Disable vendor check in bluetoothd

[williambj1]

Hi developers!

This patch disables the bluetoothd's vendor check introduced in Monterey Beta 10 and practically restores the behavior of bluetoothd from older versions.

I totally understand that this repo is for Brcm Bluetooth. Feel free to close this PR if it is out of place or there are better ways to work around this check. Thanks!

[vit9696]

I have three questions:

• Can this be done more reliably to ensure that the patch does not break in future versions?
• Does it still need BlueTool patches?
• What did actually happen with beta 10?

[williambj1]

Can this be done more reliably to ensure that the patch does not break in future versions?

I'm fairly new with Lilu patches and I'm not an expert in x86 assembly. Not sure how to improve the patch at the moment.
Spoofing the vendor id would be technically more reliable but I don't think it's a good idea
OpenIntelWireless/IntelBluetoothFirmware#347 (comment)
Qualcomm and Marvell cards would require spoofs as well.

Does it still need BlueTool patches?

Haven't tested this, will do so asap.

What did actually happen with beta 10?

In bluetoothd BUILD Oct 10 2021 22:19:20 (The one shipped with beta 10), Apple added a USB vendor id check and considers non-Brcm and non-CSR dongles as unsupported devices.

loc_100064BBA:                          ; CODE XREF: sub_100064851+345↑j
                                        ; sub_100064851+34D↑j
                cmp     edx, 0A5Ch
                jz      short loc_100064BCA
                cmp     edx, 0A12h
                jnz     short loc_100064BF7

Here are the binaries
bluetoothd-beta10.zip
bluetoothd-beta8.zip

I don't have bluetoothd from beta 9 but people reported that it worked well.

[dhinakg]

This works as a hotfix, but given the complexity of the Bluetooth stack (see acidanthera/bugtracker#1821) and the fact that these binaries have been changing somewhat rapidly over the last few betas, I think we should wait til at least GM before actually merging a fix.

That said, as we don't know how long it'll be til GM it might be prudent to just merge this now and then replace it with something better in the future if needed.

[MaximeH38]

Someone can compile this for me? I don't have Xcode and want to test it. My bluetooth combo card is a DW1550 and Monterey detects that the vendor is different (Dell) I think that is what is causing issue
And how use bluetoothd hot patch? I don't understand.
Thank you very much.
Maxime.

[Ubsefor]

Someone can compile this for me?

Here you go:
BrcmPatchRAM-2.6.1-RELEASE.zip
(compiled using Lilu 1.5.6, MKSDK master, Xcode 13.0 (13A233), Darwin 21.1.0 root:xnu-8019.41.5~1/RELEASE_X86_64)

And how use bluetoothd hot patch? I don't understand.

The point of this PR is to make BlueTool patch bluetoothd’s vendor checking upon its load, I believe. However, it may be that in your case some additional device-id spoofing is still needed even after the patch, needs testing.

[MaximeH38]

Someone can compile this for me?

Here you go: BrcmPatchRAM-2.6.1-RELEASE.zip (compiled using Lilu 1.5.6, MKSDK master, Xcode 13.0 (13A233), Darwin 21.1.0 root:xnu-8019.41.5~1/RELEASE_X86_64)

And how use bluetoothd hot patch? I don't understand.

The point of this PR is to make BlueTool patch bluetoothd’s vendor checking upon its load, I believe. However, it may be that in your case some additional device-id spoofing is still needed even after the patch, needs testing.

Oh okay, i want to spoof my device-id (vendor-id) but I don't know how to do that. with a DSDT?
I'm so confused.
Thanks for the kext, it's works!

[vit9696]

I reworked the patch to not rely on branch size and merged it in master. Also reduced the amount of binary comparison.

To all: please confirm that build 44c3025 works fine on your recent macOS version by posting in this issue. It will land very soon on Dortania CI. If it is ok, we should release BrcmPatchRAM separately this weekend to ease macOS 12 transition for the maniacs who want it from day one.

[kidonng]

44c3025 works for me 🎉 (macOS 12.0.1 21A559, Intel AC 9461)

[Ubsefor]

44c3025 Also works just as before Beta 10 👌🏻 (still need to kill bluetoothd after S4 sleep for it to work + unable to turn on/off or pair with laptop via bluetooth using iphone – «unsupported»)

[Juan-VC-gh]

Someone can compile this for me?

Here you go: BrcmPatchRAM-2.6.1-RELEASE.zip (compiled using Lilu 1.5.6, MKSDK master, Xcode 13.0 (13A233), Darwin 21.1.0 root:xnu-8019.41.5~1/RELEASE_X86_64)

And how use bluetoothd hot patch? I don't understand.

The point of this PR is to make BlueTool patch bluetoothd’s vendor checking upon its load, I believe. However, it may be that in your case some additional device-id spoofing is still needed even after the patch, needs testing.

Edit: Monterey 2.6.1 -> Monterey 12.0.1

BrcmPatchRAM 2.6.1 is working for me on release Monterey 12.0.1 with BCM94352Z while the card did not work at all with 2.6.0.

Some limitations I have found from the BT solution on Monterey:

1. Can receive files via AirDrop but cannot send files.
2. Continuity works fine although same as 1, only works when the continuity data is passed from an iPhone/iPad to MacBook and not the other way around.
3. Mirror/Extend MacBook display to an iPad does not work as well.

Outgoing BT connections seem to be failing. No issues at all receiving data.

[richibrics]

Hi developers!

This patch disables the bluetoothd's vendor check introduced in Monterey Beta 10 and practically restores the behavior of bluetoothd from older versions.

I totally understand that this repo is for Brcm Bluetooth. Feel free to close this PR if it is out of place or there are better ways to work around this check. Thanks!

Hi, since I'm using BlueToolFixUp (on Monterey 12.4, but also on Ventura's first beta), sometimes bluetooth crashes when I connect/disconnect a device.
In Console I noticed these messages related to bluetooth when there's the crash:

[bm3_usb][Found_USB_Dongle] -- FoundBluetoothInterfaces() for deviceClass (224), idVendor = 0x8087, idProduct = 0x0AAA returned true
[bm3_usb][Found_USB_Dongle] -- FoundBluetoothInterfaces() for deviceClass (255), idVendor = 0x06CB, idProduct = 0x00BE returned false

The second one talks about my webcam device, if I disable it from BIOS I don't have the problem (for the moment).
Do you think this issue could be related to the vendor id check ?

Thank you.