Hacking and random thoughts


Fixing chinese Bluetooth dongle for Linux

Most of cheap Bluetooth dongles from Aliexpress do not work natively in Linux. I have been looking the source code of Bluetooth Linux driver looking for this problem and I have found that it is because some of these dongles are blacklisted because they are using for malicious actions. Thus if you want to use one of these dongles you should remove this code which blacklists the dongle.


Identifying the problem

To identified the problem I connect the device but nothing happen. No device is identified but in

dmesg we can see that the device. So, the driver is not working. Also, we see try to up the device.

Feb 20 19:52:06 kinakuta kernel: [ 1526.080173] usb 1-3: USB disconnect, device number 5
Feb 20 19:52:10 kinakuta kernel: [ 1530.665824] usb 1-3: new full-speed USB device number 6 using xhci_hcd
Feb 20 19:52:11 kinakuta kernel: [ 1530.907492] usb 1-3: New USB device found, idVendor=0a12, idProduct=0001, bcdDevice=88.91
Feb 20 19:52:11 kinakuta kernel: [ 1530.907496] usb 1-3: New USB device strings: Mfr=0, Product=2, SerialNumber=0
Feb 20 19:52:11 kinakuta kernel: [ 1530.907498] usb 1-3: Product: USB1.1-A


Also, we can see that the BT dongle is connected.

Bus 001 Device 002: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
But we can not up the device, cuz we get the following error:
Can't init device hci0: Operation not supported (95)
hci0: Type: Primary Bus: USB
BD Address: xx:xx:xx:xx:xx:xx ACL MTU: 360:4 SCO MTU: 0:0
DOWN 
RX bytes:3318 acl:0 sco:0 events:168 errors:0
TX bytes:2208 acl:0 sco:0 commands:180 errors:0
Features: 0xff 0xff 0xcd 0xfa 0xdb 0xbf 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 
Link policy: RSWITCH HOLD SNIFF PARK 
Link mode: SLAVE ACCEPT 

Idenifitying the problem using btmon:

1. Run btmon;

2. Try to up the device with hciconfig (hciconfig hci0 up); and

3. Get the error when Delete Stored Link Key.

Status: Unsupported Feature or Parameter Value


Fixing the problem:

1. Download the kernel source code:

apt-get source linux

2. The bluetooth driver is in <kernel>/drivers/bluetooth

3. Go to the directory;

4. Modify the following source code of btusb.c;

1568     /* Detect controllers which aren't real CSR ones. */                                            
1569     if (le16_to_cpu(rp->manufacturer) != 10 ||                                                      
1570         le16_to_cpu(rp->lmp_subver) == 0x0c5c) {                                                  
1571         /* Clear the reset quirk since this is not an actual                                        
1572          * early Bluetooth 1.1 device from CSR.                                                     
1573          */                                                                                         
1574         clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);                                         
1575                                                                                                     
1576         /* These fake CSR controllers have all a broken                                             
1577          * stored link key handling and so just disable it.                                         
1578          */                                                                                         
1579         set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);                                   
1580     }     
by:
1568     /* Detect controllers which aren't real CSR ones. */                                            
1569 /*  if (le16_to_cpu(rp->manufacturer) != 10 ||                                                      
1570         le16_to_cpu(rp->lmp_subver) == 0x0c5c) {*/                                                  
1571         /* Clear the reset quirk since this is not an actual                                        
1572          * early Bluetooth 1.1 device from CSR.                                                     
1573          */                                                                                         
1574         clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks);                                         
1575                                                                                                     
1576         /* These fake CSR controllers have all a broken                                             
1577          * stored link key handling and so just disable it.                                         
1578          */                                                                                         
1579         set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks);                                   
1580     //}     

And,

3178         /* Fake CSR devices with broken commands */                                                 
3179         //if (bcdDevice <= 0x100 || bcdDevice == 0x134)                                             
3180             hdev->setup = btusb_setup_csr;  
by:
3178         /* Fake CSR devices with broken commands */                                                 
3179         if (bcdDevice <= 0x100 || bcdDevice == 0x134)                                             
3180             hdev->setup = btusb_setup_csr;  

5. Compile the kernel module; and

make -C /lib/modules/$(uname -r)/build M=$(pwd) clean
cp /usr/src/linux-headers-$(uname -r)/.config ./
cp /usr/src/linux-headers-$(uname -r)/Module.symvers Module.symvers
make -C /lib/modules/$(uname -r)/build M=$(pwd) modules

6. Install

sudo cp btusb.ko /lib/modules/$(uname -r)/kernel/drivers/bluetooth
sudo modprobe -r btusb
sudo modprobe -v btusb

Now, we can plug the usb bt dongle and it is detected by the operating system and we can use it.

Feb 20 20:00:56 kinakuta kernel: [ 2055.949895] usbcore: deregistering interface driver btusb
Feb 20 20:01:00 kinakuta kernel: [ 2060.821624] usbcore: registered new interface driver btusb
Feb 20 20:01:08 kinakuta kernel: [ 2068.374786] usb 1-3: new full-speed USB device number 8 using xhci_hcd
Feb 20 20:01:08 kinakuta kernel: [ 2068.617091] usb 1-3: New USB device found, idVendor=0a12, idProduct=0001, bcdDevice=88.91
Feb 20 20:01:08 kinakuta kernel: [ 2068.617095] usb 1-3: New USB device strings: Mfr=0, Product=2, SerialNumber=0
Feb 20 20:01:08 kinakuta kernel: [ 2068.617097] usb 1-3: Product: USB1.1-A
Feb 20 20:01:08 kinakuta kernel: [ 2068.756604] Bluetooth: RFCOMM TTY layer initialized
Feb 20 20:01:08 kinakuta kernel: [ 2068.756614] Bluetooth: RFCOMM socket layer initialized
Feb 20 20:01:08 kinakuta kernel: [ 2068.756619] Bluetooth: RFCOMM ver 1.11




linux bluetooth

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.