Talk:Wiimote/Reverse Enginering

From WiiLi

Jump to: navigation, search

[edit] Bluesniff

Is that BT sniffer just a BT transmitter with a specific piece of software running? I did a Google search on BT Sniffing and came across one promising result:

http://bluesniff.shmoo.com/ which is Linux Based. I haven't even tested the software myself so I don't even know if it's actual BT sniffing. How much would this dongle from Frontline cost?

Interesting. Please, if you can research this application a little more, as well as find out how much such a dongle costs and where we could buy one.

If the documentation doesn't contain enough details, please contact the author and ask him if it would be suitable for our purposes.

I just e-mailed the author of the BlueSniff software and will post his reply. The only thing is that his readme is dated 7/31/2003, so we'll see even if he replies! Hope we can get this off the ground. :) I just don't get how that dongle can cost over $4000... --ParadoxPerfect 22:38, 17 December 2006 (EST)

From the DefCon 11 presentation on the Bluesniff webpage, it seems that Bluesniff isn't capable of actually sniffing data. It seems to be just a frontend for Redfang, a tool for brute force discovering devices that are not in discoverable mode.

[edit] Half-rate reports

I worked out half the format of the half-rate reports, as requested on this page. The entire acceleration data is stored in only a single byte per report, with the missing data in the buttons. But I still don't know how the IR part of these reports works, partly because I don't have a proper sensor bar. CarlKenner 03:47, 18 December 2006 (EST)

[edit] Got one!

I have my hands on a LeCroy MerlinII bluetooth sniffer. I'll start running these scripts as soon as I get it all set up.

Should I just post the results here? Or email them to somewhere? --Zudini 17:16, 19 December 2006 (EST)

Wow, that's great! The best would be for you to come see us on IRC, #wiili on irc.freenode.net, and if nobody is there when you join, try #wiidev on irc.blitzed.org! Hernick 18:18, 19 December 2006 (EST)

Cool. I'd say, post them here too, so that more people can have a look at them. --Kosi2801 01:41, 20 December 2006 (EST)
Great news! And yes, please post them here! Cadex

I've just found a spare Merlin (not Merlin II) sniffer at work - do you still need the info described in the article? Or is the page out of date now?--cjr22 2 October 2007 Well, there is mainly four things at this point that is still unclear:

  • The speaker
  • The Registration to a Wii
  • The power button, both on and off
  • The flash memory in the wiimote, I believe it has a filesystem of some sort, since that is kinda required for all these player profiles that games keep having...--henke37 08:02, 2 October 2007 (EDT)
OK, I'll take the box home tonight and see what I can discover. I haven't used the Merlin or installed the software yet, so it may take me a while to figure it out. I don't have a Classic Controller or any GC or VC games, but I do have Zelda, Sports, Play and Wario Ware. Assuming all goes well, I should be able to get sniffs of the following, let me know if you need any more.
  • Pressing A+B at the start of Zelda to get the sound.
  • Again, but without a Nunchuk connected to get the "connect a nunchuk" screen
  • Power button on.
  • Power button off

What do you mean by "Registration"? Pressing the red buttons to pair with the Wii? If so, I can do that too. I've no idea how I can use a bluetooth sniffer to work out the flash memory filesystem. If there are tests I can do please let me know.--cjr22 09:42, 2 October 2007 (EDT)

Correct, registration as in pairing. Btw, there is two pairing ways, red button or 1+2, we have no idea how it can tell them appart either. The most obvious way would be to see if the Wii reads any data before writing data the the flash in the wiimote. For the speaker, it is mostly figuring out the details of the timing and the data encoding, since we already got a lose idea on how to send the data. Also, see if you can eventually get some dumps for upcoming controllers like that balance board and the upcoming wheel shell for mario kart. --henke37 17:26, 2 October 2007 (EDT)

It's never as easy as it looks... The software I downloaded is not compatible with the firmware on the Merlin, and our maintenance contract expired some time ago. If I can find an earlier version on the web or at work somewhere then I might be back in business, otherwise I can't help. I'll let you know how I get on.--cjr22 03:19, 3 October 2007 (EDT)
Well, the very nice people at LeCroy upgraded my license for free. However, I can't get the Merlin to see the Wii. It could be because the original Merlin doesn't support Bluetooth 1.2 devices, or it could be because I'm just using it wrong. I can see packets from the remote when it's pairing, but nothing from the Wii itself. I think I need to get the Merlin to pair with the Wii before I can do a proper capture, but as yet, I haven't managed this. Don't think I'm going to be much use, unless anyone has any bright ideas. --cjr22 10:11, 8 October 2007 (EDT)
Retrieved from "http://www.wiili.org/index.php/Talk:Wiimote/Reverse_Enginering"
Personal tools
Online Casino - best online casino reviews.
Facebook Developers - facebook applications, facebook developers, facebook development, social network application development and viral widget social media strategy