Bluetooth Filter Driver for DS3-compatibility - research notes



  • @GregM for every device mimicking the classic remote names used by Sony in the firmware and using the same protocol as the PS3/4.



  • @nefarius said in Bluetooth Filter Driver for DS3-compatibility - research notes:

    @GregM for every device mimicking the classic remote names used by Sony in the firmware and using the same protocol as the PS3/4.

    The name is ONYX WIRELESS CONTROLLER, followed by PSM 0x11. So, if this name will be ok for the filter, then may work.

    Dump from btmon:
    9c2e7872-5eca-41fe-ac6c-22071e9b1172-obraz.png



  • @GregM you just raised a feature request: configurable name match 😆 you delayed release, congraz 😁



  • @nefarius said in Bluetooth Filter Driver for DS3-compatibility - research notes:

    @GregM you just raised a feature request: configurable name match 😆 you delayed release, congraz 😁

    Oh, no 🙂

    The configurable name match is very good idea (better than static name set) 👍



  • @GregM yep, I'm convinced. That's a good idea and contributes to the flexibility to cover such cases as yours. Shouldn't take too much code to implement.



  • @nefarius said in Bluetooth Filter Driver for DS3-compatibility - research notes:

    @GregM yep, I'm convinced. That's a good idea and contributes to the flexibility to cover such cases as yours. Shouldn't take too much code to implement.

    I can test beta with this feature implemented on Onyx PS4.



  • @GregM that would be fabulous, I recommend hopping on our Discord for more responsive exchanges.



  • @nefarius said in Bluetooth Filter Driver for DS3-compatibility - research notes:

    @GregM that would be fabulous, I recommend hopping on our Discord for more responsive exchanges.

    Ok, I'm in 🙂



  • @nefarius ok i get it ,no problem at all, i just hope that the touch pad will be usable as a button in ds4!



  • Auto-reset filter implemented

    And there we have it 🎉 it's now configurable if the DualShock 4 should be supported in PS4 mode and if turned off, the filter will be automatically disabled for a certain amount of seconds which allows the DS4 to re-connect in PC mode and then the filter patch will be enabled again automatically 😇

    Profile log

    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	BthPS3_IndicationCallback Entry
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	New connection for PSM 0x5053 from ACFD93095C20 arrived
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	IRQL DPC (0x02) too high, preparing async call
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	BthPS3_IndicationCallback Exit
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	L2CAP_PS3_HandleRemoteConnectAsync Entry
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	L2CAP_PS3_HandleRemoteConnect Entry
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	ClientConnections_RetrieveByBthAddr Entry
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	ClientConnections_RetrieveByBthAddr Exit (STATUS_NOT_FOUND (0xC0000225))
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	++ Device ACFD93095C20 name: Wireless Controller
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	Filter disabled, re-enabling in 10 seconds
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	L2CAP_PS3_DenyRemoteConnect Entry
    2019/10/05-15:41:46.796	TRACE_LEVEL_VERBOSE	L2CAP_PS3_DenyRemoteConnectCompleted Entry (STATUS_SUCCESS (0x00000000))
    2019/10/05-15:41:46.796	TRACE_LEVEL_VERBOSE	L2CAP_PS3_DenyRemoteConnectCompleted Exit
    2019/10/05-15:41:46.796	TRACE_LEVEL_VERBOSE	L2CAP_PS3_DenyRemoteConnect Exit
    2019/10/05-15:41:46.796	TRACE_LEVEL_VERBOSE	L2CAP_PS3_HandleRemoteConnectAsync Exit
    2019/10/05-15:41:56.796	TRACE_LEVEL_VERBOSE	BthPS3_EnablePatchEvtWdfTimer called, requesting filter to enable patch
    2019/10/05-15:41:56.796	TRACE_LEVEL_ERROR	PSM Filter enable request finished with status STATUS_SUCCESS (0x00000000)
    

    Filter log

    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	>> Connection request for HID Control PSM 0x0011 arrived
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	++ Patching HID Control PSM to 0x5053
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	>> Bulk IN transfer (PipeHandle: FFFF9A0572BD6320)
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Exit
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	BthPS3PSM_SidebandIoDeviceControl Entry
    2019/10/05-15:41:46.795	TRACE_LEVEL_VERBOSE	PSM patch disabled for device 0
    2019/10/05-15:41:46.795	TRACE_LEVEL_INFORMATION	BthPS3PSM_SidebandIoDeviceControl Exit
    2019/10/05-15:41:49.079	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Entry
    2019/10/05-15:41:49.079	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Exit
    2019/10/05-15:41:49.080	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Entry
    2019/10/05-15:41:49.080	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Exit
    2019/10/05-15:41:49.080	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Entry
    2019/10/05-15:41:49.080	TRACE_LEVEL_VERBOSE	UrbFunctionBulkInTransferCompleted Exit
    2019/10/05-15:41:56.796	TRACE_LEVEL_INFORMATION	BthPS3PSM_SidebandIoDeviceControl Entry
    2019/10/05-15:41:56.796	TRACE_LEVEL_VERBOSE	PSM patch enabled for device 0
    2019/10/05-15:41:56.796	TRACE_LEVEL_INFORMATION	BthPS3PSM_SidebandIoDeviceControl Exit
    

    Next step: reading supported device names from registry as well.



  • Ugh, I feel so dirty. Let's see if this works nonetheless though...

    #include <ntstrsafe.h>
    
    BOOLEAN
    StringUtil_BthNameIsEqual(
        CHAR Lhs,
        WDFSTRING Rhs
    )
    {
        UNICODE_STRING usRhs;
        DECLARE_UNICODE_STRING_SIZE(usLhs, BTH_MAX_NAME_SIZE);
    
        //
        // WDFSTRING to UNICODE_STRING
        // 
        WdfStringGetUnicodeString(
            Rhs,
            &usRhs
        );
    
        //
        // CHAR to UNICODE_STRING
        // 
        RtlUnicodeStringPrintf(&usLhs, L"%s", Lhs);
    
        //
        // Compare case-insensitive
        // 
        return RtlEqualUnicodeString(&usLhs, &usRhs, TRUE);
    }
    
    

    EDIT: nope, not that easy 🤣

    2f7dfbb1-2b4e-4284-b75c-c6f157d7c4a3-image.png



  • Welp, fixed... %s ain't %hs 😖

    BOOLEAN
    StringUtil_BthNameIsEqual(
        PCHAR Lhs,
        WDFSTRING Rhs
    )
    {
        NTSTATUS status;
        UNICODE_STRING usRhs;
        DECLARE_UNICODE_STRING_SIZE(usLhs, BTH_MAX_NAME_SIZE);
    
        //
        // WDFSTRING to UNICODE_STRING
        // 
        WdfStringGetUnicodeString(
            Rhs,
            &usRhs
        );
    
        //
        // CHAR to UNICODE_STRING
        // 
        status = RtlUnicodeStringPrintf(&usLhs, L"%hs", Lhs);
        if (!NT_SUCCESS(status)) {
            TraceEvents(TRACE_LEVEL_INFORMATION,
                TRACE_UTIL,
                "RtlUnicodeStringPrintf failed with status %!STATUS!",
                status
            );
        }
    
        TraceEvents(TRACE_LEVEL_INFORMATION,
            TRACE_UTIL,
            "!! LHS: \"%wZ\" RHS: \"%wZ\"",
            &usLhs, &usRhs
        );
    
        //
        // Compare case-insensitive
        // 
        return RtlEqualUnicodeString(&usLhs, &usRhs, TRUE);
    }
    

    Result:

    2019/10/06-13:20:31.438	TRACE_LEVEL_INFORMATION	!! LHS: "Wireless Controller" RHS: "PLAYSTATION(R)3 Controller"
    2019/10/06-13:20:31.438	TRACE_LEVEL_INFORMATION	!! LHS: "Wireless Controller" RHS: "Wireless Controller1"
    2019/10/06-13:20:31.438	TRACE_LEVEL_WARNING	!! Device ACFD93095C20 not identified or denied, dropping connection
    


  • All features implemented, the closed beta team is currently testing the latest changes 🙂



  • Aftermarket compatibility established 😁

    08beadda-ab3e-489c-a86d-ed963b8c319e-image.png

    2019/10/07-20:04:47.624	TRACE_LEVEL_INFORMATION	++ Device 00F570996325 name: PLAYSTATION(R)3Conteroller-PANHAI
    2019/10/07-20:04:47.624	TRACE_LEVEL_VERBOSE	StringUtil_BthNameIsEqual LHS: "PLAYSTATION(R)3Conteroller-PANHAI" RHS: "PLAYSTATION(R)3 Controller"
    2019/10/07-20:04:47.624	TRACE_LEVEL_VERBOSE	StringUtil_BthNameIsEqual LHS: "PLAYSTATION(R)3Conteroller-PANHAI" RHS: "PLAYSTATION(R)3Conteroller-PANHAI"
    2019/10/07-20:04:47.624	TRACE_LEVEL_INFORMATION	++ Device 00F570996325 identified as SIXAXIS compatible
    


  • I dug up more, thanks to the archive of ScpToolkit issues 🤣

    af3fc049-7c31-443e-813f-c18795738a3a-image.png



  • Navigation and Motion controllers connect as well. But mine are low on battery, so let's let them plugged in over night 😅



  • Amazing progress! i can't wait!!!


Log in to reply