Bluetooth Specs
From Wiimote Wiki
Contents[hide] |
Wii Bluetooth Hardware
The Wii Bluetooth hardware is a small USB daughtercard based on the BCM2045. More info: http://wiire.org/Wii/console/bluetooth_card
Here is an dump of the EEPROM on that card; among other things, it contains its USB VID/PID (0x0305/0x057e).
Wiimote
Please see Wiimote.
hid info
After running hidd --connect 00:19:1D:62:36:84 I got the following message from dmesg:
input: Bluetooth HID Boot Protocol Device as /class/input/input3
Here's the contents of /sys/class/input/event3 while connected, as a side note, when buttons 1 and 2 are pressed at the same time the lights at the bottom of the wiimote flash and it accepts connections. Once connected with hidd they continue to flash, otherwise they stop after about 20 seconds.
localhost /sys/class/input/event3 $ for i in `find -type f`; do; echo $i; cat $i; echo; done; ./event3/dev 13:67 ./event3/uevent cat: ./event3/uevent: Permission denied ./capabilities/sw 0 ./capabilities/ff 0 ./capabilities/snd 0 ./capabilities/led 0 ./capabilities/msc 0 ./capabilities/abs 0 ./capabilities/rel 0 ./capabilities/key 0 ./capabilities/ev 1 ./id/version 3a16 ./id/product 0306 ./id/vendor 057e ./id/bustype 0005 ./modalias input:b0005v057Ep0306e3A16-e0,kramlsfw ./uniq ./phys ./name Bluetooth HID Boot Protocol Device ./uevent cat: ./uevent: Permission denied
hci info
Here's the results of hcitool info 00:19:1D:62:36:84
Requesting information ...
BD Address: 00:19:1D:62:36:84
Device Name: Nintendo RVL-CNT-01
LMP Version: 1.2 (0x2) LMP Subversion: 0x229
Manufacturer: Broadcom Corporation (15)
Features: 0xbc 0x02 0x04 0x38 0x08 0x00 0x00 0x00
<encryption> <slot offset> <timing accuracy> <role switch>
<sniff mode> <RSSI> <power control> <enhanced iscan>
<interlaced iscan> <interlaced pscan> <AFH cap. slave>
Running hcidump -X after connection with hidd gives us some
interesting values when button presses occur. Here's some C code for the
different button masks.
#define WII_BUTTON_TWO 0x00000001
#define WII_BUTTON_ONE 0x00000002
#define WII_BUTTON_B 0x00000004
#define WII_BUTTON_A 0x00000008
#define WII_BUTTON_MINUS 0x00000010
#define WII_BUTTON_HOME 0x00000080
#define WII_BUTTON_LEFT 0x00000100
#define WII_BUTTON_RIGHT 0x00000200
#define WII_BUTTON_DOWN 0x00000400
#define WII_BUTTON_UP 0x00000800
#define WII_BUTTON_PLUS 0x00001000
//#define WII_BUTTON_XXX 0x00000020
//#define WII_BUTTON_XXX 0x00000040
spd info
Output of sdptool browse
Browsing 00:19:1D:62:36:84 ...
Service RecHandle: 0x0
Service Class ID List:
"SDP Server" (0x1000)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 1
"SDP" (0x0001)
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"" (0x0100)
Version: 0x0100
Service Name: Nintendo RVL-CNT-01
Service Description: Nintendo RVL-CNT-01
Service Provider: Nintendo
Service RecHandle: 0x10000
Service Class ID List:
"Human Interface Device" (0x1124)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 17
"HIDP" (0x0011)
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Human Interface Device" (0x1124)
Version: 0x0100
Service RecHandle: 0x10001
Service Class ID List:
"PnP Information" (0x1200)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 1
"SDP" (0x0001)
Profile Descriptor List:
"PnP Information" (0x1200)
Version: 0x0100
Output of sdptool records --tree 00:19:1D:62:36:84
Attribute Identifier : 0x0 - ServiceRecordHandle
Integer : 0x10000
Attribute Identifier : 0x1 - ServiceClassIDList
Data Sequence
UUID16 : 0x1124 - HumanInterfaceDeviceService (HID)
Attribute Identifier : 0x4 - ProtocolDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x0100 - L2CAP
Channel/Port (Integer) : 0x11
Data Sequence
UUID16 : 0x0011 - HIDP
Attribute Identifier : 0x5 - BrowseGroupList
Data Sequence
UUID16 : 0x1002 - PublicBrowseGroup
Attribute Identifier : 0x6 - LanguageBaseAttributeIDList
Data Sequence
Code ISO639 (Integer) : 0x656e
Encoding (Integer) : 0x6a
Base Offset (Integer) : 0x100
Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x1124 - HumanInterfaceDeviceService (HID)
Version (Integer) : 0x100
Attribute Identifier : 0xd - AdditionalProtocolDescriptorLists
Data Sequence
Data Sequence
Data Sequence
UUID16 : 0x0100 - L2CAP
Integer : 0x13
Data Sequence
UUID16 : 0x0011 - HIDP
Attribute Identifier : 0x100
Text : "Nintendo RVL-CNT-01"
Attribute Identifier : 0x101
Text : "Nintendo RVL-CNT-01"
Attribute Identifier : 0x102
Text : "Nintendo"
Attribute Identifier : 0x200 - DeviceReleaseNum
Integer : 0x100
Attribute Identifier : 0x201 - ParserVersion
Integer : 0x111
Attribute Identifier : 0x202 - DeviceSubclass
Integer : 0x4
Attribute Identifier : 0x203 - CountryCode
Integer : 0x33
Attribute Identifier : 0x204 - VirtualCable
Integer : 0x0
Attribute Identifier : 0x205 - ReconnectInitiate
Integer : 0x1
Attribute Identifier : 0x206 - DescriptorList
Data Sequence
Data Sequence
Integer : 0x22
Data : 05 01 09 05 a1 01 85 10 15 00 26 ff 00 75 08 95 01 06 00 ff 09 01 91 00 85 11 95 01 09 01 91 00 85 12 95 02 09 01 91 00 85 13 95 01 09 01 91 00 85 14 95 01 09 01 91 00 85 15 95 01 09 01 91 00 85 16 95 15 09 01 91 00 85 17 95 06 09 01 91 00 85 18 95 15 09 01 91 00 85 19 95 01 09 01 91 00 85 1a 95 01 09 01 91 00 85 20 95 06 09 01 81 00 85 21 95 15 09 01 81 00 85 22 95 04 09 01 81 00 85 30 95 02 09 01 81 00 85 31 95 05 09 01 81 00 85 32 95 0a 09 01 81 00 85 33 95 11 09 01 81 00 85 34 95 15 09 01 81 00 85 35 95 15 09 01 81 00 85 36 95 15 09 01 81 00 85 37 95 15 09 01 81 00 85 3d 95 15 09 01 81 00 85 3e 95 15 09 01 81 00 85 3f 95 15 09 01 81 00 c0
Attribute Identifier : 0x207 - LangIDBaseList
Data Sequence
Data Sequence
Integer : 0x409
Integer : 0x100
Attribute Identifier : 0x208 - SDPDisable
Integer : 0x0
Attribute Identifier : 0x209 - BatteryPower
Integer : 0x1
Attribute Identifier : 0x20a - RemoteWakeup
Integer : 0x1
Attribute Identifier : 0x20b - ProfileVersion
Integer : 0x100
Attribute Identifier : 0x20c - SupervisionTimeout
Integer : 0xc80
Attribute Identifier : 0x20d - NormallyConnectable
Integer : 0x0
Attribute Identifier : 0x20e - BootDevice
Integer : 0x0
Attribute Identifier : 0x0 - ServiceRecordHandle
Integer : 0x10001
Attribute Identifier : 0x1 - ServiceClassIDList
Data Sequence
UUID16 : 0x1200 - PnPInformation
Attribute Identifier : 0x4 - ProtocolDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x0100 - L2CAP
Channel/Port (Integer) : 0x1
Data Sequence
UUID16 : 0x0001 - SDP
Attribute Identifier : 0x5 - BrowseGroupList
Data Sequence
UUID16 : 0x1002 - PublicBrowseGroup
Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x1200 - PnPInformation
Version (Integer) : 0x100
Attribute Identifier : 0x200 - SpecificationID
Integer : 0x100
Attribute Identifier : 0x201 - VendorID
Integer : 0x57e
Attribute Identifier : 0x202 - ProductID
Integer : 0x306
Attribute Identifier : 0x203 - Version
Integer : 0x3a16
Attribute Identifier : 0x204 - PrimaryRecord
Integer : 0x1
Attribute Identifier : 0x205 - VendorIDSource
Integer : 0x2
HID Descriptor
Here's what I believe to be a reasonable decoding of the Attribute Identifier : 0x206 - DescriptorList above, based on the HID specification, some parts seem to be vendor-defined:
05 01 Usage Page (Generic Desktop) 09 05 Usage (Gamepad) a1 01 Collection (Physical) 85 10 Report ID=10 15 00 Logical min=0 26 ff 00 Logical max=ff 75 08 Report size=8 95 01 Report count=1 06 00 ff Usage page ff00? 09 01 Usage (Pointer?) 91 00 Output(...) 85 11 Report ID=11 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 12 Report ID=12 95 02 Report count=2 09 01 Usage (pointer?) 91 00 Output(...) 85 13 Report ID=13 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 14 Report ID=14 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 15 Report ID=15 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 16 Report ID=16 95 15 Report count=15 09 01 Usage (pointer?) 91 00 Output(...) 85 17 Report ID=17 95 06 Report count=6 09 01 Usage (pointer?) 91 00 Output(...) 85 18 Report ID=18 95 15 Report count=15 09 01 Usage (pointer?) 91 00 Output(...) 85 19 Report ID=19 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 1a Report ID=1a 95 01 Report count=1 09 01 Usage (pointer?) 91 00 Output(...) 85 20 Report ID=20 95 06 Report count=6 09 01 Usage (pointer?) 81 00 Input(...) 85 21 Report ID=21 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 22 Report ID=22 95 04 Report count=4 09 01 Usage (pointer?) 81 00 Input(...) 85 30 Report ID=30 95 02 Report count=2 09 01 Usage (pointer?) 81 00 Input(...) 85 31 Report ID=31 95 05 Report count=5 09 01 Usage (pointer?) 81 00 Input(...) 85 32 Report ID=32 95 0a Report count=10 09 01 Usage (pointer?) 81 00 Input(...) 85 33 Report ID=33 95 11 Report count=11 09 01 Usage (pointer?) 81 00 Input(...) 85 34 Report ID=34 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 35 Report ID=35 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 36 Report ID=36 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 37 Report ID=37 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 3d Report ID=3d 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 3e Report ID=3e 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) 85 3f Report ID=3f 95 15 Report count=15 09 01 Usage (pointer?) 81 00 Input(...) c0 (End collection) 00
