[Q] Change Bluetooth Address

Search This thread
By:
Advanced…
R

RodneyMcKay

Senior Member
Dec 31, 2008
107
14
I'm looking for some help verifying a few bits of information before I take a leap and risk bricking my phone. I need to change my bluetooth address. With any luck back to my original hardware address. I do have the original address, as "btnvtool -p" outputs a different address than is reported in 'about phone' -> 'status'. I problem is that both my wife and I have the same phone with the same ROM history, and now we both have the same improper mac address.

By way of links provided by another helpful users I have partial information in Russian. http://4pda.ru/forum/index.php?showtopic=420801&st=6840#entry28414922 post 6853. I think I understand what to do via google translate and my partial understanding of how this works. The post points me to the /misc partition but I can't find any useful information about the partition for this phone that would backup the claims. Also the specific location that the post references, offset 4000, contains a string "ANDROID-BOOT!". While "ANDROI" is hex of 414E44524F49 which matches my incorrect mac address, the fact that it says "BOOT" makes me worry about changing it.

I'm hoping someone can help me any verify that this string isn't part of the boot process, or that the /misc partition isn't required to boot recovery. I feel fairly confident that I could create a flashable zip to restore a backup of this partition if needed. Below is my cleaned translation of the Russian post. If anyone with an e970 and a proper BT address could complete the first half, dd the partition to a file and check out the contents in a hex editor, I would feel much better about doing the rest.

Code: 
Hello, using this method you can restore your original Bluetooth addresses. The active mac address is in raw MISC partition at hex  offset 4000, it is not spelled out or anything. 
perform the following (root is required)

ADB shell
su 
dd if=/dev/block/platform/msm_sdcc.1/by-name/misc of=/sdcard/misc.img
    and get at the file on the SD card and in a HEX editor zero the MAC address starting at hex offset 4000, save the file. Save the changed file to your phone: 
su 
dd if=/sdcard/misc.img of=/dev/block/platform/msm_sdcc.1/by-name/misc
reboot 

After rebooting the details in the “About Phone” should show the real MAC BT.

----------

So I found a little corroborating evidence to this post. I found this post about the LS970(Sprint LGOG) stating that "All rooted LGOG Bluetooth MAC addresses are 41:4E:44:52:4F:49". Reading the thread a bit, I found a link to a "BT MAC FIX" script found with this kernel.

Looking at what the file does, it uses btnvtool to get the real mac and writes it to byte 16384 ( hex 4000 ) of the misc partition. Seeing as this file has people confirming it works, I took the leap. It worked. Problem solved.

Sound like to me this is a problem as old as unlocking with freegee. Could be wrong but that seems like the common denominator to me from the posts I was reading. And yes for the record, now the dump of the misc partition now reads "******D-BOOT!" *s to hide my real mac.

***Warning, 2015-01-12, This Fix as is doesn't work and causes problems with CM12 on the E970. Will post in thread with details.
 
Last edited:
  • Like
Reactions: boulos
M

mindstormsguy

Member
Oct 6, 2012
36
9
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
 
W

WJThomas

Senior Member
Jan 20, 2012
101
59
mindstormsguy said:
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
Click to expand...
Click to collapse

I believe everyone that used freegee to root/unlock have the corrupted BTmac address. I also believe that it is only an issue when two of these devices try to use BT in close proximity, but you never know what device the person beside you will have.

I had not done anything about my BT until just now. The .zip just puts a script in the userinit.d folder. The script is run every boot. I do not recall what my BTmac address was, but the script does change it from the default.

I deleted the script and rebooted. My BTmac address reverted back to the default. I restored the script and my BTmac address changed back. This shows that the change is not permanent, and the script needs to be run every boot.

Did you flash the .zip, or just extract and run the script?
 
R

RodneyMcKay

Senior Member
Dec 31, 2008
107
14
I've recently upgraded my E970 to CM12 nightly. Just like previous roms the BT Mac address is corrupted and results in my pairing being invalid. My mac address currently reports in "About Phone" as 00:00:00:00:5A:AD. Clearly this is incorrect.

When I tried to install this fix. The init.d script was placed properly, but did not repair the mac address as it did previously. This might be a one off case, but after the script was installed, my phone started acting funny, over heated, and completely drained the battery. The charger I regularly use, an iPad 2.1 amp failed to charge the phone. All it would do was turn on the red notification light solid. I was still able to use the computer usb ports to enter download mode, and start entering the off-charge mode. This port didn't give enough power to fully enter the off-charging mode. The phone made it to the first icon and then shut off, no progress was made.

I needed to switch to a lower output charger before I could gain charge to 5% and boot. As the OS booted it reported 0% charge. I was able to enter airplane mode and reboot. After the reboot the phone functioned well enough to use Solid Explorer to delete the script file from /data/local/userinit.d . After deleting the file my phone was back to functional with the bad mac address.

As I find info I will post it here.

2015-01-13 Update -----
Running the steps of the script file manually, results in a error "dd: stdout: Illegal seek" . Trying to read (if) instead of write (of), I get the same Illegal seek. Might this be part of a new protection with lollipop? I tried editing a dump of the partition as I suggested originally and writing the whole 16mb back. This completes without error, but when I read the partition again the modification was not saved.

Either way my BT Mac address with CM12 doesn't match the expected 41:4E:44:52:4F:49 to match the ANDROID from the file dump, so where is the OS picking up the new address?
 
Last edited:
  • Like
Reactions: boulos
boulos

boulos

Senior Member
May 7, 2012
95
11
Still works for CM11

I noticed my phone and my wifes also had the same bluetooth address. This was messing up my car link. I ran the script and now it shows that I have a different address. I will keep an eye out and make sure nothing else gets messed up. Thanks. I was looking for a fix for some time....
 
You must log in or register to reply here.

Similar threads

P
[ROM][E970/E971/E973]LG Official Kitkat 4.4.2[stock]
Replies
413
Views
154K
R
ruslan4ik44
S
[ROM][CM11.0] OFFICIAL CM11.0 for E970
Replies
543
Views
100K
R
rashp12
E
  • Poll
[Q] LG Optimus G E970 on T-Mobile
Replies
227
Views
65K
J
Jayrod215
autoprime
[REPAIR] E970 TeenyBin -- Soft Brick Quick Fix, Bootloader Unlock and RPM/TZ Update
Replies
236
Views
81K
M
Metalluz
hv6478
[GUIDE]: ROOT / BL-Unlock / Install Custom Recovery - LG Optimus G E970/1/3
Replies
49
Views
73K
G
GMTN

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 1
    R
    RodneyMcKay
    I'm looking for some help verifying a few bits of information before I take a leap and risk bricking my phone. I need to change my bluetooth address. With any luck back to my original hardware address. I do have the original address, as "btnvtool -p" outputs a different address than is reported in 'about phone' -> 'status'. I problem is that both my wife and I have the same phone with the same ROM history, and now we both have the same improper mac address.

    By way of links provided by another helpful users I have partial information in Russian. http://4pda.ru/forum/index.php?showtopic=420801&st=6840#entry28414922 post 6853. I think I understand what to do via google translate and my partial understanding of how this works. The post points me to the /misc partition but I can't find any useful information about the partition for this phone that would backup the claims. Also the specific location that the post references, offset 4000, contains a string "ANDROID-BOOT!". While "ANDROI" is hex of 414E44524F49 which matches my incorrect mac address, the fact that it says "BOOT" makes me worry about changing it.

    I'm hoping someone can help me any verify that this string isn't part of the boot process, or that the /misc partition isn't required to boot recovery. I feel fairly confident that I could create a flashable zip to restore a backup of this partition if needed. Below is my cleaned translation of the Russian post. If anyone with an e970 and a proper BT address could complete the first half, dd the partition to a file and check out the contents in a hex editor, I would feel much better about doing the rest.

    Code: 
    Hello, using this method you can restore your original Bluetooth addresses. The active mac address is in raw MISC partition at hex  offset 4000, it is not spelled out or anything. 
perform the following (root is required)

ADB shell
su 
dd if=/dev/block/platform/msm_sdcc.1/by-name/misc of=/sdcard/misc.img
    and get at the file on the SD card and in a HEX editor zero the MAC address starting at hex offset 4000, save the file. Save the changed file to your phone: 
su 
dd if=/sdcard/misc.img of=/dev/block/platform/msm_sdcc.1/by-name/misc
reboot 

After rebooting the details in the “About Phone” should show the real MAC BT.

    ----------

    So I found a little corroborating evidence to this post. I found this post about the LS970(Sprint LGOG) stating that "All rooted LGOG Bluetooth MAC addresses are 41:4E:44:52:4F:49". Reading the thread a bit, I found a link to a "BT MAC FIX" script found with this kernel.

    Looking at what the file does, it uses btnvtool to get the real mac and writes it to byte 16384 ( hex 4000 ) of the misc partition. Seeing as this file has people confirming it works, I took the leap. It worked. Problem solved.

    Sound like to me this is a problem as old as unlocking with freegee. Could be wrong but that seems like the common denominator to me from the posts I was reading. And yes for the record, now the dump of the misc partition now reads "******D-BOOT!" *s to hide my real mac.

    ***Warning, 2015-01-12, This Fix as is doesn't work and causes problems with CM12 on the E970. Will post in thread with details.
    View
    1
    R
    RodneyMcKay
    I've recently upgraded my E970 to CM12 nightly. Just like previous roms the BT Mac address is corrupted and results in my pairing being invalid. My mac address currently reports in "About Phone" as 00:00:00:00:5A:AD. Clearly this is incorrect.

    When I tried to install this fix. The init.d script was placed properly, but did not repair the mac address as it did previously. This might be a one off case, but after the script was installed, my phone started acting funny, over heated, and completely drained the battery. The charger I regularly use, an iPad 2.1 amp failed to charge the phone. All it would do was turn on the red notification light solid. I was still able to use the computer usb ports to enter download mode, and start entering the off-charge mode. This port didn't give enough power to fully enter the off-charging mode. The phone made it to the first icon and then shut off, no progress was made.

    I needed to switch to a lower output charger before I could gain charge to 5% and boot. As the OS booted it reported 0% charge. I was able to enter airplane mode and reboot. After the reboot the phone functioned well enough to use Solid Explorer to delete the script file from /data/local/userinit.d . After deleting the file my phone was back to functional with the bad mac address.

    As I find info I will post it here.

    2015-01-13 Update -----
    Running the steps of the script file manually, results in a error "dd: stdout: Illegal seek" . Trying to read (if) instead of write (of), I get the same Illegal seek. Might this be part of a new protection with lollipop? I tried editing a dump of the partition as I suggested originally and writing the whole 16mb back. This completes without error, but when I read the partition again the modification was not saved.

    Either way my BT Mac address with CM12 doesn't match the expected 41:4E:44:52:4F:49 to match the ANDROID from the file dump, so where is the OS picking up the new address?
    View

New posts