Android源碼各個(gè)擊破之-藍(lán)牙屬性配置分析

?三星4.2手機(jī)，vivo7.1手機(jī)，藍(lán)牙不加"android.permission.BLUETOOTH_ADMIN"權(quán)限，無(wú)法掃描藍(lán)牙，但是可以根據(jù)mac直接連接。

Android MTK 修改手機(jī)和藍(lán)牙名稱(chēng)

https://blog.csdn.net/mr_kings/article/details/51042991

?關(guān)于google官方藍(lán)牙代碼關(guān)閉藍(lán)牙時(shí)的一個(gè)bug:

???????? http://www.it1352.com/124594.html

????

Android通過(guò)反射機(jī)制實(shí)現(xiàn)后臺(tái)設(shè)置藍(lán)牙可見(jiàn)性

https://blog.csdn.net/Frakie_Kwok/article/details/78028115

? 1.init方法

? ? ? ? config_new方法將bt_config.conf文件加載到config變量，具體這個(gè)方法我就不細(xì)說(shuō)了。

????

? 這個(gè)init方法怎么被調(diào)用的呢？

????????

?

? ?module_t是一個(gè)結(jié)構(gòu)體，這個(gè)結(jié)構(gòu)體主要是定義了一個(gè)大的模塊的生命周期方法。

? ? ? ??

? ??

? ? stack_manager?

????init_stack -> event_init_stack -> btif_config.c

? ??

? ??

? ?? ?

? ? ? ?stack_manager又通過(guò)interface暴露引用給上層。

? ? ? ?

????? ? ?

? ? ? bluetooth.c ->stack_manager.c

? ? ? ?

?????

? ? ? 那么bluetooth.c是在哪里被調(diào)用呢？

? ? ? 參照我的另外一篇博客https://blog.51cto.com/4259297/2161333?中關(guān)于藍(lán)牙物理mac的分析，就能串起來(lái)了。思路就是framework-jni-c。

??????

? ?????在此，我就對(duì)藍(lán)牙物理mac的獲取作一下總結(jié)：

? ? ? ?BluetoothAdapter-->BluetoothManagerService-->AdapterService-->bluetooth.c

??????

? ? ? ?AdapterService通過(guò)JNI(com_android_bluetooth_btservice_AdapterService.cpp)與bluetooth.c交互，開(kāi)啟藍(lán)牙協(xié)議棧。

? ? ? ?

? ? ? ?

? ? ? ? ?

????????結(jié)合上面這段代碼 看看bluetooth.c的這段代碼：

????????

?????????根據(jù)moduleid??

? ? ? ? ?由此推斷com_android_bluetooth_btservice_AdapterService.cpp里面的module就是bluetooth.c里的?HAL_MODULE_INFO_SYM

?????????

? ???????HAL_MODULE_INFO_SYM的methods指向了結(jié)構(gòu)體bt_stack_module_methods，結(jié)構(gòu)體bt_stack_module_methods的open方法成員又指向了open_bluetooth_stack方法。

?????????open_bluetooth_stack方法創(chuàng)建了device對(duì)象，將外部的module傳遞進(jìn)來(lái) ，并將創(chuàng)建的device傳遞出去。

?????????

?????????device中的get_bluetooth_interface成員方法指向了bluetooth.c的bluetooth__get_bluetooth_interface的方法。這個(gè)接口定義在bluetooth.h中，為一個(gè)接口體，里面有各種方法指針。bluetooth.c對(duì)接口做了

???????? 實(shí)現(xiàn)。

????????

? ? ? ? 理論上藍(lán)牙物理mac是受保護(hù)，不允許修改。我最終的目的是在開(kāi)啟藍(lán)牙時(shí)，使用自定義的mac就行。所以只能通用找尋藍(lán)牙開(kāi)啟時(shí)，外部掃描的那個(gè)mac是如何顯示的，修改源碼了。

????????

尋找藍(lán)牙開(kāi)啟時(shí)如何設(shè)置的mac

? 1.搜索btif_config.c的btif_config_get_str方法

????????

? 2. 上面這個(gè)就是獲取本地藍(lán)牙地址的方法? ? ?

?static?void?btif_fetch_local_bdaddr(bt_bdaddr_t?*local_addr)
{
????????????char?val[];
????????????uint8_t?valid_bda?=?FALSE;
????????????int?val_size?=?0;
????????????const?uint8_t?null_bdaddr[BD_ADDR_LEN]?=?{0,0,0,0,0,0};
????????
????????????/*?Get?local?bdaddr?storage?path?from?property?*/?????????????//獲取本地藍(lán)牙m(xù)ac的存儲(chǔ)路徑
????????????//##########1
????????????if?(property_get(PROPERTY_BT_BDADDR_PATH,?val,?NULL))
????????????????{
????????????????????int?addr_fd;
????????????
????????????????????BTIF_TRACE_DEBUG("local?bdaddr?is?stored?in?%s",?val);
????????????
????????????????????if?((addr_fd?=?open(val,?O_RDONLY))?!=?-1)
????????????????????????{
????????????????????????????memset(val,?0,?sizeof(val));
????????????????????????????read(addr_fd,?val,?FACTORY_BT_BDADDR_STORAGE_LEN);
????????????????????????????string_to_bdaddr(val,?local_addr);
????????????????????????????/*?If?this?is?not?a?reserved/special?bda,?then?use?it?*/
????????????????????????????if?(memcmp(local_addr->address,?null_bdaddr,?BD_ADDR_LEN)?!=?0)
????????????????????????????????{
????????????????????????????????????valid_bda?=?TRUE;
????????????????????????????????????BTIF_TRACE_DEBUG("Got?Factory?BDA?%02X:%02X:%02X:%02X:%02X:%02X",
????????????????????????????????????????????????local_addr->address[0],?local_addr->address[1],?local_addr->address[2],
????????????????????????????????????????????????local_addr->address[3],?local_addr->address[4],?local_addr->address[5]);
????????????????????????????????}
????????????????
????????????????????????????close(addr_fd);
????????????????????????}
????????????????}
????????
????????????????//##########2
????????????if(!valid_bda)
????????????????{
????????????????????val_size?=?sizeof(val);
????????????????????if(btif_config_get_str("Adapter",?"Address",?val,?&val_size))
????????????????????{
????????????????????????????string_to_bdaddr(val,?local_addr);
????????????????????????????BTIF_TRACE_DEBUG("local?bdaddr?from?bt_config.xml?is??%s",?val);
????????????????????????????return;
????????????????????????}
?????????????????}
????????
????????????/*?No?factory?BDADDR?found.?Look?for?previously?generated?random?BDA?*/
????????????if?((!valid_bda)?&&?\
????????????????(property_get(PERSIST_BDADDR_PROPERTY,?val,?NULL)))
????????????{
????????????????????string_to_bdaddr(val,?local_addr);
????????????????????valid_bda?=?TRUE;
????????????????????BTIF_TRACE_DEBUG("Got?prior?random?BDA?%02X:%02X:%02X:%02X:%02X:%02X",
????????????????????????????????local_addr->address[0],?local_addr->address[1],?local_addr->address[2],
????????????????????????????????local_addr->address[3],?local_addr->address[4],?local_addr->address[5]);
????????????????}
????????
????????????/*?Generate?new?BDA?if?necessary?*/
????????????if?(!valid_bda)
????????????????{
????????????????????bdstr_t?bdstr;
????????????????????/*?Seed?the?random?number?generator?*/
????????????????????srand((unsigned?int)?(time(0)));
????????????
????????????????????/*?No?autogen?BDA.?Generate?one?now.?*/
????????????????????local_addr->address[0]?=?0x22;
????????????????????local_addr->address[1]?=?0x22;
????????????????????local_addr->address[2]?=?(uint8_t)?((rand()?>>?8)?&?0xFF);
????????????????????local_addr->address[3]?=?(uint8_t)?((rand()?>>?8)?&?0xFF);
????????????????????local_addr->address[4]?=?(uint8_t)?((rand()?>>?8)?&?0xFF);
????????????????????local_addr->address[5]?=?(uint8_t)?((rand()?>>?8)?&?0xFF);
????????????
????????????????????/*?Convert?to?ascii,?and?store?as?a?persistent?property?*/
????????????????????bdaddr_to_string(local_addr,?bdstr,?sizeof(bdstr));
????????????
????????????????????BTIF_TRACE_DEBUG("No?preset?BDA.?Generating?BDA:?%s?for?prop?%s",
?????????????????????????????????(char*)bdstr,?PERSIST_BDADDR_PROPERTY);
????????????
????????????????????if?(property_set(PERSIST_BDADDR_PROPERTY,?(char*)bdstr)?<?0)
????????????????????????BTIF_TRACE_ERROR("Failed?to?set?random?BDA?in?prop?%s",PERSIST_BDADDR_PROPERTY);
????????????????}
????????
????????????//save?the?bd?address?to?config?file
????????????bdstr_t?bdstr;
????????????bdaddr_to_string(local_addr,?bdstr,?sizeof(bdstr));
????????????val_size?=?sizeof(val);
????????????if?(btif_config_get_str("Adapter",?"Address",?val,?&val_size))
????????????{
????????????????????if?(strcmp(bdstr,?val)?==0)
????????????????????????{
????????????????????????????//?BDA?is?already?present?in?the?config?file.
????????????????????????????return;
????????????????????????}
????????????????}
????????????btif_config_set_str("Adapter",?"Address",?bdstr);
????????}

?

上面的源碼好像是提到廠商配置文件，但是我們的系統(tǒng)默認(rèn)是沒(méi)有的。所以能不能通過(guò)配置廠商文件改變mac？

藍(lán)牙HCI日志查看的方法

????????https://www.jianshu.com/p/73f7366161d1

????????https://blog.csdn.net/chy555chy/article/details/52231043

????????注意設(shè)置里開(kāi)啟日志后，要重啟手機(jī)才能生效。

????

????????下載查看hci日志的工具（注意安裝的時(shí)候彈出的cmd窗口不要人為干擾關(guān)閉，否則軟件裝不成功）

????????https://download.freedownloadmanager.org/Windows-PC/ComProbe-Protocol-Analysis-System/FREE-14.12.5943.6007.html

????????

????????https://www.52pojie.cn/thread-726412-1-1.html? （收費(fèi)改mac的工具）

????????