Editing DS4-BT

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 49: Line 49:
* [[Wireless#Overlapping_channels_BT.2FWi-Fi|Overlapping channels BT/Wi-Fi]]
* [[Wireless#Overlapping_channels_BT.2FWi-Fi|Overlapping channels BT/Wi-Fi]]


=== Bluetooth Addressing ===
=== Bluetooth Adressing ===


Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
Line 764: Line 764:
|-
|-
|[16 - 17]
|[16 - 17]
|colspan="8"|Angular velocity X
|colspan="8"|Acceleration X
|-
|-
|[18 - 19]
|[18 - 19]
|colspan="8"|Angular velocity Y
|colspan="8"|Acceleration Y
|-
|-
|[20 - 21]
|[20 - 21]
|colspan="8"|Angular velocity Z
|colspan="8"|Acceleration Z
|-
|-
|[22 - 23]
|[22 - 23]
|colspan="8"|Acceleration X
|colspan="8"|Gyroscope Roll?
|-
|-
|[24 - 25]
|[24 - 25]
|colspan="8"|Acceleration Y
|colspan="8"|Gyroscope Yaw?
|-
|-
|[26 - 27]
|[26 - 27]
|colspan="8"|Acceleration Z
|colspan="8"|Gyroscope Pitch?
|-
|-
|[28 - 32]
|[28 - 32]
Line 899: Line 899:
The protocol code is 0x11.
The protocol code is 0x11.


First bit at byte 2 specifies whether to enable control. Byte at index 4 specifies which individual control to enable.
Byte at index 4 changes from 0xf0 to 0xf3 in the first reports. Making it always 0xf0 does not seem to change something.


Report example:
Report example:
Line 936: Line 936:
|colspan="8"|'''0x11'''
|colspan="8"|'''0x11'''
|-
|-
|[2]
|[2 - 3]
|colspan="1"|Controls
|colspan="7"|Unknown
|-
|[3]
|colspan="8"|Unknown
|colspan="8"|Unknown
|-
|-
|[4]
|[4]
|colspan="4"|0x0f
|colspan="8"|0xf0 disables the rumble motors, 0xf3 enables them
|colspan="1"|Unknown
|colspan="1"|Flash
|colspan="1"|Color
|colspan="1"|Rumble
|-
|-
|[5 - 6]
|[5 - 6]
Line 1,595: Line 1,587:
|}
|}


The sequence is 1040 bytes long with the following structure:
The packets with report counter from 0x00 to 0x09 carry 528 bytes of data.<br />
 
Packet 0x09 contains 24 bytes of data and is padded with zeros.<br />
<pre>
The packets with report counter from 0x0a to 0x0c are padded with zeros.<br />
struct ds4_response {
Packet 0x0d is padded with zeros, except bytes 58 and 60 (both are 0x01).<br />
unsigned char signature[0x100];
The packets with report counter from 0x0e to 0x12 carry 256 bytes of data.<br />
unsigned char serial_num[0x10];
Packet 0x12 contains 32 bytes of data and is padded with zeros.<br />
unsigned char n[0x100];
unsigned char e[0x100];
unsigned char casig[0x100];
};
</pre>
 
<u>signature</u> - is a PSS signature of the nonce, signed with DS4's private key<br>
<u>serial_num</u> - is the controller/cert serial number<br>
<u>n</u> - DS4's Public Key prime<br>
<u>e</u> - DS4's Public Key exponent<br>
<u>casig</u> - is a PSS signature (signed by Sony's CA private key) of the <u>serial_num</u>, <u>n</u> and <u>e</u><br>
 
The last (19th) packet is padded with 24 bytes.


====== 0xF2 ======
====== 0xF2 ======
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps4/DS4-BT"