LocalDevice::LocalDevice(hci_id hid) : BluetoothDevice(), fHid(hid) { fMessenger = _RetrieveBluetoothMessenger(); _ReadBufferSize(); _ReadLocalFeatures(); _ReadLocalVersion(); _ReadTimeouts(); _ReadLinkKeys(); // Uncomment this if you want your device to have a nicer default name // BString name("HaikuBluetooth"); // SetFriendlyName(name); uint32 value; // HARDCODE -> move this to addons if (GetProperty("manufacturer", &value) == B_OK && value == 15) { // Uncomment this out if your Broadcom dongle is not working properly // Reset(); // Perform a reset to Broadcom buggyland // Uncomment this out if your Broadcom dongle has a null bdaddr //#define BT_WRITE_BDADDR_FOR_BCM2035 #ifdef BT_WRITE_BDADDR_FOR_BCM2035 #warning Writting broadcom bdaddr @ init. // try write bdaddr to a bcm2035 -> will be moved to an addon int8 bt_status = BT_ERROR; BluetoothCommand<typed_command(hci_write_bcm2035_bdaddr)> writeAddress(OGF_VENDOR_CMD, OCF_WRITE_BCM2035_BDADDR); BMessage request(BT_MSG_HANDLE_SIMPLE_REQUEST); BMessage reply; writeAddress->bdaddr.b[0] = 0x3C; writeAddress->bdaddr.b[1] = 0x19; writeAddress->bdaddr.b[2] = 0x30; writeAddress->bdaddr.b[3] = 0xC9; writeAddress->bdaddr.b[4] = 0x03; writeAddress->bdaddr.b[5] = 0x00; request.AddInt32("hci_id", fHid); request.AddData("raw command", B_ANY_TYPE, writeAddress.Data(), writeAddress.Size()); request.AddInt16("eventExpected", HCI_EVENT_CMD_COMPLETE); request.AddInt16("opcodeExpected", PACK_OPCODE(OGF_VENDOR_CMD, OCF_WRITE_BCM2035_BDADDR)); if (fMessenger->SendMessage(&request, &reply) == B_OK) reply.FindInt8("status", &bt_status); #endif } }
int main() { if (isRoot()) { printf("[+] pid: "); scanf("%d", &pid); mach_port_t process = getProcess(pid); if (isNoError() && isProcessValid(process)) { uintptr_t baseAddress = getBaseAddressByRegion(process, region); if (baseAddress) { uintptr_t pointerAddress = (uintptr_t)readAddress( process, baseAddress + baseOffset, sizeof(uintptr_t) ); if (isNoError()) { uintptr_t targetAddress = pointerAddress - offset; int target = (int)readAddress( process, targetAddress, sizeof(int) ); if (isNoError()) { printf("[x] old result: %d\n", target); int hack = 12345; writeAddress(process, targetAddress, sizeof(hack), &hack); if (isNoError()) { printf("[x] write success : )\n"); } } } } } } return 0; }
size_t ADXL345PiI2C::readRegisters(uint8_t start, uint8_t* buff, size_t size) { writeAddress(start); size_t size_read = read(handle, buff, size); return size_read; }