Can you trace with edb debugger this routine inside rtbt?
LMssp_LM_User_Confirmation_Request_Reply()
{// addr = 0x00486064
long long _v16; // _cfa_fffffff0
long long _v32; // _cfa_ffffffe0
long long _v40; // _cfa_ffffffd8
long long _v48; // _cfa_ffffffd0
_unknown_ __rbp; // r59
long long _t73; // _t73
long long _t96; // _t96
long long _t102; // _t102
long long _t109; // _t109
long long _t110; // _t110
Somehow the value at the *(_v16 + 220) in this routine is zero and the program is quitting before _LMssp_Send_LMP_DH_Key_Check() is reached. This is not the case on Ubuntu 12.04 and 12.10 where it is pairing. I would be interested how it is on Ubuntu 12.10. You will need a BT V4 device in order to pair with simple secure mode and reach this routine.
The decompiled file is provided in the earlier post.
@Host
Can you trace with edb debugger this routine inside rtbt?
LMssp_LM_ User_Confirmati on_Request_ Reply()
{// addr = 0x00486064
long long _v16; // _cfa_fffffff0
long long _v32; // _cfa_ffffffe0
long long _v40; // _cfa_ffffffd8
long long _v48; // _cfa_ffffffd0
_unknown_ __rbp; // r59
long long _t73; // _t73
long long _t96; // _t96
long long _t102; // _t102
long long _t109; // _t109
long long _t110; // _t110
_v32 = _t102; Find_Link_ Table_Entry( );
DM_ Clear_Timer( ); //0x0049bbf4 //timer cleared
*(_v16 + 122) = 33; //put 33 decimal value to pointer *(_v16 + 122) and quit writing du
if(( *(_v16 + 221) & 255) == 1) {
r8d = 65;
LMP_ Send_Accepted( ); //0x00494DF6
_ t110 = _v16;
_ LMssp_Send_ LMP_DH_ Key_Check( ) //0x0048983A
}
_t110 = _v16;
_LMssp_ Send_LMP_ DH_Key_ Check() ;//0x0048983A
*(_v16 + 122) = 32;
_v40 = _t109;
_v48 = _t96;
_t73 = _v40;
_t110 = _t73;
LM_
_v16 = _t73;
if(_v16 == 0) {
return;
}
if(( *(_v16 + 122) & 65535) == 31) { // *(_v16 + 122) & 65535) = 31
if(( *(_v16 + 219) & 255) != 0) {
*(_v16 + 219) = 0;
}
if(( *(_v16 + 216) & 255) == 0) {
*(_v16 + 221) = 1;
if(( *(_v16 + 220) & 255) == 0) { //0x48615c we go here
} else {
}
} else {
*(_v16 + 221) = 1;
if(( *(_v16 + 225) & 255) != 0) {
}
}
write_du(6, _v16 + 424, _v48, _t110); //we get here and quit
return;
} else {
return;
}
Somehow the value at the *(_v16 + 220) in this routine is zero and the program is quitting before _LMssp_ Send_LMP_ DH_Key_ Check() is reached. This is not the case on Ubuntu 12.04 and 12.10 where it is pairing. I would be interested how it is on Ubuntu 12.10. You will need a BT V4 device in order to pair with simple secure mode and reach this routine.
The decompiled file is provided in the earlier post.