm_decode_ext_features_page: feature page 2 ignored 12-28 13:34:03.207 1082 1981 I bt_btm_sec: BTM_SecRegister p_cb_info->p_le_callback == 0x0x94989a65 12-28 13:34:03.207 1082 1981 I bt_btm_sec: BTM_SecRegister btm_cb.api.p_le_callback = 0x0x94989a65 12-28 13:34:03.208 1082 1981 I bt_stack: [INFO:gatt_api.cc(1004)] GATT_Register 12-28 13:34:03.208 1082 1981 I bt_stack: [INFO:gatt_api.cc(1027)] allocated gatt_if=3 12-28 13:34:03.209 1082 1979 D bt_hci : get_waiting_command VS event found treat it as valid 0xffff 12-28 13:34:03.209 1082 1981 I bt_stack: [INFO:ble_advertiser_hci_interface.cc(713)] Legacy advertising will be in use 12-28 13:34:03.209 1082 1981 E bt_btif : bta_dm_ctrl_features_rd_cmpl_cback Ctrl BLE feature read failed: status :255 12-28 13:34:03.211 1082 1227 E bt_btif_storage: btif_storage_get_adapter_property: Controller ready! 12-28 13:34:03.211 1082 1227 I bt_btif_storage: btif_storage_get_adapter_property service_mask:0x20000000 12-28 13:34:03.211 1082 1227 D BluetoothAdapterProperties: Address is:00:00:00:9B:BD:5C 12-28 13:34:03.213 929 929 D BluetoothManagerService: Bluetooth Adapter address changed to 00:00:00:9B:BD:5C 12-28 13:34:03.213 929 929 D BluetoothManagerService: Stored Bluetoothaddress: 00:00:00:9B:BD:5C 12-28 13:34:03.213 929 929 D BluetoothManagerService: Bluetooth Adapter name changed to Xiaomi Mi4 12-28 13:34:03.213 929 929 D BluetoothManagerService: Stored Bluetooth name: Xiaomi Mi4 12-28 13:34:03.213 1082 1227 D BluetoothAdapterProperties: Name is: Xiaomi Mi4 12-28 13:34:03.214 1082 1227 D BluetoothAdapterProperties: Scan Mode:20 12-28 13:34:03.214 1082 1227 D BluetoothAdapterProperties: Discoverable Timeout:120

[DrRamm]

https://gist.github.com/DrRamm/66a662f0125dc25d63d3b2df54e73aad#file-logcat-txt-L1216

[khanfrd]

@DrRamm do you find out why mac got changed??

[DrRamm]

@khanfrd bt? seems like we need stay at old bt.sh instead of binary

[khanfrd]

@DrRamm yeah that's the only workaround i found, may be new blobs needed i guess, thanks

[wuliao6688]

@DrRamm I would like to ask how this Bluetooth log is viewed, the wifi mac you mentioned earlier I have seen in dmesg

[DrRamm]

@DrRamm sorry what? I didn't get you. Pls, describe more

[wuliao6688]

How to View Bluetooth Log @DrRamm

[DrRamm]

@760644586 well I use adb logcat -b all -v brief > logcat.txt

[wuliao6688]

Do you know where IMEI address are read? @DrRamm

[wuliao6688]

@DrRamm In the file aosp/hardware/ril/reference-ril/reference-ril.c, there is a method as follows

static void requestCdmaDeviceIdentity(int request unused, void *data unused, size_t datalen __unused, RIL_Token t) { int err; int response[4]; char responseStr[4]; ATResponse p_response = NULL; const char cmd; const char prefix; char line, p; int commas; int skip; int count = 4;

responseStr[0] = "----";
responseStr[1] = "----";
responseStr[2] = "77777777";
responseStr[3] = "----";
err = at_send_command_numeric("AT+CGSN", &p_response);
RLOGD("requestCdmaDeviceIdentity response :%d ", err);
if (err < 0 || p_response->success == 0) {

    RIL_onRequestComplete(t, RIL_E_GENERIC_FAILURE, NULL, 0);
    return;
} else {
    RLOGD("requestCdmaDeviceIdentity success !!");
    responseStr[0] = p_response->p_intermediates->line;   //此处结果接收作出修改
}
RLOGD("requestCdmaDeviceIdentity response---> :%s ", responseStr[3]);

RIL_onRequestComplete(t, RIL_E_SUCCESS, responseStr, count*sizeof(char*));
at_response_free(p_response);

}

In the file aosp/hardware/ril/reference-ril/reference-ril.c, there is a method as follows

1. RLOGD logs are not printed

2. After deleting the reference-ril.so file, IMEI reads correctly

So I think it's not reference-ril.so that reads imei.

Solution, thank you. My English is not good. Description may have some problems.