none
BlueTooth Profile Driver, Windows reserved PSMs range RRS feed

  • Question

  • I have implemented a BT Profile KDMF to simulate a BT HID Keyboard with my desktop machine ( desktop simulates a device ).

    I am trying to control an Android device, The Android device is paired with my desktop and lists the virtual BT keyboard under the list of available devices, however, when the Android device is trying to connect to the virtual KeyBoard ( implemented by my Profile KDMF ) connection is failing with a time out error.

    As others in the forums state, The HID PSMs are reserved for OS usage ( although they are not really used by the OS... ).

    The HID SDP ( Service Discovery Protocol ) I submit refer to the two custom PSMs I have registered ( with a value higher than the reserved range of 0x0000..0x1000 ).

    My guess is that although my SDP specifically refer to the custom SDPs I have registered, the Android device is trying to initiate a L2CAP connection on 0x11 ( Interrupt ) and 0x13 ( Control ) PSMs that are reserved for OS use ( and are not registered by my driver )

    Is there any way to go around this limitation?

    It is possible to implement a LowerFilter between bthenum.sys and the BTH Bus controller and/or bthport.sys to re-route/re-name Incoming L2CAP connections with HID PSMs to my registered ( non HID ) PSMs ?

    Can BthEnum be replaced with a custom driver? one that will publish only a set of designated services ?


    Nadav Rubinstein, See my Blog @ http://www.sophin.com






    • Edited by Nadav Rub Thursday, October 23, 2014 1:33 PM
    Thursday, October 23, 2014 12:50 PM

Answers

  • the interface between bthenum and bthport is not documented, you can't insert a filter to alter PSM assignment policy. bthenum cannot be replaced, but as you debugged, the policy is in bthport, not bthenum

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Nadav Rub Thursday, October 23, 2014 5:30 PM
    Thursday, October 23, 2014 5:25 PM

All replies

  • Hacking through bthport!BthIsSystemPSM resolved the problem!!!

    Android device tirggers the HID LCAP connection callbacks for HID PSMs 0x11 & 0x13

    IDA is your friend.


    Nadav Rubinstein, See my Blog @ http://www.sophin.com



    • Edited by Nadav Rub Thursday, October 23, 2014 5:56 PM
    Thursday, October 23, 2014 4:45 PM
  • the interface between bthenum and bthport is not documented, you can't insert a filter to alter PSM assignment policy. bthenum cannot be replaced, but as you debugged, the policy is in bthport, not bthenum

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Nadav Rub Thursday, October 23, 2014 5:30 PM
    Thursday, October 23, 2014 5:25 PM
  • Dear Nadav,

    Even i was trying to implement HID Bluetooth Profile Driver where laptop act as HID keyboar/mouse device.

    As i am new to windows driver development, Could please explain the HACK/details or steps you took to write your HID keyboard profile driver.

    Thanks

    Satya

    Tuesday, October 28, 2014 7:34 AM
  • I'll get smacked If I'll post the solution in this forum :) , As mentioned above, this is not the right way to go, If U want to simulate a Keyboard for an Android device you can easily do that using the AOA2 USB HID bridge, Let me know how to contact you if still you insist of using BT

    Nadav Rubinstein, See my Blog @ http://www.sophin.com




    • Edited by Nadav Rub Tuesday, October 28, 2014 3:26 PM
    Tuesday, October 28, 2014 1:19 PM
  • dear nadav,

    thanks for your reply.

    actually i just wanted to explore the possibility of doing the same.

    Please share your hack or solution mentioned below is my personal email addrs:

    m.satyavenu@gmail.com

    Have u tried using Filter driver to solve this issue.

    Thanks

    Wednesday, October 29, 2014 7:06 AM
  • Dear Nadav,

    When i try to regsiter PSM 0x11 it gives me STATUS_INVALID_PARAMETER error (0xc000000d).

    But what i think is if PSM 0x11 is already regsitered then i should get STATUS_ALREADY_COMMITED error(oxc0000021)?

           

    Below mentioned is the code snippet where iam trying to register PSM 0x11 in Bluetooth Profile driver.

    DevCtx->Header.ProfileDrvInterface.BthReuseBrb(
            &(DevCtx->RegisterUnregisterBrb), 
            BRB_REGISTER_PSM
            );

        brb = (struct _BRB_PSM *)
                &(DevCtx->RegisterUnregisterBrb);

    brb->Psm = 0x11;

        status = BthEchoSharedSendBrbSynchronously(
            DevCtx->Header.IoTarget,
            DevCtx->Header.Request,
            (PBRB) brb,
            sizeof(*brb)
            );

        if (!NT_SUCCESS(status))
        {
            TraceEvents(TRACE_LEVEL_ERROR, DBG_PNP, 
                "BRB_REGISTER_PSM failed, Status code %!STATUS!\n", status);
            goto exit;        
        }

    Wednesday, October 29, 2014 7:13 AM
  • Hi Nadav,

    I am also interested in your solution, and I can continue to work on it. Can we connect in emails? huisinro@yahoo.com.

    I'd really appreciate if you can get back to me, it seems you have gone very far to make this to work. 

    - Huihong

    Friday, April 17, 2015 11:24 PM