Hellow all, as noticed in the thread
http://forum.xda-developers.com/showthread.php?t=284329
we have pledged to ghather some 500$ and give it to some developer/hacker that is willing to port for us the latest version of the Widcomm stack for the Hermes. The reason for this is basically that the MS one simply has way too many bugs and lacks a lot of functionality.
I have contacted mikelspikel from aximsite and he agreed to try and help us. This will be the thread where we will discuss the porting efforts.
I will begin by posting mikelspikel's message :
"Hi!
I'd be delighted if I could help you but it's very difficult without having a device to test. I can give you some guidelines for you to test. You'll need a registry editor such as Resco Explorer registry add-in.
The package we built is completely oriented to the X50 / X51, but maybe it can be adapted to work with other devices easily, so I'd start installing our package. But be careful! Do it only if you don't mind having to hard-reset your device! You'll probaly need to.
The first thing we must make work is the communication between the main processor and the BT chip. This is done through a serial port. In the Axim, this port in COM5 and it's referenced in the registry in [HKLM\Drivers\BuitIn\BTUart]. This driver can be different in other devices, but usually it isn't difficult to figure it out from a [HKLM\Drivers\BuitIn\] branch registry dump (you can send me a dump of this branch if you want me to have it a look). Once we have the correct COM port, we have to modify [HKLM\Software\Widcomm\BTConfig\SerialTransport]. In Axim, as the BT port is COM5, we have to set Device=COM and Port=5.
The BT chip of our device defaults to a baudrate of 115200 bps, so we set BaudRate=115200. With ShiftSpeed and ShiftCommand we increase the port speed after connecting at 115200. In order to test safely in your device, i'd delete or rename these two keys and i'd keep BaudRate at 115200.
These two settings (COM port and BaudRate) are the two that use to make the stack startup fail with the out of memory message.
Other keys key I'd change at the beginning of the test process are, in [HKLM\Software\Widcomm\BTConfig\General], I'd delete or rename RadioInitLibrary and RadioInitPostLoadScript.
It's important to know that there's a log where we can find sometimes useful information about what's going on. This log is located in registry too, in [HKLM\Software\Widcomm\BTConfig\Debug\Log].
I think this is enough to start the tests. Let me know your results or any question you have. I'll try to do my best to help you. You can use my email if you prefer (*******@gmail.com).
Greetings,
Mikel"
I edited the e-mail as i rahter we post all our findings in this thread in order to avoid spamming him
So whoever feels brave enough to do some testing, go right ahead. I'm unfortunetly still busy these days but i'll be dropping by from time to time to hopfully post my findings.
Once again a BIG BIG thank you to mikelspikel for helping us and let the testing BEGIN!
Adi
I'm making some pretty good progress here.
I have the existing stack disabled and the widcomm stack enabled and discovery works fine.
I have the following profiles tested so far.
A2DP - works very good, much better then the ms stack.
Active Sync - works good.
File Transfer- works good.
Serial - works good.
These are just the ones I have tested so far, others probably work fine too. The main issue right now is the headset profile is not working. That is what I am focusing on. Once that is done I will just have to put a cab together.
,Dave
superdave said:
I'm making some pretty good progress here.
I have the existing stack disabled and the widcomm stack enabled and discovery works fine.
I have the following profiles tested so far.
A2DP - works very good, much better then the ms stack.
Active Sync - works good.
File Transfer- works good.
Serial - works good.
These are just the ones I have tested so far, others probably work fine too. The main issue right now is the headset profile is not working. That is what I am focusing on. Once that is done I will just have to put a cab together.
,Dave
Click to expand...
Click to collapse
Cool, what version of the stack are you testing ?
Also, you can download the Widcomm for Win CE (aka mobile) SDK and tools at http://www.broadcom.com/products/bluetooth_sdk.php for free.(registration required)
Adi
Let the hacking begin...... mwuahahahahahahahahahahahaaaa.
Ok, im getting ahead of myself now but this is good news thus far.
I am using 1.7, the same as the axim version.
,Dave
jasjamming said:
this is good news thus far.
Click to expand...
Click to collapse
Good? I'd say it's great! And I don't even have a TyTN yet.
superdave said:
I'm making some pretty good progress here.
I have the existing stack disabled and the widcomm stack enabled and discovery works fine.
I have the following profiles tested so far.
A2DP - works very good, much better then the ms stack.
Active Sync - works good.
File Transfer- works good.
Serial - works good.
These are just the ones I have tested so far, others probably work fine too. The main issue right now is the headset profile is not working. That is what I am focusing on. Once that is done I will just have to put a cab together.
,Dave
Click to expand...
Click to collapse
Is it possible to enable and disable Wdcomm bluetooth from commManager?
And it supports PAN profile, doesn't it?
great, looking forward in the progress of this hack.
Hi!
Glad of the progress so far! Superdave, are you interested in sharing your settings/progress?
In the Axim, one of the most difficult tasks was making HFP and HSP work. They need some vendor specific HCI commands to be sent to the BT chip (Texas Instruments BRF6150 in the Axim). Does anybody know which is the BT chip in the Hermes? Maybe we can get some info about HSP/HFP from the documentation of that chip.
BTW, Dave, have you tested BT and WiFi toghether? Does it work? That was another problem we found in the Axim. It requires some vendor specific commands too.
The Hermes uses the same BRF6150 chip.
Cool! Nice you see you here mikelspikel
Menneisyys said:
Cool! Nice you see you here mikelspikel
Click to expand...
Click to collapse
I meet you everywhere! How is this possible?
Sleuth255 said:
The Hermes uses the same BRF6150 chip.
Click to expand...
Click to collapse
That's very good! In Aximsite we got the proper HCI commands to enable WiFi and BT coexistence and audio routing to enable HFP/HSP in the BRF6150. If Superdave posts information about the state of his development, maybe we can use some of these commands to make HFP/HSP work.
Moreover, I developed a bts (Bluetooth Script) parser that can be used to get the responses from the BRF6150 when initialization commands are sent. For the Axim, we built a file called MkSpk100.bts that enables both coexistence and audio routing. Maybe this file can be used directly or slightly modified in the Hermes.
Superdave, did you start working with the Aximsite package or did you start from scratch? If the first is the case, could you please post what modifications you did to the original package?
Yeah, I started with the Axim package. Your script and dll mods do connect the HS but audio is not routing. The only mods needed to get the axim package installing is to remove the ms stack and change the com port to 7 the baud to 921600 and flow to 0, I also removed the shifts. Also the stack uses com 7/8 by default for the serial ports, that needs to be changed to com0/8.
Im intersted in your bts parser and the mods you made. I see the mods you made in the dll, MOV R0, #0x79 to MOV, R0 #0x75 before the IO CTL, but, not sure exactly what your doing there yet.
Thanks,
Dave
Quickly tested the stack & the hack instructions on the Universal; no success so far, no matter how I teaked the parameters. I will also test this on my HTC Wizard.
Anyone with these devices?
superdave said:
I'm making some pretty good progress here.
I have the existing stack disabled and the widcomm stack enabled and discovery works fine.
I have the following profiles tested so far.
A2DP - works very good, much better then the ms stack.
Active Sync - works good.
File Transfer- works good.
Serial - works good.
These are just the ones I have tested so far, others probably work fine too. The main issue right now is the headset profile is not working. That is what I am focusing on. Once that is done I will just have to put a cab together.
,Dave
Click to expand...
Click to collapse
Awesome dude!!
this sounds great guys so far. I wish I could contribute but my knowledge on software is fairly limited.
I myself am an electrical/electronics engineer with a PhD where I specialize in 3G-4G basaband hardware (microelectroncis). Soon we will see UWB (ultra wideband) communications on PDA's where we can stream HD video to our LCD TV's etc as well HD music to our digital receivers. Also, I have a student working on gyro's for PDA's where it will enable you to, for e.g., dial a number by just writing the number in thin air with the PDA (there are more benefits besides this)
Its good to see a device like the hermes offering so much, but from I know about bluetooth (having designed baseband components for bluetooth 1.1 back in the day (in 2001) ), I know it "shouldn't" operate the way M$ configures it to via its firmware/software.
So the progress made so far sounds excellent. Once all the profiles work and reg hacks made etc.... will this be made available in a CAB or EXE for us software "lay" people to install with ease?
Cheers and great work.
superdave said:
Yeah, I started with the Axim package. Your script and dll mods do connect the HS but audio is not routing. The only mods needed to get the axim package installing is to remove the ms stack and change the com port to 7 the baud to 921600 and flow to 0, I also removed the shifts. Also the stack uses com 7/8 by default for the serial ports, that needs to be changed to com0/8.
Im intersted in your bts parser and the mods you made. I see the mods you made in the dll, MOV R0, #0x79 to MOV, R0 #0x75 before the IO CTL, but, not sure exactly what your doing there yet.
Thanks,
Dave
Click to expand...
Click to collapse
Good! It's curious the BT chip works by default at 921600.
Well, the MkSpk_PCM_Routing.dll is, as you noticed, a modified version of the original HTC_PCM_Routing.dll. We were working with several versions of the files, some from an Axim X50 WM2003 and some from an iPaq hx4700.
In the X50 version, the file TIBinaryParser.dll has a function called SetAudioRouting. This function basically has a call to a DeviceIoControl of device WAV1. Running such a IOCTL from a C++ program mutes or activates the integrated audio of the Axim.
In the iPaq, the SetAudioRouting function is located in HTC_PCM_Routing.dll instead of in TIBinaryParser.dll. Moreover, the IOCTL has a different parameter (0x79 instead of 0x75), so we patched the original HTC_PCM_Routing.dll to be compatible with the IOCTL that works in the Axim. Have you tried with the original HTC_PCM_Routing.dll? You have to reference it in [HKLM\Software\WIDCOMM\Plugin\HandsFree\AudioSetupDll].
You should also check if the default audio device of the Hermes is called WAV1 too. If it isn't, the IOCTL won't work.
Maybe we can figure out the correct IOCTL building a C++ program. The code I used is:
Code:
HANDLE l_File;
char l_cmd[]={0,0,0,0,0x75,0,0,0,0,0,0,0,0/*1*/,0,0,0,0,0,0,0};
char l_cmd3[]={0,0,0,0,0x74,0,0,0,0,0,0,0,0/*1*/,0,0,0,0,0,0,0};
char l_cmd2[20];
DWORD l_br;
long l_res;
int i;
for (i=0;i<20;i++)
{
l_cmd2[i]=0;
}
l_File=CreateFile(_T("WAV1:"),GENERIC_READ | GENERIC_WRITE, 3, NULL,3,0,0);
if (l_File==0)
{
MessageBox(_T("Error opening WAV1:"));
return;
}
l_res=DeviceIoControl(l_File,0x1D000C,l_cmd,20,l_cmd2,20,&l_br,0);
if (l_res==0)
{
MessageBox(_T("IOCTL1 Error"));
return;
}
/* l_res=DeviceIoControl(l_File,0x1D000C,l_cmd3,20,l_cmd2,20,&l_br,0);
if (l_res==0)
{
MessageBox(_T("IOCTL2 Error"));
return;
}*/
If I remember OK, in the Axim, l_cmd mutes internal Audio and l_cmd3 enables it. The parameters we changed in the DLL were the 0x75 and 0x74 of these two buffers.
Find attached the BTS parser eVC++ 4 source code. It's a too quickly developed app to send bts files to the BT chip and trace the responses. You'll need to change some code, at least the comport the chip is connected to. Let me know if you need some help about it. The code is properly uncommented but it's very simple.
Hey Mikelspikel,
Thanks for your input to this project. It is greatly appreciated. I look forward to the progress made to a complete widcomm solution to the hermes..
great that you guys are working on this. the ms bluetooth is one of the largest fun killers with the hermes. thumbs up! and good luck for the patch...
Not sure if I have worded this properly as I'm at the edge of my knowledge but I wish to call a function that I am assuming is in a DLL which is contained in ROM. I know the name of the DLL but how can I get a list of functions available from it when I cannot copy it onto my PC?
Many Thanks
Hi Tailor.
First, what function exactly are you looking for? There may be some documentation on it somewhere.
To browse a ROM dll you need to get a ROM dump. The simplest way for your purpose, provided you have a WM5 device is to search for TESTWM5.exe by mamiac on this forum. It will dump all files to your SD. They won't be workable for coding purposes, but still good enough to use dependency walker to get exported functions from DLLs.
Unfortunately that still won't tell you the parameters the function expects. only its name.
Hi Levenum and thanks for your reply.
Its a Sony Sat Nav Windows CE 4.2 device so unforunately theres not much chance of a ROM dump or documentation. Then unit is sold as a finished product and not intended for further developement.
I have installed TomTom instead of the poor app already installed and was trying to get access to the hardware buttons and Light sensor on the unit and then intended to use the TomTom SDK to recreate their functions.
The keys don't not trigger a key press event but their are DLL's called something like powerbutton.dll and navbutton.dll and so it's a fair guess that they could be used to trigger these events.
Obviously without knowing their exported functions I'm not going to get much further.
Any further thoughts ?
Many Thanks
How exactly are you trying to catch the key events?
For what you describe, you don't just need to know function names, you need to know with what parameters to call them so this is definitely not the way to go.
If you are coding with C++ search for info on SetWindowsHook. I am not sure of its implementation on CE, but this might be what you need.
I'm using VB.Net 2005
I'll have a look at SetWindowsHook, Thanks.
Any ideas for the light sensor, there's a test app that Sony have left on the device, it gives a reading from 0 to 100?
How are they likely to be reading this value?
Greetings,
sorry to post again, but it seems that i posted in a wrong place (htc hd2 forum), because this post adress a wm software development.
So, this is the problem : I'm stuck with my old BK600 (com one, but omiz and freedom kb rebranded)
There are new keyboard (expensive), news driver (not working), future drivers (never going to be released), so as i'm a software developper, i wasn't really glad to abandon and to buy another. The problem is that've never made a driver for windows mobile, and i'm not specialized on bluetooth, so be indulgent...
After searching internet and seeing some articles, i've been on broadcom site (they're doin' the bt stack, so it's normal to go on their site ... guess what ...
i've downloaded the bluetooth stack sdk)
As i develop under linux, but also under windows, i've a visual studio 2008 installed. I compiled the Spp (probably serial port) sample, and without any driver the keyboard paired, negociated a serial port and the monitor show byte received when typing on the keyboard.
So now, if someone know some place to find tutorials to write windows phone driver, i take.
I also would like to discuss about another approch.
What would you think to transcode the keyboard code received in a thread and to redirect them on standard input ? would it be possible ?
Anyway, my needs are very simple, just a bluetooth kb to type on it, no extra functions, ...
Regards, and thanks you for your answers and help.
CLS.
Hi, it seems that there already is such a software, see:
http://www.youtube.com/watch?v=dLRXSBcu6WI
It is stated that it also supports bluetooth keyboards and mouses.
HI radhoo,
they seems to have a problem to release the software (5-6 month they say they're going to), but nothing
on this page : http://www.teksoftco.com/index.php?section=blueinput&tab=download
you click on this link http://www.teksoftco.com/index.php?section=blueinputbroadcom
and you get on this broken page :
http://www.teksoftco.com/index.php?section=blueinputbroadcom
as you see on the xda-forums
http://forum.xda-developers.com/showthread.php?t=628538&page=2
we are a lot to wait for this software, but nothing.
that's why i'm trying to do a little piece of software (which i'll consolide after i think)
I'm taking the base of the broadcom/widcom stack, and my approach will be to transcode chars to stdin.
It seems that there is a C# wrapper, so it think that i'll recode in c#
anyway,
thanks for answering and long life to xda-dev (very useful)
Ludovic.
work status
- have found a c# wrapper of widcom dll (recompiled) : works bu ti'm rewritting some part of the wrapper as it seems to lacks some feature
- in parallel : working on c++ legacy broadcom sample (works perfectly now with my keyboard, bind with com port done, receiving "things"
now struggling with threads to pump messages and transcode.
If you have something that gets the basic keyboard working, I'd love to test it out.
if your driver is ready for testing, please send me a beta of it for testing on my htc hd2
thanks
I have a same problem .
CLS have u finish your program already? please
I would like to use BK600 on my htc hd mini too
hi, how far did you get?
still at it...?
lots of succes, vicenza